Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Creates Tor Alternative That Floods Networks With Fake Data (softpedia.com)

Posted by timothy on from the can't-we-just-use-trolls? dept.

An anonymous reader writes with word that MIT researchers "created an alternative to Tor, a network messaging system called Vuvuzela that pollutes the network with dummy data so the NSA won't know who's talking to who." Initial tests show the systems overhead adding a 44-second delay, but the network can work fine and preserve anonymity even it has more than 50% of servers compromised.

58 of 115 comments (clear)

  1. Great, just what we need! by U2xhc2hkb3QgU3Vja3M · · Score: 4, Insightful

    More wasted bandwidth!

    1. Re:Great, just what we need! by sinij · · Score: 5, Insightful

      Disagree. No cost is too high for protecting our freedoms.

    2. Re:Great, just what we need! by alvinrod · · Score: 3, Insightful

      Which the government could easily spare us of needing if they'd only quit illegally spying on their citizens.

    3. Re:Great, just what we need! by JoeMerchant · · Score: 4, Interesting

      This is actually a method that a (partially) top-secret government installation used back in the 1980s. They have a huge campus, with network covering all of it, but they run really small packet size and keep a healthy quantity of random BS traversing the network at all times, so even before any interceptor can start working on the top-secret encryption, they've got to sort all the chaff packets. Also helps when the academic types get careless with secret info and forget to use the encryption layer, still bloody well impossible to sift the 0.001% interesting traffic out of the garbage when packets are flying around with 1 byte payloads.

    4. Re:Great, just what we need! by KGIII · · Score: 1

      We need something like this, something P2P, that sends out garbage data to be picked up by tracking networks. Poisoning the well, so to speak.

      --
      "So long and thanks for all the fish."
    5. Re:Great, just what we need! by leftover · · Score: 2

      You fail high-school civics.

      --
      Bent, folded, spindled, and mutilated.
    6. Re:Great, just what we need! by EmeraldBot · · Score: 2

      > This is actually a method that a (partially) top-secret government installation used back in the 1980s.

      Yeah right. Cool story. Now where is the proof?

      Oh yeah, "partially top-secret."

      Proof that you, Mr. Anon, have no experience with governmental projects. It's rather common to have compartmented access, and for the project to have different parts in varying degrees of secrecy. He doesn't need proof, it's an anecdote, and you're perfectly welcome to throw it away.

      But, this sounds like... Emm... A security technique I could... easily forsee such a place using. It's certainly a good one, if rather stressful on your data lines...

      --
      "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    7. Re:Great, just what we need! by ledow · · Score: 2

      Ah, you mean "defeated by any trivial filter".

      Security through obscurity (which is what this is) is doomed to fail. It *can* work, for short periods, when it's unexpected, when people aren't really looking (how many people just have a "secret URL" on their blog to get into the admin interface so that it's not publicly visible - doesn't stop people finding it), etc.

      But anything like this? Pointless. And one academic getting careless with encryption even once would likely see them sacked in such a place.

      It's not at all hard with a brief packet capture to find some common element or even trace a particular conversation of interest in - quite literally - seconds. Hell, I run a small commercial network and we transfer Terabytes over it every single day. Just that sheer volume is more obfuscation than anything else. Have you seen how long it takes to store those kinds of packet captures and apply filters when you're talking dozens of terabytes of data? Nothing to do with crafting them, that's a Wireshark tutorial and ten minutes. But actually applying them needs a lot of data filtering.

      But, still, I call bullshit. They're just playing at it if they are really doing that for that purpose. It would be the work of a moment to immediately alert someone and discard any unencrypted packets on such a network. Generating costly fake traffic that gets in your way, slows things down, and could bollocks up your own data investigations? Pointless.

    8. Re:Great, just what we need! by Opportunist · · Score: 1

      That depends entirely on whether there is some supreme set of rules your government MUST heed. Most civilized countries that are not run by a group of nepotists got something like that. Hell, even those Arabian theocracies have something like that (in their holy book).

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    9. Re:Great, just what we need! by Anonymous Coward · · Score: 4, Interesting

      Back in the early 1990s, when designing a secure network, on the physical side, the guide was to place the cables in conduit that would be positively pressurized, and if the pressure went down in the pipe, all cables would be cut. The mechanism that swung the axe was very sensitive, just to keep someone from attaching something to the pipe, pressurizing the attachment, then cutting in under pressure. The pressure varied as well randomly, so if someone cut in at the wrong pressure, it would also trigger the "cut all links" circuit.

      The same book also stated exactly as the parent -- you had encrypted traffic flowing on the network at all times. Of course, this book was dated -- they preferred ring topologies (ATM... and no, not the teller machine... the network with 53 byte packets) because all the machines on there could cough up a random packet and nobody would be the wiser. With switches, it becomes a bit more tricky to have encryption as noise without making the links unusable due to congestion.

      The ironic thing -- this was a book pitched for basic security for the enterprise, when businesses actually really cared about security.

    10. Re:Great, just what we need! by Anonymous Coward · · Score: 1

      Not true. I can beat any filter you can come up with.

      I send constant packets that are 1024 in size and contain random data that is encrypted. once in a while a real message packet that is padded with random data and encrypted is sent along.

      you can not detect any difference between the fake and the real packets because I made sure the real packets look like fake packets. works great and got me an A+ in advanced CS security class, I got it past the NSA ex spook teaching us. Bet him my grade that I could get data past him no matter WHAT he used. and I was successful enough that he introduced me to a few people.

    11. Re:Great, just what we need! by Visarga · · Score: 2

      I thought about this. How can we send a fragment of a file from node A to B without implicating node B. Both as an uploader or downloader, a rouge MPAA node could implicate the other party. Installing intermediary nodes would only implicate the intermediaries.

      How can we anonymize the data itself? If we use a third node, C, to organize A and B, it could store data in encrypted fragments on various nodes and put the keys on different nodes, then instruct a downloader from where to get all the pieces. That way no node is choosing what to seed, they would just download a number of encrypted packets they know nothing about and serve them on demand.

      But the downloader could still tell where it got its data from. So we need to make it such that unrelated fragments are also included in the decoding process to create confusion. That way, it would be hard to know which fragments are really from the desired file and which are just extra fragments that are there just for show. It could be made in such a way that all the data the node has stored (including those anonymous encrypted fragments) are included in the decoding process in a way. So now the downloader can only assume that all the network is to blame or no-one is more blameworthy than anyone else. Of course the network should carry enough legal content to make it legit, otherwise it could be blamed as a whole.

      Well, I am sure people smarter than me have already thought of how to do anonymously do P2P.

    12. Re:Great, just what we need! by KGIII · · Score: 1

      rogue*

      I like where you're going with it but it also has to be filled with random data and there'd need to be enough exit nodes, across the world ideally, to simply enable one to not just sort-of multicast their traffic but to serve others and to serve the garbage data. Yes, there would be increased latency but as much of it is just sending out spoofed traffic and forwarding/receiving requests on behalf of others then it might not be too bad?

      The idea that I'm thinking of isn't just to enable people to pirate stuff but to make it so that the data collected by tracking companies is worthless. The two can go hand-in-hand nicely, I suspect.

      A long time ago, and I mean ages ago, I had an application that enabled me to use not just proxies but it had a round-robin proxy setting where not just one proxy would be used but individual requests would be sent through different proxies and, somehow, this was reassembled programmatically on my end via the application. Some Ghost Proxy application or something like that - maybe 10-15 years ago.

      So, just a single page loading would be multiple HTTP requests and those would all got through different routes so that it was damned near impossible to tell where I was coming from. I'm thinking of something like that but, at the same time, sending out scads of junk data at the same time. So that it's not just routing everything out through multiple nodes but it's routing out a bunch of junk. This should make tracking all-but-useless assuming people block tracking scripts, tracking cookies, beacons, and things of that nature. They'd still be able to weed out some useful metrics but it'd be difficult.

      That's kind of what I'm thinking and it would, quite probably, increase privacy and security with regards to thwarting the MPAA/RIAA. It might also have some value in poisoning the data well that the Three Letter Agencies have been scooping up. I'm sure the powers that be will frown on such a thing because it might be used for evil but, frankly, I'm okay with that.

      --
      "So long and thanks for all the fish."
    13. Re:Great, just what we need! by Anonymous Coward · · Score: 5, Funny

      We need something like this, something P2P, that sends out garbage data

      We have this already, it's called APK.

    14. Re:Great, just what we need! by MitchDev · · Score: 1

      No what is a waste is that something like this is even needed. But the government has forgotten it is supposed to fear the citizens, not the other way around...

    15. Re: Great, just what we need! by Anonymous Coward · · Score: 1

      Someone came up with a BitTorrent client mixed with a TOR alternative (which only serves that client). Didn't catch on yet but the idea was everyone was forced to act as a 'TOR' node if they were running the client, and all traffic was encrypted such that each node knows where it came from and where it's going (both other nodes in the network) but they don't know if those are the final addresses or just other hops, and it's encrypted so they don't know what it contains.

      It sounds like this would run somewhat seperately from regular BitTorrent, so they wouldn't need exit nodes (though it would need a significant following), of course it would use more bandwidth but if mpaa can't catch you it's probably worth it to most

    16. Re:Great, just what we need! by JoeMerchant · · Score: 1

      In the 1980s it worked well enough, based on the premise that you'd need a hell of a network traffic processor to sort out all the crap, and unobtrusive portable PCs just weren't up to the task, back then. At least, that's what the network security officer was shining me on with during my interview - I nodded politely, having already decided that the place was too full of lies, contradictions, and sources of radiation for me.

    17. Re:Great, just what we need! by JoeMerchant · · Score: 1

      See also: Steganography: http://mangocats.com/stegamail... (and many others)

    18. Re:Great, just what we need! by Impy+the+Impiuos+Imp · · Score: 1

      Multibillion-dollar installations crammed with more processing power than a Google data center disagree with you. They don't have buffoons hired to deal with it. These are the people believed to have inserted vulnerable keys into the earlier standards.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    19. Re:Great, just what we need! by Impy+the+Impiuos+Imp · · Score: 1

      Do they need the full Netflix future bandwidth where every house is watching 5 4k streams? Just to hide text messages and sma files?

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    20. Re: Great, just what we need! by maugle · · Score: 2

      I assume the receiver would attempt to decrypt every package and simply throw out any failures.

    21. Re:Great, just what we need! by sinij · · Score: 1

      This is good concept when you don't have computing power to use strong symmetric encryption. Like back in 80s. Or with 90s export-grade crypto.

      Today this is largely irrelevant. Your smart fridge is capable of AES256 and there is no feasible way to brute force through that. This is not where cryptography fails and not how it is usually attacked.

      Because modern symmetric cryptography is so strong, nobody attempts to attack it directly. Instead, it is always side-stepped. You attack key negotiation and extract symmetric keys. You degrade protocols so it is not used. You exploit violations of key assumptions (e.g. weak entropy). You exploit someone who has a key to act on your behalf. To summarize - you don't need to send junk if you use appropriately strong cryptography.

      Still, this is not what the original article is talking about. They are talking about flooding fake data to overwhelm spook's ability to collect and analyze any of it. If they have capacity to store 10GB/s of data and you are sending 20GB/s, then encrypted or not they only can only retain 50% of it. This is entirely different from the question of what can they do with it (e.g. metadata analysis) or if they can break the crypto (e.g. derive symmetric keys).

  2. Not TOR replacement... by wbr1 · · Score: 3, Insightful

    This is potentially good for an obfuscated messaging service, not an encrypted internet proxy for all traffic.

    --
    Silence is a state of mime.
    1. Re:Not TOR replacement... by U2xhc2hkb3QgU3Vja3M · · Score: 1

      The effectiveness will depend on the dummy data being sent. If they use sentences like "The chicken is in the coop", it might be easy to filter out.

    2. Re:Not TOR replacement... by SuricouRaven · · Score: 2

      If they really need something that can't be easily identified as fake, I'm sure they can use markov chains are an important part of any consideration when the weather has started to darken.

    3. Re:Not TOR replacement... by JoeMerchant · · Score: 1

      This is potentially good for an obfuscated messaging service, not an encrypted internet proxy for all traffic.

      Kind of how I feel about bitcoin...

    4. Re:Not TOR replacement... by aaaaaaargh! · · Score: 1

      That should be easy to defeat even with fairly shallow parsing methods, and even easier with semantic techniques.

    5. Re:Not TOR replacement... by shellster_dude · · Score: 1

      The article, though not as clear as it maybe should have been, clearly states that all traffic is encrypted using asymmetric encryption between the users, and I would also infer from the setup, further encrypted between the end-user and the server (it mentions that all users know each other public keys as well as the service's public key, thus implying asymmetric encryption). Therefore, the fake traffic need not be particularly realistic, as long as the overall length of the unencrypted traffic somewhat realistically mirrors normal conversations. After the multiple rounds of encryption, both a fake and a real message should be indistinguishable from random bits.

    6. Re:Not TOR replacement... by MitchDev · · Score: 1

      Does it look encrypted?

  3. "Even with more than 50%..." by Anonymous Coward · · Score: 2, Informative

    I wonder what % of Tor servers are compromised. I abandoned Tor when I realised it didn't mix in junk traffic like this, as traffic analysis through compromised nodes/routers is such an obvious vulnerability that it seems to render Tor worthless.

    1. Re:"Even with more than 50%..." by KGIII · · Score: 1

      Tor has always been subject to snooping if you leave the Tor network. So long as you remain on the .onion network it is assumed that it is still safe.

      --
      "So long and thanks for all the fish."
  4. Virtual Camouflage by Anonymous Coward · · Score: 1

    I was talking to my Google-employee brother the other day and voicing my prediction that 'virtual camouflage' would become a defense against data mining and spying, similar to as described in the article. He thought the idea was ridiculous, and even if it were to come to pass, would be defeated by statistical means. Regardless, secure p2p communication is an arms race, and the virtual environment closely resembles nature in unexpected ways.

    1. Re:Virtual Camouflage by Lumpy · · Score: 1

      His prediction is horribly out of date, This technique has been in use for decades.

      --
      Do not look at laser with remaining good eye.
  5. No thanks. by drunk_punk · · Score: 1

    MIT was once the number one non-profit Department of Defence contractor in the nation. Don't know how much funding they get these days but it certainly seems as though this solution is provided to you by and for the U.S. Government.

    1. Re: No thanks. by Anonymous Coward · · Score: 1, Insightful

      Stop spreading suspicion and if the system can fail show how.

    2. Re:No thanks. by KGIII · · Score: 4, Interesting

      Disclosure: MIT is my alma mater and I am biased. I have also served in the military and I have worked with DoD as a civilian.

      Now, some folks here are aware that I dealt with traffic modeling. Some of *my* research was paid for by the Department of Defense. (You'd be kind of silly to not understand the value of improving traffic throughput in a crisis. There are also benefits to optimized traffic in and on military facilities, both vehicular and pedestrian)

      I can not speak for this department nor for this research. I can, however, say that the DoD had absolutely no influence on my research. No, not one little bit. They wanted regular reports to see that they were getting a bit of work for their money. They did not control, direct, or hinder the research in any way other than the funding. They never exerted any control, never stopped me from publishing, nor did they come in and spy on the project.

      I can't say what has happened here but, honestly, I think you're drunk. How would the DoD benefit from this? Given that it is MIT, I'm quite sure you can see the source. Rather than speculate, give us a good reason to believe you other than a "hunch" or similar.

      --
      "So long and thanks for all the fish."
    3. Re:No thanks. by drunk_punk · · Score: 1

      I think what I was trying to get at is large Universities are closely tied with various government entities through grant funding and if one of those Universities, say, figures out how to compromise Tor *cough*Carnegie Melon*cough* or any other piece of tech it's reasonable to assume that ANY entity in any branch of government could "request" that information.

      I'm not saying they influence research. I'm saying that it's reasonable to assume they are fully briefed on it. Including, but not limited to, how to circumvent it.

      Not drunk.

      Yet.

    4. Re:No thanks. by KGIII · · Score: 1

      Well, if they paid for the research or even helped to fund it then they've a right to the results of that research so yeah? If there are any flaws then they'd be privy to them, as would anyone else with access to the research. Knowing MIT? They'll want more "funding" if they want to get the flaws researched. Those guys are always, and I mean always, wanting me to give them more money.

      --
      "So long and thanks for all the fish."
    5. Re:No thanks. by KGIII · · Score: 1

      You are correct. I think. And you might be?

      --
      "So long and thanks for all the fish."
  6. Anathem by nullchar · · Score: 1

    This is just like in Neal Stephenson's novel Anathem. Except when the system became fragile, the noise was mixed with the signal so most communications became worthless.

  7. What is happening at MIT? by Anonymous Coward · · Score: 2, Interesting

    Any bozo could write random garbage and waste bandwidth. Write something that can split encrypted data at the client through multiple nodes and recombine encrypted packets at the server. And make it an IP level protocol! Idiots!

  8. and.. by Anonymous Coward · · Score: 1

    i wash my hands with a firehose

  9. Vuvuzela by Megahard · · Score: 2

    So they're just tooting their own horn.

    --
    I eat only the real part of complex carbohydrates.
  10. DoS attack by neghvar1 · · Score: 1

    If this is designed to flood a network with junk data to conceal the relevant data, could this be interpreted as a form of a denial of service attack if it decreases network performance?

  11. Speak softly and carry a big stick. by leftover · · Score: 2

    I see this as the proverbial "big stick" to push back against the conglomeration of TLAs and communication oligarchies.
    "You don't want strong encryption? Then we will do this!"

    --
    Bent, folded, spindled, and mutilated.
  12. steganography by NostalgiaForInfinity · · Score: 1

    Generating random message traffic to thwart message analysis and hide true communications is an old trick. It's really a form of steganography, just not a very efficient one. By participating in one of these networks, you draw suspicion.

    People who really want to communicate clandestinely probably just use public forums and image sharing sites as digital dead drops for steganographically hidden messages. There are many steganograhic systems for a medium of your choice, many of them even auditable and open source.

  13. Alternate solution. by fahrbot-bot · · Score: 4, Insightful

    Just get Netflix, Amazon, Hulu, etc... to stand up Tor exit nodes. Chum the pipeline with things like Gigli and The Last Airbender and let the NSA filter through all that. Maybe they'll just kill themselves - I know I would.

    --
    It must have been something you assimilated. . . .
    1. Re:Alternate solution. by Bing+Tsher+E · · Score: 1

      Netflix, Amazon, and Hulu are owned and controlled by The Man.

      Though Bezos does seem more like an OTO initiate than a mainstream fucker.

  14. Really new ?!? by ctrl-alt-canc · · Score: 4, Funny

    > pollutes the network with dummy data
    probably not so different from internet as we know it, isn't it ?!?

    1. Re:Really new ?!? by Big+Hairy+Ian · · Score: 1

      Sounds like a modern day political debate to me (Congress/Senate/Houses of Parliament)

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  15. It's "whom" by stevegee58 · · Score: 1

    Who's talking to *whom*.

    1. Re:It's "whom" by cant_get_a_good_nick · · Score: 1

      I came here to post this.

      I also want to change that 70's song to "Whom do you love". Just sayin.

  16. Re:Wasted bandwidth by pepsikid · · Score: 1

    I agree. It would be better to disguise your data as normal traffic!

    Bittorrent might be an ideal choice, since we've seen evidence that the sp00ks discard that traffic wholesale. You'd set up a legit bittorrent repository with a few thousand popular files, on a server which publicly appears to enforce a strict up/download ratio, which would help explain why so many clients stayed connected for long times downloading small chunks. Your own client would essentially join a cloud of encrypted proxies and contribute relay services.

    Other good choices would be disguising traffic as https browsing blogs, forums and decentralized social networks. Your obfuscation server would be like a plugin to these kinds of legitimate public servers. It would look just like people were just catching up on news and posts. The higher the traffic the site has, the better. Occasionally, we might see major websites get hacked to include the obfuscation feature for a few days here and there. Sp00ks will have to log all https traffic to and from cnn, yahoo, google, microsoft, lolz!

    Since sp00ks count bytes to determine what page you're looking at, even when using https, the obfuscation server could pad the packets to simulate a walk through various actual threads or web pages it hosts.

  17. The Name by eumoria · · Score: 2

    It's a perfect name for it, regardless if it works. Tells you exactly what it does... "WHAT??? WHAT?!?!?! FUCKING VUVUZELAS!!!" https://www.youtube.com/watch?...

  18. Re:Let me guess: Shortest path algorithm work by KGIII · · Score: 1

    That was in use as well. It really depends on what the traffic is being optimized for. Sometimes the shortest distance is not the quickest route nor is it always the most efficient route. There are other issues like throughput and capacity. We eventually expanded to do pedestrian traffic modeling which was quite different and meant a whole lot of new learning and research. It's akin to modeling chaos, we humans aren't entirely predictable.

    --
    "So long and thanks for all the fish."
  19. Re:Yup, thought so... apk by KGIII · · Score: 1

    That we do... My Ph.D is in Applied Mathematics and I truly stood on the shoulders of giants. There were many, many brilliant people not just before me but, by grace of luck, around me. Traffic is a fickle thing, we humans aren't that bright. One of the reasons I am skeptical about the speed with which we'll get fully autonomous vehicles is because of my familiarity with traffic. There are many things that people do not consider, the biggest one of which is privacy.

    However, 'tis late and I've not slept much. I'm working on a project (a bet with a friend) so I've been busy coding a site and, probably, will work on that some more. Otherwise, it's me... I'd be happy to type a novella concerning traffic modeling but I've typed them all before and can think of nothing new to add. Not all traffic engineering is done with the goal of increasing efficiency or throughput. If you look into pedestrian traffic, specifically in areas such as retail environments, the goal is to direct, pace, and keep it orderly.

    Even with vehicular traffic, there's a lot of psychology that goes into it. There are so many elements, so many variables... It'd take, well, a life's work to describe it in detail. I did have, at one time, the absolute greatest traffic sim game on the planet (I'm biased) but it did lack much in the way of graphics. Well, it had graphics later but it sure didn't start that way. I can't even begin to imagine the compute cycles that we'd have needed in order to add graphics back then. By the late 1990s we had disk arrays that enabled us to work with data sets that were nearing the 1 TB mark. There's a whole lot of fun involved. ;-)

    --
    "So long and thanks for all the fish."
  20. source code by Anonymous Coward · · Score: 1

    Source code available here: https://github.com/davidlazar/...

  21. Entropy source by manu0601 · · Score: 1

    That system seems to require a lot of random data. What is the plan to gave good enough entropy sources so that it is not broken by being predictable?