Traffic Analysis is monitoring of communications flows between parties. It can be used to create a covert channel.
Traffic Analysis
-
Traffic Padding
Traffic Padding is a #Security Mechanism where bits are inserted into gaps in a data stream. It could be used to confuse Traffic Analysis# with a cost of continuous traffic.
-
Traffic Flow Confidentiality
Traffic Flow Confidentiality is a kind of #Security Service utilises encryption#, Traffic Padding#, and Routing Control# in order to counter Traffic Analysis#.
- TNS3131 Chapter 2: Conventional Encryption and Message Confidentiality
-
Link Encryption
Link Encryption occurs independently on every link, which could be done at Physical Layer# or Data Link Layer#. This means that the devices should encrypt and decrypt the traffic using paired keys. It encrypts not only the user data but also the header, routing information and destination address, which harden the internal communication channel from monitoring and eavesdropping. Thus, it is recommended as a solution to traffic flow protection#
-
Interception
Interception is a form of #Security Attack aims at eavesdropping or monitoring or simply gaining access to the network flow or the system itself. It undermines the confidentiality# of the system. Traffic analysis# and Man-In-The-Middle Attack (MITM)# are one of the methods of interception, and the information acquired by this method could be exposed to the public or furthered materialised using one of the Active Attack.
-
IP Security (IPsec)
There are two protocol modes available in IPsec: transport mode and tunnel mode. Transport mode provides End-to-end security# which only protects the IP packet payload. Tunnel mode provides gateway-to-gateway (usually Router owned by the same corporation) security which protects the entire IP packet. However, the traffic after the gateway will not be protected under tunnel mode, and it can’t be set up by normal user. The authentication and encryption will be done slightly different in each mode. In transport mode, authentication and encryption will only be done on the payload (could be susceptible to Traffic Analysis#) and sometimes include a portion of IP header (if using AH only) and IPv6 extension headers. In tunnel mode, authentication and encryption must be done on the entire packet (in AH only tunnel mode SA, it will authenticate a portion of IP header and IPv6 extension headers too). Both mode could be stacked to each other in order to satisfy four cases of SA.