<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi Poonam</p>
    <p>Thanks.  The concern here is that the device could choose to
      identify as something else through a set of false communications. 
      It is indeed an interesting area of research.  I am not saying
      there is nothing to be done, but it is something that requires
      careful consideration as we aim toward automating policy.  I fear
      in particular that the cloud makes this quite a bit harder, and
      IOT manufacturer use of their own DNS infrastructure will make it
      yet more difficult, because we are all using the same cloud infra.</p>
    <p>Eliot<br>
    </p>
    <p><br>
    </p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 19.03.20 15:42, Poonam Yadav wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CABGSL4WL8qgdGVAVg=TuiRcMFAvgjdr26eC1-GgJgrksv-_qOg@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <p
style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span
style="background:transparent;margin-top:0pt;margin-bottom:0pt">Dear
            Elliot,</span></p>
        <p
style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><span
style="background:transparent;margin-top:0pt;margin-bottom:0pt">Thank
            you for your very important question. In the current
            setting, our router verifies packets using devices' MAC
            addresses; it means the router has a list of mac addresses
            of all IoT devices. For another work, we used
            certificate-based authentication between the router and
            device MUD server, something similar: </span><span
style="background:transparent;margin-top:0pt;margin-bottom:0pt;color:rgb(74,110,224)"><a
style="background:transparent;margin-top:0pt;margin-bottom:0pt;color:rgb(74,110,224)"
              target="_blank"
href="https://docs.microsoft.com/en-us/azure/iot-edge/how-to-authenticate-downstream-device"
              class="gmail-_e75a791d-denali-editor-page-rtfLink"
              moz-do-not-send="true">https://docs.microsoft.com/en-us/azure/iot-edge/how-to-authenticate-downstream-device</a></span></p>
        <p
style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt">We
          used off-the-self IoT devices so its not easy to integrate
          many TEE based solutions. </p>
        <p
style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt">Best
          regards,</p>
        <p
style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt">Poonam</p>
        <p
style="color:rgb(14,16,26);background:transparent;margin-top:0pt;margin-bottom:0pt"><br>
        </p>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020 at 12:47
          PM Eliot Lear <<a href="mailto:lear@ofcourseimright.com"
            moz-do-not-send="true">lear@ofcourseimright.com</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div>
            <p>Very interesting work!<br>
            </p>
            <p>A cautionary question:</p>
            <p>If I wanted to pretend to be one of these devices on your
              network, how hard would it be?</p>
            <p>Eliot<br>
            </p>
            <div>On 19.03.20 12:56, Poonam Yadav wrote:<br>
            </div>
            <blockquote type="cite">
              <div dir="ltr">Thanks for sharing! 
                <div><br>
                </div>
                <div>We have analysed similar pattern in many IoT
                  devices and presented periodicity in IoT traffic as
                  FFT  (fig 4 - of IoTDI paper attached for reference) 
                  and some initial results here in this report:</div>
                <div><a
                    href="https://www.repository.cam.ac.uk/handle/1810/284092"
                    target="_blank" moz-do-not-send="true">https://www.repository.cam.ac.uk/handle/1810/284092</a><br>
                </div>
                <div>and full paper is here:</div>
                <div><a
                    href="https://dl.acm.org/doi/10.1145/3302505.3310082"
                    target="_blank" moz-do-not-send="true">https://dl.acm.org/doi/10.1145/3302505.3310082</a><br>
                </div>
                <div><br>
                </div>
                <div>Best regards,</div>
              </div>
              <br>
              <div class="gmail_quote">
                <div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020
                  at 10:31 AM Mirjam Kuehne <<a
                    href="mailto:mir@ripe.net" target="_blank"
                    moz-do-not-send="true">mir@ripe.net</a>> wrote:<br>
                </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">Dear colleagues,<br>
                  <br>
                  IoT devices often perform activities on a periodic
                  basis. Thymen Wabeke<br>
                  of SIDN Labs shares his analysis of periodic network
                  traffic from IoT<br>
                  lightbulbs. Read it on RIPE Labs at:<br>
                  <br>
                  <a
href="https://labs.ripe.net/Members/thymen_wabeke/visualisations-of-periodic-iot-traffic"
                    rel="noreferrer" target="_blank"
                    moz-do-not-send="true">https://labs.ripe.net/Members/thymen_wabeke/visualisations-of-periodic-iot-traffic</a><br>
                  <br>
                  Kind regards,<br>
                  Mirjam Kühne<br>
                  RIPE NCC<br>
                  <br>
                  _______________________________________________<br>
                  iot-wg mailing list<br>
                  <a href="mailto:iot-wg@ripe.net" target="_blank"
                    moz-do-not-send="true">iot-wg@ripe.net</a><br>
                  <a
                    href="https://mailman.ripe.net/"
                    rel="noreferrer" target="_blank"
                    moz-do-not-send="true">https://mailman.ripe.net/</a><br>
                </blockquote>
              </div>
              <br>
              <fieldset></fieldset>
              <pre>_______________________________________________
iot-wg mailing list
<a href="mailto:iot-wg@ripe.net" target="_blank" moz-do-not-send="true">iot-wg@ripe.net</a>
<a href="https://mailman.ripe.net/" target="_blank" moz-do-not-send="true">https://mailman.ripe.net/</a>
</pre>
            </blockquote>
          </div>
        </blockquote>
      </div>
    </blockquote>
  </body>
</html>