Note on HoMonit IoT Side Channel Paper
Background
Deterministic Finite Automata (DFA) is like a program that spits out whether to accept a sequence of data. It could be represented by a tuple: $(Q, \Sigma, \delta, q_0, F)$.
Here are definitions of each variables (some math!!!):
$\Sigma$: the alphabet operating upon
$\delta$: transition function $\delta : Q \times \Sigma \to Q$
$q_0 \in Q$, starting state
$F \sube Q$, accepting (final) states
Set of results: ${s \in \Sigma^* : A \text{ accepts } s}$
More intuitively, you can think about a graph with nodes (known as states here) and edges (linkings between states by transition functions), in which there exists one node as starting state and one or more nodes as accepting states. When the sequence is finally traversed to accepting state (node), then this sequence is accepted.
Side Channeling is a broad term referring to deducing information of encrypted data from different factors. An example of side-channeling is to gain the original text of AES encryption without knowing the keys. It has been done by overseeing power usage during encryption, time taken for the encryption process, etc.
Side-channeling in this paper is to infer information about a packet that is encrypted via TLS. Factors the authors used are packet size and response timing.
Problem to Address
Privilege system has been proven to be vulnerable due to lack of granularity in Smart Home ecosystem. For instance, when an Smart Home App only needs to open the door, it would be granted with all privileges with the door, meaning that it could monitor the state of the door. Another problem has been pointed out by the authors but I didn't manage to fully understand it : (