RFCs We Love: Oct 2020 (IoT edition)
Updated: Oct 30, 2020
The October month's RFCsWeLove meetup was on the 30th of Oct 2020 (Friday) with a focus on IoT. This was our 19th meetup and the 6th fully virtual one.
We had a great set of topics with excellent speakers for you who brought in-depth knowledge in the field.
Software Updates for IoT (SUIT)
Vulnerabilities with Internet of Things (IoT) devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices. Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts. The SUIT working group is chartered to produce requirements, architecture and the manifest format specifications for a firmware update mechanism suitable for IoT devices. This talk will give an introduction to the problem space as well as the active work being done in the IETF.
An experienced software engineer, Brendan has held many different roles from hardware design through to software security. In his role as the Security Architect for firmware update in Arm’s Pelion IoT platform, Brendan has been improving the state of firmware update, both at Arm and through standards organisations including the IETF. He has now taken on a role in Arm Research’s Security Group, where he continues to drive IoT device security forward.
Manufacturer Usage Description (MUD) TLS Profiles for IoT
Manufacturer Usage Descriptions (MUDs) provides a means for end devices to signal to the network what sort of access and network functionality they require to properly function. MUD specification is being extended to incorporate TLS profile parameters to allow a network security service to identify unexpected TLS usage, which can indicate the presence of unauthorized software or malware on an endpoint. This talk will introduce the work done in this area at the IETF.
Tirumaleswar Reddy is a Principal Engineer at McAfee. He has expertise in network and IoT/endpoint security, architecting, and developing security products and solutions. He has a proven track record of developing security and privacy standards for the Internet. He is currently chair of the TEEP WG and member of the “security area” review team at IETF. He has co-authored 22 RFC and is an active contributor in several working groups. He has 47 patents approved and 50 patents filed in USPTO. His recent work and interests include IoT Security, Service Function Chaining, DDoS mitigation, and Encrypted DNS.
Find details about previous meetup here.
Stay Safe Folks!