What is Vuvuzela?
The new anonymity network system prototype (anonymity network) was developed by researchers Nickolai Zeldovich, David Lazar, Jelle van den Hoof, and Matei Zaharia from the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL).
It derives its name from one for the world’s most annoying and noisy musical instruments (as seen from the 2010 FIFA World Cup), the “Vuvuzela.”
The network’s name couldn’t have been any more precise as its core functionality involves spamming legitimate conversations with a noisy atmosphere to enforce anonymity.
More specifically, the Vuvuzela is an anonymity tool whose working principle is similar to that of Tor, HORNET, or I2P – encryption and advanced routing that hide’s a user’s identity, and encrypts communication.
The Vuvuzela, however, goes a step further introduce “noisy” spam, which will conceal messages and make it extremely difficult to identify both the sender and receiver, as well as decipher their communication.
In day-to-day face-to-face verbal communication, noisy environments impair one’s ability to hold a meaningful conversation.
It could be a very busy construction site, a music concert, or night club. It is even more difficult (nearly impossible) for a third-party to eavesdrop on the conversation.
That is the same concept the Vuvuzela applies for anonymity: introducing constant and random “noise” patterns that deceive and misdirect potential intruders and attackers in that they can neither determine the contents of the message, nor figure the identities of the communicating parties or even when and whether they are communicating.
How does Vuvuzela Enforce Anonymity?
Speaking at the Association for Computing Machinery Symposium on Operating Systems Principles, in October 2015, Zeldovich, who heads the Vuvuzela research team offered insights as to exactly how the dead-drop anonymity system works.
First, just like Tor, Vuvuzela routes traffic between many interconnected servers.
The twist in the system is having every client and server exchange constant dummy messages that resemble the actual communication.
When communicating, one party leaves a message for the other on a network location. In practice, the location is a memory address on any of the servers connected to the internet.
The network will notify the intended recipient of the message that awaits them.
When the second party begins retrieving the message, it bounces across random servers on the network, each of which send out a similar, but dummy message to other interconnected servers.
The additional obfuscation layers conceal the users’ trails, thus creating anonymity.
Lazar, one of the co-author of “Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis,” the research paper published by the team, further explained that Vuvuzela users three core servers.
Every message exchanged through the system is wrapped with three encryption layers.
Each of the three servers peels off one layer of encryption.
The system introduces “noise” at the first server, upon receiving the message.
The server creates new dummy messages with all their destinations encrypted.
The second server performs a similar operation.
Ultimately, it is impossible for an intruder tell whose message landed where, and whether messages arriving at a given time window landed at the same destination.
This creates anonymity for the users.
The MIT researchers are confident that the new system offers more privacy and anonymity for text messaging than Tor does.
This is because the Vuvuzela is immune to traffic analysis attacks.
While Tor is able to counter traffic analysis only when there’s a multitude of users on the network, Vuvuzela will achieve the same even when only two people are currently using the system.
Since the anonymity selling-point of Tor has come under massive scrutiny especially with reported cases of attack on the network in 2014, which sought to deanonymize users. Vuvuzela’s primary goal is not to anonymize users, but to prevent would-be attackers from figuring out the different between when and who is sending messages, receiving messages, or doing neither.
With the new system, a user can “step” into the network, leave a message for another user, and external observer would never know if there was an actual exchange.
Privacy and anonymity comes with a price. In Vuvuzela’s case, the price is speed.
The MIT researchers tested a prototype of the system on Amazon’s EC2 cloud network with a simulation of million users.
The prototype clocked a throughput of 15,000 messages per second, but with a latency of 44 seconds.
In a real-world scenario, most users would be turned-off by having to wait nearly two seconds for a reply to their messages.
That should not burden most users keen on anonymity because it is small price to pay compared with the potential gains.
Similarly, it is widely known and accepted that every measure put in place to enhance anonymity – encryption, Tor, Virtual Private Networks (VPN) and other anonymity tools – all contribute to additional latency.
The system is still at development level and is not ready for immediate deployment.
However, Michael Walfish, an associate professor of computer science at New York University notes that the MIT researchers have made a significant step in comprehending and leveraging on the potential application of differential privacy.
The theory is very broad and sophisticated and to be able to harness its capabilities in solving a global challenge on Internet anonymity is revolutionary.
Of course the Vuvuzela system will require further testing to validate its said anonymity capabilities.
It is especially imperative that researchers measure its capabilities to thwart off attackers who rely on machine learning tools because Big Data analysis is becoming increasingly popular and commonplace, while storage becomes cheaper by the day, and this can be a major threat to anonymity efforts and technologies.
If Vuvuzela succeeds, no amount of time or resources will be able to penetrate the network or compromise anonymity.
Latest posts by Richard (see all)
- Wide Range of Job Ads Available on the Dark Web - November 5, 2018
- Continuous Exploit of RDP Pushes FBI to Issue Warning to Potential Targets - October 29, 2018
- Ross Ulbricht’s Fifth Year in Jail - October 10, 2018