Index ¦ Archives ¦ Atom

The bicycle side channel

There is a problem with most cryptographic systems, it's not new and it affects most systems.

Most formal definitions of a "Perfect security" within cryptography (think One Time Pads) still allow for a few things to be leaked; the size of the messages, the sender and receiver of the messages, and the frequency and number of the messages. These are generally considered out of scope and seen as a protocol problem, not a cryptography one.

When I was first introduced to this problem it was called the "The bicycle side channel". Imagine that Alice and Bob have brought their daughter Eve a bicycle for Christmas along with some other presents. They have wrapped all the gifts up in wrapping paper and placed them Christmas tree.

Eve is curious about what gifts might be coming for Christmas but doesn't want to tear the wrapping paper because then her parents will find out that she has peaked. But she can count the number of presents, and she can look at the labels to see who they are from and who they are for, and with one gift she can tell from the shape that it's a bicycle. Maybe she can't tell what colour it is, or which brand, but even wrapped in paper it still looks like a bike.

Consider the image below.

Image Name

Author: Brisbane Airport, Photographer Sarah Whyte

Despite the fact that it's entirely gift wrapped, even with a little bow around it. I think most people can still work out that it's an airliner. Those of you who know a lot about aviation might even be able to work out that it's a Fokker F70 based on things like the shape and height of the wings. Sure you might not be able to read the registration number on the tail but you still know what it is.

To bring this metaphor back to cryptosystems imagine the Tor network is just starting off and there are only 5 users currently connected. Four are reading Wikipedia articles, and one is watching YouTube. If you saw a graph of how much traffic was going to and from each node, you could easily work out which user was watching YouTube.

As the size of the network grows this get more complex but there was some serious research into decloaking Tor users with nothing more than Cisco NetFlow. There was another great paper that looked at the information leaked by HTTPS connections just based on the size of the messages.

Some networks such as I2P do take this into account and try to send fixed size (padded) messages at a fixed interval so while the I2P router is running it will be relaying messages or just sending and receiving junk to make it hard to tell when a connection is actively being used let alone who is doing what. Of course, this is a trade-off between performance of the network and secrecy and in system design, you need to choose do you try to foil metadata analysis or do you try for maximum performance.

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.