Dear Töma, first of all a great thanks for your talk on RIPE 77 - nice to see we have the same favourite band ;)
Previously on topic: we've agreed (haven't we?) that MUD is not currently targeting industrial IoT and connected health. So, smart homes.
(By the way, it is more proper to directly specify the issue you're handling before proposing a solution. As MUD doesn't solve the security problem of IoT in general, let's then call it a solution for smart homes, but not a solution for IoT.)
The issue with smart homes, wearables etc. is that a contemporary commodity IoT device is not connected to the Internet in order to really provide a service to the customer. Instead, it collects, processes and sends data and telemetry which is precious for its vendor, which said vendor would then be able to sell.
- https://www.theverge.com/2017/7/24/16021610/irobot-roomba-homa-map-data-sale <https://www.theverge.com/2017/7/24/16021610/irobot-roomba-homa-map-data-sale> - https://www.warc.com/newsandopinion/news/general_motors_generates_new_radio_... <https://www.warc.com/newsandopinion/news/general_motors_generates_new_radio_advertising_insights/41073> - et cetera.
Expecting a vendor to cut their own cables themselves is a strange move, isn't it. Hence, "default policy is no access" stuff isn't just going to fly.
The question here to me seems what we want to achieve. I’m totally on your page in terms of data collection and privacy. But that’s to a large part the end users choice - even if I have to admit most of them simply don’t care, just look at the amount of data people share via facebook: Happy social engineering! My concern is more the integrity of the network infrastructure and how to reduce the impact of hacked IoT devices used by DDOS attacks. MUD files can help to identify what’s a devices purpose and monitoring if the device is doing what it’s supposed to do. I agree that we should not have much hope that the device makers will do their job but I’m sure a community fueld MUD proxy could play a role here.
d) Also, if said data is worth selling, setting up a firewall won't help because an IoT device will then use whatever radio technology built-in to connect to the Internet without your nice firewall. The only outcome would be an increased manufacturing cost because of additional radio module (and yes, it's the customer who's gonna pay for this). Sorry guys. Nothing personal, it's just business.
e) You cannot possibly set a firewall between the Internet and wearables, SmartTV, cars, etc.
That’s totally true in terms of privacy and data mining, but here - as said - it’s the customer’s choice (given all the cons we all know). In therms of preventing IoT devices being abused for DDOS firewalling can help. What’s not been adressed so far is the fact that a hacked IoT device could be used to hack other IoT device in an end user’s network. That can not be prevented by firewalling in most cases but there are a few things that can be done (separate network segments for differnet IoT device classes, isolation for wirelessly connected devices, UPnP control etc.). The SPIN project https://www.sidnlabs.nl/a/weblog/spin-a-user-centric-security-extension-for-... <https://www.sidnlabs.nl/a/weblog/spin-a-user-centric-security-extension-for-in-home-networks> and the activities of the IETF home network working group presented in Michael’s talk on Thursday follow similar approaches and I think we should work into that direction. Regards, Peter Peter Steinhäuser, CEO embeDD GmbH · Alter Postplatz 2 · 6370 Stans · Switzerland Phone: +41 (41) 784 95 85 · Fax: +41 (41) 784 95 64