Traffic Analysis and Obfuscation in Wireless Networks Hiding in the Open

The problem of traffic analysis and the counter-problem of obfuscating traffic have a long and interesting history.

The problem

Detecting traffic patterns in a network can lead to inferences about the nature of the information being carried by a network, which in turn can have deleterious consequences for the observed. Therefore whilst it is the interest of the observed to hide their intentions as much as possible, it is in the interests of the observer to infer as much information as possible from the traffic.

Listening to a wireless network without being detected is a very simple thing to do. And whilst encryption of data can hide the content of a message a lot of other information can be inferred from the nature of the data transmission.

One technique used to obfuscate traffic information from an observer is to “pad” the transmission, filling all leftover bandwidth with “junk” traffic. However, in multi-user access systems, such as 802.11 networks, bandwidth is at a premium and therefore schemes for hiding traffic by using padding or complicated routing strategies may be too inefficient to be employed in the wireless domain.

So the question is – What information can be inferred from the timing of transmissions in CSMA/CA networks (such as 802.11)?

Which has the corresponding counter problem of – How can efficiently obfuscate traffic demands in CSMA/CA networks?

The solution

There has been little work on traffic analysis techniques within a CSMA/CA network, even though any traffic analysis technique would be of great interest in the military domain.  Essentially the traffic analysis problem inverts some of the more traditional analysis questions. Rather than determining performance based on network characteristics these characteristics are inferred from observed network performance measures. It is not necessarily the case that a simple inversion of the traditional analysis work will suffice - inferring data from the network is often a more complex task than this.

We developed new techniques for analysing measurable traffic statistics in CSMA/CA systems and inferring the number of users actively transmitting data. These measurements comprise information only on when information is transmitted and not by whom or to whom.

This analysis then enabled us to develop techniques for padding transmissions so as to use up most of the available capacity (and hence hiding when “real” information is being transmitted) while at the same time only minimally impacting on the performance of other legitimate users.