The Onion Router, commonly known as Tor, has been the best anonymity network on the Internet for private browsing needs, where users can browse without giving tracers the ability to track activity and history. Now, researchers at the Massachusetts Institute of Technology (MIT) and École polytechnique fédérale de Lausanne (EPFL) have collaborated to build an anonymity browser that claims to be better and more secure than Tor. Called Riffle, the browser is still a laboratory product, and uses a network of mixnet servers and multiple cryptographic techniques to make a user’s browsing data practically unplottable.
Riffle’s network of servers, called Mixnet, shuffles data packets received from various users in random order before relaying them on to the next server, thereby making one’s Internet usage nearly impossible to plot. For instance, if the first server receives data from five users in chronological order, the next server will receive the sequence in random order, destroying the linearity of Internet browsing.
Beyond mixnet, Riffle uses the standard of onion encryption employed by Tor, which safeguards browsing data packets with multiple encryption layers, including a standard public-key encryption. Public-key encryption methods ensure that the data can only be decrypted by the sender and the final receiver of the message, ensuring security of data. This is commonly used in most financial transactions nowadays to safeguard passwords and sensitive data. Each mixnet server only decrypts one layer of encryption before relaying the data on to the next server, and only the final destination server will be able to decrypt the entire message.
Furthermore, Riffle also uses a particular technique called Verifiable Shuffle, where the original encrypted message is sent to all the servers between origin and destination, so that if anyone spying on the network attempts to hack into the message and insert malicious content, the final data will be verified to the source to effectively keep out any infiltrators.
This multi-layer security method is being claimed by the researchers to not only be more secure, but even more effective in terms of bandwidth management. The new encryption standard will be presented at Privacy Enhancing Technologies Symposium this month, and will hope to present a more sound and safe Internet experience to users who are under authoritative surveillance. Jonathan Katz, director of Maryland Cybersecurity Center, stated, “When you use standard encryption on the Internet, you use an expensive public-key crypto system to encrypt a short key, and then you use symmetric-key techniques to encrypt your longer message. But it’s novel in the context of these mixnets. They’ve been around for 20, 25 years, and nobody has had this insight until now. In the standard context of encryption, you have the honest sender and the honest receiver, and they’re defending against an external malicious attacker. Here, you need stronger properties. The issue is that the server that’s doing the shuffling might themselves be malicious. So you need a way to ensure that even a malicious server can’t shuffle incorrectly.”
Riffle may become an efficient anonymity protection browser in near future, where rising malicious intent on the Internet gives rise to serious concerns of data privacy and communication.