Editing Traffic analysis (section)

== In computer security ==

Traffic analysis is also a concern in [[computer security]]. An attacker can gain important information by monitoring the frequency and timing of network packets. A timing attack on the [[Secure Shell|SSH]] protocol can use timing information to deduce information about [[password]]s since, during interactive session, SSH transmits each keystroke as a message.<ref name="Song2001">{{Cite journal 
 |last1=Song 
 |first1=Dawn Xiaodong 
 |last2=Wagner 
 |first2=David 
 |last3=Tian 
 |first3=Xuqing 
 |title=Timing Analysis of Keystrokes and Timing Attacks on SSH 
 |publisher=10th USENIX Security Symposium 
 |year=2001 
 }}</ref> The time between keystroke messages can be studied using [[hidden Markov model]]s. Song, ''et al.'' claim that it can recover the password fifty times faster than a [[brute force attack]].

[[Onion routing]] systems are used to gain anonymity.  Traffic analysis can be used to attack anonymous communication systems like the [[Tor (anonymity network)|Tor anonymity network]].  Adam Back, Ulf Möeller and Anton Stiglic present traffic analysis attacks against anonymity providing systems.<ref>{{cite web
 | author = Adam Back
 | author2 = Ulf Möeller and Anton Stiglic
 | url = http://www.cypherspace.org/adam/pubs/traffic.pdf
 | title = Traffic Analysis Attacks and Trade-Offs in Anonymity Providing systems
 | year = 2001
 | publisher = Springer Proceedings - 4th International Workshop Information Hiding
 | access-date = 2013-10-05
 | archive-date = 2013-06-23
 | archive-url = https://web.archive.org/web/20130623104654/http://www.cypherspace.org/adam/pubs/traffic.pdf
 | url-status = live
 }}</ref> [[Steven Murdoch|Steven J. Murdoch]] and [[George Danezis]] from University of Cambridge presented<ref>{{cite web
 |author       = Murdoch, Steven J.
 |author2      = George Danezis
 |url          = http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf
 |title        = Low-Cost Traffic Analysis of Tor
 |year         = 2005
 |access-date  = 2005-10-18
 |archive-date = 2013-11-26
 |archive-url  = https://web.archive.org/web/20131126020433/http://www.cl.cam.ac.uk/~sjm217/papers/oakland05torta.pdf
 |url-status   = live
}}</ref> 
research showing that traffic-analysis allows adversaries to infer which nodes relay the anonymous streams.  This reduces the anonymity provided by Tor. They have shown that otherwise unrelated streams can be linked back to the same initiator.

[[Anonymous remailer|Remailer]] systems can also be attacked via traffic analysis. If a message is observed going to a remailing server, and an identical-length (if now anonymized) message is seen exiting the server soon after, a traffic analyst may be able to (automatically) connect the sender with the ultimate receiver. Variations of remailer operations exist that can make traffic analysis less effective.

Traffic analysis involves intercepting and scrutinizing cybersecurity threats to gather valuable insights about anonymous data flowing through the [[exit node]]. By using technique rooted in [[dark web]] crawling and specializing software, one can identify the specific characteristics of a client's network traffic within the dark web.<ref>{{Cite journal |last1=Gokhale |first1=C. |last2=Olugbara |first2=O. O. |date=2020-08-17 |title=Dark Web Traffic Analysis of Cybersecurity Threats Through South African Internet Protocol Address Space |journal=SN Computer Science |language=en |volume=1 |issue=5 |pages=273 |doi=10.1007/s42979-020-00292-y |issn=2661-8907 |doi-access=free }}</ref>