Tor is probably the most popular anonymizing network, million of users leveraged on it to protect their privacy and online anonymity.
Now Massachusetts Institute of Technology researchers revealed a new anonymity architecture that could rival Tor.
The MIT researchers alongside with peers from the École Polytechnique Fédérale de Lausanne (EPFL) have created the Riffle anonymity network, which promises to solve the weaknesses of the most popular Tor architecture.Researchers claim Riffle is more secure of Tor, it is able to ensure users’ privacy as long as at least one of its server remains safe.
How does the Riffle architecture work?
The Riffle architecture implements a Mixnet (Mix Networks), a series of servers that allows routing by permuting the order of messages they receive before passing them to the next hop.
“The heart of the system is a series of servers called a mixnet. Each server permutes the order in which it receives messages before passing them on to the next. If,for instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order — say, C, B, A. The second server would permute them before sending them to the third, and so on.” states the blog post on the MIT.
“An adversary that had tracked the messages’ points of origin would have no idea which was which by the time they exited the last server. It’s this reshuffling of the messages that gives the new system its name: Riffle.”
An attacker is not able to track messages because the paths of each message are random, the Riffle anonymizing scheme also protect traffic by using an Onion protocol leveraging on multi-layered encryption mechanism. Messages are encrypted hop by hop while travelling from source to the final recipient.
In order to make Riffle resilient to hacking attacks relying on compromised servers the new architecture implements a technique known as ‘Verifiable Shuffle.’
A Verifiable Shuffle is a method that is used to mathematically verify the integrity of messages.
“To thwart message tampering, Riffle uses a technique called a verifiable shuffle.” continues the post published by the MIT.
“Authentication encryption is much more efficient to execute than the verifiable shuffle, but it requires the sender and the receiver to share a private cryptographic key. So Riffle uses the verifiable shuffle only to establish secure connections that let each user and each mixnet server agree upon a key. Then it uses authentication encryption for the remainder of the communication session.
In order to verify the authenticity of an encrypted message, the Riffle method uses the “Authentication encryption.”
“Authentication encryption is much more efficient to execute than the verifiable shuffle, but it requires the sender and the receiver to share a private cryptographic key. So Riffle uses the verifiable shuffle only to establish secure connections that let each user and each mixnet server agree upon a key. Then it uses authentication encryption for the remainder of the communication session.”
Researchers claim that the Riffle has better performance than the Tor network, to transfer a large file between anonymous users it required one-tenth of the time as compared to TOR and other anonymity networks during experimental tests.
More details on the Riffle system will be presented at the Privacy Enhancing Technologies Symposium in July, in Germany, waiting for the event give a look to the paper [PDF] published by the researchers.
(Security Affairs – Riffle, online anonymity)