DNS and the Internet of Things: Opportunities, Risks, and Challenges
The ICANN Security and Stability Advisory Committee (SSAC) has recently published SAC105, a report on the interplay between the Domain Name System (DNS) and the Internet of Things (IoT). Unlike typical SSAC publications, SAC105 does not provide particular recommendations to the ICANN Board, but instead is informative in nature and intends to trigger and facilitate dialogue in the broader ICANN community.
This is the first paper (that the SSAC is aware of) aimed at distilling the unique interactions between the DNS and the IoT and, as such, should be important to most members of the ICANN community. The paper frames the risks that the IoT presents to the DNS ecosystem, and strives to remove much of the confusion and angst around the IoT.
The paper asks some provocative questions, and the SSAC is looking for input from the community on what further work we should do in this space. Please read the document and send us your thoughts and feedback to email@example.com!
The IoT is an emerging Internet application that is widely expected to enhance our daily lives by seamlessly interacting with our physical environment through tens of billions of connected sensors and devices. These interactions make the IoT vastly different from traditional Internet applications, such as email and web browsing, because data exchange often takes place passively and without human involvement or awareness. IoT devices interact continuously with the DNS, relying on it for their operations and updates, as well as impacting the DNS in many different ways. It is vitally important that the DNS community understand the effects of IoT on the DNS, and that IoT manufacturers understand how the DNS is vital to a healthy IoT ecosystem.
SAC105 Key Findings: Opportunities, Risks, Challenges
The IoT represents an opportunity for the DNS, as IoT devices sense and act upon physical environments and will require new security, stability, and transparency requirements that the DNS can help fulfill. For example, DNSSEC can help ensure a connected door lock only communicates with its intended service and not a malicious one.
At the same time ,the IoT is a risk because it can cause stress on the DNS. Recent measurement studies show that IoT botnets can grow to hundreds of thousands of infected devices, such as light bulbs, cameras, and doorbells, and then launch large Distributed Denial of Service (DDoS) attacks against Internet infrastructure. IoT botnets are difficult to eradicate because devices may require device-specific cleanup procedures and often operate unattended.
SAC105 also examines various challenges to take advantage of the opportunities and address the risks. One challenge is to develop a library that makes DNSSEC validation and other DNS security facilities available for IoT software engineers. Another challenge is developing a shared system that enables different DNS operators to automatically and continuously share information on IoT botnets, allowing them to more quickly respond to those botnets and the DDoS attacks they generate.
We encourage you to learn more about the DNS and the IoT by watching the recent video interview with SSAC member Cristian Hesselman, the Chair of the SSAC IoT Work Party that produced the report. We also encourage you view the presentation on SAC105 given by SSAC member Jacques Latour at the ICANN65 Tech Day, and of course to read the full report.
SAC105 is an easy and approachable read for non-technical audiences, yet still covers many complex issues not covered in other reports on the IoT.
We look forward to your feedback!