Creation of a IPv6 Testbed for Testing Devices and services over IPv6 Network
Setting up a virtual dual stack Network Infrastructure for imparting network related training on both IPv6 & IPv4
Imparting handson IPv6 Training to Technical Staff of Government Departments and Organisations
DNS for IoT Security using IPv6
In a few short years, the Internet of Things (IoT) has gone from a technology — or set of technologies — that were cutting edge to the situation today where connected household items, or automobiles, are common. There are two main challenges associated with deployment of IoT devices in today’s Internet world.
1. Limited address space of IPv4 and upgradation to IPv6 addresses are relatively slow. The operation of IPv6-only networks is still a new concept that needs to be explored.
2. Security of IoT devices which are highly resource constrained and deployed typically in remote/difficult-to-access locations. Most of the IoT devices come with factory installed firmware. The firmware of IoT devices is not generally updated during their lifetime. So, they are more prone to attacks which may lead to severe problems. Hence, there is a need for mechanism to securely update software or firmware of these IoT devices.
This project investigates suitability of using DNS infrastructure with DOA (Digital Object Arctitecture) record type for secure Over-The-Air (OTA) software / firmware updating of IPv6 based IoT devices.
It's a collaborative project being executed by IIT Hyderabad and ERNET IPv6 team with funding and guidance by ICANN and NASSCOM
Development of a Distributed Architecture using DNSsec for enforcing update security in IPv6 enabled smart devices
The project is focused on setting up a testbed to experiment with various technologies to explore automated firmware update strategies in an IPv6-only networking context. In particular, the testbed should provide support for IPv6-only devices, DNS over IPv6, mechanisms to auto-configure the device as would typically be found in home and industrial environments, and various transition methods and/or application-layer gateways to reach the IPv4-based network.
It is proposed that this project explore the industrial and large-scale deployment issues associated with IPv6-only devices, and in particular, mechanisms including DNS-based and TLS-based approaches for automatically updating IoT firmware in massively scaled environments. As part of this project, creation of infrastructure for TLS based updates and code signing of the firmware images will also be explored. These are important to push the correct images to the device without compromising the security.
Automated firmware updates need to also provide a way to monitor the progress of firmware update so that status can be reported and retries can be done for failed updates. A monitoring capability for firmware update will be explored.
Properties of DNS using a new RR Dataset OX (Object Exchange) would be explored to be used to identify the details and match the appropriate firmware with dependencies, location of the repository, type of the IoT devices and other relevant information to provide the correct and latest firmware supported on the device for that particular type of application.
Learnings from the prototype would lay the foundation for creation of a mechanism for Identification of devices and providing them correct information for their functioning and update.