On Jan 13, 2017 10:55 AM, "Thiago Macieira" <thiago.macieira at intel.com> wrote:
On quinta-feira, 12 de janeiro de 2017 17:05:33 PST Gregg Reynolds wrote: > now suppose my local burglary ring eavesdrops on my stuff. over time they > can infer my patterns, even if they cannot crack the DTLS encryption. they > see a bunch of traffic when I'm home, nothing when I'm away. pretty soon > they have a good idea of whether or not I am at home. I think they can tell wheter you're downloading stuff, watching videos, even browsing and reading email, a lot more than your IoT devices' traffic patterns. The volume of traffic is a lot bigger and a lot more noticeable if missing. Yikes. you're right, it's a much bigger problem. *n* years from now every person, place, and thing will be festooned with computing/communicating devices. we will all become ambulatory data clouds, and everything will have a recognizable digital signature. think anti-submarine warfare, where the acoustic signature of a sub can be recognized from great distances. call me paranoid, but it's only a matter of time before this sort of attack becomes commoditized in the underworld. here's a great example, maybe not directly related to eavesdropping on comms, but still a great illustration of how even seemingly harmless info can be put to nefarious uses: https://crypto.stanford.edu/powerspy/ I'm inclined to think more randomization is better, even if we cannot see a good reason for it right now. gregg -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170113/cd3b0ba8/attachment.html>
