Talk:Traffic analysis
Jump to navigation
Jump to search
I just dropped a lot of text in here, borrowed from the FreeS/WAN docs which we have permission to re-use. It needs a second opinion, likely some editing. There's also a citation I once had and cannot now find, the "radio silence" story. Sandy Harris 16:34, 4 August 2008 (CDT)
Also, it should discuss and link to systems designed to resist traffic analysis, which I think include OTR and TOR. Anyone know enough to do that? Sandy Harris 17:37, 4 August 2008 (CDT)
- On looking at the "permission to reuse", it appears that you wrote the S/WAN material. Is that correct?
- Nearly all of it. Sandy Harris 19:36, 4 August 2008 (CDT)
- Your comment "In general, traffic analysis by itself is not very useful." may be true for commercial networks, but is decidedly not the case for military and national intelligence. There has been some exploitation in natural resource prospecting.
- I'd really like to see more sourcing, because some of your assertions do not strike me as "well-known to experts in the field". A context needs to be set for what access one has to the full traffic before making statements like "In general, defending against traffic analysis is also difficult. Inventing a really good defense could get you a PhD and some interesting job offers."
- You're right on both comments. In the FreeS/WAN docs I was dealing with a limited context: issues for IPsec usage. For an encyclopedia, we need both broader coverage and removal of some of my simplifications. I do not know enough to do that well. Volunteers? Sandy Harris 19:45, 4 August 2008 (CDT)
- You mention "In one case during World War II, the British guessed an attack was coming because all German radio traffic stopped. The "radio silence" order, intended to preserve security, actually gave the game away." Which case? Counterexample or two...along with the Double-Cross System and photographic decoys where the German photorecon aircraft just kept getting missed (coincidence, of course) the Germans buying the FORTITUDE SOUTH deception because their traffic analysis was hearing the (notional) First United States Army Group in Kent, but not the real invasion camps in SE England, which were maintaining radio silence? One source on that is Alexander Cave Browne's Bodyguard of Lies, but ISTR Hyperwar has it online. There are Layton's reports that the Japanese moving the radiomen, with a known Morse "fist", to the Inland Sea, replacing them on the Pearl Harbor striking force that kept radio silence, helping the deception that six carriers were not loose? For a more recent example, see SIGINT from 1945 to 1989#SIGINT and the Development of NVA Logistics for an example of how the organization of the support or the Ho Chi Minh trail mostly came from DF and traffic analysis?
- I had a source for that 10 years ago when I wrote it. I've just done some web searching without finding it. If we cannot source it, it should be deleted. Sandy Harris 19:45, 4 August 2008 (CDT)
- Hmmm. Source for the German alert? Search for a unit commanded by a Captain Seebohm, who was Rommel's SIGINT chief and, by all accounts, very, very good. IIRC, an Australian, force, not knowing the significance, caught the SIGINT unit and largely wiped them out. One possible link, which I only scanned, is http://www.maskelynemagic.com/mask6supercut.html. I thought it was an online version of the book on Maskelyne, The War Magician. Nothing immediately came up in Kahn, but I wouldn't rule out Anthony Cave Browne.
- It's less plausible it occurred on the continent of Europe, as much of that was brute force that didn't need much tactical deception. In Big Mistake I, a British admiral asked the traffic analysts the wrong question, got a correct answer, leading to the surprise of the Battle of Jutland. He asked where a particular call sign was at present, and, indeed, it was ashore. What he didn't ask is where the commander of the High Seas Fleet was located; he had asked about the shore headquarters callsign, and was not open to clarification. So, he never asked "is the High Seas Fleet operating", to which Room 40 would have said "yes',and given him a position. Howard C. Berkowitz 20:41, 4 August 2008 (CDT)
- "traffic analysis is hard to do well." How would you compare the computational complexity of data mining, say for a major retailer that has terabytes of data to mine?
- Given that most Internet traffic is on fiber, getting the raw content for traffic analysis is the hard part. While we don't know what the warrantless surveillance at AT&T and elsewhere was/is doing, there is a fair bit of informed speculation that the call content wasn't being recorded, but the Call Detail Records. There's not much you can do with CDRs except traffic analysis.
- There is enough military concern with traffic analysis and direction finding that I doubt there's any new system that isn't frequency agile and, where possible, spread spectrum. Still, it's pretty much the rule of thumb that if you transmit on a military frequency in the presence of unfriendly, technically competent strangers, it's a good idea to be moving, or spend no more than 60 seconds in one spot. While I recognize counterbattery fire is using multiple sensors, not just traffic analysis, the usual rule of thumb is that once a firing order is heard, or the first shell or rocket comes into sensor view, it takes 30-60 seconds to backtrack the trajectory and have the coordinates being set into a howitzer or rocket launcher.Howard C. Berkowitz 18:55, 4 August 2008 (CDT)
NSA document on traffic analysis
Recently released [ http://www.nsa.gov/about/_files/cryptologic_heritage/publications/misc/traffic_analysis.pdf] Sandy Harris 02:50, 25 July 2013 (UTC)