[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Sampled Traffic Analysis by Internet-Exchange-Level Adversaries

On Mon, May 28, 2007 at 04:23:51AM -0700, coderman wrote:
> On 5/28/07, Steven Murdoch <tortalk+Steven.Murdoch@xxxxxxxxxxxx> wrote:
> >...
> >I do think that a global passive adversary is stronger than the real
> >world situation. For example, such an adversary could read traffic
> >between two computers in my office, which I suspect is outside of the
> >NSA's capabilities, unless I were targeted for special attention.
> thanks for the clarification.  i tend to forget that the "passive
> adversary" applies to all network communication, not just internet
> links across isp's, countries, and oceans...

As the person (or one of the people?) who first started to complain
about the GPA I thought I should note that my objections were against
both adjectives, global and passive. A global adversary is too strong,
even if you do limit to just the internet links. I don't think that is
quite as strong a statement as when I first made it many years ago:
(1) the line of work that prompted this thread shows that if it's too
strong to posit a truly global adversary, the scope of a potential
realistic adversary is pretty large indeed.  (2) relatedly, underlying
layer networks change over time, lots of consolidating. Some things
seem more feasible...  

Anyway, the main reason I'm writing is that my objection was not just
that the GPA was too strong but that it was too weak. Thinking you
could have an adversary powerful enough to monitor all the links
necessary to watch your whole large network but not able to do any
active traffic shaping at all anywhere seems obviously nuts. This is
one reason why padding on an open low-latency (lossless) network is
problematic: an adversary with any active capability at all can induce
a timing channel easily.