Researchers from MIT and the École Polytechnique Fédérale de Lausanne have come up with a new and secure anonymity network that could prove better than Tor. “The initial use case that we thought of was to do anonymous file-sharing, where the receiving end and sending end don’t know each other,” said Albert Kwon, first author on the report, which will be presented at the Privacy Enhancing Technologies Symposium this month. “The reason is that things like honeypotting are a real issue. But we also studied applications in microblogging, something like Twitter, where you want to anonymously broadcast your messages to everyone.” They’ve dubbed the project Riffle.
Riffle (the paper is available as a PDF) uses a bunch of existing security tactics, but in a different way than any that have come before. Its core technology is called a mixnet: a series of servers that permute the order of traffic received, before passing it through. If traffic from Alice, Bob, and Carol should reach the first network node in the order A, B, and C, that server might pass the packets on in the order B, A, C. This shuffling approach is why the project has the name it does: Servers riffle the traffic like shuffling randomizes a deck of cards.
It works like a recursive onion router, in that it’s an onion router which is itself wrapped around a mixnet, which then has to employ a shared private key encryption scheme, which is itself dependent on authentication encryption. Every node in the network “peels off” a layer of encryption. The whole network can still do mutual checksumming to ensure that the message being passed on is the one received. But that takes time.
One of the things Tor users routinely grouse about is its speed. Browsing still sort of works, but torrenting over Tor is nigh impossible unless you’ve got the patience of a saint. It’s just the nature of the system; bouncing traffic through a bunch of nodes will inevitably slow it down some.
But Riffle is supposed to have a big speed advantage over Tor and similar predecessors. In tests, the system took only about a tenth as long to transfer a large file between anonymous users.
The dev team claims that the system is unbreakable as long as there remains one solitary uncompromised server, conjuring images of hydras, or Swedish guys with axes to grind against the RIAA. Given that some servers are just an individual person’s computer with certain software installed, as is the case with Tor, it also brings to mind the image of a lone whistleblower grabbing their laptop and fleeing into the night.
Truth is, there’s no such thing as an unbreakable system — not in a country where the authorities have guns and jail to back up their polite requests. Earlier this year, we reported on recently released court documents showing CMU complied with a subpoena when it helped the FBI crack Tor. MIT has their own people at work finding and patching vulnerabilities in Tor, too. Both claim white hat status, or at least good faith. But when people and companies must comply with lawfully served subpoenas or national security letters, we have to assume that this system is backdoored from the start. The people who understand best how the system works are the ones best equipped to exploit its vulnerabilities, and when an anonymity network can cough up enough details to locate an individual user, it can’t claim to afford anonymity.
It’s important to remember that there are people for whom real network anonymity isn’t a luxury. The Great Firewall of China still exists, and that single fact says everything about freedom of thought and speech when communication is inspected and censored. Citizens are just not allowed to express certain ideas, and again, men with guns can enforce that. That’s unacceptable. Say what you will about the whistleblowers we’ve already had; it’s still important to protect political dissidents and those who would expose wrongdoing. The value of Riffle will depend entirely on how it handles these imperatives.