LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is traffic analysis, and why is it a threat even with encryption?

Traffic analysis is a passive attack where the attacker observes communication patterns (volume, timing, endpoints) without reading message content — revealing information even when all messages are encrypted.

How it works:

  • The attacker doesn't break encryption — they watch metadata
  • Who communicates with whom, when, how often, how much data
  • Patterns reveal activity: a sudden spike in encrypted military traffic tells the enemy "something is happening"

Historical example: In wartime, one side noticed the other was transmitting large volumes of encrypted messages. Even without decrypting, this signaled an impending operation. The countermeasure was to always send data — either real messages or random noise — so the enemy couldn't distinguish active from idle periods.

Modern relevance:

  • ISPs can see which websites you visit (by IP) even with HTTPS
  • An employer sees you're sending lots of traffic to a competitor's domain
  • Tor and VPNs partially mitigate traffic analysis, but it's extremely hard to eliminate completely

Countermeasure: Send constant-rate traffic (padding with random data when idle). This is expensive and rarely done outside military applications.

Go deeper:

From Quiz: KRYPTOG / Fundamentals of Cryptography | Updated: Jul 14, 2026