<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <p>Hi Poonam</p> <p>Thanks. The concern here is that the device could choose to identify as something else through a set of false communications. It is indeed an interesting area of research. I am not saying there is nothing to be done, but it is something that requires careful consideration as we aim toward automating policy. I fear in particular that the cloud makes this quite a bit harder, and IOT manufacturer use of their own DNS infrastructure will make it yet more difficult, because we are all using the same cloud infra.</p> <p>Eliot<br> </p> <p><br> </p> <p><br> </p> <div class="moz-cite-prefix">On 19.03.20 15:42, Poonam Yadav wrote:<br> </div> <blockquote type="cite" cite="mid:CABGSL4WL8qgdGVAVg=TuiRcMFAvgjdr26eC1-GgJgrksv-_qOg@mail.gmail.com"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <div dir="ltr"> <p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Dear Elliot,</span></p> <p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span style="background:transparent;margin-top:0pt;margin-bottom:0pt">Thank you for your very important question. In the current setting, our router verifies packets using devices' MAC addresses; it means the router has a list of mac addresses of all IoT devices. For another work, we used certificate-based authentication between the router and device MUD server, something similar: </span><span style="background:transparent;margin-top:0pt;margin-bottom:0pt;color:rgb(74,110,224)"><a style="background:transparent;margin-top:0pt;margin-bottom:0pt;color:rgb(74,110,224)" target="_blank" href="https://docs.microsoft.com/en-us/azure/iot-edge/how-to-authenticate-downstream-device" class="gmail-_e75a791d-denali-editor-page-rtfLink" moz-do-not-send="true">https://docs.microsoft.com/en-us/azure/iot-edge/how-to-authenticate-downstream-device</a></span></p> <p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt">We used off-the-self IoT devices so its not easy to integrate many TEE based solutions. </p> <p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt">Best regards,</p> <p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt">Poonam</p> <p style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br> </p> </div> <br> <div class="gmail_quote"> <div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020 at 12:47 PM Eliot Lear <<a href="mailto:lear@ofcourseimright.com" moz-do-not-send="true">lear@ofcourseimright.com</a>> wrote:<br> </div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div> <p>Very interesting work!<br> </p> <p>A cautionary question:</p> <p>If I wanted to pretend to be one of these devices on your network, how hard would it be?</p> <p>Eliot<br> </p> <div>On 19.03.20 12:56, Poonam Yadav wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">Thanks for sharing! <div><br> </div> <div>We have analysed similar pattern in many IoT devices and presented periodicity in IoT traffic as FFT (fig 4 - of IoTDI paper attached for reference) and some initial results here in this report:</div> <div><a href="https://www.repository.cam.ac.uk/handle/1810/284092" target="_blank" moz-do-not-send="true">https://www.repository.cam.ac.uk/handle/1810/284092</a><br> </div> <div>and full paper is here:</div> <div><a href="https://dl.acm.org/doi/10.1145/3302505.3310082" target="_blank" moz-do-not-send="true">https://dl.acm.org/doi/10.1145/3302505.3310082</a><br> </div> <div><br> </div> <div>Best regards,</div> </div> <br> <div class="gmail_quote"> <div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020 at 10:31 AM Mirjam Kuehne <<a href="mailto:mir@ripe.net" target="_blank" moz-do-not-send="true">mir@ripe.net</a>> wrote:<br> </div> <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Dear colleagues,<br> <br> IoT devices often perform activities on a periodic basis. Thymen Wabeke<br> of SIDN Labs shares his analysis of periodic network traffic from IoT<br> lightbulbs. Read it on RIPE Labs at:<br> <br> <a href="https://labs.ripe.net/Members/thymen_wabeke/visualisations-of-periodic-iot-traffic" rel="noreferrer" target="_blank" moz-do-not-send="true">https://labs.ripe.net/Members/thymen_wabeke/visualisations-of-periodic-iot-traffic</a><br> <br> Kind regards,<br> Mirjam Kühne<br> RIPE NCC<br> <br> _______________________________________________<br> iot-wg mailing list<br> <a href="mailto:iot-wg@ripe.net" target="_blank" moz-do-not-send="true">iot-wg@ripe.net</a><br> <a href="https://mailman.ripe.net/" rel="noreferrer" target="_blank" moz-do-not-send="true">https://mailman.ripe.net/</a><br> </blockquote> </div> <br> <fieldset></fieldset> <pre>_______________________________________________ iot-wg mailing list <a href="mailto:iot-wg@ripe.net" target="_blank" moz-do-not-send="true">iot-wg@ripe.net</a> <a href="https://mailman.ripe.net/" target="_blank" moz-do-not-send="true">https://mailman.ripe.net/</a> </pre> </blockquote> </div> </blockquote> </div> </blockquote> </body> </html>