Self-descriptions for Interoperability and Security: Using WoT TD and MUD with RIOT
Jan studies Computer Science and Social Policy at the University of Bremen. As part of the student project NAMIB (Network Access Makes IoT Better) he is dealing with security and interoperability issues of the IoT with a focus on self-description standards.
The Internet of Things (IoT) currently has major weaknesses in terms of security and interoperability. IoT devices are often poorly secured or can only be used with devices from the same manufacturer. Self-descriptions are a possible contribution to solving this problem. They allow a device to communicate which access rights it requires and how it can be interacted with. In the student computer science project NAMIB, based at University of Bremen, we wanted to evaluate how self-descriptions can help solve these problems. We implemented support for the Manufacturer Usage Description (MUD, RFC 8520) and the Web of Things Thing Description (WoT TD) specifications in RIOT, allowing the use of self-descriptions conforming to the aforementioned standards to improve the security and interoperability of networks with IoT devices. In the process, we became aware of weaknesses in these specifications, especially with regard to constrained devices. We present the results and insights we have obtained by working with MUD and WoT TD, not only as a contribution to the discussion about the further development of these standards, but also as open source implementations that can be used right away in (home) networks as well as for further development by other projects. Implementation-wise, our results not only include (upcoming) contributions to RIOT that enable support for both MUD and WoT TD but also components such as our own MUD manager that can be used on OpenWRT routers to introduce MUD support to your local network.