Existing anonymity tools, such as Tor, work by routing a user's internet traffic through a random chain of other computers called a circuit. Any one individual computer in this circuit can only ever see information about the machine one place ahead of it or one place behind it. This mechanism keeps the originator of the request anonymous: online activities very quickly become divorced from their source. Information that was put into the circuit from one machine comes out into the internet from an entirely different machine, with no way to trace a path back to the originator. That's the theory, anyway.
In reality, however, tracing the originator is fairly simple. To reverse-engineer the identity of a person through the anonymisation network, all an interested organisation needs to do is place a large number of its own machines into the anonymisation chain. The data then can then be pieced together to reveal the source. This is known as a Sybil attack.
That's a problem because while Tor is often used for illegal file sharing, online anonymity has been crucial - for example, in allowing secure communication during the Arab Spring.
To thwart eavesdroppers, researchers from the University of Texas, the University of California, Berkeley, and the University of Illinois at Urbana-Champaign took advantage of a unique property of Facebook: its ability to connect you to friends. Their system, called Pisces, uses graphs of social network connections to make sure that only trusted nodes are used to make the random circuit, providing a safe route to the internet that excludes snooper nodes.
Pisces's reliance on social connections does confer some disadvantages. First, it won't work for users without a reasonably wide social network. It also requires users' social contacts to participate, although the researchers are trying to use friends-of-friends in the trust network to improve both of these issues.
"The incorporation of social trust will likely be an important consideration in the design of the next generation of deployed anonymity systems," the researchers say.
No comments:
Post a Comment