This paper presents a mechanism for inferring user behaviour from encrypted wireless network activity. Aside from being within range, this mechanism operates without any level of network access, and without the need to break any encryption. It demonstrates how an entirely passive, external observer can detect if and when a person is using Skype. It is further demonstrated that this detection ability remains even when Skype traffic is interleaved with confounding simultaneous traffic such as BitTorrent. The metrics utilised by the detection process are a consequence of efficient data transfer. It is reasonable to believe that similar methods would be effective on the majority of modern wireless communications, and not specific to the protocols underlying the demonstration. The approach shown challenges the assumption that secure cryptography means secure information and adaptations of the mechanism used may help guide the analysis of increasingly large volumes of encrypted data.
展开▼