Security Against Traffic Analysis of Cloud Data Access

Here's some interesting research on foiling traffic analysis of cloud storage systems.

Press release.

Posted on July 16, 2014 at 6:02 AM • 3 Comments

Comments

ramriotJuly 16, 2014 7:10 AM

At first reading and without looking up the source material I got entirely the wrong impression on this. I was thinking, "Damn bureaucrats preventing us from getting useful information out of their, paid for, traffic management database".

Seems I was wrong, and that this is a very interesting side channel attack on data set access by studying the patters of access even if the content cannot be analysed. If only we could do the same for telephony and other electronic communications across the worlds networks, it would certainly put a crimp in the unwarranted intrusion that certain government agencies seem to need to do.

nameJuly 16, 2014 5:02 PM

Maybe I'm staying the obvious, but shouldn't Tor developers consider looking into this technique? I know they've repeatedly stated that they don't try to protect against traffic analysis per se, but the attacker is purportedly becoming so pervasive (and the possibility of collusion between the biggest players is so probable) that the principle of an anonymous network is beginning to lose its significance. Tor has done a lot of good for years, but it's starting to look like a case of "innovate or perish."

LanceJuly 16, 2014 5:34 PM

@name I'm not sure that would protect against timing attacks. Combining various streams (the MIMO technique) would be a better defence, but it's a tradeoff between latency and privacy. I would choose privacy, but that's just me.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.