Skip to comments.NSA patents a way to spot network snoops
Posted on 12/23/2008 6:22:56 AM PST by COBOL2Java
The U.S. National Security Agency has patented a technique for figuring out whether someone is tampering with network communication.
The NSA's software does this by measuring the amount of time the network takes to send different types of data from one computer to another and raising a red flag if something takes too long, according to the patent filing.
Other researchers have looked into this problem in the past and proposed a technique called distance bounding, but the NSA patent takes a different tack, comparing different types of data travelling across the network. "The neat thing about this particular patent is that they look at the differences between the network layers," said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington.
The technique could be used for purposes such as detecting a fake phishing Web site that was intercepting data between users and their legitimate banking sites, he said. "This whole problem space has a lot of potential, [although] I don't know if this is going to be the final solution that people end up using."
IOActive security researcher Dan Kaminsky was less impressed. "Think of it as -- 'if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets,' " he said via e-mail. "Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons."
Some might think of the secretive NSA, which collects and analyzes foreign communications, as an unlikely source for such research, but the agency also helps the federal government protect its own communications.
The NSA did not answer questions concerning the patent, except to say, via e-mail, that it does make some of its technology available through its Domestic Technology Transfer Program.
The patent, granted Tuesday, was filed with the U.S. Patent and Trademark Office in 2005. It was first reported Thursday on the Cryptome Web site.
Google doesn't have it up, yet.
Based on nothing but the abstract, it sounds interesting. Don't have the time to analyze it in any great depth right now.
Looks like a possible remedy for detecting ARP poisoning and other ‘man in the middle’ type attacks.
HUN? Help me out here; I had no idea a government agency could claim private intellectual property rights.
Sounds like this method discussed will generate lots of false positives.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.