IETF Logo Mail Archive

[perpass] Traffic analysis

"Christian Huitema" <huitema@huitema.net> Mon, 30 September 2013 05:37 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44C3A21F9D21 for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 22:37:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.066
X-Spam-Level:
X-Spam-Status: No, score=-1.066 tagged_above=-999 required=5 tests=[AWL=-0.326, BAYES_20=-0.74]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vprgqfio3BKD for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 22:37:08 -0700 (PDT)
Received: from xsmtp01.mail2web.com (xsmtp01.mail2web.com [168.144.250.230]) by ietfa.amsl.com (Postfix) with ESMTP id 8A1CF21F9D2E for <perpass@ietf.org>; Sun, 29 Sep 2013 22:37:06 -0700 (PDT)
Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp01.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1VQW8Y-00017R-0P for perpass@ietf.org; Mon, 30 Sep 2013 01:37:05 -0400
Received: (qmail 15560 invoked from network); 30 Sep 2013 05:35:12 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for <perpass@ietf.org>; 30 Sep 2013 05:35:12 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'perpass' <perpass@ietf.org>
Date: Sun, 29 Sep 2013 22:35:10 -0700
Message-ID: <02c001cebd9e$d5af4900$810ddb00$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: Ac69m5NpOu/Q54VBSOCgfKkJCLS0yg==
Subject: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 05:37:14 -0000

The massive monitoring attacks that we know about seem to fall into three
categories: listening to the content of communications in transit, accessing
content of documents and past exchanges at a server, and analyzing traffic
to find patterns of communications and deduce social exchanges.

I think we understand the "listening on conversations" attack, and we
understand that we need more encryption. We have some good ideas for
reducing the risk of accessing contents on server, such as storing encrypted
contents on servers, or enabling distributed services so that users can
chose server locations that they find more acceptable. But I wonder whether
we have a good approach for traffic analysis.

Traffic analysis proceeds through the collection of "meta data" such as ip
headers, e-mail headers, and other forms of signaling, e.g. SIP headers. DNS
traffic analysis also falls in that category. Such data is easy to harvest
by monitoring big conduits such as backbone links or submarine cables. In
some countries, the data is collected by forcing traffic through a single
exchange or through some form of "national firewall." 

The current internet protocols and applications pay very little attention to
traffic analysis. We should obviously take the easy steps, encrypt the DNS,
e-mail and SIP connections. But when it comes to IP header analysis, we have
pretty few solutions. VPN, of course, but that requires configuration. Could
we change that?

-- Christian Huitema

v2.23.0 | Report a Bug | By Email