Latest in Science

Image credit:

Researchers hide messages in a sea of spam

The system mimics Tor by bouncing messages around servers, but shields metadata with fake 'noise.'
34 Shares
Share
Tweet
Share

Sponsored Links

Researchers are trying quantum cryptography and other exotic ways to keep your missives safe, but here's a new one: junk mail. A team of computer scientists from MIT's CSAIL have devised a system called "Vuvuzela" that adds noise to messages, making them virtually untraceable to the recipient or sender. While it uses nodes like the Tor "dark internet" router, it only requires a few servers and relies more on numerous fake messages to confuse hackers. If scaled up, the technique could give you nearly mathematical certainty that your messages and even metadata are secure.

With the system, messages are never sent directly; instead, users deposit encrypted messages in a "dead drop" server mailbox. The exchange of messages is never initiated by the user -- something that could be detected by hackers -- but instead happens in "rounds" every 10-20 seconds. That increases security dramatically, but bad guys could still access metadata info by, say, knocking one user offline to see if the number of messages decreases. That's where the spam comes in -- each server sends "cover traffic" messages to random mailboxes to hide individual users' activities. The system even works even if many of the servers have been infiltrated, provided some are still "clean."

The scheme would be particularly useful to users worried about NSA-style mass surveillance, like whistleblowers or reporters. (Of course, like many legitimate services, it could also be misused by bad guys.) The drawback is the speed -- since server rounds are performed at set intervals, message speeds are limited to those times. The researchers ran a simulation on Amazon EC2 servers, and with a million simulated users and 15,000 messages per second, system latency was a foot-tapping 44 seconds per message. They plan to scale it up to see if that time can be improved, but we imagine that users who absolutely can't have messages traced back to them are cool with a small delay.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
34 Shares
Share
Tweet
Share

Popular on Engadget

Google wants to be your guide to Champions League soccer

Google wants to be your guide to Champions League soccer

View
Facebook releases Zuckerberg’s upcoming testimony in defense of Libra

Facebook releases Zuckerberg’s upcoming testimony in defense of Libra

View
Scoot makes its new single-seat mopeds available in Los Angeles

Scoot makes its new single-seat mopeds available in Los Angeles

View
Facebook's version of political neutrality isn't neutral

Facebook's version of political neutrality isn't neutral

View
Firefox update adds detailed tracking reports and password tools

Firefox update adds detailed tracking reports and password tools

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr