For your IoT applications a .CA domain name helps to convey trust so customers understand their data and applications have a local connection.
The headline is a compelling statement; but what does it mean? Let’s start with understanding what IoT means. One good model is to consider that there are:
- Things that are on the Internet
- Things that are not on the Internet
- Things that reference things that are on the Internet
Things on the Internet include computers, phones, routers, etc. Things not on the Internet are, for most people, things like your furnace and fridge. And finally, let’s recognize that your fitness tracker is not on the Internet. It connects to other things that are on the Internet. To truly be the Internet of Things the ultimate end is that each and every thing has its own address and maybe isn’t beholden to one specific device.
It starts with a kitchen light bulb that we can turn on and off with our smartphone…somewhere in the middle we are buying our t-shirts through beacon technology…and in the end we live in a Matrix-like world where the global network plugs directly into our brains. Depending on your perspective, one of two questions likely pop into your head. The first question is, “what is the best life-changing technology?” The second question is, “what should we fear the most?”
What is there to fear about a light bulb?
So now that we understand that IoT potentially describes the Internet of everything we understand why the market is such a wild west right now. With billions of devices coming, it feels like there hasn’t been such a gold rush since the networking hay days of the 90’s. For the IoT to work, the applications need to be cost effective, because they benefit each individual application, confers isn’t necessarily worth a lot to the user. Yet, to make them work you need quite a lot of silicon and R&D. What this means is that some of the early applications have some weaknesses, especially for the average consumer who cannot take the necessary security steps on their own. There are three fundamental things we think developers need to consider with each and every convenient new application – no matter how small!
- Keeping the devices safe from hackers.
- Rushing to market without thinking of all the implications.
- Protecting the data of the users.
Let’s make it less scary – how the “old” Internet helps the IoT
The “I” in IoT is the good “old” Internet, and without its basic infrastructure and trust framework that is all those authoritative and recursive servers out there, nothing works. And the Internet has been preparing to meet this new need and already helps solve a number of security and scalability issues. Let’s examine a few.
IPv6 has plenty of addresses for all the new “things” on the Internet
It has been well publicised that we have effectively run out of IPv4 addresses. Sure the big western ISPs have blocks assigned to them to keep their core business going for a while, but the IoT needs IPv6. IPv6 not only adds a near-infinite number of new addresses, but it also comes with security protocols to help keep the network traffic safe and secure. Other features include peer-to-peer (i.e. no NAT), tiny stack, address management, and more.
As a network implementing IPv6 you need to ensure that the robustness at least matches IPv4. Moreover, once you are supporting both technology stacks, your infrastructure will become more complex as security devices need to simultaneously support both. And finally, choosing a domain with robust and strong support for IPv6 means you are choosing a supplier that has the same approach to security as you need to have and .CA is among the first and strongest Canadian supporters of IPv6 in Canada, where penetration is still measured under 1% overall.
Let’s get adventurous with DNSSEC to secure the handshake between the “things”
So the domain names and the underlying DNS is a great way to initiate a communication and to enable functionality and transactions in the cloud. But the DNS is also inherently risky because it is part of a trust framework. It can be attacked and it can be spoofed. With the IoT you don’t necessarily have the benefit of knowing that your SSL isn’t functioning to secure the communications between you and the site you expect to be on. We’re talking about micro-interactions and you simply can’t have the hassle with logging into a website and looking for the lock symbol.
DNSSEC helps prevent two types of attacks.
- DNS Spoofing where a hacker gets access to a domains DNS name servers to redirect them to a malicious website
- DNS Hijacking where a hijacker modifies DNS information to gain control of the complete DNS
DNSSEC applies the same principals of exchanging a certificate to the DNS handshake. It means that when you are visiting a URL/domain/website for an IoT application, that the server you visit is the one you expected to hit. Adding DNSSEC and working with ISPs and hosting companies that support DNSSEC helps you to protect your applications.
.CA – a safe, stable, and trusted domain for your “things”
Running a 100% up-time registry for 2.4 million domains and answering 800 million authoritative DNS queries per day takes effort. When choosing a domain for your IoT applications a .CA domain name helps to convey this trust, helps your customers to understand that their data and applications have a local and safe connection, and offer your business stability. While you are at it, if you are working with personal data, try and host it on Canadian servers and peer with local Canadian IXPs to help keep the traffic local as well. It is something that .CA supports directly and adds to the over security and contributes to data privacy. It doesn’t “break” the Internet to take this national approach, but does helps to make our network stronger, the global network stronger, your customers safe, and that connected light bulb that much more useful.