Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. In other words: Information leakage occurs when secret information correlates with, or can be correlated with, observable information. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack encryption codes could see when messages are transmitted, even if he could not read them.
Risk vectorsedit
A modern example of information leakage is the leakage of secret information via data compression, by using variations in data compression ratio to reveal correlations between known (or deliberately injected) plaintext and secret data combined in a single compressed stream.[1] Another example is the key leakage that can occur when using some public-key systems when cryptographic nonce values used in signing operations are insufficiently random.[2] Bad randomness cannot protect proper functioning of a cryptographic system, even in a benign circumstance, it can easily produce crackable keys that cause key leakage.[3][citation needed]
Information leakage can sometimes be deliberate: for example, an algorithmic converter may be shipped that intentionally leaks small amounts of information, in order to provide its creator with the ability to intercept the users' messages, while still allowing the user to maintain an illusion that the system is secure. This sort of deliberate leakage is sometimes known as a subliminal channel.[4][5]
Generally, only very advanced systems employ defenses against information leakage.
Following are the commonly implemented countermeasures :
Use steganography to hide the fact that a message is transmitted at all.
Use chaffing to make it unclear to whom messages are transmitted (but this does not hide from others the fact that messages are transmitted).
For busy re-transmitting proxies, such as a Mixmaster node: randomly delay and shuffle the order of outbound packets - this will assist in disguising a given message's path, especially if there are multiple, popular forwarding nodes, such as are employed with Mixmaster mail forwarding.
When a data value is no longer going to be used, erase it from the memory.
^Kelsey, J. (2002). "Compression and Information Leakage of Plaintext". Fast Software Encryption. Lecture Notes in Computer Science. Vol. 2365. pp. 263–276. doi:10.1007/3-540-45661-9_21. ISBN978-3-540-44009-3.
^Rembovsky, Anatoly; Ashikhmin, Alexander; Kozmin, Vladimir; Smolskiy, Sergey (2009), "Methods and Equipment for Protection Against Information Leakage Via CEE Channels", Radio Monitoring, vol. 43, Boston, MA: Springer US, pp. 471–496, doi:10.1007/978-0-387-98100-0_12, ISBN978-0-387-98099-7, retrieved 2021-10-02
^Schneier, Bruce; Fredrikson, Matthew; Kohno, Tadayoshi; Ristenpart, Thomas (2015). "Surreptitiously Weakening Cryptographic Systems". Schneier on Security. from the original on April 14, 2019. Alt URL
^Yu, Xiang; Tian, Zhihong; Qiu, Jing; Jiang, Feng (2018). "A Data Leakage Prevention Method Based on the Reduction of Confidential and Context Terms for Smart Mobile Devices". Wireless Communications and Mobile Computing. 2018: 1–11. doi:10.1155/2018/5823439.
January 01, 1970
information, leakage, confused, with, whistleblowing, this, article, needs, additional, citations, verification, please, help, improve, this, article, adding, citations, reliable, sources, unsourced, material, challenged, removed, find, sources, news, newspape. Not to be confused with whistleblowing This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Information leakage news newspapers books scholar JSTOR February 2013 Learn how and when to remove this message Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless In other words Information leakage occurs when secret information correlates with or can be correlated with observable information For example when designing an encrypted instant messaging network a network engineer without the capacity to crack encryption codes could see when messages are transmitted even if he could not read them Risk vectors editA modern example of information leakage is the leakage of secret information via data compression by using variations in data compression ratio to reveal correlations between known or deliberately injected plaintext and secret data combined in a single compressed stream 1 Another example is the key leakage that can occur when using some public key systems when cryptographic nonce values used in signing operations are insufficiently random 2 Bad randomness cannot protect proper functioning of a cryptographic system even in a benign circumstance it can easily produce crackable keys that cause key leakage 3 citation needed Information leakage can sometimes be deliberate for example an algorithmic converter may be shipped that intentionally leaks small amounts of information in order to provide its creator with the ability to intercept the users messages while still allowing the user to maintain an illusion that the system is secure This sort of deliberate leakage is sometimes known as a subliminal channel 4 5 Generally only very advanced systems employ defenses against information leakage Following are the commonly implemented countermeasures Use steganography to hide the fact that a message is transmitted at all Use chaffing to make it unclear to whom messages are transmitted but this does not hide from others the fact that messages are transmitted For busy re transmitting proxies such as a Mixmaster node randomly delay and shuffle the order of outbound packets this will assist in disguising a given message s path especially if there are multiple popular forwarding nodes such as are employed with Mixmaster mail forwarding When a data value is no longer going to be used erase it from the memory See also editKleptographic attack Side channel attack Traffic analysisReferences edit Kelsey J 2002 Compression and Information Leakage of Plaintext Fast Software Encryption Lecture Notes in Computer Science Vol 2365 pp 263 276 doi 10 1007 3 540 45661 9 21 ISBN 978 3 540 44009 3 Rembovsky Anatoly Ashikhmin Alexander Kozmin Vladimir Smolskiy Sergey 2009 Methods and Equipment for Protection Against Information Leakage Via CEE Channels Radio Monitoring vol 43 Boston MA Springer US pp 471 496 doi 10 1007 978 0 387 98100 0 12 ISBN 978 0 387 98099 7 retrieved 2021 10 02 Schneier Bruce Fredrikson Matthew Kohno Tadayoshi Ristenpart Thomas 2015 Surreptitiously Weakening Cryptographic Systems Schneier on Security Archived from the original on April 14 2019 Alt URL Ron Rivest October 3 2002 6 857 Computer and Network Security Lecture Notes 9 DSA DSS RSA chosen ciphertext attack PDF MIT Retrieved 2012 09 14 Yu Xiang Tian Zhihong Qiu Jing Jiang Feng 2018 A Data Leakage Prevention Method Based on the Reduction of Confidential and Context Terms for Smart Mobile Devices Wireless Communications and Mobile Computing 2018 1 11 doi 10 1155 2018 5823439 Retrieved from https en wikipedia org w index php title Information leakage amp oldid 1181211269, wikipedia, wiki, book, books, library,
