0

Alice and Bob are communicating frequently via an encrypted overlay network. Eve can observe the timing and length of Alice's and Bob's incoming and outgoing ip traffic, but cannot read their ciphertexts. Additionally, the overlay network prevents Eve from determining who the traffic's remote transceiver is. With an adequate number of observations, Eve can show, statistically, that Alice and Bob are communicating. Is there a specific name for what Eve is doing?

nobody
  • 11,555
  • 2
  • 43
  • 60
Brent
  • 105
  • 2

2 Answers2

0

This is commonly described as a traffic analysis attack.

nobody
  • 11,555
  • 2
  • 43
  • 60
0

Broadly, this is an instance of traffic analysis. If the goal is to verify that Alice and Bob are communicating with each other, it is called a traffic confirmation attack, which is a particular type of traffic analysis attack. See How do traffic correlation attacks against Tor users work?.

D.W.
  • 99,525
  • 33
  • 275
  • 596