traffic analysis

John S. Denker jsd at av8n.com
Fri Aug 29 15:52:39 EDT 2003 

On 08/28/2003 04:26 PM, David Wagner wrote:
 >
 > Are you sure you understood the attack?

Are you sure you read my original note?

 > The attack assumes that communications links are insecure.

I explicitly hypothesized that the links were
encrypted. The cryptotext may be observed and
its timing may be tampered with, but I assumed
the attackers could not cut through the
encryption to get at the plaintext.

 > The *transmission* from Alice may adhere to a fixed schedule, but
 > that doesn't prevent the attacker from introducing delays into the
 > packets after transmission.

Fine. So far the timing doesn't tell us anything
about the behavior of Alice, just the behavior
of the attacker.

 > For instance, suppose I want to find out who is viewing my web site.
 > I have a hunch that Alice is visiting my web site right this instant,
 >  and I want to test that hunch.  I delay Alice's outgoing packets,
 > and I check whether the incoming traffic to my web contains matching
 > delays.

I explicitly said that if some endpoints are not
secure, Alice suffers some loss of privacy when
communicating with such an endpoint.  Here DAW is
playing the role of attacker, and is mounting an
attack that combined traffic analysis with much
more powerful techniques; he is assuming he "owns"
the endpoint or otherwise can see through the
crypto into the plaintext.

Let us not confuse "traffic analysis" issues with
"anonymity" issues.

I explicitly said that traffic analysis was not the
only threat to be considered.

To say it another way:  The US ambassador in Moscow
is not trying to remain anonymous from the US
ambassador in Riyadh;  they just don't want the
opposition to know if/when/how-often they talk.

=========================

I described a certain model based on certain hypotheses.

Many people have responded with attacks on different
models, based on different hypotheses.  Some have
frankly admitted contradicting me without having
bothered to read what I wrote.  I'm not going to
respond to any more of these ... except to say that
they do not, as far as I can see, detract in any
way from the points I was making.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list