This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter Steinhäuser
ps at embedd.com
Sun Oct 21 12:40:31 CEST 2018
Dear Töma, first of all a great thanks for your talk on RIPE 77 - nice to see we have the same favourite band ;) > Previously on topic: we've agreed (haven't we?) that MUD is not > currently targeting industrial IoT and connected health. So, smart > homes. > > (By the way, it is more proper to directly specify the issue you're > handling before proposing a solution. As MUD doesn't solve the > security problem of IoT in general, let's then call it a solution for > smart homes, but not a solution for IoT.) > > The issue with smart homes, wearables etc. is that a contemporary > commodity IoT device is not connected to the Internet in order to > really provide a service to the customer. Instead, it collects, > processes and sends data and telemetry which is precious for its > vendor, which said vendor would then be able to sell. > > - https://www.theverge.com/2017/7/24/16021610/irobot-roomba-homa-map-data-sale <https://www.theverge.com/2017/7/24/16021610/irobot-roomba-homa-map-data-sale> > - https://www.warc.com/newsandopinion/news/general_motors_generates_new_radio_advertising_insights/41073 <https://www.warc.com/newsandopinion/news/general_motors_generates_new_radio_advertising_insights/41073> > - et cetera. > > Expecting a vendor to cut their own cables themselves is a strange > move, isn't it. Hence, "default policy is no access" stuff isn't just > going to fly. The question here to me seems what we want to achieve. I’m totally on your page in terms of data collection and privacy. But that’s to a large part the end users choice - even if I have to admit most of them simply don’t care, just look at the amount of data people share via facebook: Happy social engineering! My concern is more the integrity of the network infrastructure and how to reduce the impact of hacked IoT devices used by DDOS attacks. MUD files can help to identify what’s a devices purpose and monitoring if the device is doing what it’s supposed to do. I agree that we should not have much hope that the device makers will do their job but I’m sure a community fueld MUD proxy could play a role here. > d) Also, if said data is worth selling, setting up a firewall won't > help because an IoT device will then use whatever radio technology > built-in to connect to the Internet without your nice firewall. The > only outcome would be an increased manufacturing cost because of > additional radio module (and yes, it's the customer who's gonna pay > for this). Sorry guys. Nothing personal, it's just business. > > e) You cannot possibly set a firewall between the Internet and > wearables, SmartTV, cars, etc. That’s totally true in terms of privacy and data mining, but here - as said - it’s the customer’s choice (given all the cons we all know). In therms of preventing IoT devices being abused for DDOS firewalling can help. What’s not been adressed so far is the fact that a hacked IoT device could be used to hack other IoT device in an end user’s network. That can not be prevented by firewalling in most cases but there are a few things that can be done (separate network segments for differnet IoT device classes, isolation for wirelessly connected devices, UPnP control etc.). The SPIN project https://www.sidnlabs.nl/a/weblog/spin-a-user-centric-security-extension-for-in-home-networks <https://www.sidnlabs.nl/a/weblog/spin-a-user-centric-security-extension-for-in-home-networks> and the activities of the IETF home network working group presented in Michael’s talk on Thursday follow similar approaches and I think we should work into that direction. Regards, Peter Peter Steinhäuser, CEO embeDD GmbH · Alter Postplatz 2 · 6370 Stans · Switzerland Phone: +41 (41) 784 95 85 · Fax: +41 (41) 784 95 64 -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/iot-wg/attachments/20181021/5a9e2dc5/attachment.html>
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]