CAPEC-621: Analysis of Packet Timing and Sizes
An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).
Last updated
Overview
CAPEC-621 (Analysis of Packet Timing and Sizes) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Use of untrusted communication paths enables an attacker to intercept and log communications, including metadata such as packet timing and sizes.
Skills required
- High skill: These attacks generally require sophisticated machine learning techniques and require traffic capture as a prerequisite.
Consequences
What a successful CAPEC-621 attack can achieve.
Read Data
Affects: Confidentiality
Derive sensitive information about encrypted data.
How to mitigate it
Defenses that reduce the risk of CAPEC-621.
- Distort packet sizes and timing at VPN layer by adding padding to normalize packet sizes and timing delays to reduce information leakage via timing.