Computer scientists at the Massachusetts Institute of Technology have developed a new SMS text messaging system that is untraceable and apparently even more secure than the Tor anonymity network to create truly anonymous communications.
In July, researchers from MIT and the Qatar Computing Research Institute succeeded in cracking a security vulnerability affecting the Tor anonymity network to make it possible to identify hidden servers with up to 88% accuracy, Hacktus writes.
The researchers did this by looking for patterns in the number of packets passing in each direction through Tor nodes and they found that they could tell with 99% accuracy whether a circuit was for a regular web browsing request, an introduction point (which gives a user access to a hidden website) or a rendezvous point.
The latter is used when another user wants to connect to the same hidden website at the same time as the first user.
Learning from this discovery, several researchers from MIT’s Computer Science and Artificial Intelligence Laboratory have developed a new system that permits the exchange of text messages between two parties at roughly once a minute.
Their open-access paper, titled Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis, was presented at the Association for Computing Machinery Symposium on Operating Systems Principles in October.
Unlike Tor, the Vuvuzela system provides a strong mathematical guarantee of user anonymity by drowning out any visible traffic patterns that could lead to identification of the parties through issuing lots of spurious information.
To make the system work, one user leaves a message for another user at a predefined location, such as a memory address on an Internet-connected dead-drop server, while the other user retrieves the message.
So, for example, if there were three people using the system but only two of them were sending text messages to each other, it would look obvious that the two people were talking to each other, as the only traffic on the server would come from exchanges between the two people.
To hide this, the system makes all the users send out regular messages to the dead-drop server, whether they contain any information or not, so then the traffic pattern makes it look like there is traffic going through the server from multiple locations at all times.
“Tor operates under the assumption that there’s not a global adversary that’s paying attention to every single link in the world,” said NickolaiZeldovich, an associate professor of computer science and engineering, and co-leader of the Parallel and Distributed Operating Systems group at CSAIL.
“Maybe these days this is not as good of an assumption. Tor also assumes that no single bad guy controls a large number of nodes in their system. We’re also now thinking, maybe there are people who can compromise half of your servers.”
