November 1, 2016
Military Intelligence Against Chinese Submarines and Traffic Analysis
Prior US intelligence gathering eg. of China’s Hainan Island Yulin/Sanya nuclear submarine naval base (above) can be (or is) very useful. (Photo courtesy mapsecrets via).
Military Intelligence Against Submarine Operations
Signals intelligence gathering by (sub or satellite) and sonar signature gathering by USNS Impeccable can act as a basis for further analysis of changing Chinese actions. This is in a low level confrontation scenario or a time of crisis (which may be a medium level shooting war).
For example discerning a rise in traffic levels that are typical of an Type 094 SSBN or Type 093 SSNs putting to sea at unusual times may make interception by a US SSN or distant "tailing" easier. That a Chinese SSBN or SSN might put to sea at an unusual time would also say something about the Chinese political and military structures' state of mind (useful strategic intelligence).
Traffic analysis is a basic part of signals intelligence, and can be a source of information about the intentions and actions of the target. Representative patterns include:
· Frequent (shore or satellite to submarine) communications — can denote planning
· Rapid, short communications between naval command elements — can denote readjustments
· A lack of communication — can indicate a lack of activity, or completion of a finalized plan
· Who talks to whom (eg. political leaders to admirals) can imply weapons-release or withdrawal
by a submarine, and
· Who talks when — can indicate which stations are active in connection with events, which
implies something about the information being passed and perhaps something about the
personnel/access of those associated with some stations
This is the process intercepting and (real time computer) examination of messages to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted.
In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence, counter-intelligence, or pattern-of-life analysis, and is a concern in computer security.
Traffic analysis tasks are supported by dedicated computer software programs and supercomputers. Advanced traffic analysis techniques may include various forms of social network analysis.
Telephone exchanges are computer based as, of course, are servers. In computer security traffic analysis can involve an attacker gaining important information by monitoring the frequency and timing of network packets.
A timing attack on the SSH protocol can use timing information to deduce information about passwords since, during interactive session, SSH transmits each keystroke as a message. The time between keystroke messages can be studied using hidden Markov models. A timing attack might recover passwords fifty times faster than a brute force attack.
Chinese sailors at Yulin Naval Base on Hainan Island should look over their shoulders - as they are being watched (by friend and foe) in so many ways.
Posted by Peter Coates