The Call to Encrypt DNS Traffic + What Can Anti-Abuse Do About IoT Vulnerabilities?
Author: Janet Jones, M3AAWG Vice Chair Board of Directors / Data & Identity Protection Co-Chair (Microsoft)
Cybersecurity threats against industry and consumers continue to evolve and increase in scope at a very rapid pace. The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) brings industry together from across the globe to tackle these challenging cybersecurity threats and strives to provide timely guidance and collaboration to help mitigate online exploitation.
With the October 2019 meeting in Montreal, M3AAWG launched an effort to begin addressing new emerging online exploitation threats in addition to existing work. M3AAWG committees and special interest groups (SIGs) did a great job to identity initial new areas for the organization to focus on moving forward and provided valuable session content and opportunities for collaboration for attendees during the meeting.
The following series of blog posts offers a summary of a few of the new emerging threats and technologies covered during the meeting in Montreal that M3AAWG will continue to work on.
The Data and Identity Protection committee has been concentrating on providing guidance, expertise, and industry collaboration for core security Anti-Abuse related focus areas such as SMTP, TLS, DNSSEC/DANE, encryption, traffic analysis, and identity management. In Montreal, the committee presented and participated in sessions for key emerging threats including the Post-Quantum Transition keynote/panel discussion, email encryption in transit towards maturity, and DNS over HTTPS/DNS over TLS.
The Call to Encrypt DNS Traffic
Continuing the encryption and emerging threats and technologies theme in Montreal, there were sessions and a panel discussion to talk about DNS over HTTPS (DoH) and DNS over TLS (DoT), both with the goal to “to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.”
M3AAWG recently released Tutorial on Third Party Recursive Resolvers and Encrypting DNS Stub Resolver-to-Recursive Resolver Traffic and Companion Document: Recipes for Encrypting DNS Stub Resolver-to-Recursive Resolver Traffic documents to provide basic information to evaluate the benefits and potential issues with encrypting DNS traffic.
What Can Anti-Abuse Do About IoT Vulnerabilities?
The Internet of Things (IoT) SIG is responsible for coordinating the efforts of M3AAWG members for resolving abuse issues driven by compromised IoT devices. Anti-Abuse is on the front lines of IoT vulnerabilities and exploits, but its precise role in cleaning up the IoT mess remains unclear. In Montreal, the IoT SIG hosted a working session to understand “What Can Anti-Abuse Do About IoT Vulnerabilities?”. The working sessions focused on understanding the role of the Anti-Abuse community in not only mitigating IoT threats, but how information collected by Anti-Abuse actors could be used to (1) incentivize manufacturers to improve IoT security and (2) provide concrete feedback to actors developing IoT security standards, certifications, and frameworks.
This work includes integration with on-the-ground experience dealing with IoT vulnerabilities from the Anti-Abuse community and a perspective on the kind of adaptive governance mechanisms that will be necessary to a responsive transnational regulatory model that encourages continuous testing, evaluation, and classification of IoT device security.
In the next post we'll explore conversations from Montreal around the Post-Quantum Transition, why it is important to the industry and for the M3AAWG community, and how we can start to prepare for it.