On Jan 12, 2017 5:05 PM, "Gregg Reynolds" <dev at mobileink.com> wrote:
suppose I have a bunch of smart lights, and I observe them. they notify me when they change state from on to off or vice-versa. now suppose my local burglary ring eavesdrops on my stuff. over time they can infer my patterns, even if they cannot crack the DTLS encryption. they see a bunch of traffic when I'm home, nothing when I'm away. pretty soon they have a good idea of whether or not I am at home. this applies to just about everything, not just lights. the obvious way to defeat this is to send notifications randomly. to the attacker they all look the same, but the plaintext message contains some kind of indicator that allows me to distinguish between real and fake messages. I could do this in my app, but I wonder if this would not be better handled farther down in the stack. should it be a feature of the protocol? has it already been addressed somehow? the more I think about this the the more I sweat. the bad guys have access to the same tech as the good guys: big data stuff, machine learning, little iot devices with lots of processing power, etc. it's not hard to imagine the bad guys developing their own attack-iot devices, little doodads they can scatter around a neighborhood to intercept messages. even if they cannot crack the encyption, they can use the same AI stuff the good guys use to draw useful bad-guy inferences, just based on messaging behavior. I'm beginning to thing message randomization should be a core feature. am I too paranoid or clueless? gregg gregg -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170112/0bd59721/attachment.html>
