OurĮvaluation of Riffle in file sharing and microblogging applications shows that Retrieval for bandwidth- and computation-efficient anonymous communication. Uses a new hybrid verifiable shuffle technique and private information Riffle consists of a small set ofĪnonymity servers and a large number of users, and guarantees anonymity amongĪll honest clients as long as there exists at least one honest server. In this paper, we present Riffle, a bandwidth and computation efficientĬommunication system with strong anonymity. Verifiable mixnets maintain strongĪnonymity with low bandwidth overhead, but suffer from high computation Onion-routing achieves low latency, high bandwidth, and scalableĪnonymous communication, but is susceptible to traffic analysis attacks.ĭesigns based on DC-Nets, on the other hand, protect the users against trafficĪnalysis attacks, but sacrifice bandwidth. A mixnet used with onion encryption is protected against passive adversaries, which can only observe network traffic.An Efficient Communication System With Strong AnonymityĮxisting anonymity systems sacrifice anonymity for efficient communication or
But active adversaries, which can infiltrate servers with their own code, are another matter. If one has commandeered a mixnet router and wants to determine the destination of a particular message, for instance, it could simply replace all the other messages it receives with its own, bound for a single destination. Then it could passively track the one message that doesn’t follow its own prespecified route. That's where Riffle's third protective measure comes in. Essentially, it takes a two-pronged approach to validating the authenticity of messages using techniques called verifiable shuffle and authentication encryption. Verifiable shuffle keeps things secure while each user and each mixnet server agree upon a cryptographic key authentication encryption, which is much more efficient, then takes over for the remainder of the communication session. The overall result is that Riffle remains cryptographically secure as long as one server in the mixnet remains uncompromised, according to MIT. Meanwhile, Riffle also uses bandwidth much more efficiently than competing systems, its creators say. In experiments, it required only one-tenth as much time as similarly secure experimental systems to transfer a large file between anonymous users. Riffle was developed by researchers at MIT’s Computer Science and Artificial Intelligence Laboratory and the École Polytechnique Fédérale de Lausanne. The system isn't yet available for public use, but the researchers will present a paper describing their work at the Privacy Enhancing Technologies Symposium in Germany next week.MIT am an Edwin Sibley Webster Professor ofĮlectrical Engineering and Computer ScienceĬomputer Science and Artificial Intelligence Laboratory (CSAIL). I belong to the Computation Structures Group. My current research interests are primarily in the areas of applied cryptography, computer security and computer architecture. Recent work: My group pointed out vulnerabilities in anonymizing networks, including using deep learning for website fingerprinting, and designed Riffle, Atom, Crossroads, and Spectrum, systems with strong anonymity. We developed append only authenticated dictionaries that can be used to build transparency logs, scalable threshold cryptosystems, techniques for lightweight private similarity search, and cryptographically-verified databases. Our work in Byzantine Broadcast (BB) resulted in sublinear-time protocols under dishonest majority for static and strongly adaptive adversaries. Prior projects at the intersection of applied cryptography and computer architecture in my group include designing a secure processor Ascend that allows untrusted programs to compute on encrypted data from a client without leaking information about the data.
Mit riffle verification#
Ascend was integrated with the Princeton Piton multicore processor and RIFFLE MIT VERIFICATIONĪscend uses Path ORAM with optimizations and integrity verification to obfuscate memory address patterns.
0 kommentar(er)
