IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

MIT's "untraceable" communications network is 'more secure than Tor'

But the Vuvuzela dead-drop network is very slow

Three locks in binary code on a screen

MIT researchers have developed what they claim is a truly untraceable text messaging network that can "thwart even the most powerful adversaries".

Dubbed Vuvuzela, the instrument popular in the 2010 World Cup, the technology introduces "noise" into the network using dummy messages to obfuscate who is really communicating with whom.

This, the researchers said, overcomes the limitations of traditional anonymising networks, such as Tor, where users can be tracked through "traffic fingerprinting", as discovered by MIT earlier this year.

"Tor operates under the assumption that there's not a global adversary that's paying attention to every single link in the world," said Nickolai Zeldovich, associate professor of computer science and engineering at MIT, who led the group that developed Vuvuzela.

"Maybe these days this is not as good of an assumption. Tor also assumes that no single bad guy controls a large number of nodes in their system. We're also now thinking, maybe there are people who can compromise half of your servers."

Vuvuzela, on the other hand, increases the noise to signal ratio to confuse those trying to spy on the network, providing "a strong mathematical guarantee of anonymity".

How Vuvuzela works

Rather than using layers of encryption and routing, Vuvuzela uses a dead-drop system. Dead-drops have been used by those wishing to communicate in secret in real life for centuries, with the participants leaving messages for each other at an agreed location.

In the case of Vuvuzela, instead of the message being left in a mail box or under a park bench, it is left at the memory address of an internet-connected server. The recipient then only needs to visit this address to pick up the message left for them.

This behaviour would, by itself, be quite easy to track. However, Vuvuzela introduces fake messages into the network regularly, automatically generated both by the people communicating and by others who are not.

However, once again, someone who has infiltrated the network would be able to determine by the memory addresses users are visiting if two people are communicating with each other, as they would visit a given server more frequently and in a particular pattern.

To overcome this, the network uses multiple layers of encryption and routes a message through multiple servers in a random order, with each server peeling off a layer of encryption, so that only the destination server ever sees the real message. This further obfuscates who is really speaking to whom.

There is still the potential, however, for an intruder to work out that two users whose messages reach a given server within a certain amount of time of each other are communicating. In the final step of Vuvuzela, this is obscured by each of the recipient nodes along the way generating a quantity of dummy messages and sending them off to their own encrypted destinations.

This, the researchers suggested, makes it "statistically ... almost impossible for the adversary to determine even whether any of the messages arriving within the same time window ended up at the same destination".

Limitations and controversy

Michael Walfish, associate professor of computer science at New York University, said: "The mechanism that [the MIT researchers] use for hiding communication patterns is a very insightful and interesting application of differential privacy."

However, he also pointed out that Vuvuzela still has "major limitations" - indeed, in testing the MIT researchers have only managed to relay messages at a reliable speed of one per minute.

"The result is a system that is not ready for deployment tomorrow but still, within this category of Tor-inspired academic systems, has the best results so far," said Wolfish. "It's exciting, and it opens the door to something potentially derived from it in the not-too-distant future."

Anonymised, secure communications and even encryption as a concept have come in for criticism recently, particularly in the wake of the massacres in San Bernadino, California, and Paris in the latter part of 2015.

Governments including the US, UK and France have argued that they should have backdoors left open in encrypted networks allowing them to spy freely, ostensibly for the sake of national security.

Indeed, documents allegedly leaked from the French ministry of the interior to newspaper Le Monde suggest the government there is seeking to ban the Tor network completely within the territory - something that has previously only been seen under the auspices of totalitarian regimes, notably Iran.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022