This paper investigates how and with whom IoT devices communicate and how
their location affects their communication patterns. Specifically, the
endpoints an IoT device communicates with can be defined as a small set of
domains. To study how the location of the device affects its domain set, we
distinguish between the location based on its IP address and the location
defined by the user when registering the device. We show, unlike common wisdom,
that IP-based location has little to no effect on the set of domains, while the
user-defined location changes the set significantly. Unlike common approaches
to resolving domains to IP addresses at close-by geo-locations (such as
anycast), we present a distinctive way to use the ECS field of EDNS to achieve
the same differentiation between user-defined locations. Our solution
streamlines the network design of IoT manufacturers and makes it easier for
security appliances to monitor IoT traffic. Finally, we show that with one
domain for all locations, one can achieve succinct descriptions of the traffic
of the IoT device across the globe. We will discuss the implications of such
description on security appliances and specifically, on the ones using the
Manufacturer Usage Description (MUD) framework.

By admin