The value of open standards
The internet doesn't simply work of its own accord. It depends on sound, carefully designed protocols, which are open and standardised. After all, the net is a complex, global infrastructure, on which we are all increasingly reliant. Many people are involved in the development and maintenance of such protocols within the internet's various abstraction layers. The work is never-ending, because development is taking place all the time. Not only are new internet-based applications constantly appearing, but continuous innovation is also in progress far 'below the hood'. Consider, for example, the 'link layer' of the physical abstraction layer, i.e. the wireless communication standards and cables. Against that background, there is of course an ongoing need to develop and apply sound, clear and readily accessible standards. The IETF's standardisation work focuses on three important layers:
- The internet layer (IP)
- The transport layer (TCP/UDP)
- The application layer (e.g. SMTP, HTTP and, most significantly for us, the DNS)
Many internet standards are already in place, but technological progress makes it necessary to keep refining the existing standards and devising new ones.
We have written previously about our IoT project called SPIN (Security and Privacy for In-home Networks). SPIN is an open-source reference software platform for secure, privacy-enabled IoT home networks. The SPIN device is a gadget that provides intelligent protection for a home network against the threats potentially associated with the use of IoT solutions. Such threats are many and various. For example, a hacked IP camera could be recruited into a large botnet. Or a hacker could take unauthorised control of a smart speaker. Equally, a smart vacuum cleaner might send its manufacturer a little more personal information than the user was expecting.
From our SPIN research, it's clear that further standardisation is needed in the IoT world. The IoT is currently going through a sort of pioneering phase, characterised by uncontrolled growth. That inevitably gives rise to security issues. Fortunately, various initiatives are seeking to address that situation. For example, plans are being developed that would enable manufacturers and others to provide IoT product firewall profiles, which home routers would implement automatically when products are connected. The system would make use of, for example, MUD profiles, which are the subject of a draft IETF standard that is directly relevant to our work.
Within the SPIN project, we are exploring the possibilities and the shortcomings of such solutions. One of the things we're looking at is the scope for further standardisation. In that context, we envisage making various practical proposals for improving and extending the MUD standard. Our ideas will be refined in the period ahead.
Developments taking place within the IETF and the IRTF (Internet Research Task Force) are therefore interesting and relevant in relation to SIDN Labs' research. Active involvement in those organisations consequently supports our work and our mission of promoting safe and convenient digital living. Following the last IETF meeting, we produced the report linked below, which provides an overview of the IoT-related activities taking place within the IETF that are relevant to our SPIN work.
Download the report: