Traffic analysis and inference

One of the interesting techniques used in signals intelligence is called traffic analysis: inferring important information from relatively obscure byproducts of information structure and transmission.

For example, if there are four areas of active combat in a war zone, and message traffic between the enemy's field headquarters and one of those areas increases significantly, it is possible that a change in tactics or strategy may be in progress. Of course, counterintelligence techniques dictate that to forestall such inference, traffic to all four areas must rise equally. Communications security specialists can use what is called "chaffing": including dummy messages on the other three channels to conceal the rise in traffic to the area that is really the site of increased communications.

In our day-to-day operations, few of us think about the possibility of traffic analysis as a threat to our confidential data. For example, suppose a company is thinking about building a new factory in one of five cities; real-estate speculators may be very interested to find out that telephone, fax and e-mail traffic from the company to a particular real estate agency in Iowa City has increased fivefold in the last day, compared with traffic to the other four cities in the running. To follow along in this scenario, such speculators would also be interested in monitoring the activity of the real estate agents in Iowa City to find out where the new factory might be sited. If mobile telephone use is (illegally) monitored by unscrupulous speculators, they might very well be able to infer precisely which plots of land were of particular interest. With this kind of information in hand, the speculators might be able to buy the most likely site at bargain prices and then turn around the next day and sell it to the company for a large profit - to the cost of that victim of inference.

On a more prosaic level, how many of us label our directories and subdirectories (folders) with clear identifiers that tell a casual observer too much about our business? For example, I have a folder called CONSULT on my hard drive (OK, it's in an encrypted partition, but never mind that for now). Within that folder, I keep records of my work with various clients. Unless the fact that my work with the client is public knowledge, I don't put the name of the client on the subfolder for that client. I use initials or some other designator that makes it a bit more difficult for someone who glimpses my directory tree to figure out for whom I've been working. Notice that the issue is not that the files in those folders are accessible (they aren't); the potential problem is that a folder clearly labeled with a client's name reveals too much all by itself.

In summary, for high-security applications, we should be aware of the possibility of traffic analysis and more general inference as threats to our confidentiality. Don't put valuable information in folder and file names that can be seen by authorized personnel, even if the contents are inaccessible or encrypted. Conceal changes in normal communications patterns if you think that your interests may be harmed by knowledge of those changes.

Join the newsletter!

Error: Please check your email address.

More about Inference

Show Comments