Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Encryption Network The Internet Communications Networking Privacy Security Software News Technology

MIT Says Their Anonymity Network Is More Secure Than Tor (pcmag.com) 81

An anonymous reader writes from a report via PC Magazine: Following the recent vulnerabilities in Tor, researchers at MIT's Computer Science and Artificial Intelligence Laboratory and the Ecole Polytechnique Federale de Lausanne have been working on a new anonymity network that they say is more secure than Tor. While the researchers are planning to present their new system, dubbed Riffle, at the Privacy Enhancing Technologies Symposium later this month, they did say the system uses existing cryptographic techniques, but in new ways. A series of servers are what make up Riffle, each of which "permutes the order in which it receives messages before passing them on to the next," according to a news release. "For instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order -- say C, B, A. The second server would permute them before sending them to the third, and so on." Nobody would know which was which by the time they exited the last server. Both Tor and MIT's anonymity network use onion encryption. Riffle uses a technique called verifiable shuffle in addition to onion encryption to thwart tampering and prevent adversaries from infiltrating servers with their own code. Last but not least, it uses authentication encryption to verify the authenticity of an encrypted message. The researchers say their system provides strong security while using bandwidth much more efficiently than similar solutions.
This discussion has been archived. No new comments can be posted.

MIT Says Their Anonymity Network Is More Secure Than Tor

Comments Filter:
  • by mi ( 197448 )

    "For instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order -- say C, B, A."

    The communication latency must be even suckier than that of Tor then... Oh, well...

    Now, is it really a great new tool for privacy, or does it have inherent back doors and the announcements are to lure us away from Tor, which authorities have found too difficult to break? Will we even ever know?

    • And yet, still much better latency than IP over avian carrier (RFC 1149).
    • and the annou ncements are to lure us away from Tor, which authorities have found too difficult to break?

      THANKS OBAMA.

      Seriously, why the tin foil hat? The research is being done by university researchers and uses a pretty easy to understand improvement on Tors onion routing capable of generating a mathematical proof that the message hasnt been tampered with. This is important as the current vunerabilities in Tor rely on a malicious party being able to manipulate the onion routes to de-anonymise the transmi

      • by mi ( 197448 )

        Seriously, why the tin foil hat?

        Because I do not fully understand the proposed improvements nor the mathematical proofs included with them — and so must take it on faith. Just as I was asked to take Tor on faith.

        You state that Tor is "too difficult to break"

        I made no such statement. Read carefully...

        I might as well remind you Tor was actually developed by DARPA

        I know that very well. I also know, US has spent considerable efforts to break it — and they can only do that in some cases and not relia

    • to lure us away from Tor

      Run it as a hidden service inside of Tor. Problem solved.

    • by Anonymous Coward

      Tor has never been considered secure against the US government.

  • This approach does NOT fix the linked "vulnerabilities" about the TOR network, where compromised nodes as members of the network can spy on traffic, and a sufficiently large amount can even totally identify users. This vulnerability is unfixable by systems where you let everyone set up a node.

  • Sorry, MIT... (Score:5, Insightful)

    by Anonymous Coward on Monday July 11, 2016 @06:14PM (#52492477)

    ...but after what you helped the U.S. government do to Aaron Swartz, i.e. drive him to the brink of suicide and then over the edge, I find any claims you make regarding your abilities to be suspect at the very least.

    Sad, really, that the name in education that has been synonymous with "hackers" for decades, now serves as one of their worst enemies. Much like CMU aiding the FBI in "discovering" the locations of hidden Tor services (http://www.teaparty.org/academics-accused-helping-fbi-unmask-anonymity-web-users-129406/), MIT and their graduates have shown their true colours...by bending over and taking it from the fascists in Quantico and Washington, by using their talents and their education to take freedom _away_ from the world rather than give. All for the same sort of fat government cheques they were getting in the 80's, making bold claims about how they could implement artificial intelligence sophisticated enough to power Reagan's insane "Star Wars" missile defense system. This in _spite_ of the fact that full debugging of such software would _require_ a world-ending, nuclear war to occur.

    Fuck MIT and their shitty software. Say what you want about traitors, most people accept that they aren't to be trusted.

    • by Anonymous Coward

      Don't forget when they threw Star Simpson under the bus. [mit.edu]

      On the other hand, both actions were by administration, not students or profs. Star stuck around and graduated despite what the assholes in administration did to her. A school is more than its admin staff, a good school can be good despite its admin staff.

      • by Viol8 ( 599362 )

        Star Simpson? The utter moron who wore a fake bomb to an airport for "art"? Oh boo hoo, poor ickle her.

        You're going to have to do better than that piss poor example my friend.

        • by Anonymous Coward

          fake bomb? You are an idiot or a troll.

    • by myrdos2 ( 989497 )

      MIT and their graduates have shown their true colours...by bending over and taking it from the fascists in Quantico and Washington, by using their talents and their education to take freedom _away_ from the world rather than give.

      What, every single one? They did launch the One Laptop Per Child program, and released 2,000 courses online for free in their OpenCourseWare project. What about the ones who work in the cancer research building? Do they cackle while plotting the downfall of American freedom? No

  • How much kitty porn can I transfer per second over it?
  • My guess is some three letter government organization....

    Let's face it folks, if privacy and security are important to you, DON'T do it on the Internet. There is no such thing as Privacy and Security on the Internet and that is NEVER going to change. Sure, you can obfuscate and encrypt and maybe buy yourself some time, but as soon as a packet hits your ISP, you had better just figure it's public knowledge because *somebody* could be listening in and you'd never know it.

  • If it were truly effective, it would be "born secret" [wikipedia.org] and not released to the public unless it is crippled.

  • Where's the download link?
    Where's the exit nodes?
    Where's the network?

    I don't see a website for Riffle, only a .pdf.

    There are even other projects at MIT with the same name. (Riffle water monitoring system)
    https://civic.mit.edu/blog/hhcraig/open-water-project-exploring-open-source-water-quality-monitoring

    This 'Riffle' is just a paper not an actual network, afaict.

  • MaidSafe's Safe Network is definitely going to change the internet as we know it.
  • Is the source code available for review? Have significant security reviews taken place? If you're looking for a tor alternative, why not consider EepSites first? They appear highly recommended and have been around much longer. I doubt they're even monitored yet, since I so rarely hear of people using them...

This screen intentionally left blank.

Working...