Abstract
The Domain Name System (DNS) underpins Internet connectivity, yet its role is often overlooked in the context of Internet of Things (IoT) devices. With IoT devices expected to increase from 19.8 billion in 2025 to over 40.6 billion by 2034, this oversight exposes significant security and operational vulnerabilities. Investigating DNS behavior in IoT is essential to safeguard the stability and resilience of this critical expanding segment.
We investigate IoT DNS behavior in three areas: (1) security, assessing support for secure protocols (DoT/DoH), payload resilience, and operational vulnerabilities; (2) operational characteristics, analyzing TTL adherence, caching, server hardcoding, EDNS(0), TCP fallback, query rates, traffic-fingerprinting; and (3) regulatory frameworks, evaluating standards from IETF, ETSI, and ISO/IEC to identify existing DNS recommendations for IoT devices.
We analyze DNS behavior of over 30 consumer IoT devices across 11 smart home categories within a controlled testbed featuring a dedicated Wi-Fi network, data collection server, Unbound resolver, and DNS DoS server. Active experiments simulate attacks via manipulated DNS responses, while passive measurements assess protocol compliance, operational efficiency, and support for secure DNS protocols and DNS extensions.
Our analysis reveals widespread DNS vulnerabilities across IoT devices; none support encrypted protocols (DoH, DoT), or extension mechanism EDNS(0). Devices use hardcoded DNS servers, ignore TTL values, and exhibit minimal source-port and transaction-ID randomization and DNS traffic is highly 'fingerprintable'.
Standardized DNS practices for IoT are urgently needed to prevent insecure implementations that threaten network integrity. We propose a Best Practice RFC (draft-mishra-iotops-iot-dns-guidelines-00 ) to guide consistent and secure DNS use across IoT platforms. This standardization is vital to ensure the long-term security, interoperability, and resilience of emerging IoT ecosystems.
Recording
Video will be added soon.
Speaker
Andrew Losty
Andrew Losty is a PhD candidate in Electronic and Electrical Engineering at University College London (UCL), where he is also affiliated with the UCL Centre for Doctoral Training in Cybersecurity. His research focuses on the privacy, security, and operational behavior of Internet of Things (IoT) devices with the objective of improving both the personal privacy and the protection of IoT devices.
Before commencing his doctoral studies, he gained professional experience in a commercial environment, where his career focused on network switching, routing, and security systems. His work encompassed both wired and wireless implementations, through which he designed and deployed comprehensive solutions for commercial, governmental, and educational sectors.
Rate this talk
You must be logged-in to rate talks