25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Security and Privacy Concern.

Slides:



Advertisements
Similar presentations
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advertisements

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Virtual Trunk Protocol
Advanced Piloting Cruise Plot.
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Remote Educational Programming Of Robots (REPOR) Tord Fauskanger Aurelie Aurilla Bechina Arntzen Dag Samuelsen Buskerud University College.
Security Issues In Mobile IP
11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Evaluating Provider Reliability in Risk-aware Grid Brokering Iain Gourlay.
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.
DOROTHY Design Of customeR dRiven shOes and multi-siTe factorY Product and Production Configuration Method (PPCM) ICE 2009 IMS Workshops Dorothy Parallel.
Randomized Algorithms Randomized Algorithms CS648 1.
Chapter 1: Introduction to Scaling Networks
1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.
Data Structures: A Pseudocode Approach with C
ABC Technology Project
MySQL Access Privilege System
Page Replacement Algorithms
Chapter 10: Virtual Memory
© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine x111.
1 Authentication Applications Ola Flygt Växjö University, Sweden
© Copyright by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. 1 Tutorial 12 – Security Panel Application Introducing.
25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Remote Terminal Management.
25 July, 2014 Martijn v/d Horst, TU/e Computer Science, System Architecture and Networking 1 Martijn v/d Horst
Operating Systems Operating Systems - Winter 2011 Dr. Melanie Rieback Design and Implementation.
Operating Systems Operating Systems - Winter 2012 Dr. Melanie Rieback Design and Implementation.
VOORBLAD.
1 Breadth First Search s s Undiscovered Discovered Finished Queue: s Top of queue 2 1 Shortest path from s.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
© 2012 National Heart Foundation of Australia. Slide 2.
Adding Up In Chunks.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Executional Architecture
Chapter 5 Test Review Sections 5-1 through 5-4.
Macromedia Dreamweaver MX 2004 – Design Professional Dreamweaver GETTING STARTED WITH.
Addition 1’s to 20.
25 seconds left…...
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Services Course Windows Live SkyDrive Participant Guide.
What’s New in WatchGuard Dimension v1.2
Januar MDMDFSSMDMDFSSS
Week 1.
Chapter 10: The Traditional Approach to Design
Systems Analysis and Design in a Changing World, Fifth Edition
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
PSSA Preparation.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
Immunobiology: The Immune System in Health & Disease Sixth Edition
CpSc 3220 Designing a Database
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 1 Introduction to Networking.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
1 Seminar: Pervasive Computing 2004 Automatic mobile device configuration: Status & open challenges Stefan Hoferer Supervisor: Andreas Fasbender.
Presentation transcript:

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Security and Privacy Concern in Remote Personal Device Management Framework

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 2 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 3 Background of RPDM Remote server can be within local network or at service provider’s site Self observes problem + Remote diagnosis + Remote Repair

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 4 Why RPDM is Important? Recent studies show that there are at least 4 times as many electronic machines in the world as there are people. – This gap is still increasing fast – New devices require maintenance, but personnel are expensive An online survey shows 57% users feel befuddled by their computer, mobile phone, home security system, etc.

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 5 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 6 Attack Tree Model We are going to prevent

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 7 Threat Analysis (one example) Security requirement Attack TechniquesConfidentia lity IntegrityAvailabilityNon- repudiation VR R.1 (Impersonation, dictionary attack) Fabricate the operator account YD R.2 (Modification) Modifying data in the diagnosis message YYB R.3 (Modification, repudiation) Misusing visualization tool YYC R.4 (Impersonation) IP spoofing YA R.5 (Repudiation) Deny the executed diagnosis by end user or operator YB Vulnerability Rating (VR): A Probable; B Highly Possible; C Possible; D Unlikely; E Impossible.

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 8 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 9 Evaluation Factors System load & Network load – criteria related to performance Expressive power – indicates the generalization of the technique Device IQ – defines how intelligent the target device is when it is being managed Security – the most important concern

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 10 Simple Network Management Protocol

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 11 Virtual Network Computing

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 12 Virtual Network Computing

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 13 Web Server The device runs a small web server application A service runs on the device to generate run- time HTML file The remote terminal manager access the device via the web browser and execute scripts on the device

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 14 Web Server (example)

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 15 SyncML DM (OMA) OMA DM Inside client Server DM protocol root VendorSyncML … X* …… client Data Synch protocol Add Get Replace Exec Logical tree for addressing purposes. In scope of DM standard! proprietary WAP client proprietary upgrade client Over the air

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 16 SyncML DM (OMA) OMA DM Server 4 Vendor/Ring_signals/Default_ring Client 4 7 MyOwnRing

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 17 Comparison of RDM Systems OMA DM Evaluation factor WeightSNMP v3 VNCWeb- based RDPSyncML DM System load20% +/---- Network load20% +-+/- Expressive power 25% -++/-++ Security25% +-++/-+ Device IQ10% +-+/--+ Equal weight score 20% each Weighted score *We define “+”=1, “+/-”=0 and “-”=-1 to calculate the overall performance score

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 18 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 19 RPDM Overview Security Privacy Performance

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 20 Internal Architecture of RPDM Client

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 21 Connection Manager

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 22 Authentication Manager PKI based authentication MD5 digest authentication – Digest = H(B64(H(serverrname:password)):nonce) PKs database itself is a Mobj, and it can be managed as well if the access right is granted. E.g. a trusted management server can introduce a new management server by adding its public key or its hashed name string into the PKs database.

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 23 Access Control List Tree Each node (object) is identified by an URI Each node has a set of properties This tree can be extended by “add” message or a new installations on the device Leaf node can be either a value or a pointer to an executable command

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 24 View of Prototype

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 25 Conclusion SyncML DM based system offers good system performance and security protection Our C prototype is one of the first open implementations based on the SyncML DM specifications. But, the network load is a bit heavy – A “Get” SyncML message is 709 bytes v.s. 81 bytes in SNMP – However, it becomes better for a more realistic and complex management session

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 26 Future Work Complete implementation Think about management server? ?

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 27 Thanks for your attention!

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 28

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 29

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.