Skip to main content
SpringerLink
Log in

Home-Network Threats and Access Controls

  • Conference paper
Trust and Trustworthy Computing (Trust 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6740))

Included in the following conference series:

Abstract

This paper describes major risks, threats and attacks on home networks in general, and UPnPTM home networks in particular. Also considered are the strengths and weaknesses of technologies used to protect home-network and personal devices. The authors describe the effort to address these issues with a new security service for UPnP Device Control Protocols, called “UPnP Device Protection,” which features a three-tier authorization policy, peer-to-peer design, an industry-standard pairing mechanism based on WiFi Protected Setup, and a gossip protocol. The paper also considers some future issues such as the need for a richer policy infrastructure on home networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. U.S. Federal Bureau of Investigation, Internet Crime: Complaints and Losses on the Rise, Federal Bureau of Investigation (2009), http://www.fbi.gov/page2/march09/internet_033009.html

  2. OECD, Malicious Software (Malware): A security threat to the Internet Economy, OECD Ministerial Meeting on the Future of the Internet Economy, DSTI/ICCP/REG(2007)5/FINAL, OECD / OCDE (2008), http://www.oecd.org/dataoecd/53/34/40724457.pdf

  3. Lessig, L.: The Architecture of Privacy. In: Proceedings of Taiwan NET 1998, Taipei, Taiwan (1998), http://www.lessig.org/content/articles/works/architecture_priv.pdf

  4. UPnP Forum, UPnP Device Protection (March 2, 2011), http://upnp.org/specs/gw/deviceprotection1

  5. Ellison, C.: DeviceSecurity:1, UPnP Forum (2003), http://www.upnp.org/standardizeddcps/documents/DeviceSecurity_1.0cc_001.pdf

  6. Gnu Citizen, http://www.gnucitizen.org/blog/flash-upnp-attack-faq

  7. US-CERT Current Activity for (October 10, 2008), http://www.us-cert.gov/current/archive/2008/10/10/archive.html

  8. Porras, P., Saidi, H., Yegneswaran, V.: An Anaysis of Conficker’s logic and Rendezvous Points, SRI International (March 19, 2009), http://mtc.sri.com/Conficker/

  9. Indian Computer Emergency Response Team, WIN32/Conficker (May 13, 2009), http://www.cert-in.org.in/virus/win32_conficker.htm

  10. Hemel, A.: Universal Plug and Play: Dead simple or simply deadly. In: 5th System Administrator and Network Engineering Conference, SANE 2006 (May 15-19, 2006), http://www.sane.nl/sane2006/program/final-papers/R6.pdf

  11. Ford, B.: UIA: A Global Connectivity Architecture for Mobile Personal Devices, PhD Thesis, MIT (2008), http://www.brynosaurus.com/pub/net/phd.pdf

  12. Walker, J., Ellison, C.: UPnP Security Ceremonies Design Document (2003), http://www.upnp.org/download/standardizeddcps/UPnPSecurityCeremonies_1_0secure.pdf

  13. Zimmermann, P., Johnston, A., Callas, J.: ZRTP: Media Path Key Agreement for Secure RTP, IETF RFC 6189 (2011)

    Google Scholar 

  14. Wi-Fi Protected Setup, Wikipedia (February 2009), http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

  15. Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y.: Serial Hook-Ups: A Comparative Usability Study of Secure Device Pairing Methods. In: The Fifth Symposium on Usable Privacy and Security (2009)

    Google Scholar 

  16. Neumann, P.: Risks of Passwords (1994), http://portal.acm.org/citation.cfm?id=175289

  17. Morris, R., Thompson, K.: Password security: A case history. Communications of the ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  18. Elcomsoft Corporation News, ElcomSoft Breaks Wi-Fi Encryption Faster with GPU Acceleration (October 2008), http://www.elcomsoft.com/news/268.html

  19. Stark, B. (ed.): LAN-Side DSL CPE Configuration, DSL Forum (2004), http://www.broadband-forum.org/technical/download/TR-064.pdf

  20. Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63, 1278–1308 (1975)

    Article  Google Scholar 

  21. Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: 7th International Workshop on Security Protocols, vol. (1796). Springer, Heidelberg (1999)

    Google Scholar 

  22. McCune, J.M., Perrig, A., Reiter, M.K.: Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication. In: IEEE Symposium on Security and Privacy (2005)

    Google Scholar 

  23. Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  24. Demers, A., et al.: Epidemic algorithms for replicated database maintenance. In: 6th ACM Symposium on Principles of Distributed Computing, pp. 1–12 (1987)

    Google Scholar 

  25. Kim, T.H., Bauer, L., Newsome, J., Perrig, A., Walker, J.: Challenges in Access Right Assignment for Secure Home Networks. In: Proceedings of the 5th USENIX Workshop on Hot Topics in Security, HotSec (August 10, 2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cisco Systems, USA

    Mark Baugher

  2. Intel Corporation, USA

    Victor Lortz

Authors
  1. Mark Baugher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Victor Lortz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Carnegie Mellon University, 5000 Forbes Ave, 15213, Pittsburgh, PA, USA

    Jonathan M. McCune  & Adrian Perrig  & 

  2. Hewlett-Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Boris Balacheff

  3. TU Darmstadt / Fraunhofer SIT, Mornewegstr.32, 64293, Darmstadt, Germany

    Ahmad-Reza Sadeghi

  4. University College London, Gower Street, WC1E 6BT, London, UK

    Angela Sasse

  5. Hewlett Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Yolanta Beres

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Baugher, M., Lortz, V. (2011). Home-Network Threats and Access Controls. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21599-5_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21598-8

  • Online ISBN: 978-3-642-21599-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation