Home > CAPEC List > CAPEC-621: Analysis of Packet Timing and Sizes (Version 2.11)  

CAPEC-621: Analysis of Packet Timing and Sizes

 
Analysis of Packet Timing and Sizes
Definition in a New Window Definition in a New Window
Attack Pattern ID: 621
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).

+ Attack Prerequisites
  • Use of untrusted communication paths enables an attacker to intercept and log communications, including metadata such as packet timing and sizes.

+ Typical Severity

Low

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: High

These attacks generally require sophisticated machine learning techniques and require traffic capture as a prerequisite.

+ Solutions and Mitigations

Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Read application data
Derive sensitive information about encrypted data.
+ Technical Context
Architectural Paradigms
Mobile
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017