The ICANN Security and Stability Advisory Committee (SSAC) has recently published SAC105, a report on the interplay between the DNS and the Internet of Things (IoT). Unlike typical SSAC publications, SAC105 does not provide particular recommendations to the ICANN Board, but instead is informative in nature and intends to trigger and facilitate dialogue in the broader ICANN community.

First paper on IoT-DNS interaction

This is the first paper the SSAC is aware of to distill the unique interactions between the DNS and the IoT, and as such, should be important to most members of the ICANN community. The paper frames the risks that the IoT presents to the DNS ecosystem and strives to remove much of the confusion and angst around the IoT. The paper asks some provocative questions and the SSAC is looking for input from the community on what further work we should do in this space. Please read the document, it’s not too long and is really interesting, then give us some feedback!

The IoT is an emerging Internet application that is widely expected to enhance our daily lives by seamlessly interacting with our physical environment through tens of billions of connected sensors and devices. These interactions make the IoT vastly different from traditional Internet applications such as email and web browsing because data exchange often takes place passively and without human involvement or awareness. IoT devices interact continuously with the DNS, relying on it for their operations and updates, as well as impacting the DNS in many different ways. It is vitally important that the DNS community understand the effects of IoT on the DNS, and that IoT manufacturers understand how DNS is vital to a healthy IoT ecosystem.

Key Findings: Opportunities, Risks, Challenges

The IoT represents an opportunity for the DNS, because IoT devices sense and act upon physical environments and will, therefore, have new security, stability, and transparency requirements that the DNS can help fulfill. For example, DNSSEC can help ensure a connected door lock only communicates with its intended service and not a malicious one.

At the same time, the IoT is a risk because it can cause stress on the DNS. Recent measurement studies show that IoT botnets can grow to hundreds of thousands of infected devices such as light bulbs, cameras, and doorbells, and then launch large Distributed Denial of Service (DDoS) attacks against Internet infrastructure. IoT botnets are difficult to eradicate because devices may require device-specific cleanup procedures and often operate unattended.

SAC105 also examines various challenges to take advantage of the opportunities and address the risks. One challenge is to develop a library that makes DNSSEC validation and other DNS security facilities available for IoT software engineers. Another challenge is to develop a shared system that enables different DNS operators to automatically and continuously share information on IoT botnets, allowing them to more quickly respond to those botnets and the DDoS attacks they generate.

Learning more

We encourage you to learn more about the DNS and the Internet of Things by watching the video interview with SSAC member Cristian Hesselman, chair of the SSAC IoT Work Party that produced the report. We also encourage you to view the presentation on SAC105 given by SSAC member Jacques Latour at ICANN 65 Tech Day, and of course to read the full report.

SAC105 is an easy and approachable read for non-technical audiences, yet still covers many complex issues not covered in other reports on the IoT.

We look forward to your feedback! Contact the SSAC at: [email protected]