[Cryptography] Gaslighting ~= power droop == side channel attack

Tue Nov 29 14:26:39 EST 2016

At 04:36 AM 11/29/2016, Chris Tonkinson wrote:
>From: Chris Tonkinson <chris at tonkinson.com>
>
>On 11/28/2016 07:54 PM, Christian Huitema wrote:
>> On Monday, November 28, 2016 5:22 AM, Henry Baker wrote:
>>> ...
>>> "smart" thermostats will turn us into the secret energy police
>> 
>> Smart power meters could do much more than that.  It turns out that various appliances can be recognized through their "power consumption signature".  A quick search of "appliance recognition" turns out a variety of research papers on how to do that, as well as projects to build data bases of appliance signatures.  The smart power meter of the future ought to be able to check not only when you are starting the dish washer, but what brand and what model you are using.  And of course, when the utility starts doing that, they will want to teach you what to use and when.
>> 
>> -- Christian Huitema
>
>I wonder if some Simple device could be created based on a combiination
>of battery, capacitor, and timer to smooth the "curves" of consumption
>for a household (or on a smaller scale for specific appliances),
>rendering this type of analysis ineffectual.

Well, in theory, any such *linear* function can be inverted to extract the original signal (with some added noise in the high frequencies), so simple smoothing won't really work.

This problem is loosely analogous to that of an oblivious RAM (ORAM), which must hide an actual memory reference stream within a completely boring reference stream.  Or the problem of moving a number of agents around a city by only using regularly scheduled public transportation rather than using taxis or private cars.

Another similar problem is the one of synthetic "traffic generation", which might be used in a full-scale network test.  But you would want the traffic patterns to also be resistant to *intelligent* analysis, as well as lower sophistication dragnet analysis.

The problem with *replay traffic* is that it is too easy to recognize when it is replayed, so you need a much more sophisticated traffic generation synthesis algorithm.