Traffic analysis is a means of gleaning useful information from a message without knowledge of the conent of the message itself. Various bits of information about the sender
, and length
of the message in question are used in traffic analysis.
Because traffic analysis does not rely on knowledge of the actual content of a given message it is especially useful getting around the obstacle posed by encrypted communication.
An example of traffic analysis used on a simple encrypted conversation:
Alice, a human rights activist regularly under surveillance by the totalitarian regime which grips her country, encrypts a message containing an account of a human rights violation to Bob, a newspaper reporter, and sends it to Bob via email.
If alice has never sent an encrypted message before then it can be inferred that this message is important. If the message was send soon after Alice was seen to have witnessed the human rights violation in question then it can be inferred that the message concerns this particular human rights violation.
Without even trying to crack the encryption traffic analysis has been successfully applied to infer meaning from the frequency and timing of Alice's message.
The totalitarian regime now has probable cause to arrest Alice and use Rubber-Hose cryptanalysis to find out the content of the message or otherwise compromise the communication channel.
Traffic analysis becomes even more useful as a means of circumventing the various safeguards offered by primitive anonymous remailers.
An example of traffic analysis used on a simple anonymous remailer communication:
Alice wants to contact Bob again to report another human rights violation. She has learned from her past run in with the totalitarian regime and now decided to send her encrypted message via an anonymous remailer. Thus, even if it is obvious that Alice has sent a message the totalitarian regime will not know its destination, and even if it is obvious that Bob has recieved a message the regime won't know who sent it. However, by carefully monitoring all of the messages going through every remailer it is possible to apply traffic analysis to find out that Alice sent an encrypted message to Bob.
First one could note the size of the message. If the message is unusually sized, perhaps very large or very small in relation to other messages, then that size anomaly could be used to infer the orgin and destination, so that if Bob recieves the largest message going through the remailer and Alice had sent the largest message then it can be inferred that Alice sent a message to Bob.
A stream of very small messages might artificially be sent through the remailer by the totalitarian regime itself to flush out Alice's message (it will stand out by size and by the simple fact that hers will be the only one that isn't theirs).
Yet another piece of information can be gleaned from a message going through a chain of usually idle remailers. If Alice sent a message in to a remailer chain and Bob recieves it without other messages going through the idle chain then it must be Alice's message to Bob. Once it has been established that this is Alice's encrypted message to Bob then Alice is no better off than in the first example.
Mixmaster remailers were invented to address these and other weakensses of the simple, Cypherpunk remailers. The most notable traffic analysis resisting feature of Mixmasters is that they split all messages in to small, equal-sized chunks. Thus every message going through a Mixmaster looks like every other message as far as traffic analysis is concerned. Some other tricks mixmasters use to thwart traffic analysis include injecting spurious data in to the communication stream and sending out packets at random intervals and in random order. These techniques make the flushing out technique described above ineffective.
There are many other, simpler, uses for traffic analysis. For example, an employer only needs to know that you've been surfing pr0n in order to be displeased without having to see the content of the web sites him/herself. Also, encryption is completely illegal in some countries and Alice, our poor human rights activist, will be thrown in jail or worse for just sending an encrypted message whether to Bob or a remailer chain. This is where Steganography becomes useful.