Traffic Analysis

Traffic analysis is the process of intercepting and examining messages to deduce information from communication patterns, even when messages are encrypted. It is applicable in military intelligence, counterintelligence, pattern-of-life analysis, and computer security.

Breaking Anonymity of Networks

Passive Method:

Extracts features from traffic on one side of the network and looks for them on the other side.

Active Method:

Alters packet timings according to a pattern and identifies that pattern on the other side.

Adds timing noise, but some active traffic analysis methods are robust against it.

Military Intelligence

Frequent communications: Denotes planning.

Rapid, short communications: Denotes negotiations.

Lack of communication: Indicates inactivity or completion of a finalized plan.

Communication to specific stations: Highlights the chain of command.

Who talks to whom: Indicates control stations and network personnel.

Who talks when: Reveals active stations during events.

Changes from station to station: Indicates movement or fear of interception.

Traffic Flow Security

Techniques to conceal valid message properties:

Changing radio callsigns frequently.

Encryption of sending/receiving addresses.

Simulating busy circuits with dummy traffic.

Continuous encrypted signals (masking or link encryption).

COMINT Metadata Analysis

Analyzing technical metadata in communications intelligence (COMINT) for deducing information about users, locations, contacts, activity volume, routine, and exceptions.