pattern in communication. It is one of the reasons why proxy servers
exist. Proxy servers work towards maintaining anonymity with regard to
information flow. If servers are being designed to counter traffic
analysis why is it that such a practice still exists? Even encrypted
messages can be examined using traffic analysis. It is a helpful tool
for military intelligence. Some of the methods used to enhance traffic
flow security are using codress messages (changing the source and
destination addresses), changing the radio callsigns, sending dummy
traffic, and sending encrypted signals.
Some of the methods devised to counter traffic analysis are:
1 Link Encryption
2 End-to end Encryption
Link
Encryption means that every vulnerable communication link is encrypted
on both ends of the link. Hence communication is made secure. But the
message must be decrypted at the packet switches which make the message
vulnerable at those points. Thus multiple keys need to be distributed
at the nodes, one key to two nodes.
End-to-end Encryption is
carried out in two-way systems. The sender and the receiver share a key
to encrypt and decrypt a message. Network switches and links are
secured in this manner. But only the data is encrypted in this method.
The header is left in the clear. Most of the traffic is examined using
the headers.
Link Encryption End-to-end Encryption
Source message is exposed Source message is encrypted
Message exposed at the nodes Message encrypted at the nodes
Message transparent to the user Message encrypted by the user
Encryption maintained by host Algorithm determined by the user
Can be performed on hardware Software implementation needed
Encryption of all or no messages User decides whether to encrypt a message
Different kinds of information can be found using traffic analysis:
1 Frequency of communication
2 Identity of the people who communicate
3 Pattern of messages
4 Length of messages
5 Messages in a covert channel
Encryption ensures that the packet headers are encrypted and the
traffic can be padded to further strengthen the security. Using
End-to-end Encryption null messages can be sent in a random manner and
all messages can be padded to uniform lengths
0 comments:
Post a Comment