[Cryptography] traffic analysis

dj at deadhat.com dj at deadhat.com
Wed Jan 28 17:09:34 EST 2015

> If we have a continually full channel full of fulsome noise, how does the
> receiver
> distinguish valid traffic from nothing? Are there false positive & false
> negative
> rates at play here? Presumably both would have to be dialled down to be
> pretty low.

With a suitable shared secret at both ends arranged by the key agreement
of your choice, a pseudorandom sequence can be xored on top of the wire
and de-xored at the other end (assuming this is compatible with the phy).

If you have to meet framing on the wire, then you need filler packets and
you can do something similar within the data fields, with the filler
packets decoding to "This isn't a real packet" with packet sizes following
the usual distribution.

It can be done, it just won't be done by your vendor.

More information about the cryptography mailing list