suppose I have a bunch of smart lights, and I observe them. they notify me when they change state from on to off or vice-versa.
now suppose my local burglary ring eavesdrops on my stuff. over time they can infer my patterns, even if they cannot crack the DTLS encryption. they see a bunch of traffic when I'm home, nothing when I'm away. pretty soon they have a good idea of whether or not I am at home. this applies to just about everything, not just lights. the obvious way to defeat this is to send notifications randomly. to the attacker they all look the same, but the plaintext message contains some kind of indicator that allows me to distinguish between real and fake messages. I could do this in my app, but I wonder if this would not be better handled farther down in the stack. should it be a feature of the protocol? has it already been addressed somehow? gregg -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170112/9c39e2af/attachment.html>
