This article is more than 1 year old
Boffins sting spooks with 'HORNET' onion router
Faster node speeds for 'practically unlimited' sources
Five academics have developed a Tor alternative network that can handle up to 93Gb/s of traffic while maintaining privacy.
The HORNET system is more resistant to passive attacks than existing anonymity networks like Tor and delivers faster node speeds for a "practically unlimited" number of sources.
It is the brainchild of leader researcher Chen Chen of Carnegie Mellon University, together with Daniele Enrico Asoni, David Barrera, and Adrian Perrig of the Federal Institute of Technology Zurich, and George Danezis of University College London.
"Unlike other onion routing implementations, HORNET routers do not keep per-flow state or perform computationally expensive operations for data forwarding, allowing the system to scale as new clients are added," the team wrote in the paper HORNET: High-speed Onion Routing at the Network Layer (PDF).
"HORNET offers payload protection by default, and can defend against some global observation attacks.
"It is designed to be highly efficient: instead of keeping state at each relay, connection state (such as onion layer decryption keys) is carried within packet headers, allowing intermediate nodes to quickly forward traffic for large numbers of clients"
The team contends HORNET is as low-latency as existing anonymity protocols like Dovetail [PDF] without the "significantly degraded security guarantees" in which endpoints can be de-anonymised when attackers such as nation states have global data collection abilities.
Targeted attacks by those who control more than one node on a path will still hose the activist, journalist, or criminal through confirmation attacks, but HORNET does raise the bar for secretive mass surveillance since spy agencies would need to control a "significant percentage of ISPs" across geopolitical boundaries, while keeping the whole operation quiet.
HORNET's speed is possible in part through the use of symmetric cryptography for data forwarding that does not require per-flow state on intermediate nodes. "This design enables HORNET nodes to process anonymous traffic at over 93 Gb/s [and] scale as required, adding minimal processing overhead per additional anonymous channel," the team says.
The researchers developed HORNET after pursing a system that would be the minimal mechanism to frustrate pervasive surveillance.
They say the platform paves the way for internet-scale anonymity through which small trade-offs in packet header size greatly benefit security and retain high performance.
Full technical details are available in the paper. ®