Researchers are still looking for a Tor alternative.Scientists at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have created an anonymous messaging system, in the same category as Tor, I2P, and HORNET, which takes a different approach to relaying messages between two parties.
The system, dubbed Vuvuzela after the infamous plastic horn used at the FIFA Football World Cup Finals in South Africa 2010, is currently in its incipient stages, but security researchers are lauding its unique technique.
Unlike Tor, which hides messages with several layers of encryption for sending them through random servers on the Internet, Vuvuzela takes a different approach, one that uses less encryption, but a lot of dummy traffic.
Vuvuzela, as described by the four researchers who created it, takes messages they receive from a sender and stores them inside a memory address on one of its many interconnected servers, called mailboxes.
Vuvuzela relies on dummy traffic to hide the real connections
Before it’s decided where to store its content, the message goes through different servers, which send out dummy traffic to all interconnected users.
The server notifies the recipient that there’s a message for them, the user then goes to retrieve it, also passing through different mailboxes to get at the message’s location. When a connection is made through one of these mailboxes by a recipient searching for their message, each of these servers sends out dummy network packets on the network.
With so much fake traffic, and with senders and recipients moving past their destinations to intentionally create even more fake traffic after they’ve left or retrieved the actual message, you can only imagine how much data an attacker would have to sniff out before getting a clue of who’s talking to whom.
MIT researchers claim that attackers can even infiltrate more than half of its mailbox network, but if at least one mailbox server is left intact, users will be able to safely communicate because of all the fake traffic.
First test shows promising results but a 44-second latency
A test Vuvuzela network was set up, using Amazon’s EC2 servers and 1 million simulated users. First results showed that Vuvuzela managed to exchange over 15,000 messages per second, with a latency of 44 seconds. Yes, the latency is big, but this was the first test.
“We believe these results are encouraging, since they indicate Vuvuzela can scale to a reasonable number of users, and its latency may be acceptable for email-like messaging or chat,” the researchers said about the first test.
An intro into Vuvuzela’s internal structure can be read in the Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis paper by MIT researchers Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.