U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Other

IETF Hackathon – IoT MUD Implementations

Members of the Mitigating IoT-Based DDoS project team will participate in the IETF Hackathon in Montreal, Canada on July 20-21, 2019 where they will share practical implementations of the MUD technology and collaborate with the IETF participants on a number of planned activities leveraging the base MUD components as described in RFC 8520, Manufacturer Usage Description Specification.

This past spring, the National Cybersecurity Center of Excellence (NCCoE) released a preliminary draft of National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide Special Publication (SP) 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD). This guide presents the crucial role MUD can play in strengthening network security in homes and small business and is intended for IoT device and network component developers and implementors.    

The team is seeking IETF attendees to participate at the Hackathon. Bring your own IoT devkit (including power supply and cables) or we can provide you with one. You will need a laptop to connect to network and the devices. Below are some of the planned activities we have in store:

  • Multiple implementations of MUD including Cisco, CableLabs and NIST SDN MUD Implementations
  • Development of MUD files using mudmaker.org
  • Development of any additional mudmaker capabilities
  • Enabling MUD support in various devkits (BYOIOT)
  • Integration of MUD with Device Provisioning Protocol (DPP) onboarding
  • Development of vendor reporting capabilities

Below is the list of equipment to be used during the Hackathon:

  • Cisco MUD Implementation:
    • Cisco Catalyst 3850-S Switch
    • Cisco MUD Manager
    • FreeRADIUS Server
    • MUD File Server
    • Update Server
    • Unapproved Server
    • Raspberry Pi (x2)
    • Samsung Artik (x2)
    • Ublox C027 (x2)
  • CableLabs MUD Implementation:
    • Gateway/AccessPoint with DPP enabled hostapd and MUD based SDN switch
    • Cloud components (MUD Manager, DPP onboarding API server)
    • Raspberry Pi with DPP enabled Wi-Fi adapter
  • NIST SDN MUD Implementation:
    • Omnia Switch
    • Wireless Access Point
    • TP-Link Switch
    • MUD Manager
    • MUD File Server
    • Update Server
    • Unapproved Server
    • Raspberry Pi's (x2)

 

Below is the MUD file (ietf-b1.json) and the associated signature file (ietf-b1.p7s) that will be used during the Hackathon. This MUD file intends to showcase and implement all MUD capabilities as defined in the RFC for a single device; this includes outbound communication to approved internet hosts and local communication with internal hosts (e.g. my-controller, controller, same-manufacturer, manufacturer, and local-network rules).

ietf-b1.json

ietf-b1.p7s

 

Join Us!

We hope you can join us at the hackathon to implement MUD during the activities we have planned. Bring your own IoT devkit or we can supply you with one. Please send any questions or suggestions regarding the hackathon to the mud@ietf.org mailing list.