happens whenever a system that is designed to be closed to an eavesdropper
reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack your encryption
codes could see when you are transmitting messages, even if he could not read them. During the Second World War
, the Japanese
for a while were using secret codes such as PURPLE
; even before such codes were cracked, some basic information could be extracted about the content of the messages by looking at which relay stations sent a message onwards.
Designers of secure systems often forget to take information leakage into account. One classic example of this is when the French government designed a mechanism to aid encrypted communications over an analog line, such as at a phone booth. It was a device that clamped onto both ends of the phone, performed the encrypting operations, and sent the signals over the phone line. Unfortunately for the French, the rubber seal that attached the device to the phone was not airtight. It was later discovered that although the encryption itself was solid, if you listened carefully, you could hear the speaker, since the phone was picking up some of the speech! Information leakage can subtly or completely destroy the security of an otherwise bulletproof system.
Generally, only very advanced systems employ defenses against information leakage - there are three main ways to do it:
- Use steganography to hide the fact that you're transmitting a message at all.
- Use chaffing to make it unclear to whom you are transmitting messages (but this does not hide from others the fact that you are transmitting messages).
- For busy retransmitting proxies, such as a Mixmaster node: randomly delay and shuffle the order of outbound packets - this will assist in disguising a given message's path, especially if there are multiple, popular forwarding nodes, such as are employed with mixmaster mail forwarding.