Presentation is loading. Please wait.

Presentation is loading. Please wait.

25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Security and Privacy Concern.

Published byAnaya Burdick Modified over 10 years ago

Similar presentations

Presentation on theme: "25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Security and Privacy Concern."— Presentation transcript:

1 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei H.Mei@tue.nl Security and Privacy Concern in Remote Personal Device Management Framework

2 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 2 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

3 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 3 Background of RPDM Remote server can be within local network or at service provider’s site Self observes problem + Remote diagnosis + Remote Repair

4 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 4 Why RPDM is Important? Recent studies show that there are at least 4 times as many electronic machines in the world as there are people. – This gap is still increasing fast – New devices require maintenance, but personnel are expensive An online survey shows 57% users feel befuddled by their computer, mobile phone, home security system, etc.

5 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 5 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

6 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 6 Attack Tree Model We are going to prevent

7 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 7 Threat Analysis (one example) Security requirement Attack TechniquesConfidentia lity IntegrityAvailabilityNon- repudiation VR R.1 (Impersonation, dictionary attack) Fabricate the operator account YD R.2 (Modification) Modifying data in the diagnosis message YYB R.3 (Modification, repudiation) Misusing visualization tool YYC R.4 (Impersonation) IP spoofing YA R.5 (Repudiation) Deny the executed diagnosis by end user or operator YB Vulnerability Rating (VR): A Probable; B Highly Possible; C Possible; D Unlikely; E Impossible.

8 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 8 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

9 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 9 Evaluation Factors System load & Network load – criteria related to performance Expressive power – indicates the generalization of the technique Device IQ – defines how intelligent the target device is when it is being managed Security – the most important concern

10 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 10 Simple Network Management Protocol

11 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 11 Virtual Network Computing

12 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 12 Virtual Network Computing

13 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 13 Web Server The device runs a small web server application A service runs on the device to generate run- time HTML file The remote terminal manager access the device via the web browser and execute scripts on the device

14 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 14 Web Server (example)

15 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 15 SyncML DM (OMA) OMA DM Inside client Server DM protocol root VendorSyncML … X* …… client Data Synch protocol Add Get Replace Exec Logical tree for addressing purposes. In scope of DM standard! proprietary WAP client proprietary upgrade client Over the air

16 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 16 SyncML DM (OMA) OMA DM Server 4 Vendor/Ring_signals/Default_ring Client 4 7 MyOwnRing

17 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 17 Comparison of RDM Systems OMA DM Evaluation factor WeightSNMP v3 VNCWeb- based RDPSyncML DM System load20% +/---- Network load20% +-+/- Expressive power 25% -++/-++ Security25% +-++/-+ Device IQ10% +-+/--+ Equal weight score 20% each0.4-0.60-0.20.6 Weighted score 0.3-0.50.05-0.050.6 *We define “+”=1, “+/-”=0 and “-”=-1 to calculate the overall performance score

18 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 18 Outline Background of RPDM – Why RPDM is important Security threat – Attack tree model and threat analysis Examining current RDM systems – SNMP, VNC, MRDP, Web-based Design of RPDM framework – Based on SyncML DM Conclusion and future work

19 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 19 RPDM Overview Security Privacy Performance

20 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 20 Internal Architecture of RPDM Client

21 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 21 Connection Manager

22 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 22 Authentication Manager PKI based authentication MD5 digest authentication – Digest = H(B64(H(serverrname:password)):nonce) PKs database itself is a Mobj, and it can be managed as well if the access right is granted. E.g. a trusted management server can introduce a new management server by adding its public key or its hashed name string into the PKs database.

23 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 23 Access Control List Tree Each node (object) is identified by an URI Each node has a set of properties This tree can be extended by “add” message or a new installations on the device Leaf node can be either a value or a pointer to an executable command

24 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 24 View of Prototype

25 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 25 Conclusion SyncML DM based system offers good system performance and security protection Our C prototype is one of the first open implementations based on the SyncML DM specifications. But, the network load is a bit heavy – A “Get” SyncML message is 709 bytes v.s. 81 bytes in SNMP – However, it becomes better for a more realistic and complex management session

26 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 26 Future Work Complete implementation Think about management server? ?

27 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 27 Thanks for your attention!

28 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 28

29 25 July, 2014 Hailiang Mei, H.Mei@tue.nl TU/e Computer Science, System Architecture and Networking 29

Download ppt "25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Security and Privacy Concern."

Similar presentations

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Virtual Trunk Protocol

Virtual Trunk Protocol
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Remote Educational Programming Of Robots (REPOR) Tord Fauskanger Aurelie Aurilla Bechina Arntzen Dag Samuelsen Buskerud University College.

Remote Educational Programming Of Robots (REPOR) Tord Fauskanger Aurelie Aurilla Bechina Arntzen Dag Samuelsen Buskerud University College.
Security Issues In Mobile IP

Security Issues In Mobile IP
11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.

11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Evaluating Provider Reliability in Risk-aware Grid Brokering Iain Gourlay.

Evaluating Provider Reliability in Risk-aware Grid Brokering Iain Gourlay.
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.

1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.
DOROTHY Design Of customeR dRiven shOes and multi-siTe factorY Product and Production Configuration Method (PPCM) ICE 2009 IMS Workshops Dorothy Parallel.

DOROTHY Design Of customeR dRiven shOes and multi-siTe factorY Product and Production Configuration Method (PPCM) ICE 2009 IMS Workshops Dorothy Parallel.

Similar presentations

Ads by Google