[iot-wg] Draft minutes from RIPE76

Colleagues, here are the draft minutes from the WG meeting in Marseille. My thanks to Amanda for taking such excellent notes. Please let me know if there are any corrections or ommissions.


IoT Working Group Minutes - RIPE 76
17 May 2018, 14:00 - 15:30
WG Chair: Jim Reid
Scribe: Mirjam Kühne
Status: draft

The presentation is available at:
https://ripe76.ripe.net/archives/video/124


1. Administrivia


Jim Reid opened the meeting and explained that the WG chair selection
process is still ongoing. He will pick this up on the mailing list
again. It is expected to conclude this within the next few months so
that the WG will have selected chairs at the next RIPE meeting.


2. Report on RIPE NCC IoT Activities
        Marco Hogewoning, RIPE NCC

The presentation is available at:
https://ripe76.ripe.net/archives/video/125

Jim expressed his personal thanks to Marco for helping to get the IoT WG
off the ground.

There were no further questions.


3. Privacy Implications of Sewage Testing for Illicit Drugs
        Elif Sert, Istanbul Bilgi University

The presentation is available at:
https://ripe76.ripe.net/archives/video/127

Jim asked if there are any indications that this data might be
cross-referenced with other types of data to get closer granularity
(i.e. the bus network)?

Elif responded that this sounds indeed very possible. This particular
research data was for instance merged with geographical and mobile phone
data, but it was not clear what the results were. The goal was definitely
to get more accurate results (on groups and individuals).

Hugo Vincent, ARM Research, reported that they have seen quite a lot
of progress in the last couple of years in regulating privacy for
individuals. He wondered if there were any groups or organisations
that were making progress around trying to define how to regulate
group privacy?

Elif said that there is some research on this and that some books have
been published on this topic. She added that at the moment they have a
very individual way to look at privacy, and that they might have to lift
it up to the group level in order to better protect people.


3. RIOT: Networking from the Friendly OS Perspective
        Matthias Waehlisch, FU Berlin

The presentation is available at:
https://ripe76.ripe.net/archives/video/128

Jim asked what the next big thing would be for RIOT. Matthias
explained that one thing there were working on were automatic updates
for the devices, preferably over the air and secure. Another thing
was an easy system to share applications, working on an app store.


4. SPIN: Security and Privacy for In-Home Networks
        Jelte Jansen, SIDN

The presentation is available at:
https://ripe76.ripe.net/archives/video/130

Matthias Waehlisch asked if Jelte was aware of the people from
Princeton (referring to the IoT inspector). Jelte said that he was
aware of them, but that he had no contact yet.

Jim said he was fascinated to hear that Jelte’s TV was actually talking
to Facebook and wondered if it wouldn’t be a useful service for end
users to have some kind of a Little Snitch sitting on the home router
reporting what weird things a TV, fridge, kettle etc., werere doing in the
background. He asked Jelte if he has considered such a service.

Jelte answered that he would like to actually visualise that. However,
this could only be done in real time. Looking into the actual data would
cause a whole new set of privacy problems. He clarified that one of the
reasons this was a research project is that they wanted to look into how they
could efficiently report what kind of things people's devices were doing.

Niels Bakker asked on the chat channel what Jelte’s ISP was that kept
disconnecting him. Jelte didn’t want to mention the name, but said it
was a helpdesk service by Ziggo that was responsible for the building
he lives in and he didn’t have a choice.

Someone else mentioned on the chat channel that there were products on
the market that do per-device 'parental controls', like FRITZ!Box,
that any end user can use to easily isolate their IoT devices, wired
or wireless. Jelte said that he was aware of this, but they were
usually restricted to things like parental control.


5. Securing IoT Devices - Closing the Gaps
        Hugo Vincent, ARM Security

The presentation is available at:
https://ripe76.ripe.net/archives/video/132

Alain Durand, ICANN, asked what would happen if these devices were to
live for 25 years. How does one manage trust anchors if devices are
powered down for many years? Hugo said that this was obviously a big
challenge. One needs to have strong hardware identity to be able to
make sure that this is still the same device later on. Alain added
that he thinks authentication has to go both ways. Hugo agreed.

Vesna Manojlovic, RIPE NCC, suggested that since Hugo was considering
very long terms, to also look at sustainability. Where will the
material come from and what about recycling and waste?

Hugo said that this was a fantastic question and that he was
definitely interested in overall global efficiency. He said ARM wanted
to make the device as sustainable as possible and that they were
looking at extremely low power usage. They’re doing work with plastic
semi-conductors for example to reduce the energy input into the device
compared to silicon.  He agreed that this was a very important
question. Vesna asked if Hugo would be willing to present about this
topic at the next RIPE Meeting. Hugo answered that one of his
colleagues could definitely do that.

Petr Špaček, CZ.NIC, asked to let him know when they found a way to
solve the trust anchor issue, because the domain name community has
been struggling with that problem for years already.

Jim commented that ARM was in a very interesting position in this
particular marketplace and that there was a lot of good things they
could do to encourage their partners to have a security framework for
the live updates of IoT devices. He also suggested to consider open
sourcing some of that work. Hugo responded that a lot of their IoT
stack was already open source. He agreed that they don’t only have the
opportunity but the responsibility to improve security of IoT devices.


6. Role for the Name and Numbering Community in the IoT Domain
        Sandoche Balakrichenan, AFNIC

The presentation is available at:
https://ripe76.ripe.net/archives/video/134

Marco Hogewoning clarified that from the RIPE NCC’s perspective, IPv6
addresses are not good for identification. A lot of people want both: a
fixed identifier and at the same time an identifier to deliver traffic
to the device where ever it is. This can be solved. But as the RIPE NCC
we would like some guidance from the community how to handle this.

Jim added that it would be good if the speaker could help to do some
outreach into these other communities in the area of IoT. He recommended
to find out what the problem statements and approaches are and to
encourage them to come to the meetings and participate.

Victoria Risk, ISC, asked if the speaker had considered using MAC
addresses as identifiers. Sandoche responded that in LowRa they are
using UI64 (which is a bit like a MAC address). He said that for
locating communication in a computers, one could use a MAC type UI64
address and for the communication between the protocols on the
Internet, one could use IPv6. But they will still have to see if this
would work.


7. AOB

Jim Reid closed the meeting and encouraged everyone to participate in
the IoT/IPv6 discussion taking place in the IPv6 WG later that
afternoon.