On 01/12/2017 04:05 PM, Gregg Reynolds wrote: > suppose I have a bunch of smart lights, and I observe them. they notify me > when they change state from on to off or vice-versa. > > now suppose my local burglary ring eavesdrops on my stuff. over time they > can infer my patterns, even if they cannot crack the DTLS encryption. they > see a bunch of traffic when I'm home, nothing when I'm away. pretty soon > they have a good idea of whether or not I am at home. > > this applies to just about everything, not just lights. > > the obvious way to defeat this is to send notifications randomly. to the > attacker they all look the same, but the plaintext message contains some > kind of indicator that allows me to distinguish between real and fake > messages. > > I could do this in my app, but I wonder if this would not be better handled > farther down in the stack. should it be a feature of the protocol? has it > already been addressed somehow?
To just make sure folks are aware this isn't a complete black hole, the OCF Security workgroup is quite aware of "fingerprinting" (the term for this kind of analysis of collected events) as a concern. I haven't been able to follow security for the last number of months so I don't know how their deliberations are progressing - for those who are interested and hold OCF membership status, it might be worth looking in there.
