1. Field of the Invention
The present invention relates generally to a method and system for detecting an encrypted data signal and for ensuring that an encrypted data signal is securely transmitted. More particularly, the present invention relates to the use of frequency analysis techniques to process an encrypted data signal, to detect the presence and characteristics of the signal as well as to minimize its detectability. That is, the present invention provides techniques for detecting and analyzing an encrypted data signal, and also provides techniques for minimizing the detectability of an encrypted data signal.
2. Related Art
How information is exchanged underwent major changes in the latter part of the Twentieth Century, and many of the changes can be attributed to the use of digital signals to store and send data. Today, it is common to transmit information over public communication networks, such as public switched telephone networks and other data networks. Examples of this include the prevalent use of electronic mail to communicate messages between parties, and the sharing of information in other ways via the Internet.
Because of the public nature of communication networks such as the Internet, there is concern that the integrity of sensitive information may be compromised by those who intrude on a transmission without permission. Such sensitive information may include credit card information, banking information, confidential corporate information, and information relating to the trading of securities, for example. Fear of having their private information accessed by an unauthorized party has caused some to refrain from participating in “on-line” shopping and “on-line” banking, and has hindered a more widespread use of public communication networks for transmission of sensitive information. This has led some corporate entities to invest large sums of money to continuously improve the security of their information transmissions.
There are two major types of security attacks on digital transmissions that can occur: active attacks and passive attacks. An active attack is one in which a data stream is modified or interrupted by an intruder, or a false data stream is created by an intruder. Examples of active attacks include the unauthorized alteration of information available from a site on the World Wide Web (Web), and the unauthorized prevention of access to information from a Web site. It should be understood that intruders need not be actual persons, but may be so-called software viruses and worms.
In contrast, a passive attack is one in which a transmission is monitored but is not altered, and is akin to eavesdropping. One type of passive attack relates to the unauthorized access by an intruder to confidential transmissions. Examples of such access include the unauthorized reading of electronic mail and the unauthorized access to transmissions relating to sensitive financial transactions, such as computerized securities trading.
Another type of passive attack relates to traffic analysis, in which transmission traffic is analyzed by an intruder to extract information about the transmissions themselves, as well as information about the communicating parties. Such information includes the location and identity of the communicating parties, and how long and how frequent the transmissions are. Analysis of transmission traffic may be used by an intruder to deduce what the transmissions pertain to, without directly accessing any of the transmissions themselves.
For example, it has been said that one can tell when the Pentagon is planning a military operation by tracking the number of pizza deliveries to its facilities. Similarly, it has been said that some law firms leave their office lights on all the time, to prevent anyone from monitoring when their lawyers are working unusually long hours, which could indicate that they may be involved in preparing for an important matter for their known corporate clients, perhaps indicating that it is a good time to buy or sell that company's stock. Although the above examples do not involve the transmission of information over a communication network, it is not difficult to imagine an example in which an intruder monitors the traffic of transmissions from a large brokerage firm in an effort to obtain information on trends in the stock markets.
On the other hand, there are many occasions in which it is desirable to be able to detect communications between parties, without actually “eavesdropping” or directly accessing the communications or modifying the communications in any way. For example, law enforcement agencies may want to confirm that a relationship exists between particular parties, by showing that those parties have communicated with each other via the Internet, without actually “tapping the line,” which generally requires a warrant.
The present invention relates to passive attacks and provides techniques for performing traffic analysis of encrypted Internet transmissions to determine characteristics of the transmissions, such as the locations of the communicating parties. The present invention also provides countermeasures to the unauthorized traffic analysis of encrypted Internet transmissions.
Basically, the Internet is a packet-switched network. The most common protocols used by computers and networks to communicate with one another via the Internet are the Transmission Control Protocol (TCP) and the Internet Protocol (IP), commonly known as TCP/IP. TCP breaks down a transmission into packets at the sending end and reassembles the packets at the receiving end. IP ensures that the packets are sent to the right destination.
Generally, software called a TCP/IP stack is required to access the Internet. Diagrams illustrating the location of security features at various levels in a TCP/IP stack are shown in FIGS. 1(a)–1(c).
A number of different approaches have been used to achieve different degrees of communication security on the Internet. One approach is to implement security at the application level, as shown in FIG. 1(c), so that specific security measures are embedded within a particular application. Examples of this approach include the Secure Electronic Transaction (SET), which is a set of security protocols designed to protect credit-card transactions; the Secure Multi-purpose Internet Mail Extension (S/MIME) and Pretty Good Privacy (PGP) protocols, which are designed to protect electronic mail; and Kerberos, which is a set of authentication protocols designed to ensure authorized access to service applications. An advantage of application-level security is that it can be tailored to the needs of each application. However, one disadvantage of implementing security measures at the application level is that separate protocols must be developed for each application.
Another approach is to implement security at the transport level, in a layer just above the TCP layer, as shown in FIG. 1(b). For example, a measure of Web security may be obtained by using the Secure Sockets Layer (SSL) set of protocols. One advantage of transport-level security is that is operates on the transport of data, regardless of the application being used.
In order to implement security at the network level, or at the IP layer shown in FIG. 1(a), a set of protocols known as IP Security (IPsec) has been developed IPsec is capable of encrypting and/or authenticating all traffic at the IP layer, packet by packet, and may include a filtering function so that only selected packets are subjected to IPsec processing. An advantage of IPsec is that it is transparent to end users and applications. Details regarding the implementation of IPsec in a network are known to those involved in network security and, thus, will be omitted herein.
Passive attacks generally are difficult to detect, because the intended recipient of a transmission receives the transmitted information uncorrupted. Therefore, instead of combating passive attacks through detection, efforts are usually directed to their prevention. The most commonly-used preventive technique is encryption.
Encryption deals with the transformation of data, according to an algorithm, into a state that is difficult to decipher without knowing the decryption procedure, or key(s). That is, even if the algorithm is known, the encrypted data would be difficult to decipher without knowing at least one key. A diagram illustrating conventional encryption is shown in FIG. 2.
As mentioned above, encryption can be implemented at a number of different layers of a TCP/IP stack: the application level, the transport level, and the network level. For example, one can encrypt the individual packets, each link in the transmission path, or the application data. The different layers have different associated encryption costs. Encrypting every link means that a private network must be kept completely disjoint from the public networks that do not encrypt their links. An application-level approach requires each application to provide its own means of security. For these reasons, much attention has been focussed on encryption of individual packets using IPsec.
Notwithstanding the advances that have been made in encryption technology, traffic analysis can be performed on a single encrypted communication to determine what application was used for that communication. Thus, encryption alone is insufficient to prevent traffic analysis.
One method proposed to remedy this problem is to aggregate, or mix, multiple traffic streams over a single security association between two points. It is generally believed that, for aggregated traffic, IPsec would provide communication privacy that largely is immune to traffic analysis. However, as the discussion below will reveal, it is possible to undo the effects of aggregation and to identify individual conversations in the mix even when IPsec is implemented.