I work in IS, and am finishing up a Bachelor in it, so the fact that the Mesh rules (and the way hacking works) in EP are somewhat accurate makes me happy. No NCIS GUI bullshit here.
But one thing that I'm surprised is missing is the fact that you could use Traffic Analysis software (which I assume would still exist in 10 AF) to still spoof your way onto an encrypted line.
http://en.wikipedia.org/wiki/Traffic_analysis
Assuming you wanted to represent this software in game, it would be easy to do (without going too deep into the real tech). You run that on the encrypted signal, and wait. Once you get the userID and Password out of the patterns, you can spoof it (without having to decrypt) and get on the system. The disadvantage would be that you would have no idea what level of access you are getting and if it's currently being used (which could be a problem if the sysadmin has locked out multiple logins of the same account, which if he's doing his job and there is sensitive data, he has).
The big question is how much this software would cost. It's pretty powerful, like an exploit, so I'm assuming High minimum, if not actually expensive. It might also not run on a standard mesh insert/ecto. Might actually need a full terminal/quantum computer for that.
Welcome! These forums will be deactivated by the end of this year. The conversation continues in a new morph over on Discord! Please join us there for a more active conversation and the occasional opportunity to ask developers questions directly! Go to the PS+ Discord Server.
Traffic Analysis Software?
Mon, 2012-09-03 23:37
#1
OpsCon
Traffic Analysis Software?
Tue, 2012-09-04 09:57
#2
nezumi.hebereke
I would tend to assume that
I would tend to assume that quality encryption is sufficiently available and cheap (like what we see with PGP, but better user interfaces available) that traffic analysis is not going to be useful for cracking encryption except in a few end-cases. The big exception here would be devices with processing caps, which can't put quality encryption in place, but still put out a lot of traffic, such as specialized transmitting nanomachines, micro-probes, or sensors in extremely hot or insulated environments.
Establishing metadata is a lot easier. An ego may be encrypted with 5,000-bit keys, but it's still large enough that you'll see that blip when it's transmitting. Hiding that data isn't too hard, if you're trying. Just make sure you're constantly transmitting data, perhaps trash, and when you need to embed your message, you just substitute it for some of that trash. However, maintaining a constant stream like that is spammy, poor etiquette, and likely expensive for high-bandwidth or long-range operations. If done properly, that can't be cracked without additional information like a weakness in the filler data. But in most cases, people won't do that. I'd argue that basic traffic analysis data should be Low or Trivial (google analytics provides almost everything you need and only requires data as payment). THe tough part is having the skills to interpret what you're seeing.
Tue, 2012-09-04 15:23
#3
NewtonPulsifer
The main book makes it clear
The main book makes it clear bandwidth is plentiful with EP tech (part of the reason why the mesh works well I'd imagine).
So it isn't clear that say something the size of even a full ego backup is that big of a deal.
And padding your crypto handshake packets should be extremely easy if a few hundred terabytes are nothing.
—
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto
Tue, 2012-09-04 16:58
#4
nezumi.hebereke
Padding an encryption key isn
Padding an encryption key isn't a problem. I think though that spamming would still be an issue. The ability to talk or telephone is also 'plentiful' in our modern setting, but someone who continues talking nonstop will still be viewed as a nuisance to his neighbors. For small transmissions it isn't a big thing, but if you're spamming across planets, well ... that means everyone on those planets who looks at traffic at all knows you as that jackass who won't shut up.
Mon, 2012-09-10 09:01
#5
Decivre
OpsCon wrote:Assuming you
It depends on the form of encryption used by the communication networks. Quantum-encrypted transmissions are OTP encrypted, and therefore completely unbreakable, regardless of how long one observes the traffic. While other encryption schemes might be slightly easier to break, slightly easier than impossible isn't much less daunting. Public key encryption is primarily used for handshake protocols and short file transmissions to ensure identity.
Traffic analysis has it's uses, but generally not for actual decryption or gaining immediate access to a system. Traffic analysis of an SSH connection allows a hacker to observe individual keystrokes in password input and look for repeating patterns, which reduces the time needed for a brute force attack. It does not actually give them direct knowledge of your password.
In fact, traffic analysis is most useful in user tracking, not actually getting access to their data. Traffic analysis is used against hackers that use various anonymous surfing methods in order to track down their actual location. While it does not actually inform analysts of what data is moving, it is handy for finding people when the data is already known; e.g. when a hacker logs into their Twitter account through a service like Tor. Traffic analysis is one of the key tools used to find the members of LulzSec.
—
Transhumans will one day be the Luddites of the posthuman age.
[url=http://bit.ly/2p3wk7c]Help me get my gaming fix, if you want.[/url]
![http://25.media.tumblr.com/tumblr_m65pmc5Pvh1r0iehwo6_r1_400.jpg[/img]](http://25.media.tumblr.com/tumblr_m65pmc5Pvh1r0iehwo6_r1_400.jpg[/img]){kind=link}
![http://25.media.tumblr.com/tumblr_m65pmc5Pvh1r0iehwo1_400.jpg[/img]](http://25.media.tumblr.com/tumblr_m65pmc5Pvh1r0iehwo1_400.jpg[/img]){kind=link}
![http://24.media.tumblr.com/tumblr_m65pmc5Pvh1r0iehwo2_400.jpg[/img]](http://24.media.tumblr.com/tumblr_m65pmc5Pvh1r0iehwo2_400.jpg[/img]){kind=link}
Mon, 2012-09-10 12:17
#6
NewtonPulsifer
If Quantum-encrypted
If Quantum-encrypted transmissions are one-time-pad encrypted, you could use a quantum encrypted transmission to exchange a few exabytes of one-time-pads and then expand your communications to using "regular" OTP encryption over non quantum-encrypted channels.
—
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto
Mon, 2012-09-10 15:44
#7
Decivre
NewtonPulsifer wrote:If
The easiest way this might occur is for people with skinlink or access jacks to come in direct contact with one another and exchange the data in person. That way, an OTP cache can be made with high fidelity, and both parties are ensured that the person they intended to have that OTP data with actually got it.
Because if both people have access to linked quantum encrypters, they might as well just take those with them and continue to use quantum encryption.
—
Transhumans will one day be the Luddites of the posthuman age.
[url=http://bit.ly/2p3wk7c]Help me get my gaming fix, if you want.[/url]
Tue, 2012-09-11 00:00
#8
NewtonPulsifer
Haha right, a literal OTP
Haha right, a literal OTP handshake via skinlink. A handshake handshake. I love it.
—
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto
Tue, 2012-09-11 03:43
#9
MirrorField
SOP in My Campaign
In My Campaign (tm) this is very common practice, comparable to handing out business cards. Mesh inserts can easily generate and archive few gigabytes of random data for few hundred (or thousand) acquaintances. Likewise, physically couriering few-gram chunks of memory diamond in multiply-sealed tamper-evident security briefcases (traditionally physically chained to couriering morph) is a prosperous niche business.
Of course, as Soviets learned during the olden days of VENONA, information-theoretical security does not necessarily equate with absolute practical security. Side-channel attacks are still a b*tch and if someone penetrates your mesh inserts...
Tue, 2012-09-11 04:14
#10
Decivre
OTP encryption is not
OTP encryption is not entirely necessary for transmission safety. There are plenty of instances where "good enough" security measures are sufficient. For example, if you send the plans for a military mission set to occur 3 days later, the plans encryption scheme only needs to be durable enough to resist decryption for 72 hours, at which point any successful espionage becomes pointless.
OTP encryption is quite wasteful. The cipher needs to be at least as long as the message being transmitted. So a gigabyte-large cipher only works for a gigabyte or less of data, and can only be used once. However, 1024-bit encryption schemes are damn durable, and one can imagine that a gigabyte of cipher data can be broken up into approximately a million different 1024-bit ciphers. Even using each cipher once for a single transmission, it would last significantly longer than a single gigabyte long OTP cipher.
I think that might be a far more common means of encryption than you would expect.
—
Transhumans will one day be the Luddites of the posthuman age.
[url=http://bit.ly/2p3wk7c]Help me get my gaming fix, if you want.[/url]
Thu, 2012-09-13 23:21
#11
The Doctor
OpsCon wrote:Assuming you
An interesting idea, but there is one problem: Authentication takes place after negotiation of the parameters of the encrypted channel. The attacker would have to run a man-in-the-middle attack on the connection during parameter negotiation, and those are not reliable due to to the session key exchange algorithm in use. There is also the problem of endpoints of a connection caching identifying credentials to verify that the other endpoint is the one it was configured for and not an imposter.
For the kind of attack you propose, a quantum computer (and time) would be required to decrypt the captured session to extract the credentials.
—
[img]http://drwho.virtadpt.net/graphics/info_userbar.jpg[/img]
[img]http://drwho.virtadpt.net/graphics/argo_userbar.jpg[/img]
[url=https://drwho.virtadpt.net/graphics/blankbadge.png][img]http://drwho.vir...
Thu, 2012-09-13 23:28
#12
The Doctor
Decivre wrote:Traffic
Traffic analysis could be used to infer trust relationship between systems that might be exploited when planning an attack, but it would probably not directly help in an attack.
And Anonymous. And activists in certain countries (through the cellular network as well as some VPN services).
—
[img]http://drwho.virtadpt.net/graphics/info_userbar.jpg[/img]
[img]http://drwho.virtadpt.net/graphics/argo_userbar.jpg[/img]
[url=https://drwho.virtadpt.net/graphics/blankbadge.png][img]http://drwho.vir...
Thu, 2012-09-13 23:30
#13
The Doctor
NewtonPulsifer wrote:If
One-time pads can certainly be used for both authentication of users and endpoints, and for exchange of session keys when setting up a connection.
—
[img]http://drwho.virtadpt.net/graphics/info_userbar.jpg[/img]
[img]http://drwho.virtadpt.net/graphics/argo_userbar.jpg[/img]
[url=https://drwho.virtadpt.net/graphics/blankbadge.png][img]http://drwho.vir...