[iot-wg] "The Internet of Threats: Fighting FUD with MUD"

> Am 22.10.2018 um 23:49 schrieb Michael Richardson <mcr at sandelman.ca>:
> 
>> nevertheless a MUD file could be used to describe service classes of a
>> TV, like „TV Streaming“, „Social Media“ etc. to give the end user
>> simple choices and at least some control about what the device should
>> be allowed to do.
> 
> Such a multi-functional device (in particular, any game console), might need
> to take on a multitude of identities for it's different personalities,
> with appropriate MUD files for each personality.
> (And possibly, parental MUD file overrides, including number of packets/bytes
> allowed to be transmitted per day, and even perhaps elapsed duration between
> first transmitted packet, and last one, to enforce "screen-time" limits)

I see the point, that would get pretty complex...

> We currently implement filtering by L2 address (MAC).  That's works for most
> Things, and it also lets us cleanly implement the quarantee function in a
> way that isn't *trivially* side stepped by changing L3 address.
> To meaningfully prevent changing L2 address, a group of students at Algonquin
> College, in collaboration of Telus have been working on making sure that
> there is a unique WPA key per mac address, and that it's easy to setup.
> That means that changing your mac address would mean losing access to the
> (wireless) network. 

I think current MAC whitelisting would be sufficient (?) Assigning individual WPA keys
for each IoT device sounds impractical to me.

> This brings up the default policy for new devices: it needs to be restrict.
> But this is gonna be a pain in quite a number of situations, so it needs
> a really intuitive user interface.

Absolutely!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/iot-wg/attachments/20181023/d43cd1d3/attachment.html>