Editing Traffic analysis (section)

== Countermeasures ==

It is difficult to defeat traffic analysis without both encrypting messages and masking the channel.  When no actual messages are being sent, the channel can be '''masked'''<ref>{{cite web
 |url         = http://students.cs.tamu.edu/xinwenfu/paper/ICCNMC03_Fu.pdf
 |title       = Active Traffic Analysis Attacks and Countermeasures
 |author      = Xinwen Fu, Bryan Graham, Riccardo Bettati and Wei Zhao
 |access-date  = 2007-11-06
 |url-status     = dead
 |archive-url  = https://web.archive.org/web/20060913152709/http://students.cs.tamu.edu/xinwenfu/paper/ICCNMC03_Fu.pdf
 |archive-date = 2006-09-13
}}</ref> by sending dummy traffic, similar to the encrypted traffic, thereby keeping bandwidth usage constant.<ref>{{cite book
 |author1=Niels Ferguson  |author2=Bruce Schneier 
  |name-list-style=amp | title = Practical Cryptography
 | publisher = John Wiley & Sons
 | year = 2003 
}}</ref> "It is very hard to hide information about the size or timing of messages. The known solutions require [[Alice and Bob|Alice]] to send a continuous stream of messages at the maximum [[Bandwidth (computing)|bandwidth]] she will ever use...This might be acceptable for military applications, but it is not for most civilian applications." The military-versus-civilian problems applies in situations where the user is charged for the volume of information sent.

Even for Internet access, where there is not a per-packet charge, [[ISPs]] make statistical assumption that connections from user sites will not be busy 100% of the time. The user cannot simply increase the bandwidth of the link, since masking would fill that as well. If masking, which often can be built into end-to-end encryptors, becomes common practice, ISPs will have to change their traffic assumptions.