Researchers from Massachusetts Institute of Technology (MIT) have developed a new messaging system called Vuvuzela which can be used to provide online anonymity and is believed to be more secure than the popular Tor system.
The researchers, who have been working on the project for close to six months now publicized their success early in December in a press release and have put down this achievement to imperative piety and close scrutiny of the Tor network.
Earlier this year, an all-best partnership between researchers from Qatar Computing Research Institute (QCRI) and MIT did a deep going-over on the undisputed online anonymity tool Tor in a bid to expose its bugs and vulnerabilities, and came up with a report deeming the network as 88 percent accurate.
The Vuvuzela system is basically modeled on Tor, and the analysis of the directions taken by various packets on Tor nodes helped them design the new 99 percent accurate Text Messaging System.
The main difference between the two soon-to-be rivals is that Vuvuzela doesn’t allow third parties to develop patterns and use them as a way through to the original servers, something Tor cannot guarantee. What’s more the new system, unlike Tor, has undergone mathematical validation by experts in a public paper “Scalable Private Messaging Resistant to Traffic Analysis” as proof for its online anonymity credentials.
For the old Tor system to work, every user leaves their message on predefined locations like, say, Internet-connected dread drop servers, where other people can retrieve the message. If there were four people using the system, for instance, and only two of them were exchanging text messages, the fact that there is a conversation between two people on the server would be obvious and anyone would easily make a pattern and find a way into the servers.
On Vuvuzela, though, the complexity of the goings-on leaves no room for online anonymity jeopardy. With or without information, in this system, information flow towards the dead-drop server is kept constant, making it hard for anyone analyzing patterns to find a clear-cut track into the server as the traffic seems’ to come from numerous untraceable locations all the time.
Of course the hacker can take a further step and infiltrate the server to find the real users and the locations from which the messages are coming, and that makes the system still unreliable. So, to make it perfect, the researchers created two more servers to make it three and two more layers of encryption, a measure that makes it downright impossible for a hacker to study the patterns and look into the message threads and the identity of the users.
And that’s not all. The dead drop servers have been designed in such a way that understanding them would be difficult for anyone. The first server, for instance, sports the top most encryption layer on the messages whose order has been deliberately tampered with. The second layer does the same, and only the third layer provides and displays the messages in the order preferred by the recipient.
Not unless all the three layers are compromised, which is next to impossible, according to the brains behind the architecture, messages and user identity is safe from third party access and online anonymity is guaranteed.
According to Nickolai Zeldovich, co-leader of the Parallel and Distributed Operating Systems group, who clearly doesn’t intend to cast Tor in bad light, believes that Tor’s assumption that no single hacker in controls multiple nodes in his system cannot be relied on to provide online anonymity these days because “maybe there’re people out there who can compromise half of your servers.”
While it would be tricky for some of us to buy this idea (every new invent comes with a load of hype, basically), the team from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) believe their advanced text message system can guarantee 100 percent online anonymity and allow for exchange of messages approximately once a minute. “Statistically, it’s next to impossible for a hacker to tell whether messages received at the same time window were destined for the same recipient,” explains CSAIL. “Those statistical assurances stand even if one or two of the servers get infiltrated. The system will conventionally work as long as one server remains uncompromised.”