Information leakage
Encyclopedia
Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack your encryption
codes could see when you are transmitting messages, even if he could not read them. During the Second World War, the Japan
ese for a while were using secret codes such as PURPLE
; even before such codes were cracked, some basic information could be extracted about the content of the messages by looking at which relay stations sent a message onwards.
Designers of secure systems often forget to take information leakage into account. A classic example of this is when the French
government designed a mechanism to aid encrypted communications over an analog line, such as at a phone booth. It was a device that clamped onto both ends of the phone, performed the encrypting operations, and sent the signals over the phone line. Unfortunately for the French, the rubber seal that attached the device to the phone was not airtight. It was later discovered that although the encryption itself was solid, if you listened carefully, you could hear the speaker, since the phone was picking up some of the speech! Information leakage can subtly or completely destroy the security of an otherwise secure system.
Generally, only very advanced systems employ defenses against information leakage - there are three main ways to do it:
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
codes could see when you are transmitting messages, even if he could not read them. During the Second World War, the Japan
Japan
Japan is an island nation in East Asia. Located in the Pacific Ocean, it lies to the east of the Sea of Japan, China, North Korea, South Korea and Russia, stretching from the Sea of Okhotsk in the north to the East China Sea and Taiwan in the south...
ese for a while were using secret codes such as PURPLE
PURPLE
In the history of cryptography, 97-shiki ōbun inji-ki or Angōki Taipu-B , codenamed Purple by the United States, was a diplomatic cryptographic machine used by the Japanese Foreign Office just before and during World War II...
; even before such codes were cracked, some basic information could be extracted about the content of the messages by looking at which relay stations sent a message onwards.
Designers of secure systems often forget to take information leakage into account. A classic example of this is when the French
France
The French Republic , The French Republic , The French Republic , (commonly known as France , is a unitary semi-presidential republic in Western Europe with several overseas territories and islands located on other continents and in the Indian, Pacific, and Atlantic oceans. Metropolitan France...
government designed a mechanism to aid encrypted communications over an analog line, such as at a phone booth. It was a device that clamped onto both ends of the phone, performed the encrypting operations, and sent the signals over the phone line. Unfortunately for the French, the rubber seal that attached the device to the phone was not airtight. It was later discovered that although the encryption itself was solid, if you listened carefully, you could hear the speaker, since the phone was picking up some of the speech! Information leakage can subtly or completely destroy the security of an otherwise secure system.
Generally, only very advanced systems employ defenses against information leakage - there are three main ways to do it:
- Use steganographySteganographySteganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
to hide the fact that you're transmitting a message at all. - Use chaffing to make it unclear to whom you are transmitting messages (but this does not hide from others the fact that you are transmitting messages).
- For busy retransmitting proxies, such as a MixmasterMixmaster anonymous remailerMixmaster is a Type II anonymous remailer which sends messages in fixed-size packets and reorders them, preventing anyone watching the messages go in and out of remailers from tracing them. Mixmaster was originally written by Lance Cottrell, and was maintained by Len Sassaman Peter Palfrader is the...
node: randomly delay and shuffle the order of outbound packets - this will assist in disguising a given message's path, especially if there are multiple, popular forwarding nodes, such as are employed with mixmaster mail forwarding.