[perpass] Traffic analysis
"Christian Huitema" <huitema@huitema.net> Mon, 30 September 2013 05:37 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44C3A21F9D21 for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 22:37:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.066
X-Spam-Level:
X-Spam-Status: No, score=-1.066 tagged_above=-999 required=5 tests=[AWL=-0.326, BAYES_20=-0.74]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vprgqfio3BKD for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 22:37:08 -0700 (PDT)
Received: from xsmtp01.mail2web.com (xsmtp01.mail2web.com [168.144.250.230]) by ietfa.amsl.com (Postfix) with ESMTP id 8A1CF21F9D2E for <perpass@ietf.org>; Sun, 29 Sep 2013 22:37:06 -0700 (PDT)
Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp01.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1VQW8Y-00017R-0P for perpass@ietf.org; Mon, 30 Sep 2013 01:37:05 -0400
Received: (qmail 15560 invoked from network); 30 Sep 2013 05:35:12 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for <perpass@ietf.org>; 30 Sep 2013 05:35:12 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'perpass' <perpass@ietf.org>
Date: Sun, 29 Sep 2013 22:35:10 -0700
Message-ID: <02c001cebd9e$d5af4900$810ddb00$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: Ac69m5NpOu/Q54VBSOCgfKkJCLS0yg==
Subject: [perpass] Traffic analysis
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 05:37:14 -0000
The massive monitoring attacks that we know about seem to fall into three categories: listening to the content of communications in transit, accessing content of documents and past exchanges at a server, and analyzing traffic to find patterns of communications and deduce social exchanges. I think we understand the "listening on conversations" attack, and we understand that we need more encryption. We have some good ideas for reducing the risk of accessing contents on server, such as storing encrypted contents on servers, or enabling distributed services so that users can chose server locations that they find more acceptable. But I wonder whether we have a good approach for traffic analysis. Traffic analysis proceeds through the collection of "meta data" such as ip headers, e-mail headers, and other forms of signaling, e.g. SIP headers. DNS traffic analysis also falls in that category. Such data is easy to harvest by monitoring big conduits such as backbone links or submarine cables. In some countries, the data is collected by forcing traffic through a single exchange or through some form of "national firewall." The current internet protocols and applications pay very little attention to traffic analysis. We should obviously take the easy steps, encrypt the DNS, e-mail and SIP connections. But when it comes to IP header analysis, we have pretty few solutions. VPN, of course, but that requires configuration. Could we change that? -- Christian Huitema
- Re: [perpass] Traffic analysis Brian Trammell
- Re: [perpass] Traffic analysis Brian E Carpenter
- [perpass] Traffic analysis Christian Huitema
- Re: [perpass] Traffic analysis d.nix
- Re: [perpass] Traffic analysis Christian Huitema
- Re: [perpass] Traffic analysis Christian Huitema
- [perpass] Traffic analysis Christian Huitema
- Re: [perpass] Traffic analysis Stephen Farrell
- Re: [perpass] Traffic analysis Ben Laurie
- Re: [perpass] Traffic analysis Stephen Farrell
- [perpass] Perpassturbating metrics Tony Rutkowski
- Re: [perpass] Traffic analysis Joe St Sauver
- Re: [perpass] Traffic analysis Stephen Farrell
- Re: [perpass] Traffic analysis Joe St Sauver
- Re: [perpass] Traffic analysis Stephen Farrell
- Re: [perpass] Traffic analysis Mike Demmers
- Re: [perpass] Traffic analysis ned+perpass
- Re: [perpass] Traffic analysis d.nix
- Re: [perpass] Traffic analysis Stephen Farrell
- Re: [perpass] Traffic analysis Tony Rutkowski
- Re: [perpass] Traffic analysis Eric Burger
- Re: [perpass] Perpassturbating metrics Dave Crocker
- Re: [perpass] Perpassturbating metrics Tony Rutkowski
- Re: [perpass] Perpassturbating metrics Dave Crocker
- Re: [perpass] Perpassturbating metrics Alissa Cooper
- Re: [perpass] Perpassturbating metrics Peter Saint-Andre
- Re: [perpass] Perpassturbating metrics Brian Trammell
- Re: [perpass] Traffic analysis Richard Shockey
- Re: [perpass] Traffic analysis Stephen Farrell
- Re: [perpass] Traffic analysis Douglas Otis
- Re: [perpass] Traffic analysis Tony Rutkowski
- Re: [perpass] Traffic analysis Richard Shockey
- Re: [perpass] Traffic analysis Eliot Lear
- Re: [perpass] Traffic analysis Joe St Sauver
- Re: [perpass] Traffic analysis Eliot Lear
- Re: [perpass] Traffic analysis Tony Rutkowski
- Re: [perpass] Traffic analysis Hannes Tschofenig
- Re: [perpass] Traffic analysis Tony Rutkowski
- Re: [perpass] Traffic analysis Scott Brim
- Re: [perpass] Traffic analysis Tony Rutkowski
- Re: [perpass] Traffic analysis Dave Crocker
- Re: [perpass] Traffic analysis d.nix
- Re: [perpass] Traffic analysis Tony Rutkowski
- Re: [perpass] Traffic analysis Scott Brim
- Re: [perpass] Traffic analysis Tony Rutkowski