Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security. Communication is a process that allows organisms to exchange information by several methods. ... This article is about algorithms for encryption and decryption. ... Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ... Military intelligence (abbreviated MI, int. ... Counter Intelligence A uk label started and owned by John Machielsen. ... This article “Secure computing” redirects here. ...

Traffic analysis tasks may be supported by dedicated computer software programs, including commercially available programs such as those offered by i2, Visual Analytics, Memex, Orion Scientific, Pacific Northwest National Labs, Genesis EW's GenCOM Suite and others. Advanced traffic analysis techniques may include various forms of social network analysis.

In military intelligence

In a military context, traffic analysis is usually performed by a signals intelligence agency, and can be a source of information about the intentions and actions of the enemy. Example patterns include: SIGINT stands for SIGnals INTelligence, which is intelligence-gathering by interception of signals, whether by radio interception or other means. ...

• Frequent communications — can denote planning
• Rapid, short, communications — can denote negotiations
• A lack of communication — can indicate a lack of activity, or completion of a finalized plan
• Frequent communication to specific stations from a central station — can highlight the chain of command
• Who talks to whom — can indicate which stations are 'in charge' and which aren't, which further implies something about the personnel associated with each station
• Who talks when — can indicate which stations are active in connection with events, which implies something about the information being passed and perhaps something about the personnel/access of those associated with some stations
• Who changes from station to station, or medium to medium — can indicate movement, fear of interception

There is a close relationship between traffic analysis and cryptanalysis (commonly called codebreaking). Callsigns and addresses are frequently encrypted, requiring assistance in identifying them. Traffic volume can often be a sign of an addressee's importance, giving hints to pending objectives or movements to cryptanalysts. For the Star Trek: The Next Generation episode, see Chain of Command (Star Trek: The Next Generation). ... Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ... Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information without access to the secret information which is normally required to do so. ... In broadcasting and radio communication, a callsign or call sign (also call letters) is a unique designation for a transmitting station. ... This article is about algorithms for encryption and decryption. ...

In computer security

Traffic analysis is also a concern in computer security. An attacker can gain important information by monitoring, for example, the frequency and timing of network packets. For example, a timing attack on the SSH protocol used timing information to deduce information about passwords (Song et al, 2001). For interactive sessions, SSH transmits a message after each key stroke. The timings between messages can be studied using hidden Markov models, and the authors estimate that it can be used to recover the password fifty times faster than a brute force attack. This article “Secure computing” redirects here. ... Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. ... A password is a form of secret authentication data that is used to control access to a resource. ... State transitions in a hidden Markov model (example) x — hidden states y — observable outputs a — transition probabilities b — output probabilities A hidden Markov model (HMM) is a statistical model in which the system being modeled is assumed to be a Markov process with unknown parameters, and the challenge is to... The EFFs US$250,000 DES cracking machine contained over 1,800 custom chips and could brute force a DES key in a matter of days — the photograph shows a DES Cracker circuit board fitted with several Deep Crack chips. ...

Onion routing systems are often used to improve anonymity. Traffic analysis can also be used for attack on anonymous communication systems, like the Tor anonymity network. Steven J. Murdoch and George Danezis from University of Cambridge presented this in an article Low-Cost Traffic Analysis of Tor, presented in 2005 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 8 – 11, 2005. They presented traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams and therefore greatly reduce the anonymity provided by Tor. They have also shown that otherwise unrelated streams can be linked back to the same initiator. Onion routing is a technique for pseudonymous (or anonymous) communication over a computer network, developed by David Goldschlag, Michael Reed, and Paul Syverson. ... Tor (The Onion Router) is a free software implementation of second-generation onion routing — a system enabling its users to communicate anonymously on the Internet. ...

Remailer systems can also be attacked via traffic analysis. If a message is observed going to a remailing server, and an identical length (if now anonymized) message is observed leaving that server shortly thereafter, a traffic analyst may be able (automatically) to pierce the anonymity of that sender by connecting the sender with the ultimate receiver. Several variations in remailer operation have been developed which can make such analysis much less informative. An anonymous remailer is a server computer which receives messages with embedded instructions on where to send them next, and which forwards them without revealing where they originally came from. ...

Countermeasures

The introduction to this article provides insufficient context for those unfamiliar with the subject. Please help improve the introduction to meet Wikipedia's layout standards. You can discuss the issue on the talk page.

This article or section may be confusing or unclear for some readers. Please improve the article or discuss this issue on the talk page. This article has been tagged since September 2007.

It is difficult to completely eliminate traffic analysis: "It is extremely hard to hide information such as the size or the timing of the messages. The known solutions require Alice to send a continuous stream of messages at the maximum bandwidth she will ever use...This might be acceptable for military applications, but it is not acceptable for most civilian applications."^[clarify]Talk: Traffic analysis (Ferguson and Schneier, 2003). Image File history File links Broom_icon. ... Image File history File links Broom_icon. ... The names Alice and Bob are commonly used placeholders for archetypal characters in fields such as cryptography and physics. ... -1...

The usefulness of traffic analysis can be reduced if traffic is faked or if traffic cannot be intercepted. Both occurred in the period before the attack on Pearl Harbor (December 7, 1941): This article is about the actual attack. ...

• During the planning and rehearsal for the attack, very little interceptable traffic was generated. The ships, units, and commands involved were all in Japan and in touch by phone, courier, signal lamp, or even flag. None of that traffic was interceptable, and could not be analyzed.
• The espionage effort against Pearl Harbor before December didn't send an unusual number of messages; Japanese vessels regularly called in Hawaii and messages could be (and were) carried aboard by consular personnel. At least one such vessel carried some Japanese Navy Intelligence officers. Such messages cannot be analyzed. The consulate had every opportunity to hide intelligence reports to Tokyo in routine traffic from a busy consulate (see steganography). If undetected, this traffic cannot be analyzed either. A famous example, probably concealing something other than the surface content, was the intercepted phone conversation about flowers shortly before the 7th. (This is called "doubletalk code".) Some messages from Takeo Yoshikawa on Oahu were sent under routine diplomatic addresses, and so were not identified as intelligence traffic. It has been suggested^[1], however, the volume of diplomatic traffic to and from certain consular stations might have indicated places of interest to Japan, which might thus have suggested locations to concentrate traffic analysis and decryption efforts.
• The Japanese Navy played radio games to inhibit traffic analysis (see Examples, below) with the attack force after it sailed in late November.

Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the content is obscured. ... Takeo Yoshikawa before his death in 1984 Takeo Yoshikawa (吉川 猛夫 Yoshikawa Takeo, born 1916) was a Japanese spy in Hawaii during World War II. He arrived in Hawaii by on March 27, 1941, as Tadashi Morimura (森村 正 Morimura Tadashi). ... Oʻahu (usually Oahu outside Hawaiian and Hawaiian English), the Gathering Place, is the third largest of the Hawaiian Islands and most populous island in the State of Hawaiʻi. ... For Combined Fleet, please see that article. ...

Examples

• British analysts in World War I noticed that the call sign of German Vice Admiral Reinhard Scheer, commanding the hostile fleet, had been transferred to a land-based station. Admiral Beattie, ignorant of Scheer's practice of changing callsigns upon leaving harbor, dismissed its importance and disregarded Room 40 analysts' attempts to make the point. The German fleet sortied, and the British were late in meeting them at the Battle of Jutland. Had traffic analysis been taken more seriously, the British might have done better than a 'draw'.
• In early World War II, the aircraft carrier HMS Glorious was evacuating pilots and planes from Norway. Traffic analysis produced indications Scharnhorst and Gneisenau were moving into the North Sea, but the Admiralty dismissed the report as unproven. The captain of Glorious did not keep sufficient lookout, and was subsequently surprised and sunk. Harry Hinsley, the young Bletchley Park liaison to the Admiralty, later said his reports from the traffic analysts were taken much more seriously thereafter.
• Admiral Nagumo's Pearl Harbor Attack Force sailed under radio silence, with its radios physically locked down, and left its radio operators in Japan to simulate ordinary traffic for the benefit of listeners, as, in those days, an operator's 'fist' was individually recognizable. It is unclear if this deceived the U.S.; Pacific Fleet intelligence was unable to locate the Japanese carriers in the days immediately preceding the attack on Pearl Harbor.
• Traffic analysis and planespotting techniques were used to infer the existence of secret CIA flights [1], prisons [2] and the transfer of prisoners to and from these prisons, the so-called Torture Taxis.

“The Great War ” redirects here. ... Call sign can refer to different types of call signs: Airline call sign Aviator call sign Cosmonaut call sign Radio and television call signs Tactical call sign, also known as a tactical designator See also: International Callsign Allocations, Maritime Mobile Service Identity This is a disambiguation page — a navigational... Reinhard Scheer Reinhard Scheer (September 30, 1863 – November 26, 1928) was a Vice-admiral in the German navy. ... Beattie may refer to: Beattie, Kansas James Beattie (writer), a Scottish academic and writer. ... In the history of cryptography, Room 40 (formally I.D. 25) was the room in the Admiralty which was the first location of the British cryptography effort during World War I. It was formed shortly after the start of the war in October 1914, as a result of codebooks and... Combatants Grand Fleet of the Royal Navy High Seas Fleet of the Kaiserliche Marine Commanders Sir John Jellicoe Sir David Beatty Reinhard Scheer Franz von Hipper Strength 28 battleships 9 battlecruisers 8 heavy cruisers 26 light cruisers 78 destroyers 1 minelayer 1 seaplane carrier 16 battleships 5 battlecruisers 6 pre... Combatants Allied powers: China France Great Britain Soviet Union United States and others Axis powers: Germany Italy Japan and others Commanders Chiang Kai-shek Charles de Gaulle Winston Churchill Joseph Stalin Franklin Roosevelt Adolf Hitler Benito Mussolini Hideki Tōjō Casualties Military dead: 17,000,000 Civilian dead: 33,000... Four aircraft carriers, (bottom-to-top) Principe de Asturias, amphibious assault carrier USS Wasp, USS Forrestal and light V/STOL carrier HMS Invincible, showing size differences of late 20th century carriers An aircraft carrier is a warship designed to deploy and in most cases recover aircraft, acting as a sea... HMS Glorious was a warship of the Royal Navy. ... Scharnhorst was a 31,500 tonne Gneisenau class battlecruiser of the German Kriegsmarine, named after the Prussian general and army reformer Gerhard von Scharnhorst and to commemorate the World War I armored cruiser SMS Scharnhorst. ... Gneisenau was a famous World War II 31,100 ton Gneisenau class battlecruiser[1] of the German Kriegsmarine. ... Sir Francis Harry Hinsley (26 November 1918–16 February 1998) was an English historian and cryptanalyst who worked at Bletchley Park during the Second World War and wrote widely on the history of international relations and British Intelligence during the Second World War. ... During World War II, codebreakers at Bletchley Park decrypted and interpreted messages from a large number of Axis code and cipher systems, including the German Enigma machine. ... Categories: People stubs | 1887 births | 1944 deaths | Japanese military leaders | Japanese World War II people | Imperial Japanese Navy admirals | Suicides ... This article is about the actual attack. ... Spotters at Sao Paulo/Guarulhos International Airports control tower. ... Extraordinary rendition and irregular rendition are terms used to describe the extrajudicial transfer of a person from one state to another with the intent of legally torturing them outside of the jurisdiction of a state which prohibits it. ... Torture Taxi (ISBN 1-933633-09-3) is a 2006 book by A.C. Thompson and Trevor Paglen documenting the CIAs extraordinary rendition program. ...

See also

• SIGINT
• COMINT metadata
• ELINT
• Traffic-flow security
• Network analysis
• Telecommunications data retention
• Data warehouse
• Zendian Problem
• ECHELON
• EOB

SIGINT stands for SIGnals INTelligence, which is intelligence-gathering by interception of signals, whether by radio interception or other means. ... ELINT stands for ELectronic INTelligence, and refers to intelligence-gathering by use of electronic sensors. ... Traffic-flow security is the use of measures that conceal the presence and properties of valid messages on a network to prevent traffic analysis. ... Network analysis is the analysis of networks through network theory (or more generally graph theory). ... In the field of telecommunications, data retention (or data preservation) generally refers to the storage call detail records (CDRs) of telephony and internet traffic and transaction data (IPDRs) by governments and commercial organisations. ... A data warehouse is the main repository of an organizations historical data, its corporate memory. ... The Zendian Problem was a series of problems in traffic analysis and cryptanalysis devised by Lambros D. Callimahos as part of a course taught to National Security Agency cryptanalysts, whose graduates became members of the Dundee Society. ... This article is about the spy network. ...

References

• Ferguson, Niels, Schneier, Bruce. Practical Cryptography, 2003. p114. ISBN 0-471-22357-3.
• Dawn Xiaodong Song, David Wagner and Xuqing Tian, Timing Analysis of Keystrokes and Timing Attacks on SSH, 10th USENIX Security Symposium, 2001.
• X. Y. Wang, S. Chen and S. Jajodia “Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet”. In Proceedings of the 12th ACM Conference on Computer Communications Security (CCS 2005), November 2005.
• Costello, John. Days of Infamy. Pocket Books (hardback), 1994.

David Wagner David A. Wagner (1974) is an Assistant Professor of Computer Science at the University of California, Berkeley and a well-known researcher in cryptography. ...

External links

• Anonymity bibliography at freehaven