MIT's "untraceable" communications network is 'more secure than Tor'

Three locks in binary code on a screen

MIT researchers have developed what they claim is a truly untraceable text messaging network that can "thwart even the most powerful adversaries".

Dubbed Vuvuzela, the instrument popular in the 2010 World Cup, the technology introduces "noise" into the network using dummy messages to obfuscate who is really communicating with whom.

This, the researchers said, overcomes the limitations of traditional anonymising networks, such as Tor, where users can be tracked through "traffic fingerprinting", as discovered by MIT earlier this year.

"Tor operates under the assumption that there's not a global adversary that's paying attention to every single link in the world," said Nickolai Zeldovich, associate professor of computer science and engineering at MIT, who led the group that developed Vuvuzela.

"Maybe these days this is not as good of an assumption. Tor also assumes that no single bad guy controls a large number of nodes in their system. We're also now thinking, maybe there are people who can compromise half of your servers."

Vuvuzela, on the other hand, increases the noise to signal ratio to confuse those trying to spy on the network, providing "a strong mathematical guarantee of anonymity".

How Vuvuzela works

Rather than using layers of encryption and routing, Vuvuzela uses a dead-drop system. Dead-drops have been used by those wishing to communicate in secret in real life for centuries, with the participants leaving messages for each other at an agreed location.

In the case of Vuvuzela, instead of the message being left in a mail box or under a park bench, it is left at the memory address of an internet-connected server. The recipient then only needs to visit this address to pick up the message left for them.

This behaviour would, by itself, be quite easy to track. However, Vuvuzela introduces fake messages into the network regularly, automatically generated both by the people communicating and by others who are not.

However, once again, someone who has infiltrated the network would be able to determine by the memory addresses users are visiting if two people are communicating with each other, as they would visit a given server more frequently and in a particular pattern.

To overcome this, the network uses multiple layers of encryption and routes a message through multiple servers in a random order, with each server peeling off a layer of encryption, so that only the destination server ever sees the real message. This further obfuscates who is really speaking to whom.

There is still the potential, however, for an intruder to work out that two users whose messages reach a given server within a certain amount of time of each other are communicating. In the final step of Vuvuzela, this is obscured by each of the recipient nodes along the way generating a quantity of dummy messages and sending them off to their own encrypted destinations.

This, the researchers suggested, makes it "statistically ... almost impossible for the adversary to determine even whether any of the messages arriving within the same time window ended up at the same destination".

Limitations and controversy

Michael Walfish, associate professor of computer science at New York University, said: "The mechanism that [the MIT researchers] use for hiding communication patterns is a very insightful and interesting application of differential privacy."

However, he also pointed out that Vuvuzela still has "major limitations" - indeed, in testing the MIT researchers have only managed to relay messages at a reliable speed of one per minute.

"The result is a system that is not ready for deployment tomorrow but still, within this category of Tor-inspired academic systems, has the best results so far," said Wolfish. "It's exciting, and it opens the door to something potentially derived from it in the not-too-distant future."

Anonymised, secure communications and even encryption as a concept have come in for criticism recently, particularly in the wake of the massacres in San Bernadino, California, and Paris in the latter part of 2015.

Governments including the US, UK and France have argued that they should have backdoors left open in encrypted networks allowing them to spy freely, ostensibly for the sake of national security.

Indeed, documents allegedly leaked from the French ministry of the interior to newspaper Le Monde suggest the government there is seeking to ban the Tor network completely within the territory - something that has previously only been seen under the auspices of totalitarian regimes, notably Iran.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.