Detecting Drone Surveillance with Traffic Analysis

This is clever:

Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject­—a window, say—someone might want to guard from potential surveillance. Then they remotely intercept a drone’s radio signals to look for that pattern in the streaming video the drone sends back to its operator. If they spot it, they can determine that the drone is looking at their subject.

In other words, they can see what the drone sees, pulling out their recognizable pattern from the radio signal, even without breaking the drone’s encrypted video.

The details have to do with the way drone video is compressed:

The researchers’ technique takes advantage of an efficiency feature streaming video has used for years, known as “delta frames.” Instead of encoding video as a series of raw images, it’s compressed into a series of changes from the previous image in the video. That means when a streaming video shows a still object, it transmits fewer bytes of data than when it shows one that moves or changes color.

That compression feature can reveal key information about the content of the video to someone who’s intercepting the streaming data, security researchers have shown in recent research, even when the data is encrypted.

Research paper and video.

Posted on January 24, 2018 at 5:28 AM21 Comments


Cerebus2 January 24, 2018 7:06 AM

…thus relearning the old commandment, “Thou shalt use fill when an encrypted channel is idle.”

echo January 24, 2018 8:39 AM

This is like the NSA (and I presume GCHQ et al) technique used to squeeze something useful from encrypted audio? Taking pictures around corners by using a single photon at a time uses crazy maths. I know they are not related but things like this and cosmologists observing stars on the other side of the galaxy through the obstruction of the Milky Way is all kinds of “wow”.

I guess once a particular class of problem is solved the tool can be used all over the place including maybe picking up secondary effects elsewhere which might reveal other useful intelligience?

Impossibly Stupid January 24, 2018 9:52 AM


Does this have implications for privacy tools like Signal?

Well, like Cerebus2 said, the presence/absence of traffic is a form of metadata, and can be quite useful, especially when correlated against other data. Due to the limited nature of mobile bandwidth and power, I doubt any apps are going to really do much to confound that kind of analysis. It’s another case where people are more willing to trade security for convenience.

Handsome Jack January 24, 2018 11:24 AM

It’s another case where people are more willing to trade security for convenience.

@impossibly stupid: I agree, mobile apps are unlikely to use fill to obscure an otherwise silent channel. However, I disagree that it’s purely a convenience issue. I think it’s more so an adoption and usability issue.

Mobile networks are often artificially constrained. So the idea of keeping a constant channel filled with noise to obscure this side channel to intelligence agencies isn’t going to be very helpful. I’d argue it will drive users to less secure tools that don’t cost them hundreds of dollars a month in extra mobile bandwidth to foil a specific adversary. Mind you, the metadata of the communication (again in the context of mobile apps) is still cleartext, so what have you really gained by using fill in something like Signal?

A potential solution is to remove the immediateness of mobile text messages, and simply use a constant interval burst scheme. This reduces the amount of traffic required, and when you send a message, it has to wait for the next burst interval. This could be problematic for users who want to send larger media, but I would argue it’s a fair compromise to defeat these kinds of side channel leaks, especially if the user is as idle as you imagine.

Whether a feature request like that would ever make it into Signal, WhatsApp, et. al., however, is unknown.

hey! January 24, 2018 11:36 AM

Classic case of optimization being the nemesis of obfuscation/privacy/security… Someone already said it right: “presence/absence of traffic is a form of metadata”…

Clive Robinson January 24, 2018 11:41 AM

This attack would work against most types of encryption even if the input “plaintext” was compresed.

In essence they are looking for any change in the signal that is sychronised to their changing signal.

In essence it does not matter the types of compression, standard block encryption or standard block encryption mode you use this attack will work in a number of ways.

The way to avoid it is not just fixed rate signalling but a very long randomization mode prior to using standard encryption or encryption modes. It’s one of the reasons the “European” military have favoured stream encryption.

Thus if you compress the video, fix the data rate, stream encrypt then block encrypt, you are in with a chance of beating this.

These sorts of attack are not exactly new, they’ve been known about but not much talked about outside of certain circles for fifty years or more.

Martin Bonner January 24, 2018 1:11 PM

My employer produces a secure audio and chat application for mobiles. We use a constant bit rate encoder before encrypting. We also pad chats messages to a largish block size, and pad SMS messages to a full SMS message. I can see that approach might be expensive for video, but really, what where they thinking of?

Wayne Anderson January 24, 2018 2:04 PM

Requires a baseline recognition of key object(s) in the vicinity of the surveilled subject. A better detection method would still be underlying spectral analysis of the surveilled space.

That you recognize a high bit rate signal in known control and/or transmission bands would be a significant event, that you can recognize it as a probable video signal at all may be a better indication that one or more subjects are targetted.

Lets face it, most intelligence services which need this kind of capability (cough cough CIA, Mossad, etc) are more interested in the initial recognition of a high probability of surveillance than they are specific identification/confirmation of subject recognition.

While academically interesting, the presented method still has a high level of fragility in that the data intercept required to confirm a key indicator presence in the stream is pretty high.

hmm January 24, 2018 2:05 PM

” What were they thinking of? ”

Video “encryption” wasn’t initially for security, it was for stable isolated channels right?

esp January 24, 2018 3:07 PM

This is part of a more urgent problem of general interest:

a … way to determine whether a certain person or object is under … surveillance.

Parties who conduct surveillance are generally, essentially by definition, hostile to the parties under their surveillance. That hostility may be at times covert but ultimately cannot be hidden.

There is a general way.

Provocative acts and provocative speech in places of supposed privacy almost always induce the parties conducting the surveillance to respond with involuntary micro-aggressions — otherwise known as a “poker tells” — yielding subtle clues that they know something they are not supposed to have observed — given the logical premise of supposed privacy and freedom from surveillance at a particular place and time.

Sometimes those under surveillance excite the lust of those conducting the surveillance, and this leads to sexual assault in real life.

So who is watching the watchers, you ask?

We the people know who you are, and some among us know how to catch you in your dirty deeds.

Chris Pugson January 25, 2018 2:05 AM

William Gordon Welchman was an English mathematician, university professor, Second World War codebreaker at Bletchley Park and author. After the war he moved to the US, and later took American citizenship.

It was Gordon Welchman, I believe, who invented traffic analysis and was responsible for its first applications when he used it, independent of code breaking, to enable understanding of what Nazi Germany was up to through his supply of the vitally valuable results of his analyses to British and therefore Allied intelligence. This was essential when the enemy changed its Enigma encryption from time to time with the enforced temporary loss of information from that source.

Shame he fell out with his adoptive country late in his life when his authorship met with disapproval by US intelligence agencies.

echo January 25, 2018 6:34 AM

@Chris Pugson

Welchman fell out of favour with the Thatcher government. Signals intelligence of this kind was very locked down in the UK and the UK government had an extreme view of the Official Secrets Act. (See also Clive Ponting and also Spycatcher.) The Americans gave Welchman a hard time at the behest of the UK government.

JG4 January 25, 2018 7:50 AM

@Handsome Jack

“So the idea of keeping a constant channel filled with noise to obscure this side channel to intelligence agencies isn’t going to be very helpful. I’d argue it will drive users to less secure tools that don’t cost them hundreds of dollars a month in extra mobile bandwidth to foil a specific adversary.”

Some time ago, I suggested filling cell phone voice connections with white noise and signal indistinguishable from white noise 24/7. I was pleased to see Clive offer some hope that could defeat traffic analysis as recently as last night or this morning. I understand that there is only one of many problems to be solved.

I thought that many cell plans have unlimited calling that would make it free to unrepentant abusers. Of course, if everyone does it, the networks will go down immediately, like in the aftermath of 9/11 or even at the inauguration last year when it was all but impossible to get a cell connection. In principle, the same thing can be done with VOIP and video of course. I might quibble with the use of artificially in front of constrained, as we all live on a constrained planet that probably is not artificial.

Since that time, I added three features aimed at usability to the definitions, which essentially are observing channel parameters and efficient use of error correction.

I am adding to my overall threat model a new feature, of inadvertantly empowering criminals in the private sector. Mitigating that without empowering criminals in the public sector will be a difficult nut to crack.

BTW, Open Sources, Voices from the Revolution is available free online.

You also can get the dead-tree version from Amazon. Their share price has been running like a striped-assed ape.

Clive Robinson January 25, 2018 8:16 AM

@ echo, Chris Pugson,

The Americans gave Welchman a hard time at the behest of the UK government.

There’s a warning for everyone in what happened to Gordon Welchman.

Nothing he did with his book was illegal, he even wrote to a whole load of people both in the US and UK to check, and was in effect given a blue light.

What Maggie Thatch did was to have the archives ripped through for anything to get at people she disagreed with and pushed it way beyond the point of reason hence “Mad Maggie”. Which is why she ended up failing in most cases when things got to court with senior establishment figures effectively committing perjury and getting called on it then and there.

Gordon Welchman was however in an akward position. He was at the time a US citizen who had been a genius[1] in a British “ultra” secret project. Towards the end of the war whilst still technically advanced of the US Crypto effort the British realised they did not have the required industrial resources thus pushed for and got the BRUSA –later UKUSA– agreement ratified. Though not in the original letter of agreement subsequent agreement letters augmented it. One that supposadly originated directly from Winston Churchill[2] and was kept very secret was that the British had a veto on what information the US SigInt agencies could release that had originated from the British[3].

So whilst what Gordon Welchman did was not illegal, and otherwise fine with the US SigInt establishment, as most there including Welchman were never made aware of the “Ultra Secret” letter he had not just his security clerance revoked he was then treated like a spy. It got to the point that not only did the NSA try to starve him they tried attacking him directly and those around him to try the old “Make’m bankrupt via lawsuit” “rights stripping” tricks we still see being used by US politicos (Obama being the worst offender so far, but give the current lot another seven years…).

[1] There is sufficient evidence around the the UK Government deestroyed documents, to show he was on a genius level atleast as good if not better than Alan Turing. Not only did he compleatly independently come up with his own version of the Enigma cracking machine in just a few weeks, he also when shown the actual Turing Bomb made suggestions that vastly improved it’s efficiency. The one that very probably “won the war” was the “Diagonal board” without which the Turing bomb would have become comparitively usless within six months. But it was not traffic analysis he came up with and pushed into use, which it appears the UK SigInt agencies were desperate to keep quiet about. He also drew up the details which he later effectively gave to RAND that our modern Internet is based on. Also using his original ideas still the major military fault tolerant radio networks NATO and others are critically dependent on today.

[2] Winston Churchill had a major faux pas over his WWI book where he gave away the secrets of Room 40 in quite some detail which many believed was why the Germans put so much effort into the Enigma etc. And in turn why Churchill put such efforts into “Ultra” despite major opposition not just politically but militarily as well. It also explains what happened to Bletchly almost immediatly after WWII ended in Europe.

[3] There was also supposed to be a similar agreement over the “Tube Alloys” project but the US blew that out of the water which is why the 1973 Encyclopedia Britanica makes such interesting reading. As does a nolonger available US document “Project Y the Yucca Flats Experiment.

Chris Pugson January 25, 2018 10:35 AM

@ echo, Clive Robinson,

There’s gratitude for you. The man made arguably the greatest contribution of any individual to winning the biggest armed conflict yet and was treated like a criminal.

Thank you for shedding this light, not previously seen by me, on a momentously significant man.

uh, Mike January 25, 2018 11:07 AM

So display an HD flat panel to the drone, and rotate a succession of QR codes. Watch for the bump in traffic each time the QR code changes. Add a signature to the duty cycle, and you’ve got provable detection.

echo January 26, 2018 4:38 AM

Perhaps a strict reading of the unamended Public Records Act?

“Public records…other than those to which members of the public have had access before their transfer…shall not be available for public inspection until they have been in existence for fifty years or such other period…as the Lord Chancellor may,…for the time being prescribe as respects any particular class of public records”

herman January 29, 2018 9:35 AM

On toy drone systems, the video is probably just a simple H.264 TS stream, but on any half decent UAV, the radio links are encrypted.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.