1994-02-15 - Re: LEAF, SS7

Header Data

From: smb@research.att.com
To: m5@vail.tivoli.com (Mike McNally)
Message Hash: 2b16635e795f8c8d0489cda72e69136a5f6c3f25efa191d9e390dfca895b5940
Message ID: <9402151822.AA16083@toad.com>
Reply To: N/A
UTC Datetime: 1994-02-15 18:36:50 UTC
Raw Date: Tue, 15 Feb 94 10:36:50 PST

Raw message

From: smb@research.att.com
Date: Tue, 15 Feb 94 10:36:50 PST
To: m5@vail.tivoli.com (Mike McNally)
Subject: Re: LEAF, SS7
Message-ID: <9402151822.AA16083@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	  > The structure of the LEAF is also a dead giveaway that Clipper is
	  > being used -- it's easy to envision a box that has the family key,
	  > and tries every LEAF-sized field to see if it decrypts to something
	  > that looks right, and in particular has the right checksum.

	 I'm going to make the almost certainly valid assumption that you know
	 more about the way the network works than I do, but my assumption is
	 this:  in the wacky scenario I described wherein Clipper devices are
	 installed in the network interfaces "everywhere", then the presence of
	 these identifiable (and identifying!) packets means that a central tap
	 at a regional switching center could concievably perform traffic
	 analysis without the need for taps on local loops anywhere.  Is this
	 assumption way wrong?

I suspect that you'd have too much data -- you'd have to be able to
scan every part of every conversation.  If you're going to go to those
lengths, you'd do just as well to tap the signaling channels instead --
a lot less data, and most of it organized the way you want it.





Thread