The present disclosure relates to Internet-of-Things (IoT) devices, and in particular to using Manufacturer Usage Description (MUD) files with Internet-of-Things Devices.
The Constrained Application Protocol (CoAP) is a specialized web transfer protocol, Representational State Transfer (REST)-based application-layer protocol, for devices with constraints on system resources such as processing power and memory size. CoAP (Internet Engineering Task Force (IETF) Request for Comments (RFC) 7252, June 2014) is designed to be used over User Datagram Protocol (UDP) over the Internet.
On current deployments, CoAP-based solutions like Open Mobile Alliance (OMA) Lightweight Machine to Machine (LwM2M) are becoming increasingly popular for managing devices in a REST-based fashion.
Manufacturer Usage Descriptions (MUD) (RFC8520, March 2019) are used to advertise to the network the best, e.g. preferred or operationally constrained, configuration for an Internet-of-Things (IoT) device. MUDs are composed of a URL that is advertised, the URL can be used to locate a MUD description. One purpose of MUD is to provide a way for end devices to signal to the network what sort of access and network functionality they require to properly function. The MUD may advertise device specifications, including the intended communication patterns for the device when it connects to the network. The network may then use this intent to author a context-specific access policy, so the device functions only within those parameters. In this manner, MUD becomes the authoritative identifier and enforcer of policy for devices on the network.
The term “manufacturer” generally refers to the entity or organization that will state how a device is intended to be used. For example, in the context of a light bulb, this might be the light bulb manufacturer. In the context of a smarter device that has a built in Linux stack, it might be an integrator of that device. The key points are that the device itself is assumed to serve a limited purpose, and that there exists an organization in the supply chain of that device that will take responsibility for informing the network about that purpose.
MUDs are used to provide a means for end devices (IoT devices) to signal to the network what sort of access and network functionality they require to properly function. In a MUD scenario, the “IoT device” exposes a “MUD URL” to someone, a “MUD Processor” queries a “MUD file server” and retrieves the “MUD File” from it. After processing the “MUD processor” applies an “Access Policy” to the IoT device. The IoT device is also interchangeably referred to herein as a “device”, “Thing”, and “IoT Thing.”
The configuration of MUD may provide any one or more of the following:
The following terms used when referring to
As shown in
The AAA Server then passes (step 3) this URL onto the MUD Manager. The MUD Manager then contacts (step 4) the internet hosted MUD File Server of the manufacturer that this URL points to over HTTPS. After the MUD file server verifies that the MUD file was produced by the device manufacturer, the MUD file corresponding to that device is sent (step 5) by the MUD file server to the MUD Manager. This MUD file, which may be a YANG Data Model represented as a JSON object, contains abstracted communication intent for the IoT device in question.
The MUD Manager translates this abstract intent to a context-specific policy, which is passed (step 6) onto the AAA Server/Identity Service Engine (ISE). The ISE then enforces (step 7) the policy onto the network in the form of port-based Access Control Lists (ACLs) for the point of that IoT device's connection.
Based on the manufacturer stated intent, access (step 8) to the device is then provided.
A MUD process can be used to automatically permit the device to send and receive only the traffic it requires to perform its intended function. A MUD process can also be used to palliate distributed denial-of-service (DDoS) attacks, for example by prohibiting unauthorized traffic to and from IoT devices. Even if an IoT device becomes compromised, content of a MUD file can prevent the IoT device from being used in any attack that would require the IoT device to send traffic to an unauthorized destination.
A MUD process is not intended to address network authorization of general-purpose computers but of IoT devices. However, MUD URLS are currently mandated in the “https” scheme (RFC7230, June 2014).
Some embodiments of the present disclosure are directed to a method by an IoT device. The method includes hosting a MUD file and local memory of the IoT device, and exposing content of the MUD file from the local memory of IoT device is a CoAP resource.
Some other related embodiments are directed to a method by a MUD manager. The method includes receiving using CoAP from an IoT device a URL advertising location of a MUD file stored in local memory of the IoT device. The method further includes getting content of the MUD file from the local memory of the IoT device using CoAP.
Some other related embodiments are directed to a method by a LwM2M server. The method includes receiving a registration command from a LwM2M client for an IoT device using CoAP. The method determines a policy to be used to control communications with the IoT device, and determines content of a MUD file based on the policy that is determined. The method then provides the content of the MUD file to the LwM2M client for the IoT device using CoAP.
Some other related embodiments are directed to a method by a Resource Directory (RD) server. The method includes receiving a command from an Internet of Things, IoT, device to register a URL for a MUD file stored in local memory of the IoT device. The method stores the URL as a MUD based resource type in an object structure maintained by the RD server. The method responds to a query from an electronic device identifying the MUD based resource type by providing the URL to the electronic device.
Some other embodiments are directed to a corresponding IoT device that includes at least one processor, and at least one memory coupled to the at least one processor and which includes computer readable program code that when executed by the at least one processor causes the at least one processor to perform operations. The operations are configured to host a MUD file in local memory of the IoT device, and to expose content of the MUD file from the local memory of the IoT device as a CoAP resource.
Some other embodiments are directed to a corresponding MUD manager that includes at least one processor, and at least one memory coupled to the at least one processor and which includes computer readable program code that when executed by the at least one processor causes the at least one processor to perform operations. The operations are configured to receive using CoAP from an IoT device a URL advertising location of a MUD file stored in local memory of the IoT device, and to get content of the MUD file from the local memory of the IoT device using CoAP.
Some other embodiments are directed to a corresponding LwM2M server that includes at least one processor, and at least one memory coupled to the at least one processor and which includes computer readable program code that when executed by the at least one processor causes the at least one processor to perform operations. The operations are configured to receive a registration command from a LwM2M client for an IoT device using CoAP. The operations determine a policy to be used to control communications with the IoT device, and determine content of a MUD file based on the policy that is determined. The operations then provide the content of the MUD file to the LwM2M client for the IoT device using CoAP.
Some other embodiments are directed to a corresponding RD server that includes at least one processor, and at least one memory coupled to the at least one processor and which includes computer readable program code that when executed by the at least one processor causes the at least one processor to perform operations. The operations are configured to receiving a command from an IoT device to register a URL for a MUD file stored in local memory of the IoT device, and to store the URL as a MUD based resource type in an object structure maintained by the RD server. The operations respond to a query from an electronic device identifying the MUD based resource type by providing the URL to the electronic device.
Potential advantages of these and other embodiments disclosed herein include that by hosting the MUD file on the IoT device, the MUD manager is able to manage communication policies with the IoT device without needing to use an Internet connection to a remote MUD file server and, therefore, can operate during the absence of such Internet connectivity. Moreover, lower latency and higher reliable policy determinations can be made by the MUD manager communicating locally with the IoT device without relying on Internet connectivity to a remote MUD file server. The operational efficiency of the MUD architecture can also be improved by using CoAP to communicate contents of the MUD file from a CoAP server on the IoT device to a CoAP client on the MUD manager. Contents of the MUD file hosted by the IoT device may be effectively managed by a LwM2M server communicating with a LwM2M client on the IoT device. IoT devices can provide a Resource Directory (RD) server with URLs for locations of where the MUD files are locally stored at the IoT devices, and the RD server can then be queried by other electronic devices to discover which IoT devices have locally stored MUD files and to obtain the URLs of the MUD files.
It is noted that aspects described with respect to one embodiment may be incorporated in different embodiments although not specifically described relative thereto. That is, all embodiments and/or features of any embodiments can be combined in any way and/or combination. Moreover, other IoT devices, MUD managers, LwM2M servers, RD servers and corresponding methods and computer program products according to embodiments will be or become apparent to one with skill in the art upon review of the following drawings and detailed description. It is intended that all such other IoT devices, MUD managers, LwM2M servers, RD servers and corresponding methods and computer program products be included within this description and protected by the accompanying claims.
Aspects of the present disclosure are illustrated by way of example and are not limited by the accompanying drawings. In the drawings:
Inventive concepts will now be described more fully hereinafter with reference to the accompanying drawings, in which examples of embodiments of inventive concepts are shown. Inventive concepts may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of various present inventive concepts to those skilled in the art. It should also be noted that these embodiments are not mutually exclusive. Components from one embodiment may be tacitly assumed to be present/used in another embodiment.
Present MUD specifications have essentially no disclosure of Constrained Application Protocol (CoAP) nor Lightweight Machine to Machine Protocol (LwM2M).
The Constrained Application Protocol (CoAP) is a generic Representational State Transfer (REST) application Protocol for constrained devices, it is defined in RFC7252. CoAP is designed to be used over User Datagram Protocol (UDP) (RFC0768) over the Internet. CoAP variants like Lightweight Machine to Machine Protocol (LwM2M) are becoming increasingly popular in order to manage devices in a RESTful fashion.
As explained above,
The MUD URL is emitted using DHCP, LLDP or through 802.1X, then a network switch or network router will send the URI to some IoT Controlling Entity. That Entity will fetch the MUD file from a MUD file server through the Internet over HTTP [SECCONS].
This is not an ideal mechanism for CoAP endpoints. As shown above, MUDs have not been specified as exposed CoAP resources but rather as a URL to an external MUD file server shared over DHCP; exposing a CoAP “/mud” resource would be a more operationally efficient and robust solution than the current approach.
A CoAP device could expose both the URL and the MUD File that it is itself hosting.
Although the MUD Manager 120 is illustrated as being separate from the IoT device 100 and the network router 110 or network switch 110, functionality of the MUD Manager 120 may be at least partially implemented in another component of the MUD architecture, such as in the network router 110 or network switch 110, in the IoT device 100, and/or elsewhere. Similarly, although the LwM2M server 130 is illustrated as being separate from the RD server 150, functionality of the LwM2M server 130 and RD server 150 may be at least partially integrated into a common element.
The illustrated MUD architecture can be more a operationally efficient and effective design that may enable integration with the IoT network directly, allowing other IoT devices to also directly consume MUDs. This architecture may also allow easier integration with management protocols like LwM2M and provide resiliency in case Internet connectivity is not available in the constrained network.
Various embodiments of the present disclosure are directed to a MUD file being signed by the manufacturer, hosted in local memory of an IoT device, and exposed as a CoAP resource to enable such MUD usage on a managed network context.
Various embodiments are directed to mechanisms for devices to use MUDs in CoAP (Discovery, Reading, Verifying . . . ) and for integrating with other systems like the MUD manager (provisioning, update) and the manufacturer (signing) as well as other use cases with Software Updates.
In some embodiments, a CoAP server is configured to expose a new resource under, e.g., /mud. Making it available for CoAP Discovery so that other network elements can make use of it.
A MUD Object for LwM2M can be created using the LwM2M/IPSO model. In LwM2M a MUD Manager that processes the MUD can create an access policy with the information the IoT device is providing. Trust is ensured by way of certificates. The IoT device can also use the MUD to advertise the required Access Policies (see “from-device”). Various embodiments disclosed herein are directed to operations enabling devices to join the network and be configured to have a MUD and, if configured, can fetch the right policy and expose it.
Advantages provided by some or all of these embodiments may include any one or more of:
Two different approaches are described below for the use of MUDs in CoAP.
A first approach is directed to Self-Hosted MUDs by way of CoAP. An IoT device contains a MUD file in local memory of the device and exposes its own MUD file over CoAP so that other network elements can make use of it. This approach may eliminate or reduce the need for use of a MUD file server. The IoT device exposes one or both of the MUD URL and the MUD file, and a Manager that processes the MUD can create an access policy with the information the device is providing. Trust may be operationally ensured by way of certificates used in communications. Moreover, as explained above, regarding
A second approach is directed to a management system providing a MUD configuration using LwM2M, consuming the MUD during registration, and configuring the IoT device accordingly. The system can have: a CoAP URL; the description hosted as a Resource; and discoverability using CoAP Discovery mechanisms.
The first approach directed to self-hosted MUDs in initially described below with reference to
With reference to
The MUD can be signed with the Public Key of the Manufacturer for verification purposes.
When using CoRE Link Format, a CoAP client can send a GET request to a CoAP server for /.well-known/core and get in return a list of hypermedia links to other resources hosted in that server. Among those, it will get the path to the MUD file, for example “/mud”. The CoAP server may, for example, be part of the Resource Directory (RD) server 150 and/or the LwM2M server 130 shown in
A managed network approach with MUDs and discovering MUDs is now described.
Powered-on IoT devices should register a MUD file with the RD server and also use the RD server as a MUD file URL repository. The MUD file URLs become discoverable to other electronic device using known RD Lookup steps, such as by querying the RD server. These operations can provide a powerful discovery mechanism, such as the following example:
A new resource type (rt) can be created in order to enable MUDs to be used in the RD ecosystem. For example a request query for “rt=mud”:
REQ: GET coap://rd.company.com/rd-lookup/res?rt=mud
When querying for that resource type (rt=mud), the RD will return a list of links that host the mud resource, such as the example below:
Multicast may also be used to discover all Manufacturer descriptions in a subnet.
The second approach is directed to managed network with MUDs and LwM2M usage is described below with reference to
Referring to
To use MUDs in LwM2M various embodiments map MUDs to the LwM2M Object structure. An example mapping between a MUD and a L2M2M Object structure is provided below.
The above mapped Objects are a non-limiting example of a minimal MUD configuration in LwM2M for sake of brevity. The term “ro” refers to read-only allowed objects and the term “rw” refers to read-write allowed objects. In LwM2M the Controller can be a “urn:ietf:params:mud:coap” (the urn should be registered) and the two policy resources “from-device-policy” and “to-device-policy” point to two other objects that define the connectivity characteristics of the device. For simplicity, the embodiment adds three resources “controller”, “name” and “ace” (access control entry) consecutively.
Referring to the example embodiments shown in
The content of the MUD file may be created during the Bootstrapping process by the Bootstrap Server or it may be predefined in memory by the manufacturer, e.g., at the factory. Either way during the registration the IoT device 100 using a MUD file also registers the MUD object. The IoT device 100 can perform a simple registration as specified in the Lightweight Machine to Machine Technical Specification: Core by the Open Mobile Alliance, OMA-TS-LightweightM2M_Core-V1_1-20180710-A, Version 1.1-2018-07.10.
In
A “GET” command provides a well-known core, and content of the MUD file is provided. The IoT device 100 returns a “2.05 Content” response with the contents of “/mud”, which in this case is the object “MUD”. Example code may be provided as follows:
The LwM2M Server 130 performs a GET operation on that particular object.
The IoT device 100 returns a “2.05 Content” response which may include the following SenML:
The MUD Manager 120 queries its internal database with policies it has applied to that IoT device 100 or creates a new one. The policy is sent as a serialized MUD that edits the existing mud. If no MUD is present the MUD Manager 120 will use the existing Device Object to provide a default MUD on the IoT device 100.
The MUD Manager 120 performs a POST or PATCH operation to modify content of the MUD file. For example, the SenML below changes the endpoint to advertise the use of ipv4 only to ipv6.
The IoT device 100 responds with a “2.04 Changed” response to indicate a successful change of the parameter:
The IoT device 100 (endpoint) will update the “last-update” field at this point (the “n”:“2”) value and advertise the MUD file with a DHCP renew lease (new) and the new MUD URL. Otherwise the network could periodically update it according to a cache validity (value of 99) period.
Architecture network elements, such as a network router 110, will apply the MUD process and forward the URL to the MUD Manager 120.
The MUD Manager 120 will then query the IoT device 100 (endpoint) within the local network, which will provide the content of the current MUD file.
MUD file exposure to other network elements, i.e., other electronic devices 160 on the network, can be performed in the same fashion as the RFC specifies, and as explained above for discovering MUDs embodiments in operations 310. New mechanisms include IP multicast may be used with these embodiments.
In
Accordingly, various embodiments provide mechanism to configure content of MUD files for use in CoAP, which may be particularly beneficial for device environments without Internet connectivity and may operate better with the CoAP Architecture. These embodiments may improve current MUD usage by taking advantage of CoAP Servers, e.g., the LwM2M EP, which are running on constrained devices. These embodiments may introduce the usage in LwM2M, as well as the provisioning and MUD-signing mechanism.
Example components of an electronic node 400, which may be a IoT Device, a MUD Manger, a LwM2M Server, and/or a RD server described herein and shown in one or more of
The network interface 420 may be configured to communicate through a wired interface, e.g., Ethernet, and/or wireless interface, e.g., wireless transceiver, according to one or more proprietary protocols and/or industry standardized protocols, e.g., WiFi, Zigbee, Bluetooth, 3GPP 4G, 5G (NR), etc. The processor 400 may include one or more data processing circuits, such as a general purpose and/or special purpose processor (e.g., microprocessor and/or digital signal processor) that may be collocated or distributed across one or more networks. The processor 400 is configured to execute program code 412 in the memory 410, described below as a computer readable medium, to perform some or all of the operations and methods that are described above for one or more of the embodiments of an IoT electronic device, such as regarding one or more of the embodiments described herein, such as in the context of any one or more of
The above and more general operations and methods that can be performed by the IoT device 100, the MUD manager 120, the L2M2M server 130, and the RD server 150, are now explained with reference to
Referring initially to
In a further embodiment, the operation to expose 502 content of the MUD file from the local memory of the IoT device 100 as the CoAP resource, can include providing 504 content of the MUD file from the local memory of the IoT device 100 to the MUD manager 120 using CoAP to create an access policy which controls communications with the IoT device 100 through at least one of a network router 110 and a network switch 110.
In a further embodiment, the operation to provide 504 content of the MUD file from the local memory of the IoT device 100 to the MUD manager 120 using CoAP, can include providing a to-device-policy to the MUD manager which controls communications to the IoT device, and providing a from-device-policy to the MUD manager which controls communications from the IoT device.
In a further embodiment, the operation to provide 504 content of the MUD file from the local memory of the IoT device 100 to the MUD manager 120 using CoAP, can include: receiving, by a CoAP server on the IoT device 100, a CoAP GET command from the MUD manager 120; and providing, by the CoAP server on the IoT device 100 responsive to the CoAP GET command, the content of the MUD file to the MUD manager 120.
The content of the MUD file provided 504 to the MUD manager 120 may include a YANG-based JSON object describing network behavior for the IoT device 100.
Referring to the further embodiment of
In a further embodiment, the operation to obtain 600, by the LwM2M client for the IoT device 100, the MUD object from the LwM2M server 130, can include: receiving resources defined in a LwM2M resource structure from the LwM2M server 130; accessing a mapping between the resources and MUD objects; and generating or updating the MUD file in the local memory of the IoT device 100 based on the MUD objects mapped to the resources received from the LwM2M server 130.
In a further embodiment, the IoT device 100 is further configured to respond to the generating or updating of the MUD file in the local memory of the IoT device 100, by providing content of the MUD file that is generated or updated to the MUD manager 120 using CoAP to create another access policy which controls communications with the IoT device 100 through the least one of the network router 110 and the network switch 110.
Various corresponding operations are to be performed by the MUD manager 120 are now described in the context of
Referring initially to
The operation to get 702 content of the MUD file from the local memory of the IoT device 100 using CoAP, can include sending 704 a CoAP GET command to a CoAP server on the IoT device 100.
Referring to the further embodiment of
The operation to create 800 the access policy can include creating a to-device-policy that controls communications to the IoT device 100 through the at least one of the network router 110 and the network switch 110, and creating a from-device-policy that controls communications from the IoT device 100 through the at least one of the network router 110 and the network switch 110.
The MUD manager 120 can be further configured to provide 802 the access policy for the IoT device 100 to the network router 110 and the network switch 110.
The MUD manager 120 can be further configured to determine whether a certificate contained in the content of the MUD file is verified, and to only operate to create 800 the access policy to control communications with the IoT device 100 if the certificate is determined to be verified.
Various corresponding operations are to be performed by the LwM2M server 130 are now described in the context of
Referring initially to
Referring to the further embodiment of
The operation to provide 906 the content of the MUD file to the LwM2M client for the IoT device 100 using CoAP, may include providing a MUD object using a POST CoAP command or a PUT CoAP command The operation to provide the MUD object using the POST CoAP command or the PUT CoAP command, may include: accessing resources defined in a LwM2M resource structure of the LwM2M server 130; accessing a mapping between the resources and MUD objects; and generating or updating the MUD file in the local memory of the IoT device 100 based on the MUD objects mapped to the resources.
Various corresponding operations are to be performed by the RD server 150 are now described in the context of
In the above-description of various embodiments of the present disclosure, it is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of this specification and the relevant art and will not be interpreted in an idealized or overly formal sense expressly so defined herein.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various aspects of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The terminology used herein is for the purpose of describing particular aspects only and is not intended to be limiting of the disclosure. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. Like reference numbers signify like elements throughout the description of the figures.
The corresponding structures, materials, acts, and equivalents of any means or step plus function elements in the claims below are intended to include any disclosed structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of the present disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the disclosure in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the disclosure. The aspects of the disclosure herein were chosen and described in order to best explain the principles of the disclosure and the practical application, and to enable others of ordinary skill in the art to understand the disclosure with various modifications as are suited to the particular use contemplated.
Various abbreviations used herein include the following:
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/SE2020/050407 | 4/22/2020 | WO |
Number | Date | Country | |
---|---|---|---|
62985614 | Mar 2020 | US |