U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Riffle network will be more secure and performing than Tor

A group of researchers has developed Riffle, a new anonymity scheme that provides better security and performance than others, including Tor. Tor is probably the most popular anonymizing network, million of users leveraged on it to protect their privacy and online anonymity. Now Massachusetts Institute of Technology researchers revealed a new anonymity architecture that could rival Tor. […]

Riffle network will be more secure and performing than Tor

A group of researchers has developed Riffle, a new anonymity scheme that provides better security and performance than others, including Tor.

Tor is probably the most popular anonymizing network, million of users leveraged on it to protect their privacy and online anonymity.

Now Massachusetts Institute of Technology researchers revealed a new anonymity architecture that could rival Tor.

The MIT researchers alongside with peers from the École Polytechnique Fédérale de Lausanne (EPFL) have created the Riffle anonymity network, which promises to solve the weaknesses of the most popular Tor architecture.Researchers claim Riffle is more secure of Tor, it is able to ensure users’ privacy as long as at least one of its server remains safe.

How does the Riffle architecture work?

The Riffle architecture implements a Mixnet (Mix Networks), a series of servers that allows routing by permuting the order of messages they receive before passing them to the next hop.

“The heart of the system is a series of servers called a mixnet. Each server permutes the order in which it receives messages before passing them on to the next. If,for instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order — say, C, B, A. The second server would permute them before sending them to the third, and so on.” states the blog post on the MIT.

“An adversary that had tracked the messages’ points of origin would have no idea which was which by the time they exited the last server. It’s this reshuffling of the messages that gives the new system its name: Riffle.”

An attacker is not able to track messages because the paths of each message are random, the Riffle anonymizing scheme also protect traffic by using an Onion protocol leveraging on multi-layered encryption mechanism. Messages are encrypted hop by hop while travelling from source to the final recipient.

Riffle network

In order to make Riffle resilient to hacking attacks relying on compromised servers the new architecture implements a technique known as ‘Verifiable Shuffle.’

A Verifiable Shuffle is a method that is used to mathematically verify the integrity of messages.

“To thwart message tampering, Riffle uses a technique called a verifiable shuffle.” continues the post published by the MIT.

“Authentication encryption is much more efficient to execute than the verifiable shuffle, but it requires the sender and the receiver to share a private cryptographic key. So Riffle uses the verifiable shuffle only to establish secure connections that let each user and each mixnet server agree upon a key. Then it uses authentication encryption for the remainder of the communication session.

In order to verify the authenticity of an encrypted message, the Riffle method uses the “Authentication encryption.”

“Authentication encryption is much more efficient to execute than the verifiable shuffle, but it requires the sender and the receiver to share a private cryptographic key. So Riffle uses the verifiable shuffle only to establish secure connections that let each user and each mixnet server agree upon a key. Then it uses authentication encryption for the remainder of the communication session.”

Researchers claim that the Riffle has better performance than the Tor network, to transfer a large file between anonymous users it required one-tenth of the time as compared to TOR and other anonymity networks during experimental tests.

More details on the Riffle system will be presented at the Privacy Enhancing Technologies Symposium in July, in Germany, waiting for the event give a look to the paper [PDF] published by the researchers.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Riffle, online anonymity)