MIT Creates Tor Alternative That Floods Networks With Fake Data

An anonymous reader writes with word that MIT researchers "created an alternative to Tor, a network messaging system called Vuvuzela that pollutes the network with dummy data so the NSA won't know who's talking to who." Initial tests show the systems overhead adding a 44-second delay, but the network can work fine and preserve anonymity even it has more than 50% of servers compromised.

Great, just what we need!

[U2xhc2hkb3QgU3Vja3M]

More wasted bandwidth!

Re:Great, just what we need!

[sinij]

Disagree. No cost is too high for protecting our freedoms.

Re:Great, just what we need!

[JoeMerchant]

This is actually a method that a (partially) top-secret government installation used back in the 1980s. They have a huge campus, with network covering all of it, but they run really small packet size and keep a healthy quantity of random BS traversing the network at all times, so even before any interceptor can start working on the top-secret encryption, they've got to sort all the chaff packets. Also helps when the academic types get careless with secret info and forget to use the encryption layer, still bloody well impossible to sift the 0.001% interesting traffic out of the garbage when packets are flying around with 1 byte payloads.

Re:

[KGIII]

We need something like this, something P2P, that sends out garbage data to be picked up by tracking networks. Poisoning the well, so to speak.

Re:

[Visarga]

I thought about this. How can we send a fragment of a file from node A to B without implicating node B. Both as an uploader or downloader, a rouge MPAA node could implicate the other party. Installing intermediary nodes would only implicate the intermediaries.

How can we anonymize the data itself? If we use a third node, C, to organize A and B, it could store data in encrypted fragments on various nodes and put the keys on different nodes, then instruct a downloader from where to get all the pieces. That

Re:

[KGIII]

rogue*

I like where you're going with it but it also has to be filled with random data and there'd need to be enough exit nodes, across the world ideally, to simply enable one to not just sort-of multicast their traffic but to serve others and to serve the garbage data. Yes, there would be increased latency but as much of it is just sending out spoofed traffic and forwarding/receiving requests on behalf of others then it might not be too bad?

The idea that I'm thinking of isn't just to enable people to pirate

Re: Great, just what we need!

[Anonymous Coward]

Someone came up with a BitTorrent client mixed with a TOR alternative (which only serves that client). Didn't catch on yet but the idea was everyone was forced to act as a 'TOR' node if they were running the client, and all traffic was encrypted such that each node knows where it came from and where it's going (both other nodes in the network) but they don't know if those are the final addresses or just other hops, and it's encrypted so they don't know what it contains.

It sounds like this would run somewhat

Re:Great, just what we need!

[Anonymous Coward]

We need something like this, something P2P, that sends out garbage data

We have this already, it's called APK.

Re:

[ledow]

Ah, you mean "defeated by any trivial filter".

Security through obscurity (which is what this is) is doomed to fail. It *can* work, for short periods, when it's unexpected, when people aren't really looking (how many people just have a "secret URL" on their blog to get into the admin interface so that it's not publicly visible - doesn't stop people finding it), etc.

But anything like this? Pointless. And one academic getting careless with encryption even once would likely see them sacked in such a place.

It

Re:

[Anonymous Coward]

Not true. I can beat any filter you can come up with.

I send constant packets that are 1024 in size and contain random data that is encrypted. once in a while a real message packet that is padded with random data and encrypted is sent along.

you can not detect any difference between the fake and the real packets because I made sure the real packets look like fake packets. works great and got me an A+ in advanced CS security class, I got it past the NSA ex spook teaching us. Bet him my grade that I could g

Re:

[JoeMerchant]

See also: Steganography: http://mangocats.com/stegamail... [mangocats.com] (and many others)

Re:

[maugle]

I assume the receiver would attempt to decrypt every package and simply throw out any failures.

Re:

[sinij]

This is good concept when you don't have computing power to use strong symmetric encryption. Like back in 80s. Or with 90s export-grade crypto.

Today this is largely irrelevant. Your smart fridge is capable of AES256 and there is no feasible way to brute force through that. This is not where cryptography fails and not how it is usually attacked.

Because modern symmetric cryptography is so strong, nobody attempts to attack it directly. Instead, it is always side-stepped. You attack key negotiation and ext

Re:

[JoeMerchant]

In the 1980s it worked well enough, based on the premise that you'd need a hell of a network traffic processor to sort out all the crap, and unobtrusive portable PCs just weren't up to the task, back then. At least, that's what the network security officer was shining me on with during my interview - I nodded politely, having already decided that the place was too full of lies, contradictions, and sources of radiation for me.

Re:Great, just what we need!

[Anonymous Coward]

Back in the early 1990s, when designing a secure network, on the physical side, the guide was to place the cables in conduit that would be positively pressurized, and if the pressure went down in the pipe, all cables would be cut. The mechanism that swung the axe was very sensitive, just to keep someone from attaching something to the pipe, pressurizing the attachment, then cutting in under pressure. The pressure varied as well randomly, so if someone cut in at the wrong pressure, it would also trigger the "cut all links" circuit.

The same book also stated exactly as the parent -- you had encrypted traffic flowing on the network at all times. Of course, this book was dated -- they preferred ring topologies (ATM... and no, not the teller machine... the network with 53 byte packets) because all the machines on there could cough up a random packet and nobody would be the wiser. With switches, it becomes a bit more tricky to have encryption as noise without making the links unusable due to congestion.

The ironic thing -- this was a book pitched for basic security for the enterprise, when businesses actually really cared about security.

Re:

[EmeraldBot]

> This is actually a method that a (partially) top-secret government installation used back in the 1980s.

Yeah right. Cool story. Now where is the proof?

Oh yeah, "partially top-secret."

Proof that you, Mr. Anon, have no experience with governmental projects. It's rather common to have compartmented access, and for the project to have different parts in varying degrees of secrecy. He doesn't need proof, it's an anecdote, and you're perfectly welcome to throw it away.

But, this sounds like... Emm... A security technique I could... easily forsee such a place using. It's certainly a good one, if rather stressful on your data lines...

Re:Great, just what we need!

[alvinrod]

Which the government could easily spare us of needing if they'd only quit illegally spying on their citizens.

Re:

[leftover]

You fail high-school civics.

Re:

[Opportunist]

That depends entirely on whether there is some supreme set of rules your government MUST heed. Most civilized countries that are not run by a group of nepotists got something like that. Hell, even those Arabian theocracies have something like that (in their holy book).

Re:

[Impy the Impiuos Imp]

Multibillion-dollar installations crammed with more processing power than a Google data center disagree with you. They don't have buffoons hired to deal with it. These are the people believed to have inserted vulnerable keys into the earlier standards.

Re:

[Impy the Impiuos Imp]

Do they need the full Netflix future bandwidth where every house is watching 5 4k streams? Just to hide text messages and sma files?

Re:

[MitchDev]

No what is a waste is that something like this is even needed. But the government has forgotten it is supposed to fear the citizens, not the other way around...

Not TOR replacement...

[wbr1]

This is potentially good for an obfuscated messaging service, not an encrypted internet proxy for all traffic.

Re:

[U2xhc2hkb3QgU3Vja3M]

The effectiveness will depend on the dummy data being sent. If they use sentences like "The chicken is in the coop", it might be easy to filter out.

Re:

[SuricouRaven]

If they really need something that can't be easily identified as fake, I'm sure they can use markov chains are an important part of any consideration when the weather has started to darken.

Re:

[aaaaaaargh!]

That should be easy to defeat even with fairly shallow parsing methods, and even easier with semantic techniques.

Re:

[shellster_dude]

The article, though not as clear as it maybe should have been, clearly states that all traffic is encrypted using asymmetric encryption between the users, and I would also infer from the setup, further encrypted between the end-user and the server (it mentions that all users know each other public keys as well as the service's public key, thus implying asymmetric encryption). Therefore, the fake traffic need not be particularly realistic, as long as the overall length of the unencrypted traffic somewhat r

Re:

[MitchDev]

Does it look encrypted?

Re:

[JoeMerchant]

This is potentially good for an obfuscated messaging service, not an encrypted internet proxy for all traffic.

Kind of how I feel about bitcoin...

"Even with more than 50%..."

[Anonymous Coward]

I wonder what % of Tor servers are compromised. I abandoned Tor when I realised it didn't mix in junk traffic like this, as traffic analysis through compromised nodes/routers is such an obvious vulnerability that it seems to render Tor worthless.

Re:

[KGIII]

Tor has always been subject to snooping if you leave the Tor network. So long as you remain on the .onion network it is assumed that it is still safe.

Virtual Camouflage

[Anonymous Coward]

I was talking to my Google-employee brother the other day and voicing my prediction that 'virtual camouflage' would become a defense against data mining and spying, similar to as described in the article. He thought the idea was ridiculous, and even if it were to come to pass, would be defeated by statistical means. Regardless, secure p2p communication is an arms race, and the virtual environment closely resembles nature in unexpected ways.

Re:

[Lumpy]

His prediction is horribly out of date, This technique has been in use for decades.

No thanks.

[drunk_punk]

MIT was once the number one non-profit Department of Defence contractor in the nation. Don't know how much funding they get these days but it certainly seems as though this solution is provided to you by and for the U.S. Government.

Re: No thanks.

[Anonymous Coward]

Stop spreading suspicion and if the system can fail show how.

Re:No thanks.

[KGIII]

Disclosure: MIT is my alma mater and I am biased. I have also served in the military and I have worked with DoD as a civilian.

Now, some folks here are aware that I dealt with traffic modeling. Some of *my* research was paid for by the Department of Defense. (You'd be kind of silly to not understand the value of improving traffic throughput in a crisis. There are also benefits to optimized traffic in and on military facilities, both vehicular and pedestrian)

I can not speak for this department nor for this research. I can, however, say that the DoD had absolutely no influence on my research. No, not one little bit. They wanted regular reports to see that they were getting a bit of work for their money. They did not control, direct, or hinder the research in any way other than the funding. They never exerted any control, never stopped me from publishing, nor did they come in and spy on the project.

I can't say what has happened here but, honestly, I think you're drunk. How would the DoD benefit from this? Given that it is MIT, I'm quite sure you can see the source. Rather than speculate, give us a good reason to believe you other than a "hunch" or similar.

Re:

[drunk_punk]

I think what I was trying to get at is large Universities are closely tied with various government entities through grant funding and if one of those Universities, say, figures out how to compromise Tor *cough*Carnegie Melon*cough* or any other piece of tech it's reasonable to assume that ANY entity in any branch of government could "request" that information.

I'm not saying they influence research. I'm saying that it's reasonable to assume they are fully briefed on it. Including, but not limited to, how

Re:

[KGIII]

Well, if they paid for the research or even helped to fund it then they've a right to the results of that research so yeah? If there are any flaws then they'd be privy to them, as would anyone else with access to the research. Knowing MIT? They'll want more "funding" if they want to get the flaws researched. Those guys are always, and I mean always, wanting me to give them more money.

Re:

[KGIII]

That was in use as well. It really depends on what the traffic is being optimized for. Sometimes the shortest distance is not the quickest route nor is it always the most efficient route. There are other issues like throughput and capacity. We eventually expanded to do pedestrian traffic modeling which was quite different and meant a whole lot of new learning and research. It's akin to modeling chaos, we humans aren't entirely predictable.

Re:

[KGIII]

That we do... My Ph.D is in Applied Mathematics and I truly stood on the shoulders of giants. There were many, many brilliant people not just before me but, by grace of luck, around me. Traffic is a fickle thing, we humans aren't that bright. One of the reasons I am skeptical about the speed with which we'll get fully autonomous vehicles is because of my familiarity with traffic. There are many things that people do not consider, the biggest one of which is privacy.

However, 'tis late and I've not slept much

Re:

[KGIII]

You are correct. I think. And you might be?

Anathem

[nullchar]

This is just like in Neal Stephenson's novel Anathem. Except when the system became fragile, the noise was mixed with the signal so most communications became worthless.

What is happening at MIT?

[Anonymous Coward]

Any bozo could write random garbage and waste bandwidth. Write something that can split encrypted data at the client through multiple nodes and recombine encrypted packets at the server. And make it an IP level protocol! Idiots!

and..

[Anonymous Coward]

i wash my hands with a firehose

Vuvuzela

[Megahard]

So they're just tooting their own horn.

DoS attack

[neghvar1]

If this is designed to flood a network with junk data to conceal the relevant data, could this be interpreted as a form of a denial of service attack if it decreases network performance?

Speak softly and carry a big stick.

[leftover]

I see this as the proverbial "big stick" to push back against the conglomeration of TLAs and communication oligarchies.
"You don't want strong encryption? Then we will do this!"

steganography

[NostalgiaForInfinity]

Generating random message traffic to thwart message analysis and hide true communications is an old trick. It's really a form of steganography, just not a very efficient one. By participating in one of these networks, you draw suspicion.

People who really want to communicate clandestinely probably just use public forums and image sharing sites as digital dead drops for steganographically hidden messages. There are many steganograhic systems for a medium of your choice, many of them even auditable and open so

Alternate solution.

[fahrbot-bot]

Just get Netflix, Amazon, Hulu, etc... to stand up Tor exit nodes. Chum the pipeline with things like Gigli and The Last Airbender and let the NSA filter through all that. Maybe they'll just kill themselves - I know I would.

Re:

[Bing Tsher E]

Netflix, Amazon, and Hulu are owned and controlled by The Man.

Though Bezos does seem more like an OTO initiate than a mainstream fucker.

Re:

[pepsikid]

I agree. It would be better to disguise your data as normal traffic!

Bittorrent might be an ideal choice, since we've seen evidence that the sp00ks discard that traffic wholesale. You'd set up a legit bittorrent repository with a few thousand popular files, on a server which publicly appears to enforce a strict up/download ratio, which would help explain why so many clients stayed connected for long times downloading small chunks. Your own client would essentially join a cloud of encrypted proxies and con

Really new ?!?

[ctrl-alt-canc]

> pollutes the network with dummy data
probably not so different from internet as we know it, isn't it ?!?

Re:

[Big Hairy Ian]

Sounds like a modern day political debate to me (Congress/Senate/Houses of Parliament)

It's "whom"

[stevegee58]

Who's talking to *whom*.

Re:

[cant_get_a_good_nick]

I came here to post this.

I also want to change that 70's song to "Whom do you love". Just sayin.

The Name

[eumoria]

It's a perfect name for it, regardless if it works. Tells you exactly what it does... "WHAT??? WHAT?!?!?! FUCKING VUVUZELAS!!!" https://www.youtube.com/watch?... [youtube.com]

source code

[Anonymous Coward]

Source code available here: https://github.com/davidlazar/... [github.com]

Entropy source

[manu0601]

That system seems to require a lot of random data. What is the plan to gave good enough entropy sources so that it is not broken by being predictable?