Comments

ramriot July 16, 2014 7:10 AM

At first reading and without looking up the source material I got entirely the wrong impression on this. I was thinking, “Damn bureaucrats preventing us from getting useful information out of their, paid for, traffic management database”.

Seems I was wrong, and that this is a very interesting side channel attack on data set access by studying the patters of access even if the content cannot be analysed. If only we could do the same for telephony and other electronic communications across the worlds networks, it would certainly put a crimp in the unwarranted intrusion that certain government agencies seem to need to do.

name July 16, 2014 5:02 PM

Maybe I’m staying the obvious, but shouldn’t Tor developers consider looking into this technique? I know they’ve repeatedly stated that they don’t try to protect against traffic analysis per se, but the attacker is purportedly becoming so pervasive (and the possibility of collusion between the biggest players is so probable) that the principle of an anonymous network is beginning to lose its significance. Tor has done a lot of good for years, but it’s starting to look like a case of “innovate or perish.”

Lance July 16, 2014 5:34 PM

@name I’m not sure that would protect against timing attacks. Combining various streams (the MIMO technique) would be a better defence, but it’s a tradeoff between latency and privacy. I would choose privacy, but that’s just me.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.