[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] The Register: Boffins sting spooks with 'HORNET' onion router


By Darren Pauli, 24 Jul 2015

Five academics have developed a Tor alternative network that can handle up
to 93Gb/s of traffic while maintaining privacy.

The HORNET system is more resistant to passive attacks than existing
anonymity networks like Tor and delivers faster node speeds for a
"practically unlimited" number of sources.

It is the brainchild of leader researcher Chen Chen of Carnegie Mellon
University, together with Daniele Enrico Asoni, David Barrera, and Adrian
Perrig of the Federal Institute of Technology Zurich, and George Danezis of
University College London.

"Unlike other onion routing implementations, HORNET routers do not keep
per-flow state or perform computationally expensive operations for data
forwarding, allowing the system to scale as new clients are added," the
team wrote in the paper *HORNET: High-speed Onion Routing at the Network
Layer*. (PDF link at bottom)

"HORNET offers payload protection by default, and can defend against some
global observation attacks.

"It is designed to be highly efficient: instead of keeping state at each
relay, connection state (such as onion layer decryption keys) is carried
within packet headers, allowing intermediate nodes to quickly forward
traffic for large numbers of clients"

The team contends HORNET is as low-latency as existing anonymity protocols
like Dovetail without the "significantly degraded security guarantees" in
which endpoints can be de-anonymised when attackers such as nation states
have global data collection abilities.

Targeted attacks by those who control more than one node on a path will
still hose the activist, journalist, or criminal through confirmation
attacks, but HORNET does raise the bar for secretive mass surveillance
since spy agencies would need to control a "significant percentage of ISPs"
across geopolitical boundaries, while keeping the whole operation quiet.

HORNET's speed is possible in part through the use of symmetric
cryptography for data forwarding that does not require per-flow state on
intermediate nodes. "This design enables HORNET nodes to process anonymous
traffic at over 93 Gb/s [and] scale as required, adding minimal processing
overhead per additional anonymous channel," the team says.

The researchers developed HORNET after pursing a system that would be the
minimal mechanism to frustrate pervasive surveillance.

They say the platform paves the way for internet-scale anonymity through
which small trade-offs in packet header size greatly benefit security and
retain high performance.

Full technical details are available in the paper. Â

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to