UPnP Security Vic Lortz Chair, Security WC Intel Corporation.

Slides:



Advertisements
Similar presentations
Introduction of Grid Security
Advertisements

April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
1 MEF Reference Presentation December 2012 Carrier Ethernet Delivery of Cloud Services.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
UPnP AV WC Status Update (UPnP Summit 2003) John Ritchie – Intel Geert Knapen – Philips UPnP AV Co-chairs.
Cryptography and Network Security Chapter 14
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Secure Network Bootstrapping Infrastructure May 15, 2014.
Cryptography and Network Security
Windows OS support of UPnP Peter K. Jarvis UPnP Group Program Manager Microsoft Corporation.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
UPnP Forum Marketing Committee Update Andrew Liu Co-chair UPnP Forum MC Intel Corporation.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Cryptography and Network Security Chapter 17
Validity Management in SPKI 24 April 2002 (author) (presentation)
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Imaging Status Shivaun Albright Imaging Committee Chair Hewlett Packard.
W3C XML Query Language Working Group Mark Needleman Data Research Associates ZIG Current Awareness Session July 13, 2000.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Strategy Directorate Web Services Technologies Diane McDonald, Strathclyde University Institutional Web Managers.
Exchange Network Node Help Desk NOLA Conference Feb 9-10, 2004.
UPnP Security Vic Lortz Chair, Security WC Intel Corporation.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.
IETF-50 UPnP Update Prakash Iyer Intel Corporation
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,
Leveraging UICC with Open Mobile API for Secure Applications and Services.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
© 2013 IBM Corporation OSLC WG Transition **DRAFT** Plan 8 April 2013 Open Services for Lifecycle Collaboration Lifecycle integration inspired by the web.
1 Building Controls XML/Web Services Guideline Meeting June 3, 2003 CABA Intelligent & Integrated Buildings Council Sponsored by:
Action SecWG1012:9 “Investigate how role-based access, in compliance with FIPS 140-2, can be used by flight crypto systems.” Where this question comes.
Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
Security in OPC Unified Architecture (UA) Dick Oyen IndustrialSysDev, Inc.
Web Applications Security Cryptography 1
Authentication, Authorisation and Security
Cryptography and Network Security
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Cryptography and Network Security
The Secure Sockets Layer (SSL) Protocol
EAP Method Requirements for Emergency Services
Presentation transcript:

UPnP Security Vic Lortz Chair, Security WC Intel Corporation

UPnP Today UPnP is about empowering ordinary people automatic networking no need for technical expertise convenient, it just works presumes a secure network

The Universe Is Getting Bigger (and More Dangerous) Wireless, apartments, dorms, hotels, enterprise networks… Remote access Hackers Viruses Hacked users dont feel empowered!

Scenarios and requirements defined early 2001 Security Working Committee established August, 2001 Version 0.9 completed December, 2002 Review/reconsideration of specs early-mid 2003 (see next slide) Process is back on track, Steering Committee vote is underway Whats Missing: Security

Current Status In April 03, Steering Committee directed UPnP Security WC to investigate closer alignment with WS-Security After extensive meetings and much debate… Conclusion: the UPnP Security design is substantially aligned with WS-Security, but not identical (interop will require proxies). Majority of WC felt any benefits of closer alignment were outweighed by costs (complexity, schedule) WC decided to retain original design with the following changes/improvements: Changed to use standard canonicalization method Clarifications in processing model were made Additional documentation (ceremonies white paper), formalized schema of XML data structures

Current Status (2) Draft specifications were made public in August 03 to solicit wider review by security community Updates have been made to sample implementations, certification test tool Sample implementations by: Atinav, Intel, LGE, Siemens(2), Sony Specs are in process of Steering Committee vote (voting period ends 11/14/03)

DeviceSecurity – service implemented by most secure devices SecurityConsole – service for device with UI for configuring security of other devices, discovery of control points, and storage of certificates Spec documents

Brief Technical Intro

User Experience User takes ownership of devices using a Security Console (SC). Control points advertise their security IDs to the SC. SC allows user to grant permissions on owned devices to control points (permissions are device-specific abstractions) Granted permissions are stored in device Access Control Lists (ACLs) and/or authorization certificates Only authorized control points can use secure devices

Crypto Strategy and Summary UPnP Security is applied at the SOAP message layer (like WS-Security) Device and control point identities are established using public keys (RSA) Symmetric session keys exchanged via public keys are used for routine operations (with HMAC-SHA1 for message signing and AES for privacy) Initial ownership/trust bootstrapping is obtained using a shared secret discovered through an out-of-band mechanism (like a label)

Take Ownership Ceremony Note: (Security ID is cryptographic hash of public key)

Control Point Discovery Once names are given, the user no longer deals with Security IDs

ACLs and Certificates User edits access control lists (ACL) of owned devices using SecurityConsole ACL Entries contain: Subject (Security ID of control point or group) Authorization (permission) May-not-delegate (control over delegation rights) Validity (expiration time of permission) Certificates include the above plus: Issuers Security ID Devices Security ID

Access Control Model

Resources

For the interconnected lifestyle

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.