Now Reading
Why the IoT industry should move beyond DNS and create its own IP address registry of devices
2

Why the IoT industry should move beyond DNS and create its own IP address registry of devices

Posted by Zenobia HegdeDecember 5, 2016

In today’s market, segments of the broader IoT ecosystem have been under-served, especially small-to-medium businesses (SMBs) and mid-sized cities. However, this oversight will change over the next several years as these entities seek to embrace the efficiencies and cost reductions that enterprises and government agencies are achieving through IoT implementations.

In addition to their high-priority issues of affordability and seamless IT integration, a key requirement we’ve seen for IoT adoption by SMBs and municipalities is assurances of fail-safe security measures. While current solutions can ensure effective security today, there is a looming long-term threat to security as the IoT ecosystem proliferates – the Domain Naming System (DNS) registry.

The current DNS registry is used to ensure websites can be accessed by simply typing in their name, such as www.IoT-Now.com, rather than the series of numbers of the site’s IP address – 178.79.176.146. In a world where just about any device you can name will have an IP address, however, it’s time for a new registry dedicated to IoT devices, says Bob Bilbruck, founder & CEO of B2 Group/Directed IoT/Captjur.

A stark example of the ineffective security of current DNS protocols in the IoT age was seen recently in the Mirai botnet attack that brought down much of the internet, including Twitter, Netflix, Reddit, CNN and many other sites.

IoT Security

IoT Security

The main targets of the distributed denial of service (DDoS) attack were the servers of Dyn, a company that controls much of the DNS for internet infrastructure. However, unlike other DDoS botnets which take advantage of computers, Mirai was able to gather strength from IoT devices such as DVR players and IP cameras with little security protection and then throw junk traffic at Dyn’s servers until they could no longer support valid users.

The current DNS registry was never intended for the IoT era, especially as the IoT ecosystem becomes inseparable from ‘Fog’ computing Fog computing is a new paradigm for analysing and acting on the most time-sensitive data at the network edge, close to where it is generated instead of sending vast amounts of IoT data to the cloud. It helps machines, on their own, act on IoT data in milliseconds based on human-set policies.

In smart cities, this can mean landscape sensors noting the deluge of a recent rainstorm and shutting off irrigation systems. Or it could mean a connected trash receptacle sending a message to an autonomous trash truck that it should be included in the day’s pick-up schedule. This immediate, machine-to-machine communication can also be a major target for disruption by hackers, especially in mission-critical industries such as energy and transportation.

At a time when cyber attacks can be launched via the most innocuous connection, the industry should focus on building a registry for every single IoT device, ensuring the legitimacy of the device and that the device can be easily monitored to stop and capture perpetrators of an attack.

DDoS Attacks

DDoS Attacks

As every cyber-security professional knows, any system’s security is only as effective as its weakest link. With disparate organisations implementing IoT systems throughout the world, we face a huge but urgent task to create a new registry of IP addresses for IoT devices.

There are precedents and organisations capable of achieving this type of undertaking. For example, oneM2M, a global initiative to create standards for IoT security and interoperability, might be one answer. Formed in 2012, the body is composed of eight of the world’s top telecommunications and IT standards body and has over 200 member organisations, including Cisco Systems, General Electric, Intel, MediaTek and Samsung.

With the assistance of telecommunications services firm iconectiv, oneM2M has already started an App-ID registry for IoT software installations. With its role in enabling mobile phone number portability and maintaining mobile device registries to protect against fraud and theft, it’s not a huge leap to see iconectiv or similar organisation, with the support of standards bodies like oneM2M, creating a dedicated IP address registry for IoT devices as well.

The author of this blog is Bob Bilbruck, founder & CEO of B2 Group/Directed IoT/Captjur

About the Author:

Bilbruck is founder and CEO of B2 Group (Directed IoT & Captjur Divisions within B2), an international strategy and consulting firm. He is responsible for developing and managing all aspects of strategy and operations within B2 Group’s organisation. Bilbruck’s nearly 20-year career is rooted in strategy services, along with program development, sales and technology development, emerging technologies & business models.

B2 Group works with many Fortune 500/1000 firms and also many well-funded start-ups. B2’s analyst division works frequently with VCs and Debt Equity firms as emerging market and technology experts on investments these firms make in these areas.

Previously, Bilbruck held positions at Brunswick Corporation, Samsung, Konica Minolta, Leviton, Advanced Digital Information Corporation, NewEgg.com, US Modular & Mobiletain.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

About The Author
Zenobia Hegde
2 Comments
  • David Traynor
    February 14, 2017 at 6:52 pm

    A registry for IoT devices… great article Bob & Sheetal (but I don’t think it is a really a DNS issue).

    What it seems you are suggesting is some directory and ontology approach to manage these things – understanding where, what, and how, tends to be too proprietary until it is too late. Back 15 years ago I sat on an industry group discussing UDDI and the need for methods for SOA to register and find distributed services, and it seems that these discussions will come full circle for IoT. Research done a couple of years ago on IoT directories (Vermesan and Friess) that suggested that UDDI was “not enough” due to governance, mobility et al…recent research by Li Hai, Fan Chunxiao et al suggested an IoT Node-Object Data Scheme based on LDAP. These all point to a real need for some common services that are not necessarily based on Firebase synch or some other proprietary approach.

    So… who will lead the way of IoT Directories and what technologies will prevail – will it be the traditional publish-subscribe approach, or perhaps the advertisement of services on adhoc networks. But one thing is clear, we need some sensible open ontology to describe these things… and some sensible way to discover them.

  • December 6, 2016 at 5:33 am

    That is an interesting read. However, I am really not sure to understand your view on creating a separate DNS registry for IoT. It is not because IoT is not using the legacy DNS system that it cannot attack it. DNS was targetted by Iot devices because it is a critical part of the Internet infrastructure and not because the IoT devices were configured with these specific DNS. Creating a separate IP registry for IoT devices is certainly achievable on IPv6. Still, this is going to be a network administration nightmare.
    Does that mean every operator would have to configure firewall ACL or IPVPN to isolate its IoT traffic from the rest of the Internet?
    I believe the best way to address this security issue is to make sure that every device that connects to Internet has a certain level of security and comply with open security standards to be defined.
    Manufacturers and telcos need to sit together and define these standards. This could be an evolution of radius / diameter protocol (used in ISP and MNO’s environment). In this evolution, the device model and version will be challenged against security database to make sure the device is not at risk before getting granted access to the network.

Leave a Response