Riffle is Tors spiritual successor for next-gen anonymous networks

(Image Credit: iStockPhoto/ksushachmeister)

A spiritual successor of Tor called ‘Riffle’ has been developed by MIT and the École Polytechnique Fédérale de Lausanne in Switzerland. Riffle uses a similar ‘onion’ style encryption system as Tor which protects information with layers of encryption as it journeys through a dedicated anonymising network to disguise the route it has taken. 

Tor used to be known as one of the most secure methods of exchanging information, but after the FBI infiltrated the network to collect evidence against Silk Road creator Ross Ulbricht it has come under question as to whether it’s as secure as some people think. 

Researchers at Carnegie Mellon University discovered a method of deanonymising sections of a Tor network by using a series of infected ‘nodes’ which reveals network users. It’s reported the researchers were awarded $1m for their efforts by the FBI so it’s likely this is at least part of how the agency infiltrated Tor and compiled evidence against Ulbricht. 

“The initial use case that we thought of was to do anonymous file-sharing, where the receiving end and sending end don’t know each other,” says Albert Kwon, a graduate student in electrical engineering and computer science and first author on the new paper. “The reason is that things like honeypotting” — in which spies offer services through an anonymity network in order to entrap its users — “are a real issue. But we also studied applications in microblogging, something like Twitter, where you want to anonymously broadcast your messages to everyone.” 

Riffle has been designed to prevent the method of infiltration used against Tor by implementing anti-tamper mechanisms to each node which can mathematically prove data passing through hasn’t been altered. This is achieved by Riffle clients sending the initial message to all servers in the mixnet – using a technique called ‘verifiable shuffle’ to create valid manipulations  in the mesh simultaneously. 

“When you use standard encryption on the Internet, you use an expensive public-key crypto system to encrypt a short key, and then you use symmetric-key techniques to encrypt your longer message,” said Jonathan Katz, Director of the Maryland Cybersecurity Center and Professor of Computer Science at the University of Maryland. “But it’s novel in the context of these mixnets. They’ve been around for 20, 25 years and nobody has had this insight until now. In the standard context of encryption, you have the honest sender and the honest receiver, and they’re defending against an external malicious attacker. Here, you need stronger properties. The issue is the server that’s doing the shuffling might themselves be malicious, so you need a way to ensure that even a malicious server can’t shuffle incorrectly.” 

If a node detects a compromised message to any of the others in the mesh then Riffle can protect its users before they’re unmasked. Riffle uses a technique called ‘authentication encryption’ to keep computational requirements down when verifying the authenticity of an encrypted message. 

Authentication encryption is more efficient to execute than the verifiable shuffle, but it requires the sender and the receiver to share a private cryptographic key. Riffle uses the verifiable shuffle only to establish secure connections that let each user and each mixnet server agree upon a key; then it uses authentication encryption for the remainder of the communication session. 

Riffle will be revealed at next week’s Privacy Enhancing Technologies Symposium in Germany.

What are your thoughts on Riffle for anonymising internet traffic? Let us know in the comments.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *