Talk:Traffic analysis: Difference between revisions
Jump to navigation
Jump to search
imported>Sandy Harris (query) |
imported>Howard C. Berkowitz (Examples?) |
||
| Line 4: | Line 4: | ||
Also, it should discuss and link to systems designed to resist traffic analysis, which I think include [http://portal.acm.org/citation.cfm?id=1029179.1029200&coll=GUIDE&dl=GUIDE&CFID=80793407&CFTOKEN=90194782 OTR] and [http://www.torproject.org/ TOR]. Anyone know enough to do that? [[User:Sandy Harris|Sandy Harris]] 17:37, 4 August 2008 (CDT) | Also, it should discuss and link to systems designed to resist traffic analysis, which I think include [http://portal.acm.org/citation.cfm?id=1029179.1029200&coll=GUIDE&dl=GUIDE&CFID=80793407&CFTOKEN=90194782 OTR] and [http://www.torproject.org/ TOR]. Anyone know enough to do that? [[User:Sandy Harris|Sandy Harris]] 17:37, 4 August 2008 (CDT) | ||
:On looking at the "permission to reuse", it appears that you wrote the S/WAN material. Is that correct? | |||
:Your comment "In general, traffic analysis by itself is not very useful." may be true for commercial networks, but is decidedly not the case for military and national intelligence. There has been some exploitation in natural resource prospecting. | |||
:I'd really like to see more sourcing, because some of your assertions do not strike me as "well-known to experts in the field". A context needs to be set for what access one has to the full traffic before making statements like "In general, defending against traffic analysis is also difficult. Inventing a really good defense could get you a PhD and some interesting job offers." | |||
:You mention "In one case during World War II, the British guessed an attack was coming because all German radio traffic stopped. The "radio silence" order, intended to preserve security, actually gave the game away." Which case? Counterexample or two...along with the [[Double-Cross System]] and photographic decoys where the German photorecon aircraft just kept getting missed (coincidence, of course) the Germans buying the FORTITUDE SOUTH deception because their traffic analysis was hearing the (notional) First United States Army Group in Kent, but not the real invasion camps in SE England, which were maintaining radio silence? One source on that is Alexander Cave Browne's ''Bodyguard of Lies'', but ISTR Hyperwar has it online. There are Layton's reports that the Japanese moving the radiomen, with a known Morse "fist", to the Inland Sea, replacing them on the Pearl Harbor striking force that kept radio silence, helping the deception that six carriers were not loose? For a more recent example, see [[SIGINT from 1945 to 1989#SIGINT and the Development of NVA Logistics ]] for an example of how the organization of the support or the Ho Chi Minh trail mostly came from DF and traffic analysis? | |||
:"traffic analysis is hard to do well." How would you compare the computational complexity of data mining, say for a major retailer that has terabytes of data to mine? | |||
:Given that most Internet traffic is on fiber, getting the raw content for traffic analysis is the hard part. While we don't know what the warrantless surveillance at AT&T and elsewhere was/is doing, there is a fair bit of informed speculation that the call content wasn't being recorded, but the Call Detail Records. There's not much you can do with CDRs except traffic analysis. | |||
:There is enough military concern with traffic analysis and direction finding that I doubt there's any new system that isn't frequency agile and, where possible, spread spectrum. Still, it's pretty much the rule of thumb that if you transmit on a military frequency in the presence of unfriendly, technically competent strangers, it's a good idea to be moving, or spend no more than 60 seconds in one spot. While I recognize counterbattery fire is using multiple sensors, not just traffic analysis, the usual rule of thumb is that once a firing order is heard, or the first shell or rocket comes into sensor view, it takes 30-60 seconds to backtrack the trajectory and have the coordinates being set into a howitzer or rocket launcher.[[User:Howard C. Berkowitz|Howard C. Berkowitz]] 18:55, 4 August 2008 (CDT) | |||
Revision as of 18:55, 4 August 2008
I just dropped a lot of text in here, borrowed from the FreeS/WAN docs which we have permission to re-use. It needs a second opinion, likely some editing. There's also a citation I once had and cannot now find, the "radio silence" story. Sandy Harris 16:34, 4 August 2008 (CDT)
Also, it should discuss and link to systems designed to resist traffic analysis, which I think include OTR and TOR. Anyone know enough to do that? Sandy Harris 17:37, 4 August 2008 (CDT)
- On looking at the "permission to reuse", it appears that you wrote the S/WAN material. Is that correct?
- Your comment "In general, traffic analysis by itself is not very useful." may be true for commercial networks, but is decidedly not the case for military and national intelligence. There has been some exploitation in natural resource prospecting.
- I'd really like to see more sourcing, because some of your assertions do not strike me as "well-known to experts in the field". A context needs to be set for what access one has to the full traffic before making statements like "In general, defending against traffic analysis is also difficult. Inventing a really good defense could get you a PhD and some interesting job offers."
- You mention "In one case during World War II, the British guessed an attack was coming because all German radio traffic stopped. The "radio silence" order, intended to preserve security, actually gave the game away." Which case? Counterexample or two...along with the Double-Cross System and photographic decoys where the German photorecon aircraft just kept getting missed (coincidence, of course) the Germans buying the FORTITUDE SOUTH deception because their traffic analysis was hearing the (notional) First United States Army Group in Kent, but not the real invasion camps in SE England, which were maintaining radio silence? One source on that is Alexander Cave Browne's Bodyguard of Lies, but ISTR Hyperwar has it online. There are Layton's reports that the Japanese moving the radiomen, with a known Morse "fist", to the Inland Sea, replacing them on the Pearl Harbor striking force that kept radio silence, helping the deception that six carriers were not loose? For a more recent example, see SIGINT from 1945 to 1989#SIGINT and the Development of NVA Logistics for an example of how the organization of the support or the Ho Chi Minh trail mostly came from DF and traffic analysis?
- "traffic analysis is hard to do well." How would you compare the computational complexity of data mining, say for a major retailer that has terabytes of data to mine?
- Given that most Internet traffic is on fiber, getting the raw content for traffic analysis is the hard part. While we don't know what the warrantless surveillance at AT&T and elsewhere was/is doing, there is a fair bit of informed speculation that the call content wasn't being recorded, but the Call Detail Records. There's not much you can do with CDRs except traffic analysis.
- There is enough military concern with traffic analysis and direction finding that I doubt there's any new system that isn't frequency agile and, where possible, spread spectrum. Still, it's pretty much the rule of thumb that if you transmit on a military frequency in the presence of unfriendly, technically competent strangers, it's a good idea to be moving, or spend no more than 60 seconds in one spot. While I recognize counterbattery fire is using multiple sensors, not just traffic analysis, the usual rule of thumb is that once a firing order is heard, or the first shell or rocket comes into sensor view, it takes 30-60 seconds to backtrack the trajectory and have the coordinates being set into a howitzer or rocket launcher.Howard C. Berkowitz 18:55, 4 August 2008 (CDT)