Knowledge about the number and length of messages between nodes may enable an opponent to determine who is taking to whom. This can have obvious implications in a military conflict. Even in commercial applications, traffic analysis may yield information that the traffic generators would like to conceal.
The following types of information that can be derived from a traffic analysis attack: Identities of partners, how frequent the partners are communicating, message pattern. Message length, or quantity of messages that suggest important information is being exchanged, and the events that correlate with special conversation between particular partners.
With the use of traffic patterns a covert channel can be established. A covert channel is a means of communication which transfers information unintended by the designers of the communication facility. The channel is used to transfer information in a way that violates a security policy. An employee may wish to communicate information to an outsider through a secured channel evading detection by the management. The two participants could setup a code in which an apparently legitimate message of a less than a certain length represents binary zero, whereas a longer message represents a binary one. Other such schemes are possible.
Network layers are encrypted, reducing the opportunity for traffic analysis. It is still possible in those circumstances for an attacker to assess the amount of traffic on a network and to observe the amount of traffic entering and leaving each end system. Countermeasure to this type of attack is traffic padding.
Traffic padding produces cipher text output continuously, even in the absence of plain text. A continuous random data stream is generated. When plain text is available, it is encrypted and transmitted. When input plaintext is not present, random data are encrypted and transmitted. This makes it impossible for an attacker to distinguish between true data flow and padding and therefore impossible to deduce the amount of traffic.
Traffic padding is essentially a link encryption function. If only end-to-end encryption is employed, then the measures available to the defender are more limited. If encryption is implemented at the application layer, then an opponent can determine transport layer, network-layer addresses and traffic patterns which remain accessible.
Quick Note: Taking the Nonsense out of looking for the right spyware remover
If you really want to take the work out of looking for that right Spyware Protection from a go to the Internet and get a or a Free
Download, In order to prevent your vital information from being ripped from your computer get your Remover Today.
Null messages can be inserted randomly into the stream. These tactics deny opponent knowledge about the amount of data exchanged between end users and obscure the underlying traffic pattern. Encryption can secure network connections to a larger extent.
