MIT Creates Tor Alternative That Floods Networks With Fake Data

An anonymous reader writes with word that MIT researchers "created an alternative to Tor, a network messaging system called Vuvuzela that pollutes the network with dummy data so the NSA won't know who's talking to who." Initial tests show the systems overhead adding a 44-second delay, but the network can work fine and preserve anonymity even it has more than 50% of servers compromised.

What is happening at MIT?

Any bozo could write random garbage and waste bandwidth. Write something that can split encrypted data at the client through multiple nodes and recombine encrypted packets at the server. And make it an IP level protocol! Idiots!

Re:Great, just what we need!

[JoeMerchant]

This is actually a method that a (partially) top-secret government installation used back in the 1980s. They have a huge campus, with network covering all of it, but they run really small packet size and keep a healthy quantity of random BS traversing the network at all times, so even before any interceptor can start working on the top-secret encryption, they've got to sort all the chaff packets. Also helps when the academic types get careless with secret info and forget to use the encryption layer, still bloody well impossible to sift the 0.001% interesting traffic out of the garbage when packets are flying around with 1 byte payloads.

Re:No thanks.

[KGIII]

Disclosure: MIT is my alma mater and I am biased. I have also served in the military and I have worked with DoD as a civilian.

Now, some folks here are aware that I dealt with traffic modeling. Some of *my* research was paid for by the Department of Defense. (You'd be kind of silly to not understand the value of improving traffic throughput in a crisis. There are also benefits to optimized traffic in and on military facilities, both vehicular and pedestrian)

I can not speak for this department nor for this research. I can, however, say that the DoD had absolutely no influence on my research. No, not one little bit. They wanted regular reports to see that they were getting a bit of work for their money. They did not control, direct, or hinder the research in any way other than the funding. They never exerted any control, never stopped me from publishing, nor did they come in and spy on the project.

I can't say what has happened here but, honestly, I think you're drunk. How would the DoD benefit from this? Given that it is MIT, I'm quite sure you can see the source. Rather than speculate, give us a good reason to believe you other than a "hunch" or similar.

Re:Great, just what we need!

Back in the early 1990s, when designing a secure network, on the physical side, the guide was to place the cables in conduit that would be positively pressurized, and if the pressure went down in the pipe, all cables would be cut. The mechanism that swung the axe was very sensitive, just to keep someone from attaching something to the pipe, pressurizing the attachment, then cutting in under pressure. The pressure varied as well randomly, so if someone cut in at the wrong pressure, it would also trigger the "cut all links" circuit.

The same book also stated exactly as the parent -- you had encrypted traffic flowing on the network at all times. Of course, this book was dated -- they preferred ring topologies (ATM... and no, not the teller machine... the network with 53 byte packets) because all the machines on there could cough up a random packet and nobody would be the wiser. With switches, it becomes a bit more tricky to have encryption as noise without making the links unusable due to congestion.

The ironic thing -- this was a book pitched for basic security for the enterprise, when businesses actually really cared about security.