[Cryptography] Reading encrypted generative AI chats
Christian Huitema
huitema at huitema.net
Mon Mar 18 16:26:04 EDT 2024
On 3/18/2024 12:19 PM, Kent Borg wrote:
> On 3/18/24 11:31, Christian Huitema wrote:
>> The first step is indeed to avoid providing too much information
>> through packet lengths, by standardizing to just a few lengths. The
>> next step is to inject chaff to try to break analyzes of packet timing.
>
> Please allow me to enthusiastically agree, while also being a bit
> contrarian and suggest the /real/ first step is to quit being comforted
> by the tidy division of responsibility offered the OSI network layers.
> TLS is mostly down at the layer 4 (transport), and it has handled all
> the encryption stuff down there, so up at layer 7 (application) we are
> safe! Right?
Define safe...
TLS does protect against some categories of attacks. It certainly does
not protect against analysis of IP headers or packet timing.
> Traffic analysis is really a kind of metadata analysis, and an
> encryption layer can never magically fix resulting security problems.
> They have to be addressed by application folk, who don't care.
Usual metadata analysis refers to analyzing discrete tokens, like
addresses of source and destination, or time and duration of connection.
Sure, you can think of detailed analysis of packet size and timing as a
variation of that, but it is a filed of research in itself.
-- Christian Huitema
More information about the cryptography
mailing list