Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Suppose I am to design a request-response protocol (similar HTTP). For the sake

ID: 650842 • Letter: S

Question

Suppose I am to design a request-response protocol (similar HTTP). For the sake of simplicity let us assume that this is a "chat" protocol where the client can only perform two actions:

1) Contribute a message to the chat, where the server responds verifying that the message was sent.
2) Request the chat contents, where the server responds with the chat contents.

All requests and responses have confidentiality, authenticity and integrity assurances. Requests and responses are of variable size.

In this protocol, a passive attacker can apply traffic analysis to estimate the size of a message sent, estimate the size of the conversation contents and distinguish between the two types of requests and responses.

The most obvious way to combat this type of traffic-analysis is to send and receive messages of fixed length at fixed intervals, however, due to the nature of the protocol, this is not possible.

How does one combat traffic analysis in such protocols without changing the nature of the protocol or wasting (a lot) bandwidth?

Explanation / Answer

While maintaining a constant rate of data transfer is one way to thwart traffic analysis, I think there are other ways, too. Maybe this is only a half-baked idea, but wouldn't it be sufficient to maintain any fixed distribution of data transfer?

E.g., use a fixed packet size, and send packets at times that are indistinguishable from a Poisson distribution. (A Poisson distribution describes the output of a Geiger counter, or, closer to home, of popcorn pops. Each tiny interval of time has the same small probability of producing an event, namely some constant rho times the length of the interval.) When the user needs no data transferred, send dummy packets that could have been sent by a Poisson process for some value of rho. When the user needs more data transferred, send more packets but not so many that an observer could statistically determine that rho had increased.

Of course, the packet size could also be varied, keeping the same criterion that a burst of data is not statistically so anomalous as to allow an observer to distinguish it from a random fluctuation.

Related Questions

Suppose Frances is a researcher at Beaded Gemsz, a company that makes beaded jew
Question #3176548
Suppose Frances is a researcher at Beaded Gemsz, a company that makes beaded jew
Question #3359226
Suppose Fred and Barney have different time discount rates. There are two period
Question #1256820
Suppose Fuzzy, a quantum-mechanical duck, lives in a world in which h = 2 ? J So
Question #2096937
Suppose Fuzzy, a quantum-mechanical duck, lives in a world in which h = 2 ? J So
Question #2207013
Suppose Fuzzy, a quantum-mechanical duck, lives in a world in which h = 2 ? J So
Question #2209606
Suppose Fuzzy, a quantum-mechanical duck, lives in a world in which h = 2 J · s.
Question #1723875
Suppose Fuzzy, a quantum-mechanical duck, lives in a world in which h = 2?J Solu
Question #2209642
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Suppose I am storing a number of encrypted documents in a database. I would like
Next
Suppose I collect some data and get the following 95 % confidence interval for u

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.