SlideShare a Scribd company logo

RIPE Atlas: Ethical, Security and Legal Considerations of Running an IoT Network

RIPE NCC
RIPE NCC

Presentation given by Mirjam Kühne and Ivo Dijkhuis at 56th TF-CSIRT Meeting, Tallinn, Estonia on 21 January 2019

Technology
1 of 17
Download to read offline
21 January 2019 | 56th TF-CSIRT, Tallinn, Estonia RIPE Atlas Ethical, Security and Legal Aspects of Running an IoT Network Mirjam Kühne, Senior Community Builder Ivo Dijkhuis, Information Security Officer
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 RIRs Around the World
RIPE Atlas
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 RIPE Atlas is a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices that measure Internet connectivity in real time. (wikipedia) RIPE Atlas
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Measuring Internet access disruptions: - Internet Access Disruptions in Turkey - Internet Access Disruption in Gambia • Measuring DNS censorship and hijacking: - Using DNS Servers in Iran - DNS Censorship • Monitoring connectivity problems: - Monitoring Game Service Connectivity - Measuring Cloud Connectivity - Debugging Network Connectivity Problems RIPE Atlas Use Cases
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • 10,000 probes and 400 anchors connected worldwide • 5.6% IPv4 ASes and 9% IPv6 ASes covered • 181 countries covered • 7,000 measurements per second RIPE Atlas in Numbers
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Low, cheap barrier of entry • Active measurements only - Probes do not observe user traffic • Data, API, tools, source code: FREE and OPEN • Set of measurement types limited - Ping, trace route, SSL/TLS, NTP, HTTP (limited) • Strong community involvement from the start Design Principles
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • No bandwidth measurement - Other platforms provide that service • HTTP measurements only towards RIPE Atlas anchors because otherwise: - It would rely on the hosts’ bandwidth - Might put volunteer hosts at risk • Encourage our users to think about ethical consequences - https://labs.ripe.net/Members/kistel/ethics-of-ripe-atlas-measurements Ethical Considerations
Securing RIPE Atlas
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 RIPE Atlas Architecture !10
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Prevent re-use and re-purposing of probes - Decided against Trusted Platform Model (TPM) - Instead, we use cheap devices and discourage reusing them - Accepting possible loss of probes • Initialisation procedure before distribution - Off-the-shelf firmware gets replaced with RIPE Atlas firmware - Generating and registering individual keys - Testing Limiting Consequences (1/2)
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Trust anchors installed on all probes - Two-way authentication; unique SSH key for probes used for identification • Regular firmware updates - All firmware updates are signed - Pre-installed public keys to verify firmware signature before upgrading • Mechanisms to detect unwanted behaviour - Outliers or protocol violations • No direct services to host or network - No local configuration possible; reduces network-based attack surface Limiting Consequences (2/2)
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Done in a “lazy fashion” - Upgraded next time they connect to RIPE Atlas infrastructure - We have means to force them to upgrade faster • Each upgrade is cryptographically verified Firmware Upgrades
Legal Aspects of RIPE Atlas
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Radio Equipment Directive (2014/53/EU) • Mandatory requirements for everything that has a radio - Basis in health and safety, together with interoperability - Also applies when you communicate via other means (e.g. WiFI, GPS, Bluetooth) • Self-assessment on compliance - Using CE mark to indicate you’re safe - Ex-post compliance testing in (external) labs by regulator - Non-compliance can result in EU-wide recall Legal Considerations (1/2)
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Directive has a few “optional” requirements - 3.3.d: Do not harm the network or misuse network resources - 3.3.e: Protection of personal data and privacy - 3.3.f: Protection from fraud - 3.3.i: Only compliant software can be loaded • Can be activated by means of a Delegated Act - Decision by European Commission Legal Considerations (2/2)
I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • IETF draft document: BCP for Securing IoT Devices https://tools.ietf.org/html/draft-moore-iot-security-bcp-01 • RIPE Atlas: https://atlas.ripe.net https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices https://labs.ripe.net/Members/kistel/ripe-atlas-architecture-how-we- manage-our-probes Best Current Practices

Recommended

T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
yasinalimohammed
 
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
APNIC
 
EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...
EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...
EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...
EENA (European Emergency Number Association)
 
EENA 2018 - Satellite applications for emergency response, search and rescue
EENA 2018 - Satellite applications for emergency response, search and rescueEENA 2018 - Satellite applications for emergency response, search and rescue
EENA 2018 - Satellite applications for emergency response, search and rescue
EENA (European Emergency Number Association)
 
Existing example of V2I (IPIS)
Existing example of V2I (IPIS)Existing example of V2I (IPIS)
Existing example of V2I (IPIS)
Ahmed Shehab
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
techUK
 
Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
techUK
 
EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...
EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...
EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...
EENA (European Emergency Number Association)
 

Recommended

T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
yasinalimohammed
 
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [AP...
APNIC
 
EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...
EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...
EENA2019: Track1 session1 _The future of emergency response today (...)_Jessi...
EENA (European Emergency Number Association)
 
EENA 2018 - Satellite applications for emergency response, search and rescue
EENA 2018 - Satellite applications for emergency response, search and rescueEENA 2018 - Satellite applications for emergency response, search and rescue
EENA 2018 - Satellite applications for emergency response, search and rescue
EENA (European Emergency Number Association)
 
Existing example of V2I (IPIS)
Existing example of V2I (IPIS)Existing example of V2I (IPIS)
Existing example of V2I (IPIS)
Ahmed Shehab
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
techUK
 
Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
techUK
 
EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...
EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...
EENA 2018 - NEXES on the path to Next Generation Emergency Services – The NG ...
EENA (European Emergency Number Association)
 
Context-aware Automotive Intrusion Detection using Reference Models
Context-aware Automotive Intrusion Detection using Reference ModelsContext-aware Automotive Intrusion Detection using Reference Models
Context-aware Automotive Intrusion Detection using Reference Models
Armin Wasicek
 
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA 2021 - Improving public safety with smart cities and Internet of Things ...EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA (European Emergency Number Association)
 
Strenthening Critical Internet Infrastructure
Strenthening Critical Internet InfrastructureStrenthening Critical Internet Infrastructure
Strenthening Critical Internet Infrastructure
Francis Amaning
 
EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...
EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...
EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...
EENA (European Emergency Number Association)
 
Cyber Security for SCADA and Networks - Sean McMillan
Cyber Security for SCADA and Networks - Sean McMillanCyber Security for SCADA and Networks - Sean McMillan
Cyber Security for SCADA and Networks - Sean McMillan
TWCA
 
Internet Measurements of the COVID-19 Pandemic
Internet Measurements of the COVID-19 PandemicInternet Measurements of the COVID-19 Pandemic
Internet Measurements of the COVID-19 Pandemic
RIPE NCC
 
EENA2019: Track2 session6 AML in Norway_Sven Bruun
EENA2019: Track2 session6 AML in Norway_Sven BruunEENA2019: Track2 session6 AML in Norway_Sven Bruun
EENA2019: Track2 session6 AML in Norway_Sven Bruun
EENA (European Emergency Number Association)
 
EENA 2018 - The use of the cloud and data to reduce response times and increa...
EENA 2018 - The use of the cloud and data to reduce response times and increa...EENA 2018 - The use of the cloud and data to reduce response times and increa...
EENA 2018 - The use of the cloud and data to reduce response times and increa...
EENA (European Emergency Number Association)
 
Connected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptxConnected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptx
brigel529
 
EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...
EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...
EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...
EENA (European Emergency Number Association)
 
Demo Smart City Lab Amsterdam
Demo Smart City Lab AmsterdamDemo Smart City Lab Amsterdam
Demo Smart City Lab Amsterdam
simcipresentation
 
EENA 2018 - Facilitating communications between PSAPs throughout Europe
EENA 2018 - Facilitating communications between PSAPs throughout EuropeEENA 2018 - Facilitating communications between PSAPs throughout Europe
EENA 2018 - Facilitating communications between PSAPs throughout Europe
EENA (European Emergency Number Association)
 
EENA 2021 - Implementing Public Warning Systems (3/3)
EENA 2021 - Implementing Public Warning Systems (3/3)EENA 2021 - Implementing Public Warning Systems (3/3)
EENA 2021 - Implementing Public Warning Systems (3/3)
EENA (European Emergency Number Association)
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
Jisc
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Skybox Security
 
Internet Governance Community Use Slide Deck from ARIN
Internet Governance Community Use Slide Deck from ARINInternet Governance Community Use Slide Deck from ARIN
Internet Governance Community Use Slide Deck from ARIN
ARIN
 
Ensuring solution performance in large-scale smart installations”, Showcase t...
Ensuring solution performance in large-scale smart installations”, Showcase t...Ensuring solution performance in large-scale smart installations”, Showcase t...
Ensuring solution performance in large-scale smart installations”, Showcase t...
Landis+Gyr
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 Calls
Mustafa Jarrar
 
Anil Shukla, QinetiQ, Spectrum Resiliance - Intro
Anil Shukla, QinetiQ, Spectrum Resiliance - IntroAnil Shukla, QinetiQ, Spectrum Resiliance - Intro
Anil Shukla, QinetiQ, Spectrum Resiliance - Intro
techUK
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isaca
Antoine Vigneron
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
Dale Butler
 

More Related Content

What's hot

Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Skybox Security
 

What's hot (17)

Context-aware Automotive Intrusion Detection using Reference Models
Context-aware Automotive Intrusion Detection using Reference ModelsContext-aware Automotive Intrusion Detection using Reference Models
Context-aware Automotive Intrusion Detection using Reference Models
 
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA 2021 - Improving public safety with smart cities and Internet of Things ...EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
 
Strenthening Critical Internet Infrastructure
Strenthening Critical Internet InfrastructureStrenthening Critical Internet Infrastructure
Strenthening Critical Internet Infrastructure
 
EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...
EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...
EENA 2018 - GRALLE, a EU initiative for a Galileo-based Emergency Warning Sys...
 
Cyber Security for SCADA and Networks - Sean McMillan
Cyber Security for SCADA and Networks - Sean McMillanCyber Security for SCADA and Networks - Sean McMillan
Cyber Security for SCADA and Networks - Sean McMillan
 
Internet Measurements of the COVID-19 Pandemic
Internet Measurements of the COVID-19 PandemicInternet Measurements of the COVID-19 Pandemic
Internet Measurements of the COVID-19 Pandemic
 
EENA2019: Track2 session6 AML in Norway_Sven Bruun
EENA2019: Track2 session6 AML in Norway_Sven BruunEENA2019: Track2 session6 AML in Norway_Sven Bruun
EENA2019: Track2 session6 AML in Norway_Sven Bruun
 
EENA 2018 - The use of the cloud and data to reduce response times and increa...
EENA 2018 - The use of the cloud and data to reduce response times and increa...EENA 2018 - The use of the cloud and data to reduce response times and increa...
EENA 2018 - The use of the cloud and data to reduce response times and increa...
 
Connected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptxConnected roadways external launch feb26 revised_final.ptx
Connected roadways external launch feb26 revised_final.ptx
 
EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...
EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...
EENA2021: Industry session by Carbyne: Cloud Call Management that Meets Your ...
 
Demo Smart City Lab Amsterdam
Demo Smart City Lab AmsterdamDemo Smart City Lab Amsterdam
Demo Smart City Lab Amsterdam
 
EENA 2018 - Facilitating communications between PSAPs throughout Europe
EENA 2018 - Facilitating communications between PSAPs throughout EuropeEENA 2018 - Facilitating communications between PSAPs throughout Europe
EENA 2018 - Facilitating communications between PSAPs throughout Europe
 
EENA 2021 - Implementing Public Warning Systems (3/3)
EENA 2021 - Implementing Public Warning Systems (3/3)EENA 2021 - Implementing Public Warning Systems (3/3)
EENA 2021 - Implementing Public Warning Systems (3/3)
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
 
Internet Governance Community Use Slide Deck from ARIN
Internet Governance Community Use Slide Deck from ARINInternet Governance Community Use Slide Deck from ARIN
Internet Governance Community Use Slide Deck from ARIN
 
Ensuring solution performance in large-scale smart installations”, Showcase t...
Ensuring solution performance in large-scale smart installations”, Showcase t...Ensuring solution performance in large-scale smart installations”, Showcase t...
Ensuring solution performance in large-scale smart installations”, Showcase t...
 

Similar to RIPE Atlas: Ethical, Security and Legal Considerations of Running an IoT Network

Analysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeAnalysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in Europe
Francesco Faenzi
 
20140626 science meets business business cluster semiconductors
20140626 science meets business business cluster semiconductors20140626 science meets business business cluster semiconductors
20140626 science meets business business cluster semiconductors
SMBBV
 
Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin
Massimiliano Masi
 

Similar to RIPE Atlas: Ethical, Security and Legal Considerations of Running an IoT Network (20)

Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 Calls
 
Anil Shukla, QinetiQ, Spectrum Resiliance - Intro
Anil Shukla, QinetiQ, Spectrum Resiliance - IntroAnil Shukla, QinetiQ, Spectrum Resiliance - Intro
Anil Shukla, QinetiQ, Spectrum Resiliance - Intro
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isaca
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada security
 
Analysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeAnalysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in Europe
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...
Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...
Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
20140626 science meets business business cluster semiconductors
20140626 science meets business business cluster semiconductors20140626 science meets business business cluster semiconductors
20140626 science meets business business cluster semiconductors
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
THE US’s NATIONWIDE PUBLIC SAFETY LTE NETWORK THE GLOBAL ADOPTION OF LTE FOR ...
THE US’s NATIONWIDE PUBLIC SAFETY LTE NETWORK THE GLOBAL ADOPTION OF LTE FOR ...THE US’s NATIONWIDE PUBLIC SAFETY LTE NETWORK THE GLOBAL ADOPTION OF LTE FOR ...
THE US’s NATIONWIDE PUBLIC SAFETY LTE NETWORK THE GLOBAL ADOPTION OF LTE FOR ...
 
Session 2 ure_changingrules_final
Session 2 ure_changingrules_finalSession 2 ure_changingrules_final
Session 2 ure_changingrules_final
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 
Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 

More from RIPE NCC

More from RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

RIPE Atlas: Ethical, Security and Legal Considerations of Running an IoT Network

  • 1. 21 January 2019 | 56th TF-CSIRT, Tallinn, Estonia RIPE Atlas Ethical, Security and Legal Aspects of Running an IoT Network Mirjam Kühne, Senior Community Builder Ivo Dijkhuis, Information Security Officer
  • 2. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 RIRs Around the World
  • 4. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 RIPE Atlas is a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices that measure Internet connectivity in real time. (wikipedia) RIPE Atlas
  • 5. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Measuring Internet access disruptions: - Internet Access Disruptions in Turkey - Internet Access Disruption in Gambia • Measuring DNS censorship and hijacking: - Using DNS Servers in Iran - DNS Censorship • Monitoring connectivity problems: - Monitoring Game Service Connectivity - Measuring Cloud Connectivity - Debugging Network Connectivity Problems RIPE Atlas Use Cases
  • 6. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • 10,000 probes and 400 anchors connected worldwide • 5.6% IPv4 ASes and 9% IPv6 ASes covered • 181 countries covered • 7,000 measurements per second RIPE Atlas in Numbers
  • 7. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Low, cheap barrier of entry • Active measurements only - Probes do not observe user traffic • Data, API, tools, source code: FREE and OPEN • Set of measurement types limited - Ping, trace route, SSL/TLS, NTP, HTTP (limited) • Strong community involvement from the start Design Principles
  • 8. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • No bandwidth measurement - Other platforms provide that service • HTTP measurements only towards RIPE Atlas anchors because otherwise: - It would rely on the hosts’ bandwidth - Might put volunteer hosts at risk • Encourage our users to think about ethical consequences - https://labs.ripe.net/Members/kistel/ethics-of-ripe-atlas-measurements Ethical Considerations
  • 10. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 RIPE Atlas Architecture !10
  • 11. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Prevent re-use and re-purposing of probes - Decided against Trusted Platform Model (TPM) - Instead, we use cheap devices and discourage reusing them - Accepting possible loss of probes • Initialisation procedure before distribution - Off-the-shelf firmware gets replaced with RIPE Atlas firmware - Generating and registering individual keys - Testing Limiting Consequences (1/2)
  • 12. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Trust anchors installed on all probes - Two-way authentication; unique SSH key for probes used for identification • Regular firmware updates - All firmware updates are signed - Pre-installed public keys to verify firmware signature before upgrading • Mechanisms to detect unwanted behaviour - Outliers or protocol violations • No direct services to host or network - No local configuration possible; reduces network-based attack surface Limiting Consequences (2/2)
  • 13. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Done in a “lazy fashion” - Upgraded next time they connect to RIPE Atlas infrastructure - We have means to force them to upgrade faster • Each upgrade is cryptographically verified Firmware Upgrades
  • 15. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Radio Equipment Directive (2014/53/EU) • Mandatory requirements for everything that has a radio - Basis in health and safety, together with interoperability - Also applies when you communicate via other means (e.g. WiFI, GPS, Bluetooth) • Self-assessment on compliance - Using CE mark to indicate you’re safe - Ex-post compliance testing in (external) labs by regulator - Non-compliance can result in EU-wide recall Legal Considerations (1/2)
  • 16. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • Directive has a few “optional” requirements - 3.3.d: Do not harm the network or misuse network resources - 3.3.e: Protection of personal data and privacy - 3.3.f: Protection from fraud - 3.3.i: Only compliant software can be loaded • Can be activated by means of a Delegated Act - Decision by European Commission Legal Considerations (2/2)
  • 17. I. Dijkhuis & M. Kühne | 56th TF-CSIRT | 21 January 2019 01 • IETF draft document: BCP for Securing IoT Devices https://tools.ietf.org/html/draft-moore-iot-security-bcp-01 • RIPE Atlas: https://atlas.ripe.net https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices https://labs.ripe.net/Members/kistel/ripe-atlas-architecture-how-we- manage-our-probes Best Current Practices