It Is Not Where You Are, It Is Where You Are Registered: IoT Location Impact

This paper investigates how and with whom IoT devices communicate and how their location affects their communication patterns. Specifically, the endpoints an IoT device communicates with can be defined as a small set of domains. To study how the location of the device affects its domain set, we distinguish between the location based on its IP address and the location defined by the user when registering the device. We show, unlike common wisdom, that IP-based location has little to no effect on the set of domains, while the user-defined location changes the set significantly. Unlike common approaches to resolving domains to IP addresses at close-by geo-locations (such as anycast), we present a distinctive way to use the ECS field of EDNS to achieve the same differentiation between user-defined locations. Our solution streamlines the network design of IoT manufacturers and makes it easier for security appliances to monitor IoT traffic. Finally, we show that with one domain for all locations, one can achieve succinct descriptions of the traffic of the IoT device across the globe. We will discuss the implications of such description on security appliances and specifically, on the ones using the Manufacturer Usage Description (MUD) framework.