EOH’s Social and Ethics Committee Chair Resigns With Immediate Effect

Anushka Bogdanov, the lead independent non-executive director of EOH and chairperson of the Social and Ethics Committee, has resigned from the board of the...

Latest Posts

MTN LTE Speed Test – Vosloorus (Johannesburg) vs Volksrust (Mpumalanga)

MTN South Africa has spent more than R50 billion on upgrading its network infrastructure in the past five years. South Africa’s second-biggest operator has improved...

Why You Need CompTIA Security+ Certification?

Cybersecurity is essential for every organization today, so most of them are happy to hire you when you have updated knowledge in this sphere....

Who Really Owns Telkom? South Africans or Americans

South Africa’s Telkom has published its 2020 integrated annual report, which shows the group’s ownership by geographical region. As of 31 March 2020, Telkom is 50.5%...

Stella Ndabeni-Abrahams Picks a Fight with SA Post Office

Communications Minister Stella Ndabeni-Abrahams has picked a fight with the SA Post Office (SAPO). At the centre of the battle is the payment of the...

Vuvuzela, a next-generation anonymity tool that protects users by adding NOISE

Cryptography is the science of keeping secrets, with encryption algorithms and methods such as public key encryption the gold standard. Despite widespread usage and heavy scrutiny, these ciphers remain unbroken. But while encryption can keep messages secret, it cannot protect the identities of the sender and receiver. By 


Details such as the IP addresses of computers communicating on the internet and other metadata can reveal more than just the identities of those communicating. Companies use metadata to infer sexual orientation, approximate age, gender and interests for targeted advertising, while intelligence and law enforcement agencies collect and analyse it for their own uses. As a former director of the NSA puts it pithily: “We kill people based on metadata.”

So anonymity is required as well as secrecy, for which the most polished tool is Tor. Tor allows users to browse the web anonymously, but has come under sustained attack – and cracks have begun to show. Is it time for a replacement? Vuvuzela, a prototype anonymising software designed by MIT researchers, is one attempt.

Tor achieves anonymity by partially encrypting as much metadata as possible, revealing only small amounts and only as late on in the communication as possible. It sends messages via the encrypted Tor network, where it’s difficult for attackers that snoop on network traffic to detect where a message comes from and where it is going. That an NSA presentation leaked by Edward Snowden included the statement “Tor Stinks” suggests that even the NSA found it difficult to crack.

Yet when the FBI shut down the Silk Road and Silk Road 2.0 illegal online marketplaces, their prosecutions seemingly relied on evidence collected despite Tor’s privacy measures. Tor has well-known security weaknesses which are explicitly stated by the developers. One is that Tor cannot withstand traffic analysis by an attacker who can monitor global internet traffic in real time: whenever user A sends a message to Tor and almost immediately afterwards Tor sends a message to website B, then it is likely that A uses Tor to browse B. This attack is out of reach for individuals, but some nation states have the capacity to do so.

As MIT associate professor Nickolai Zeldovich, whose group created Vuvuzela, said: “Tor operates under the assumption that there’s not a global adversary that’s paying attention to every single link in the world. Maybe these days this is not a good assumption.”

 

Anonymity through obscurity. Guy Mayer, CC BY-NC-ND

Hiding activity as well as metadata

To overcome Tor’s shortcomings, other anonymising software approaches have been proposed, such as Riposte from Stanford University and Dissent from Yale. While they fix Tor’s flaws, they are not able to support the sort of usage and number of concurrent users that Tor can, which limits their usefulness.

Vuvuzela is both immune to traffic analysis and other forms of attack, and can support a large number of simultaneous active users. Like Tor, Vuvuzela works by encrypting as much metadata as possible, but (like its namesake) it also adds a lot of noise – fake messages with which to confuse attackers. As they are indistinguishable from genuine messages, this drowns out patterns of genuine communication that might otherwise compromise a user’s anonymity.

Unlike Tor, Vuvuzela sends its communication in fixed rounds. Clients cannot send and receive messages at any time, instead on each round a user can only send and receive one message. This obscures the precise timing of messages between sender and receiver, keeping this detail from attackers.

Another difference is how the messages travel. Tor messages pass from sender to receiver in a sequence of hops, while Vuvuzela uses a dead-drop system, where the sender leaves the message at a randomly chosen memory location on one of the Vuvuzela servers, and during a later round the recipient picks up the message.

All messages sent by Vuvuzela messages are the same size, achieved by splitting messages that are too large and padding messages that are too small. This prevents attackers from using message size to compromise anonymity by giving away clues as to what sort of communication is being sent.

As a result, Vuvuzela is the first anonymising privacy system that is resistant to large-scale network traffic analysis attacks, and which can also sustain millions of active users sending tens of thousands of messages per second.

MIT’s software is brand new and still experimental, and cannot yet be considered as a replacement for Tor. It hasn’t yet undergone extensive testing through attacks aimed at its theoretical design, and implementation. Crucially, unlike Tor Vuvuzela cannot yet be used for convenient web browsing, nor is it suitable for real-time chat as it is currently quite slow. However, it holds a lot of promise, and may evolve into a viable Tor successor in the future.

Latest Posts

MTN LTE Speed Test – Vosloorus (Johannesburg) vs Volksrust (Mpumalanga)

MTN South Africa has spent more than R50 billion on upgrading its network infrastructure in the past five years. South Africa’s second-biggest operator has improved...

Why You Need CompTIA Security+ Certification?

Cybersecurity is essential for every organization today, so most of them are happy to hire you when you have updated knowledge in this sphere....

Who Really Owns Telkom? South Africans or Americans

South Africa’s Telkom has published its 2020 integrated annual report, which shows the group’s ownership by geographical region. As of 31 March 2020, Telkom is 50.5%...

Stella Ndabeni-Abrahams Picks a Fight with SA Post Office

Communications Minister Stella Ndabeni-Abrahams has picked a fight with the SA Post Office (SAPO). At the centre of the battle is the payment of the...

Don't Miss

SAA Voyager Miles Are Still Worthless Until September

South African Airways (SAA) has put an immediate stop to the spending of all Voyager Miles - even for non-air rewards. "The ability to earn...

BMW is the Most Searched Online Used Vehicle in South Africa

A total of 401 million online searches for used cars took place last year (an all-time record and an almost 40% increase year-on-year). Furthermore,...

Capitec’s New Banking App Reaches Top Spot on Local App Stores

Capitec’s new banking app has reached the number 1 spot on both the South African Google Play and Apple app store charts. It currently...

SARS to “name and shame” Tax Dodgers

It seems the SARS Commissioner had an epiphany – make an example of delinquent taxpayers so others will fall in line. Apparently, following SARS’...

Tech Solutions for Money Management in College

College is a whirlwind of new experiences. Alongside all the new people, being out on your own for the first time and demanding academics,...

Stay in touch

To be updated with all the latest news, offers and special announcements.