Abstract
This paper describes major risks, threats and attacks on home networks in general, and UPnPTM home networks in particular. Also considered are the strengths and weaknesses of technologies used to protect home-network and personal devices. The authors describe the effort to address these issues with a new security service for UPnP Device Control Protocols, called “UPnP Device Protection,” which features a three-tier authorization policy, peer-to-peer design, an industry-standard pairing mechanism based on WiFi Protected Setup, and a gossip protocol. The paper also considers some future issues such as the need for a richer policy infrastructure on home networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
U.S. Federal Bureau of Investigation, Internet Crime: Complaints and Losses on the Rise, Federal Bureau of Investigation (2009), http://www.fbi.gov/page2/march09/internet_033009.html
OECD, Malicious Software (Malware): A security threat to the Internet Economy, OECD Ministerial Meeting on the Future of the Internet Economy, DSTI/ICCP/REG(2007)5/FINAL, OECD / OCDE (2008), http://www.oecd.org/dataoecd/53/34/40724457.pdf
Lessig, L.: The Architecture of Privacy. In: Proceedings of Taiwan NET 1998, Taipei, Taiwan (1998), http://www.lessig.org/content/articles/works/architecture_priv.pdf
UPnP Forum, UPnP Device Protection (March 2, 2011), http://upnp.org/specs/gw/deviceprotection1
Ellison, C.: DeviceSecurity:1, UPnP Forum (2003), http://www.upnp.org/standardizeddcps/documents/DeviceSecurity_1.0cc_001.pdf
Gnu Citizen, http://www.gnucitizen.org/blog/flash-upnp-attack-faq
US-CERT Current Activity for (October 10, 2008), http://www.us-cert.gov/current/archive/2008/10/10/archive.html
Porras, P., Saidi, H., Yegneswaran, V.: An Anaysis of Conficker’s logic and Rendezvous Points, SRI International (March 19, 2009), http://mtc.sri.com/Conficker/
Indian Computer Emergency Response Team, WIN32/Conficker (May 13, 2009), http://www.cert-in.org.in/virus/win32_conficker.htm
Hemel, A.: Universal Plug and Play: Dead simple or simply deadly. In: 5th System Administrator and Network Engineering Conference, SANE 2006 (May 15-19, 2006), http://www.sane.nl/sane2006/program/final-papers/R6.pdf
Ford, B.: UIA: A Global Connectivity Architecture for Mobile Personal Devices, PhD Thesis, MIT (2008), http://www.brynosaurus.com/pub/net/phd.pdf
Walker, J., Ellison, C.: UPnP Security Ceremonies Design Document (2003), http://www.upnp.org/download/standardizeddcps/UPnPSecurityCeremonies_1_0secure.pdf
Zimmermann, P., Johnston, A., Callas, J.: ZRTP: Media Path Key Agreement for Secure RTP, IETF RFC 6189 (2011)
Wi-Fi Protected Setup, Wikipedia (February 2009), http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y.: Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods. In: The Fifth Symposium on Usable Privacy and Security (2009)
Neumann, P.: Risks of Passwords (1994), http://portal.acm.org/citation.cfm?id=175289
Morris, R., Thompson, K.: Password security: A case history. Communications of the ACM 22(11), 594–597 (1979)
Elcomsoft Corporation News, ElcomSoft Breaks Wi-Fi Encryption Faster with GPU Acceleration (October 2008), http://www.elcomsoft.com/news/268.html
Stark, B. (ed.): LAN-Side DSL CPE Configuration, DSL Forum (2004), http://www.broadband-forum.org/technical/download/TR-064.pdf
Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63, 1278–1308 (1975)
Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: 7th International Workshop on Security Protocols, vol. (1796). Springer, Heidelberg (1999)
McCune, J.M., Perrig, A., Reiter, M.K.: Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication. In: IEEE Symposium on Security and Privacy (2005)
Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Demers, A., et al.: Epidemic algorithms for replicated database maintenance. In: 6th ACM Symposium on Principles of Distributed Computing, pp. 1–12 (1987)
Kim, T.H., Bauer, L., Newsome, J., Perrig, A., Walker, J.: Challenges in Access Right Assignment for Secure Home Networks. In: Proceedings of the 5th USENIX Workshop on Hot Topics in Security, HotSec (August 10, 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baugher, M., Lortz, V. (2011). Home-Network Threats and Access Controls. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-21599-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21598-8
Online ISBN: 978-3-642-21599-5
eBook Packages: Computer ScienceComputer Science (R0)