TY - GEN
T1 - It’s Not Where You Are, It’s Where You Are Registered
T2 - 2023 Applied Networking Research Workshop, ANRW 2023
AU - Bremler-Barr, Anat
AU - Hay, David
AU - Meyuhas, Bar
AU - Danino, Shoham
N1 - Publisher Copyright: © 2023 Association for Computing Machinery.
PY - 2023/7/24
Y1 - 2023/7/24
N2 - We explore the impact of device location on the communication endpoints of IoT devices within the context of Manufacturer Usage Description (MUD), an IETF security framework for IoT devices. Two types of device location are considered: IP-based location, which corresponds to the physical location of the device based on its IP address; and user-defined location, which is chosen during device registration. Our findings show that IP-based location barely affects the domain set with which IoT devices interact. Conversely, user-defined location drastically changes this set, mainly through region-specific domains that embody location identifiers selected by the user at registration. We examine these findings’ effects on creating MUD file tools and IoT device identification. As MUD files rely on domain allowlists, we show that security appliances supporting MUD need to manage a significantly larger number of MUD rules than initially anticipated. To address this challenge, we leverage EDNS Client Subnet (ECS) extension to differentiate user-defined locations without needing regional domains, consequently reducing the number of Access Control Entries (ACEs) required by security appliances.
AB - We explore the impact of device location on the communication endpoints of IoT devices within the context of Manufacturer Usage Description (MUD), an IETF security framework for IoT devices. Two types of device location are considered: IP-based location, which corresponds to the physical location of the device based on its IP address; and user-defined location, which is chosen during device registration. Our findings show that IP-based location barely affects the domain set with which IoT devices interact. Conversely, user-defined location drastically changes this set, mainly through region-specific domains that embody location identifiers selected by the user at registration. We examine these findings’ effects on creating MUD file tools and IoT device identification. As MUD files rely on domain allowlists, we show that security appliances supporting MUD need to manage a significantly larger number of MUD rules than initially anticipated. To address this challenge, we leverage EDNS Client Subnet (ECS) extension to differentiate user-defined locations without needing regional domains, consequently reducing the number of Access Control Entries (ACEs) required by security appliances.
UR - http://www.scopus.com/inward/record.url?scp=85170823619&partnerID=8YFLogxK
U2 - https://doi.org/10.1145/3606464.3606472
DO - https://doi.org/10.1145/3606464.3606472
M3 - منشور من مؤتمر
T3 - ANRW 2023 - Proceedings of the 2023 Applied Networking Research Workshop
SP - 18
EP - 23
BT - ANRW 2023 - Proceedings of the 2023 Applied Networking Research Workshop
Y2 - 24 July 2023
ER -