IGRS and UPnP devices interconnected security mechanism

Abstract: The IGRS security mechanisms, UPnP security mechanisms as well as non-secure IGRS and UPnP based on the pipeline interconnection methods are discussed study proposes a IGRS and UPnP interconnected security mechanism to protect the interconnection between them security, effectively prevent non-secure interconnection network vulnerabilities against various attacks.

Keywords: Information Equipment Resource Sharing Services Agreement; Universal Plug and Play protocol; protocol mechanisms; pipeline; secure interconnection

Survey on IGRS and UPnP devices security interconnection mechanism


TAN Jue?? 1,2, HE Zhe? 1, CHEN Yuan-fei? 1, ZHU Zhen-min? 1



(1.Research Center for Pervasive Computing, Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100080, China;? 2.College of Information Technology, Xiangtan University, Xiangtan Hunan 411105, China)? Abstract: Through the analysis of IGRS and UPnP security mechanism, this paper put forward a new security mechanism built on the basis of non-security pipes to protect the interconnections of heterogeneous devices.This method successfully protected interconnection from all kinds of network attacks.

Keywords:: IGRS; UPnP; protocol mechanism; pipe; security interconnection


With the computer technology and the rapid development of communication technology, many of the information equipment manufacturers in the market, driven by the development of a versatile and powerful equipment and instruments to achieve these heterogeneous and diverse information equipment interconnection become IT product development trends, there are many international standards organizations and consortia carrying out the relevant technical standards development work which is the most representative information equipment resource sharing (IGRS) and Universal Plug and Play (UPnP) two Large mainstream information equipment interconnection agreements. IGRS organization has a membership of more than 100, UPnP reached 890 members of the organization as much as have a very wide range of end users. IGRS and UPnP very wide range of applications in home automation, print, image processing, audio / video entertainment, kitchen equipment, automotive networks and public gathering places have applications in other similar networks. implementation supports different standard equipment and the mutual recognition of interconnection is the unanimous desire of the user. IGRS device works group basis in the development of IGRS protocol, already IGRS device with UPnP devices based interconnection proposed solutions, for which support IGRS protocol and the UPnP protocol information device, you can access the interface description achieved by extending the interconnection between them However, these two types of device interconnection is established in a non-secure pipeline, there are some security risks, to seek a safe mechanisms to protect the security of interconnection. Based on IGRS and UPnP in non-secure interconnection pipeline exchange mechanism analysis, we propose a IGRS and UPnP interconnected security mechanisms.

1 IGRS and UPnP Introduction

1.1 IGRS

IGRS is to achieve intelligent interconnection of information technology equipment, resource sharing, collaborative services standards developed, based on the "IGRS" standard equipment not only be able to connect, but also can make different devices to share resources, information resources and functions, and adequately mix use capabilities of each device, to create more and more rich application services in order to facilitate the sharing of resources on the network to use, IGRS in the transport layer and network layer also developed a corresponding protocol standards. "IGRS" standard framework [1 ] shown in Figure 1.

IGRS Security specification defines a protocol on the security of each interaction mechanisms, including service-based access control mechanism and corresponding authentication, authorization mechanisms. IGRS defines two different levels of security, a layer of security between devices, that the agreement called "pipe"; another layer between the user and the security services, that the agreement called "conversation."

1.2 UPnP

UPnP is a new generation network by Microsoft middleware technology, and now by the Universal Plug and Play Forum maintenance upgrades, the goal is to make the home network (data sharing, communications, and entertainment) and corporate networks in a variety of devices through a simple non- seam connection to broadcast networks, the Internet, the interconnection between mobile devices.
UPnP standard framework [2] shown in Figure 2. UPnP Forum defines UPnP devices and control points of the safety guidelines [3,4] in the discovery phase, the definition of safety equipment and console each other discovery process and the required safe operation. stage equipment manufacturers in the description for the definition and preparation of related equipment safety and security of the console device description file in control, event, show three stages set up a secure session keys for interactive message encryption, decryption , perform other operations to ensure the UPnP control point interact with the device safety or the manufacturer if you need to implement your own security extensions can UPnP vendor level by the manufacturer customization and implementation.

1.3 UPnP and IGRS interconnection

"IGRS" developed in the beginning of IGRS IGRS device takes into account the issue of interconnection with the UPnP device and conduct a feasibility analysis [5].

A) addressing mechanism UPnP network devices based on IP addressing, and IGRS protocol between devices can be addressed by a mechanism other than the IGRS protocol to implement the two protocols can work together to use a static IP, dynamic DHCP or Auto-IP's addressing modes.

2) Equipment / Services UPnP device discovery mechanism / service discovery mechanism uses SSDP, IGRS device / service discovery mechanism built on the same basis SSDP by SSDP and UPnP devices can be achieved IGRS / service mutual discovery.

3) Equipment / UPnP service description mechanism using XML syntax, IGRS also uses XML syntax. Although implementation templates, but in the IGRS adding UPnP service description describes extensions that make UPnP devices can recognize IGRS services; parse the message on the UPnP service to achieve IGRS UPnP service equipment identification.

4) access control and service invocation mechanism UPnP service invocation mechanism using SOAP (Simple Object Access Protocol) messages sent, IGRS defines the session-based service invocation mechanism also supports SOAP. Standard messages through their respective parsing and rewriting services can be achieved calls.

5) Service event notification mechanism with UPnP using GENA (General Event Notification Architecture) mechanism to achieve service event and notification mechanism; IGRS is based pipeline (Secure / non-secure) mechanism to achieve, through the analysis of different mechanisms can be achieved with the conversion event notification .

2 IGRS and UPnP respective secure interconnection

2.1 UPnP devices interconnected security mechanisms

UPnP security document defines the safety-related functions and data structures and related strategies [3,4,6]. Their initialization and safe operation of the process is divided into two stages.
Initialization phase in Figure 3 (a) [7], the main tasks include: a) secure console access device public key and the public key through a hashing algorithm to strike a hash value and the safety of the device ID than the right, for authentication; b) secure console negotiated with the device, set the security session key for the session, the control point to obtain ownership of the equipment; c) on the network can access and control points have specified equipment, editing equipment, access control lists, etc., through these operations on the device to specify a different user (control point) access. perform these operations after entering the safe operation phase.

Safe operation of the stage shown in Figure 3 (b) [7], the main tasks include initialization phase when authenticated and equipment after the completion of permission settings, enter the safe operation phase. Safety phase of the mission is to prevent replay attacks by hackers, the two sides session key negotiation, communication and negotiation is completed service calls.

2.2 IGRS device interconnection security mechanisms

IGRS interconnecting devices complicated than UPnP, IGRS secure interconnection between the devices shown in Figure 4.

IGRS in interconnection between devices through the multicast declare its presence in the network after comparing both algorithms supported security mechanisms, need to select one of the security mechanisms as the two sides interact in security mechanisms selection, IGRS support four kinds of security mechanisms [8]. IGRS device 1 and 2 for the two-way authentication security challenge / response process, the need to interact with IGRS device 1 and 2 in the successful completion of the steps early, send each other to create a successful confirmation message pipeline; pipeline After successfully created, the establishment of IGRS session between the user and the service relationship?

3 IGRS and UPnP security issue exists between the interconnect analysis

Traditional IGRS equipment and UPnP devices on the basis of the non-secure interconnection pipeline did not use any security mechanism, there is a serious safety hazard, where the existence of security issues, such as shown in Table 1.

Table 1 Non-secure channel interconnect security issues


Problems Problem Description Solution

Equipment posing no authentication, identity authentication mechanism posing join

Message eavesdropping attacker eavesdropping on the communication interconnect communication message to encrypt messages

Message integrity attacker communication messages using digital signature mechanism tampering

Denial of service network device does not work after repeated authentication failures? Requests to the device is no longer responding

Replay attacks by implementing replay attacks on the network communication message sequence number update

1) secure interconnection feasibility analysis IGRS and UPnP have interoperable foundation pipes in non-secure interoperability. Similarly, the transformation of the associated communication message template and an appropriate message, and service invocation message expansion can be achieved safety interoperability.

2) secure interconnection principles IGRS and UPnP devices have their own standards and interfaces, follow their respective functions and attributes the foundation of the interface can be extended under the same criteria to avoid the expansion and transformation equipment have been identified and the future can not be mutually accessible problem.

3) safe entry point interconnect different definitions according to two criteria to find the flexibility of the interface definition section, the maximum without changing the standards under the premise interconnected high security.

4) Safety interconnected goals IGRS and UPnP now only through non-secure interconnection pipeline service descriptions and messages for some simple rewrite, safety is very low, less than security and confidentiality requirements.

In general interconnection, based on the article from the following aspects into consideration, UPnP and IGRS interconnect security mechanism. Safety requirements in these areas is essential, but it is common interconnection missing.

a) Certification (authentication). holding a sign on user or device authentication, holding a sign to confirm the authenticity of a user. although there are non-secure pipeline equipment signs, but the effect is confined to distinguish between different type of device, the device does not authenticate.

b) message integrity (integrity). interconnection process for message integrity checks. general use message authentication code (MAC) or a digital signature secure hash function plus completed non-secure pipe connections, there is no right message for integrity verification, you may receive a message after tampering.

c) To prevent replay attacks (freshness). messages in the wireless environment easily be tapped, even the wired network similar problems also exist, therefore, the need to prevent the user login message, call service message leaks, prevent replay attacks In the network IGRS and UPnP device's serial number for the message does not update mechanism can easily be exploited ordinary replay attack vulnerability.

d) Access control (authorization). device according to the administrator's need to establish access control lists, users have access to the device's behavior for access control capabilities. ordinary interconnect no such ability for the user or device access? controls.

e) confidentiality (secrecy). plaintext message content should not be in the form of transmission in the network in order to effectively prevent others from eavesdropping. devices with safety features should have the right to encrypt and decrypt the message content ability is simply non-secure pipeline interconnection, message encryption is more secure out of the question.

For more than five serious security problems, ordinary non-secure channel powerless, unable to meet people's requirements for safety for more than a few problems, should explore new mechanisms to improve and enhance the interconnection of security.

4 IGRS and UPnP security mechanism for interconnection between

In this interconnection security mechanism implementation, retention IGRS secure interconnection between devices ways to follow the safety UPnP UPnP devices between the console and the UPnP Forum defines the relevant safety standards, established on the basis of these effective security interoperability Even mechanism benefits of doing so is to keep the respective UPnP device IGRS and safety standards and interfaces, not because of the different criteria in the resulting interconnection between devices is different from the respective internal standard interfaces and security policy device will occur, New interconnection problems. this process as much as possible to keep the device independence of each standard, the secure interconnection process shown in Figure 5.

Links to free download http://eng.hi138.com
Figure 5, UPnP devices running Secure Console UPnP devices to achieve the security attributes and the corresponding message conversion mechanism running on the network into a virtual IGRS device which, in fact, line shows the IGRS message indicates the long dotted IGRS UPnP messages into the broken line indicates UPnP security console messages between the UPnP device and Figure 5, the virtual device is a UPnP-related device (including security Console) extension, which listens on the network IGRS message and converts these messages UPnP messages transmitted in the network of its own news into a UPnP IGRS publish messages to the network, so the network will find these IGRS device running UPnP Virtual IGRS device on the device.?

Here are some important safety-related service calls [3,5]:


a) GetLifeTimeSequenceBase, get non-repeating random serial number.
b) GetAlgorithmsAndProtocols, get the equipment supported algorithms and protocols.
c) SetSessionKeys, set the session key.
d) DecryptAndExecute, perform encryption command (returns the encrypted result).

Secure interconnection process is as follows:

a) discovery and connection. IGRS IGRS devices and virtual devices on the network declare themselves and find each other, and then make a TCP connection, ready to enter the pipeline create? phase.

b) the creation of pipelines. IGRS device sends a connection request pipeline, virtual IGRS device receives the message, the message is converted to an internal UPnP, internal security console called getPublicKey () to obtain the public key, then the message format to send the package into IGRS IGRS pipeline create a response message in a mutually agreed upon security algorithm selection process, this program uses RSA public key algorithm. followed both authentication, message encryption, and message authentication process. This process, in order to prevent replay attacks, IGRS device random number generator function, and virtual UPnP devices through the security console to call the security service getLifteTimeSequenceBase (), in accordance with the IGRS pipeline authentication method secure identity authentication challenge when the validation is successful, you can find the services provided on the device, but temporarily can not be invoked in this process, the hacker may use denial of service attack, may be used with flow detection XML firewall packet filtering or [9] If a short interval repeatedly from the same device receives the request and During this time the repeated authentication fails, then that is a denial of service attack, a longer period of time no longer respond to any requests to the device.

c) the creation of a session. IGRS device sends a request to create a session to the virtual IGRS device, a message is received calls virtual IGRS device associated security services getLifeTimeSequenceBase () and setSessionKeys (), to obtain a secure session key is attached to the response message sent to IGRS equipment. session is successfully created, enter the conversation phase.

d) secure session. this stage, the virtual IGRS device performs a session for service calls encrypted message decrypeAndExecute (), the same, IGRS equipment is the received response message virtual IGRS device, complete the corresponding function calls.

e) the end of the session. service call ends, the two sides negotiate the session ends. IGRS device at this time through a secure virtual console service call session key expired, canceled expired key, an end to their conversation.

f) end. piping disconnect between devices, equipment off and so on.

Interconnection process safety analysis is as follows:

a) TCP connections and discoveries, discovery network interconnect devices in the network equipment can only be found on the device is not able to call the service clients and devices must follow to be able to interconnect with each other certification process and to design Tight security steps to ensure not bypass authentication.

b) create a pipeline in the creation process, both ends are using a public key algorithm to challenge their identity and authentication This process has a random number generator, effectively prevent replay attacks by hackers; also effectively solve the Table 1 posing problems mentioned device; encrypt messages between devices to prevent intruder eavesdropping.
c) Create a session and the session in the session creation process, called getLifeTimeSequenceBase () services to prevent a possible replay attack again; while setting security session key, called the session content, the service call message encryption, decryption and execution. intermediate process can only encrypt the message can not be decrypted without the password in the secure interconnection description of the frequent requests and will not respond to authentication failure of equipment, can effectively prevent denial of service? attacks.

d) the end of the work. calls expiredSessionKeys () function to delete the original key and some other end of the work, making the key expires, a new session is not able to use the original key again to further enhance the security of keys.

5 Conclusion

In previous concern IGRS and UPnP device is simple, based on non-secure interconnection, in accordance with article IGRS and UPnP safe working principle, the reference open-source library for UPnP UPnP is improved to achieve a secure interconnection IGRS and UPnP The original non-secure interconnect existing device posing, replay attacks, interconnected network devices, users subject to network interference and other issues, in this scenario has been a very effective solution in the pan in the device interconnect technology projects have been implemented in UPnP interoperability with the IGRS protocol stack based on a security extension, to achieve the desired authentication, integrity, prevent replay, access control and confidentiality of the five goals.

The system also needs to be improved in places such as the maintenance and updating of public issues; Furthermore, since there IGRS and UPnP multicast features, other computers on the network can "hear" and found no network security features equipment, if the equipment is trusted by other safety equipment, the hacker could use this device as a springboard to achieve the other devices and service attack.?

References:

[1]
IGRS Working Group. IGRS application paper [R]. Beijing: IGRS Working Group, 2003.

[2] UPnP Forum.UPnP device architecture 1.0 [EB / OL]. (2008-10-15) [2009-11-10]. Http://www.UPnP.org/resources/documents.asp.
[3] UPnP Forum.Security console: 1 service template [EB / OL]. (2003-11) [2009-11-10]. Http://www.UPnP.org/resources/documents.asp.

[4] UPnP Forum.Device security: 1 service template [EB / OL]. (2003-11) [2009-11-10]. Http://www.UPnP.org/resources/documents.asp.

[5] Ministry of Information Industry. SJ / T 11310-2005, Information Equipment Resource Sharing Services Part 1: Basic protocol [S]. Beijing: IGRS Working Group, 2005.

[6] UPnP Forum.UPnP security ceremonies design document v1.0 [EB / OL]. (2003-10) [2009-11-10]. Http://www.UPnP.org/resources/documents.asp.

[7] Zhou Xuefeng. Standard UPnP digital home security research [J]. Technological development and economic situation, 2007,17 (25) :1-2.

[8] Liao Guowei, Yang Jun, Deng Zhongliang. IGRS basic protocol security mechanism [J]. Computer Security, 2006 (3) :1-3.

[9] Wang Jiahui, He Remains. UPnP in DoS attack prevention program [J]. Computer Systems, 2008 (8) :1-4.

Links to free download http://eng.hi138.com

Theoretical Computer Papers