Dear all,

Here's the agenda for the IoT working group session at RIPE 79 in
Rotterdam. For the last two talks, there is no description, since they are self-explanatory.
 We're meeting on Thursday 17th October from 11:00 to 12:30.

====
1. Administrivia
   5 minutes

2. The security lifecycle of an IoT device
   by Michael Richardson (Sandelman Software Works) and Eliot Lear (CISCO)
   50 minutes
   Description :  The RFC8520 Manufacturer Usage Description (MUD) is a tool to describe the
   limited access that a single function device such as an Internet of Things device might need.
   The automatic enforcement of access control lists is a serious boon to security of residents 
   and enterprises alike.  While enterprises that set up firewalls typically have an idea of how 
   they would respond to an incident,the same is not true for residential situations.  The impact
   of a "Boy who Cries Situation" where an IoT firewall sends inappropriate warnings, the end result
   is that the firewall is turned off, is a situation worth avoiding through further automation of
   the security warning process.

   This talk proposes to standardize a series of processes and protocols
   for the quarantine and re-storartion of a device.


3. Databox as a Platform for Monitoring IoT Devices at the Edge
   by Anna Maria Mandalari (Imperial College)
   15 minutes
   Description : The Internet of Things (IoT) is now a reality and many challenging issues still need to be addressed. One of this is to guarantee trust, privacy, and security. Privacy has become particularly pertinent after the initiative of the European Commission (EC) about the General Data Protection Regulation (GDPR). Since it has been demonstrated that ensuring privacy relying on the cloud creates risks of privacy violation, we propose to work at the edge. We first build an open access and flexible hardware platform for measurements and custom experimentation on IoT environment. The platform is composed by 87 IoT devices distributed in different locations and backend servers for collecting data. The platform allows to monitor and control the measurement process, and most important ensuring repeatability on the measurements and controlling context information. Through a total of 34,586 rigorous automated and manual controlled experiments, we characterize information exposure in terms of destinations of Internet traffic, whether the contents of communication are protected by encryption, what are the IoT-device interactions that can be inferred from such content, and whether there are unexpected exposures of private and/or sensitive information (e.g., video surreptitiously transmitted by a recording device). We highlight regional differences between these results, potentially due to different privacy regulations in the US and UK. Finally, we develop a Databox app for privacy analysis, a user-side application running locally allowing to monitor the IoT devices, interact with them, understand their operation and look for anomalies. Results will help companies to not accumulate personal data except what they actually require, in order to comply with the GDPR and give control back to the user.  

4. Update on the IoT Hackathon Rotterdam 2019
   by Constanze Dietrich (Lexta Consultants Group)
   15 minutes

5. Best Current Operational Practice (BCOP) document in RIPE scope for
   proactively mitigating IoT attacks by Jim Reid (RIPE IoT WG Co-chair)
   If time permits

X. AOB

====
-- The RIPE IoT Working Group Chairs Jim and Sandoche