upnp security vic lortz chair, security wc intel corporation
TRANSCRIPT
![Page 1: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/1.jpg)
UPnP Security
Vic Lortz
Chair, Security WC
Intel Corporation
![Page 2: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/2.jpg)
UPnP Today UPnP is about empowering ordinary
people automatic networking no need for technical expertise convenient, “it just works” presumes a secure network
![Page 3: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/3.jpg)
The Universe Is Getting Bigger (and More Dangerous)
Wireless, apartments, dorms, hotels, enterprise networks…
Remote access
Hackers
Viruses
Hacked users don’t feel empowered!Hacked users don’t feel empowered!
![Page 4: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/4.jpg)
Scenarios and requirements defined early 2001
Security Working Committee established August, 2001
Version 0.9 completed December, 2002 Review/reconsideration of specs early-mid
2003 (see next slide) Process is back on track, Steering
Committee vote is underway
What’s Missing: Security
![Page 5: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/5.jpg)
Current Status In April ’03, Steering Committee directed
UPnP Security WC to investigate closer alignment with WS-Security
After extensive meetings and much debate… Conclusion: the UPnP Security design is
substantially aligned with WS-Security, but not identical (interop will require proxies). Majority of WC felt any benefits of closer alignment were outweighed by costs (complexity, schedule)
WC decided to retain original design with the following changes/improvements: Changed to use standard canonicalization method Clarifications in processing model were made Additional documentation (ceremonies white
paper), formalized schema of XML data structures
![Page 6: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/6.jpg)
Current Status (2)
Draft specifications were made public in August ’03 to solicit wider review by security community
Updates have been made to sample implementations, certification test tool Sample implementations by: Atinav, Intel, LGE,
Siemens(2), Sony
Specs are in process of Steering Committee vote (voting period ends 11/14/03)
![Page 7: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/7.jpg)
DeviceSecurity – service implemented by most secure devices
SecurityConsole – service for device with UI for configuring security of other devices, discovery of control points, and storage of certificates
Spec documents
![Page 8: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/8.jpg)
Brief Technical Intro
![Page 9: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/9.jpg)
User Experience
User takes ownership of devices using a Security Console (SC). Control points advertise their security IDs to the SC.
SC allows user to grant permissions on owned devices to control points (permissions are device-specific abstractions)
Granted permissions are stored in device Access Control Lists (ACLs) and/or authorization certificates
Only authorized control points can use secure devices
![Page 10: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/10.jpg)
Crypto Strategy and Summary UPnP Security is applied at the SOAP
message layer (like WS-Security)
Device and control point identities are established using public keys (RSA)
Symmetric session keys exchanged via public keys are used for routine operations (with HMAC-SHA1 for message signing and AES for privacy)
Initial ownership/trust bootstrapping is obtained using a shared secret discovered through an out-of-band mechanism (like a label)
![Page 11: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/11.jpg)
DevSC
Select & name
Security ID
Password
SSDP
Security ID
Password
TakeOwnership
GetPublicKeys
G L S B
Take Ownership Ceremony
Note: (Security ID is cryptographic hash of public key)Note: (Security ID is cryptographic hash of public key)
![Page 12: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/12.jpg)
Control Point Discovery
CPSC
Select & name
Security ID
SSDP
Security ID
PresentKey
Once names are given, the user no longer deals with Security IDsOnce names are given, the user no longer deals with Security IDs
![Page 13: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/13.jpg)
ACLs and Certificates User edits access control lists (ACL) of
owned devices using SecurityConsole
ACL Entries contain: Subject (Security ID of control point or group) Authorization (permission) May-not-delegate (control over delegation rights) Validity (expiration time of permission)
Certificates include the above plus: Issuer’s Security ID Device’s Security ID
![Page 14: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/14.jpg)
Access Control Model
Signed?
Good?
Verifysignature
Set sender= unknown
Auth’d?
Verifyauthorization
Action 1 Action 2 DAEFail . . .
N
Y
Y
N
N
Y
![Page 15: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/15.jpg)
Resources http://upnp.org/members/45day.asp
http://xml.coverpages.org/ni2003-08-22-a.html
![Page 16: UPnP Security Vic Lortz Chair, Security WC Intel Corporation](https://reader036.vdocuments.net/reader036/viewer/2022062303/55172be855034603568b5be6/html5/thumbnails/16.jpg)
For the interconnected lifestyle