1 / 16

UPnP Security

UPnP Security. John Ritchie Intel Corporation. UPnP Today. UPnP is about empowering ordinary people automatic networking no need for technical expertise convenient, “it just works” presumes a secure network. The Universe Is Getting Bigger (and More Dangerous).

johnbaxter
Download Presentation

UPnP Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UPnP Security John Ritchie Intel Corporation

  2. UPnP Today • UPnP is about empowering ordinary people • automatic networking • no need for technical expertise • convenient, “it just works” • presumes a secure network

  3. The Universe Is Getting Bigger (and More Dangerous) • Wireless, apartments, dorms, hotels, enterprise networks… • Remote access • Hackers • Viruses Hacked users don’t feel empowered!

  4. What’s Missing: Security • Scenarios and requirements defined early 2001 • Security Working Committee established August, 2001 • Version 0.9 completed December, 2002 • Review/reconsideration of specs early-mid 2003 (see next slide) • Process is back on track, Steering Committee vote expected early November, 2003

  5. Current Status • In April ’03, Steering Committee directed UPnP Security WC to investigate closer alignment with WS-Security • After extensive meetings and much debate… • Conclusion: the UPnP Security design is substantially aligned with WS-Security, but not identical (interop will require proxies). Majority of WC felt any benefits of closer alignment were outweighed by costs (complexity, schedule) • WC decided to retain original design with the following changes/improvements: • Changed to use standard canonicalization method • Clarifications in processing model were made • Additional documentation of design, formalized schema of XML data structures

  6. Current Status (2) • Draft specifications were made public in August ’03 to solicit wider review by security community • Updates have been made to sample implementations, certification test tool • Sample implementations by: Atinav, Intel, LGE, Siemens(2), Sony • Specs are in 45-day review -- will complete on 10/25/03

  7. Spec documents • DeviceSecurity – service implemented by most secure devices • SecurityConsole – service for device with UI for configuring security of other devices, discovery of control points, and storage of certificates

  8. Brief Technical Intro

  9. User Experience • User takes ownership of devices using a Security Console (SC). Control points advertise their security IDs to the SC. • SC allows user to grant permissions on owned devices to control points (permissions are device-specific abstractions) • Granted permissions are stored in device Access Control Lists (ACLs) and/or authorization certificates • Only authorized control points can use secure devices

  10. Crypto Strategy and Summary • UPnP Security is applied at the SOAP message layer (like WS-Security) • Device and control point identities are established using XML-DSig with public keys (RSA) • Symmetric session keys exchanged via public keys are used for routine operations (with HMAC-SHA1 for message signing and AES for privacy) • Initial ownership/trust bootstrapping is obtained using a shared secret discovered through an out-of-band mechanism (like a label)

  11. Take Ownership Ceremony Note: (Security ID is cryptographic hash of public key)

  12. Control Point Discovery Once names are given, the user no longer deals with Security IDs

  13. ACLs and Certificates • User edits access control lists (ACL) of owned devices using SecurityConsole • ACL Entries contain: • Subject (Security ID of control point or group) • Authorization (permission) • May-not-delegate (control over delegation rights) • Validity (expiration time of permission) • Certificates include the above plus: • Issuer’s Security ID • Device’s Security ID

  14. Access Control Model

  15. Resources • http://upnp.org/members/45day.asp • http://xml.coverpages.org/ni2003-08-22-a.html

  16. For the interconnected lifestyle

More Related