Summary of ICANN68 Plenary Session: The DNS and the Internet of Things: Opportunities, Risks, and Challenges

An IoT deployment can be divided into IoT devices, network connectivity and back-end services. In these interactions, DNS plays an important role as IoT devices will use the DNS to locate required remote services.

Summary of SAC105 – The DNS & the Internet of Things
by Cristian Hesselman (SSAC)

https://www.icann.org/en/system/files/files/sac-105-en.pdf

Opportunities

Opportunity for the DNS to increase the privacy, safety, and transparency of the Internet of Things.

  • DNS can reduce the risk of users being profiled by obviously encrypting the DNS requests through the much-debated DoH and/or DoT
  • Reduce risk of IoT device being redirected by
    • validating integrity of DNS responses (DNSSEC)
    • providing MFA (Multi Factor Authentication)
  • More insight into services and resolvers e.g. measure IoT device’s DNS queries, visualization for users
Risks

Risks to the DNS from the IoT: influx of traffic from IoT devices

  • DNS-unfriendly programming at IoT scale e.g. devices generate random queries
  • Larger and more complex DDoS attacks by IoT botnets
Challenges

Challenges for DNS and IoT industries

  • Develop a DNS security library for IoT devices
  • Train IoT and DNS professionals
    • IoT experts: understand IoT botnets, open resolvers, “DNS friendly” programming and security (e.g., DNSSEC)
    • DNS experts: understand IoT changes domain registration model and security
  • Collaboratively handle IoT-powered DDoS attacks e.g. Share DDoS “fingerprints” across operators, DDoS mitigation broker to flexibly share mitigation capacity, or Security systems in edge networks, such as home routers

IoT, 5G and DNS
by Lise Fuhr, ETNO

  • 5G will enable the rapid growth of the IoT. Telcos [5G] IoT does not grow in a vacuum. It’s actually building on a broader service portfolio, and DNS and IP in general will be a federator here.
  • 5G is not going to be a 5G standalone from day one. What we see is that there are a lot of 5G networks that are building on 4G infrastructure. So, what we see is 4G with 5G equipment, but it’s not a fully-fledged 5G network. And there, the use of DNS and domain names in these mobile core systems, they’re not prevalent. Nothing new in 4G to 5G use in relation to DNS, we use it the same way in 5G as we did in 4G.
  • What impact will the covid-19 crisis have on this?
    • Stronger focus on the need for digitalization
    • Stronger focus on security
    • Less travelling? More remote monitoring?

The DNS and the IoT @.nl
by Cristian Hesselman, (SIDN) .NL registry

SIDN is developing the SPIN (security and privacy in in-home networks) prototype. They started doing the project from Dyn attack that occurred in 2016, which a DNS operator was attacked by a botnet that sent a lot of traffic. The purpose of the system is to basically monitor, so a user would place a device in his/her home network, or a user would enhance his/her home gateway with additional security functionality. The functionality would then monitor local network for any DDOS traffic, for example, so for signs that one of IoT devices at home would have been infected by a botnet and would be participating in one of these large DDOS attacks. The software was open source can be found at github.com/sidn/spin Summarized by Photchanan R., THNIC Foundation

Summarized by Photchanan Ratanajaipan, THNIC Foundation
23 June 2020
https://68.schedule.icann.org/meetings/rsn2yoT8HYXaqZmy5