Traffic Confidentiality

7.2. Traffic Confidentiality

We mentioned in Chapter 1 that, in some cases, users are concerned about security from traffic analysis. Knowledge about the number and length of messages between nodes may enable an opponent to determine who is talking to whom. This can have obvious implications in a military conflict. Even in commercial applications, traffic analysis may yield information that the traffic generators would like to conceal. [MUFT89] lists the following types of information that can be derived from a traffic analysis attack:

• Identities of partners
• How frequently the partners are communicating
• Message pattern, message length, or quantity of messages that suggest important information is being exchanged
• The events that correlate with special conversations between particular partners

Another concern related to traffic is the use of traffic patterns to create a covert channel. A covert channel is a means of communication in a fashion unintended by the designers of the communications facility. Typically, the channel is used to transfer information in a way that violates a security policy. For example, an employee may wish to communicate information to an outsider in a way that is not detected by management and that requires simple eavesdropping on the part of the outsider. The two participants could set up a code in which an apparently legitimate message of a less than a certain length represents binary zero, whereas a longer message represents a binary one. Other such schemes are possible.