Revision as of 06:59, 3 June 2006 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


It is often a requirement that data should be secret to all unauthorized parties, both when in transit on a network and when being stored, long-term or short-term.

Confidentiality is often synonymous with encryption, but there is more to confidentiality than merely encrypting data in transit or in storage. For example, users may have privacy requirements relative to other users, where systems that use encryption alone will often behave improperly. In particular, in a system with multiple users — where each user will want to allow some subset of other users to see the data, but not others — good mediation is mandatory. Otherwise, a server that mistakenly ships off data against the wishes of a customer is likely to encrypt the data but to the wrong entity.

Additionally, confidentiality can be compromised even when properly mediating access between resources and performing encryption. Potential attackers may be able to learn important information simply by observing the data you send. As a simple example, consider a system where Bob asks Alice questions so that everyone knows in advance, and Alice simply responds “yes” or “no” to each of them.

If Alice’s responses each go out in a single packet, and each answer is encoded in text (particularly, “yes” and “no”) instead of a single bit, then an attacker can determine the original plaintext without breaking the encryption algorithm simply by monitoring the size of each packet. Even if all of the responses are sent in a single packet, clumped together, the attacker can at least determine how many responses are “yes” and how many are “no” by measuring the length of the string.

Example: Assume that there are twenty questions, and the ciphertext is 55 characters. If every answer were “no”, then the ciphertext would be 40 characters long. Since there are 15 extra characters, and “yes” is one character longer than “no,” there must have been 15 “yes” answers.

Lapses in confidentiality such as this one that are neither obvious nor protected by standard encryption mechanisms are called “covert channels.” Another case of a covert channel occurs when the attacker can gain information simply by knowing which parties are talking to each other. There, he can often tell by monitoring the encrypted packets on the wire which have destination addresses. Even when the destination addresses are encrypted, the attacker may be able to observe the two endpoints and correlate a particular amount of traffic leaving one location with the same amount of traffic arriving at another location at the same time.

Covert channels are generally classified as either covert-storage channels or covert-timing channels. The previous example is a classic covert-timing channel. In covert-storage channels, artifacts of the way data is represented can communicate information, much like in our “yes” and “no” example. Also, when there are multiple ways of encoding the same information that are valid, it may be possible for two users to communicate additional unauthorized data by choosing a particular encoding scheme. This may be a concern, depending on the application. For example, in an on-line game, it may give two parties a way to communicate detailed data that would constitute cheating and would not be easy to communicate via other mechanisms; particularly, if the data is complex data such as game coordinates and is inserted and removed automatically; reading such things over the phone in a timely manner may be impossible.

This category currently contains no pages or media.