As privacy of The Onion Router (Tor) network comes into question, MIT researchers say they have devised a secure system called Vuvuzela that makes text messaging sent through it untraceable and that could be more secure than Tor when it comes to hiding who is talking to whom.
While it’s not ready for prime time, the messaging system makes it extremely difficult for attackers to find out which connected users are communicating with which others or whether they are sending or receiving messages at all, the researchers say in “Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis”.
“For text messaging, Vuvuzela offers better privacy than Tor since Vuvuzela is resistant to traffic analysis attacks,” says David Lazar, one of the authors of the paper, and a PhD student in electrical engineering and computer science at MIT
Tor has proven susceptible to traffic analysis and requires a large number of users in order to provide privacy, the researchers say.
Vuvuzela, on the other hand, works whether just two people are using the system or large numbers of people, they say. The system uses encryption and a set of servers to conceal whether or not parties are participating in text-based conversations.
“Vuvuzela prevents an adversary from learning which pairs of users are communicating, as long as just one out of [the] servers is not compromised, even for users who continue to use Vuvuzela for years,” they write.
The system can scale to millions of users supported by commodity servers deployed by a single group of users. Tor relies on shuttling messages through a web of a great number of servers run by volunteers. A single entity commanding a large number of these servers and that observes traffic going in and out of the network can deduce who’s using it. It was, in fact, hacked last year.
The Vuvuzela system is different from Tor in that it doesn’t try to anonymize participants. It just prevents outside observers from telling the difference between when a person is sending messages, receiving messages or doing neither, Lazar says. So a participant can leave a message that another participant picks up, and an outside observer can’t figure out that they’ve had an exchange.
All messages are sent and made accessible on a regular schedule of rounds. By seeing who sends and who receives during a round an attacker might figure out who is conversing. To prevent this, Vuvuzela injects noise into the traffic between clients and the servers that are indistinguishable from real messages being sent and picked up.
(This noise is where Vuvuzela gets its name. Vuvuzela are plastic horns distributed to fans at the 2010 FIFA World Cup in South Africa and whose noise when played by fans became a backdrop for the event.)
Users leave messages at an electronic dead drop where recipients pick them up later. Through a series of three servers, the message is placed in a particular dead drop where the recipient can retrieve it. The recipient gets notice of messages at a separate, invitation dead drop on the server.
All the communications from clients to the servers are triple-wrapped in encryption. The first server unwraps the outside layer, the second unwraps the second and the third unwraps the final layer to reveal the unencrypted message. The order of the messages is shuffled along the way, and they are distributed in random dead drops.
“Vuvuzela guarantees privacy as long as one of the servers is uncompromised, so using more servers increases security at the cost of increased message latency,” Lazar says.
Client software dials in to the system and listens for incoming calls directed at it. The user can accept the incoming calls in order to exchange messages. Or the user can dial another user to enter into a message exchange.
Vuvezela source code is available here. Lazar says the system has two major components that need implementation: a public key infrastructure for the encryption and a content delivery network for dialing the dead drops. “To make dialing practical, Vuvuzela should use a CDN or BitTorrent to distribute the dialing dead drops,” he says because he dialing protocol eats up a lot of server bandwidth.