MUD Lifecyle: A Manufacturer's Perspective

Document Type Active Internet-Draft (individual)
Last updated 2017-03-12
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
On Agenda opsawg at IETF-98
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Thing-to-Thing Research Group                                    S. Rich
Internet-Draft                                             Cisco Systems
Intended status: Informational
Expires: September 12, 2017                                      T. Dahm
                                                           12 March 2017

               MUD Lifecyle: A Manufacturer's Perspective


   Manufacturer Usage Descriptions, or MUDs, allow a manufacturer to
   cheaply and simply describe to the network the accesses required
   by an IoT device without adding any extra cost or software to the
   devices themselves.  By doing so, the network infrastructure
   devices can apply access policies automatically which increase the
   overall security of the entire network, not just for the IoT
   devices themselves.  This document describes the lifecycle of
   Manufacturer Usage Descriptions (MUDs) by describing detailed MUD
   scenarios from the perspective of manufacturers.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current
   Internet-Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-Drafts
   as reference material or to cite them other than as "work in

   This Internet-Draft will expire on September 12, 2017.

Rich & Dahm                                                     [Page 1]
Draft          MUD Lifecyle: A Manufacturer's Perspective  12 March 2017

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document.  Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

1.  Introduction

   The addition of IoT devices to a network can, at least
   theoretically, expand the attack surface of that network.  Even if
   a device does not have exploitable vulnerabilities (in the sense
   of an attacker injecting and running malware on it), it may be
   susceptible to denial-of-service (DoS) attacks and thus could have
   its functionality impaired by attackers.  Recent events have shown
   just how real, and not just theoretical, such attacks can be.

   A detailed summary of the current state of understanding of the
   Mirai botnet's use of IoT devices can be found in [MIRAI].  It is
   estimated that around 100,000 IoT devices generated more than a
   terabit per second of DDoS traffic.

   Also consider the Sony Cameras IP Security article [SONYCAMS]
   which describes a vulnerability in many camera models which could
   be exploited to launch attacks like those seen in the massive DDoS
   attack on DynDNS in [DynDNS].  As both of these incidents show,
   more network-accessible devices which can connect to arbitrary
   external addresses can, if those devices permit too much access or
   if they have vulnerabilities which allow arbitrary code execution,
   be used by attackers to amplify attacks and to do so by using
   origin addresses spanning broad ranges of networks.

   Concerns about the negative possibilities of attacks related to
   IoT devices is also discussed in [MITTECH] that also discusses
   some of the regulatory and government angles in play.  In a recent
   move described in [USGSUIT], the U.S. Federal Government has taken
   the step of suing D-Link, accusing it of ``poor security
   practices'' for some of its IoT devices.

Rich & Dahm                                                     [Page 2]
Draft          MUD Lifecyle: A Manufacturer's Perspective  12 March 2017

   MUD provides a much more light-weight model of achieving very
   effective baseline security for IoT devices by simply allowing a
   network to automatically configure the required network access for
   IoT devices so that they can perform their intended functions
Show full document text