UPDATED 14:21 EDT / DECEMBER 14 2015

NEWS

MIT researchers develop Vuvuzela privacy network to guarantee untraceable communication

Researchers at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a prototype privacy network to rival Tor, an anonymizing network that uses special routing to protect privacy, and named it after one of the most annoying musical instruments in the world. Vuvuzela is a private communication network in a similar category to Tor, I2P and HORNET, but instead of just encrypting and hiding the delivery of messages, it includes a blaring atmosphere of noisy spam to help hide legitimate conversation.

For any reader who has attempted to hold a conversation in a noisy night club or at a rock concert the concept should be reasonably clear. It’s hard enough to hear the person speaking that overhearing (even overtly) other conversations becomes a difficult task.

The Vuvuzela system uses a constant random pattern of “noise” to confuse and misdirect would-be attackers from determining not only what messages are being sent, but also makes it difficult to determine who is speaking to whom. It does this by routing traffic between a multitude of interconnected servers (in a Tor-like fashion) but by also having every client and server send messages constantly to one another with dummy data that looks like actual communication.

The whitepaper describing the system designed by MIT researchers Jelle van den Hoof, David Lazar, Matei Zaharia and Nickolai Zeldovich is available online [PDF].

mit-vuvuzela-figure-1

When everyone is talking all at once on the Vuvuzela network, it’s difficult to tell who is sending messages to whom.

It’s really loud in here, but messages still find their way to their recipients

When a message is sent the server network notifies the recipient that one is available for them. The client then rolls through the network to retrieve the message, as it does so the client touches a random number of servers along the way, and each server sends out a dummy message to other servers on the network.

All of these noise generated whenever a message is sent or received means that an attacker must wade through a sea of blaring dummy communication in order to identify the message. It also works to help hide the sender and the receiver amidst the cacophony of fake communication.

According to the researchers, the model also allows the network to scale with the number of clients. The more people connected, the “louder” it gets because the total number of messages scales to fit the number of messengers. Further, to continue to conceal message sending, the system keeps up a constant rock concert level of fake messages so that attackers cannot easily determine if any one client is communicating at all.

The system is designed such that even if half of the servers were compromised that any given attacker would still not be able to gather enough data to see the legitimate communication easily.

A similar system was portrayed in Cory Doctorow’s book Little Brother involving a Security-Enhanced Linux (SELinux) installation that allowed for anonymized web browsing by adding “noise” during sessions. The browser would automatically start doing random, direct web searches and prowls of web pages while the user surfed on their own. This added a great deal of bandwidth but it effectively worked to camouflage the personal web surfing under fake, but human-looking, web traffic.

The system is slow, but that’s the price of privacy

To test the system, the researchers ran a prototype Vuvuzela system on Amazon’s EC2 cloud network with one million simulated users. At that scale, the system achieved a throughput of 15,000 messages per second but it had a latency of 44 seconds.

For the usual text message conversation on a phone waiting almost two minutes for a reply may be a little frustrating (even given the vast gap in typing speed between different people) it’s not that big of a burden. When it comes to protecting privacy everything adds extra latency from encryption, Virtual Private Networking (VPN), using Tor, etc.

In order to keep the communication safe from prying eyes the researchers had to add the equivalent of 300,000 users worth of fake traffic (or about half the traffic).

In an era where storage is relatively cheap and Big Data analysis will be wielded against anonymization networks, a system like Vuvuzela may need further testing to see if it’s camouflage efforts can fool attackers using machine learning. Such a system would likely dissuade any but organizations with immense amounts of resources and even then it does so by wasting a huge amount of that organization’s time.

Featured photo credit: Ready and Waiting via photopin (license)

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU