So I just stumbled across this article. It's funny, cause I gave it some thought a few months ago, and there are a few problems with end-to-end encryption as a means of concealment.
First, activity indicates activity. So you connect to a tracker that manages prohibited data. Prohibited how? Doesn't matter. Whether encrypted or not, you have a connection between you and a server managing prohibited data.
Ok, fine. You jump that hurdle by using something like Tor.
Second, there's more than just data, there's metadata. So you don't know what exactly is in a TCP or UDP stream, but you can learn things about it, just the same. What do you know about the packet size? Time between packets? Is a constant data rate maintained? How long does the connection last? Certain types of traffic aren't bandwidth-sensitive, but rather latency-sensitive. VOIP is going to have a distinct pattern. Torrenting is going to have a specific pattern. It's techniques like these that allow forensic specialists to detect hidden TrueCrypt volumes.
Third, encryption doesn't eliminate the data, it just obscures it, and not perfectly. Even aside from the possibility of cracking the encryption key, it's possible to guesstimate what kind of data an encrypted bitstream represents. I've read of that being used on encrypted hard drives, for example.
Monday, March 8, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment