securing home networks securing home networks protocols
play

Securing Home Networks Securing Home Networks protocols protocols - PowerPoint PPT Presentation

Feb 19, 2024 •228 likes •450 views

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

  1. Securing Home Networks Securing Home Networks protocols protocols A SWN’04 A SWN’04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004

  2. 6 th PCRD Integrated Project • • Goal : provide secure communication infrastructures for personal networks (PANs) • Considerations : 1. Adaptive security mechanisms supporting the user’s security needs in various usage scenarios 2. Provide a secure communication in a distributed and ad-hoc manner 3. Cross-layer optimization of security protocols supporting capabilities of a wide range of devices Boston, 08/2004 2

  3. Problem statement Problem statement • Security as a coherent service is not yet Security as a coherent service is not yet • available available • Current security mechanisms (IPSec, SSL, …) Current security mechanisms (IPSec, SSL, …) • are not enough adaptive and customizable are not enough adaptive and customizable • Security often doesn’t match the user’s needs Security often doesn’t match the user’s needs • and expectations and expectations Boston, 08/2004 3

  4. Outline Outline • Introduction to home networks Introduction to home networks • • Home networks security Home networks security • • Remote access scenario Remote access scenario • • Protocol specification and validation Protocol specification and validation • Boston, 08/2004 4

  5. Introduction Introduction • Home computing environment evolving Home computing environment evolving • to home networking with mobile and to home networking with mobile and wireless devices wireless devices • Multiple applications : multimedia, Multiple applications : multimedia, • monitoring, communication… monitoring, communication… • Heterogeneous technologies, resources Heterogeneous technologies, resources • and computational capacities and computational capacities Boston, 08/2004 5

  6. Home networks middlewares and Home networks middlewares and protocols - - UPnP UPnP protocols • • Peer Peer- -to to- -peer network connectivity of intelligent peer network connectivity of intelligent appliances, wireless devices and PCs of all forms appliances, wireless devices and PCs of all forms • Standard Standard- -based connectivity to ad hoc or based connectivity to ad hoc or • unmanaged networks unmanaged networks • • UPnP is a set of client/server protocols implying UPnP is a set of client/server protocols implying many coexisting devices (clients or servers ) many coexisting devices (clients or servers ) • • The device (usually a physical entity) may host The device (usually a physical entity) may host several home networking services, one or more several home networking services, one or more device types… device types… Boston, 08/2004 6

  7. Home networks middlewares and Home networks middlewares and protocols - - SIP SIP protocols • SIP : signaling protocol for real SIP : signaling protocol for real- -time sessions time sessions • Location Server SIP UA SIP server (registrar and proxy) SIP UA Boston, 08/2004 7

  8. Home networks middlewares and Home networks middlewares and protocols - - OSGi OSGi protocols • OSGi : A Java OSGi : A Java- -based environment based environment • (J2RE+OSGi framework ) in which (J2RE+OSGi framework ) in which downloadable bundles of services managed downloadable bundles of services managed by a registry can be run by a registry can be run • OSGi leverages numerous intra OSGi leverages numerous intra- -home home • protocols and architectures by providing to protocols and architectures by providing to the services provider an abstraction level of the services provider an abstraction level of the underlying network the underlying network • Security may be deployed as a super Security may be deployed as a super- -bundle bundle • Boston, 08/2004 8

  9. Home networks middlewares and Home networks middlewares and protocols - - WS WS protocols • Web service : a software system identified by Web service : a software system identified by • a URI, whose public interfaces and bindings a URI, whose public interfaces and bindings are defined and described using XML. are defined and described using XML. • Interpret XML Interpret XML- -based SOAP messages based SOAP messages • • Not limited to HTTP (e.g. HTTP not Not limited to HTTP (e.g. HTTP not • suitable for long- -running tasks) running tasks) suitable for long • Web services are self Web services are self- -describing (via describing (via • metadata) metadata) Boston, 08/2004 9

  10. Home networks middlewares and Home networks middlewares and protocols - - OSGi OSGi protocols Boston, 08/2004 10

  11. Securing HN (security components) Securing HN (security components) • Application level: UPnP, Application level: UPnP, OSGi OSGi, SIP , SIP • • Transport Level: SSL/TLS Transport Level: SSL/TLS • • Network Level: IPSec Network Level: IPSec • • Link Level: BT, 802.11i,etc Link Level: BT, 802.11i,etc • Boston, 08/2004 11

  12. State of the art of SIP security State of the art of SIP security • • end end- -to to- -end mechanisms : end mechanisms : 1. 1. basic SIP authentication, basic SIP authentication, 2. digest authentication and digest authentication and 2. 3. 3. S/MIME application layer encryption. S/MIME application layer encryption. • hop • hop- -by by- -hop mechanisms hop mechanisms are implemented are implemented on lower protocol layers, and is not a on lower protocol layers, and is not a feature of SIP itself. They include include feature of SIP itself. They 1. IPSec (IP security), 1. IPSec (IP security), 2. TLS (Transport Layer Security), with SIPS TLS (Transport Layer Security), with SIPS 2. URI scheme when TLS is used. URI scheme when TLS is used. Boston, 08/2004 12

  13. What if you start from the beginning? What if you start from the beginning? • • We start from user requirements We start from user requirements • • We start from a scenario We start from a scenario • We want to protect the whole communication • We want to protect the whole communication scenario scenario • The previous solutions secure specific layers and The previous solutions secure specific layers and • should be used as a toolkit for complex scenarios. should be used as a toolkit for complex scenarios. • Security level should be set on the basis of the Security level should be set on the basis of the • profile or the user’s decisions. profile or the user’s decisions. Boston, 08/2004 13

  14. A Simple Scenario example A Simple Scenario example • • a distant terminal (belonging to the provider) a distant terminal (belonging to the provider) communicates with a wireless home network communicates with a wireless home network component component • Devices may have low computational capacities or be • Devices may have low computational capacities or be battery- -supplied supplied battery a security- -dedicated entity is needed (the Residential dedicated entity is needed (the Residential a security ? ? Gateway). It performs heavy cryptographic Gateway). It performs heavy cryptographic operations. operations. two cases: two cases: ? ? 1. 1. The device belongs to the HN owner The device belongs to the HN owner 2. 2. The device belongs to the provider but is located into The device belongs to the provider but is located into the HN the HN Boston, 08/2004 14

  15. Security policy policy : case 1 : case 1 Security • RG and each component share a secret used to cipher RG and each component share a secret used to cipher • session- -keys while distributed. This secret may be exchanged keys while distributed. This secret may be exchanged session when a component joins the network for the first time or when a component joins the network for the first time or during the device discovery phase. during the device discovery phase. • The RG negotiates authentication and session keys for the The RG negotiates authentication and session keys for the • Home Network components. Keys are periodically Home Network components. Keys are periodically refreshed, and act as logical access tokens. refreshed, and act as logical access tokens. • Anti Anti- -replay achieved by means of sequence numbers or replay achieved by means of sequence numbers or • counters. counters. • • Confidentiality is achieved by symmetric stream (layer2) Confidentiality is achieved by symmetric stream (layer2) encryption. Message authentication with HMAC guarantees encryption. Message authentication with HMAC guarantees also integrity. also integrity. • In order to prevent a rogue CN from controlling a In order to prevent a rogue CN from controlling a • component, incoming messages are systematically checked. component, incoming messages are systematically checked. Boston, 08/2004 15

  16. Security policy policy : case 1 : case 1 Security Public Public network R network G Interactions Provider domain Carrier domain Home network domain Boston, 08/2004 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2 Why is WPA3

853 views • 28 slides
Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline Motivation Threat model and specific attacks Security architecture Security analysis Certificate revocation

751 views • 43 slides
Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br Instituto de Informtica UFRGS Securing Networks in the Programmable Data Plane Era Network softwarization : the first wave P4 programs are

607 views • 12 slides
Measuring Home Networks with HomeNet Profiler Lucas Di Cioccio (Technicolor/UPMC) Renata

Measuring Home Networks with HomeNet Profiler Lucas Di Cioccio (Technicolor/UPMC) Renata

Measuring Home Networks with HomeNet Profiler Lucas Di Cioccio (Technicolor/UPMC) Renata Teixeira (CNRS/UPMC) Catherine Rosenberg (University of Waterloo) What do home networks look like? How many devices connect to home networks? What

609 views • 19 slides
Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Benjamin Braun, Klemens Mang Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to detect attackers accessing your service? How to analyze attack patterns? How to detect yet unknown attack

246 views • 13 slides
Securing 5G Networks Stavros Papadopoulos, Anastasios Drosou, and Dimitrios Tzovaras 5 th

Securing 5G Networks Stavros Papadopoulos, Anastasios Drosou, and Dimitrios Tzovaras 5 th

Behavioural Network Traffic Analytics for Securing 5G Networks Stavros Papadopoulos, Anastasios Drosou, and Dimitrios Tzovaras 5 th International Workshop on 5G Architecture (5GARCH) Presenter: Dr. Stavros Papadopoulos Post-doctoral research

426 views • 23 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle,

Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle,

Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle, dnelle@uni-potsdam.de Thomas Scheffler, thomas.scheffler@htw-berlin.de ANRW 2019, Montreal, July 22nd 2019 Outline Security issues in ICMPv6 Stateless

663 views • 21 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas

- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas

- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel Overview 1. Automotive Networks 2. SecVI Research Project 3. Software-Defined Networking

344 views • 31 slides
Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer

Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer

QCon SF 2010 file:///home/recht/projekt/qcon/wed/Securing the w... Securing the Social Web by Moving Beyond Client-Server Security Tyler Close Google, engineer Client-Server Model Isolated clients connect to a single server. One

448 views • 6 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Diagnosing: Home Wireless & Wide-area Networks Partha Kanuparthy, Constantine Dovrolis

Diagnosing: Home Wireless & Wide-area Networks Partha Kanuparthy, Constantine Dovrolis

Diagnosing: Home Wireless & Wide-area Networks Partha Kanuparthy, Constantine Dovrolis Georgia Institute of Technology 1 Monday, February 13, 2012 1 Two Parts Diagnosing home wireless networks [CCR12] Joint work between GT,

742 views • 57 slides
WTF? Locating Problems in Home Networks Srikanth Sundaresan Nick Feamster Georgia Tech Renata

WTF? Locating Problems in Home Networks Srikanth Sundaresan Nick Feamster Georgia Tech Renata

WTF? Locating Problems in Home Networks Srikanth Sundaresan Nick Feamster Georgia Tech Renata Teixeira, INRIA Ongoing work with Federal Communications Commission. BISmark: A platform to study home networks BISmark Gateway ISP Network Internet

531 views • 23 slides
An Architecture of a Network Controller for QoS Management in Home Networks with Lots of IoT

An Architecture of a Network Controller for QoS Management in Home Networks with Lots of IoT

An Architecture of a Network Controller for QoS Management in Home Networks with Lots of IoT Devices and Services Daisuke Kotani (Kyoto University) IoT Services in Home 2019/1/13 2 l So many use cases are proposed u Energy monitoring and

488 views • 19 slides
Regulatory policy and the roll- out of fj bre to the home networks FTTH Council Europe Webinar

Regulatory policy and the roll- out of fj bre to the home networks FTTH Council Europe Webinar

Regulatory policy and the roll- out of fj bre to the home networks FTTH Council Europe Webinar 29th October 2012 Christian Koboldt & John Gunnigan 1 The case for fj bre to the home Low latency High bandwith Consistent (both down-

396 views • 10 slides
ProtocolstoEfficientlySupport NestedNEMO(NEMO+) Ben McCarthy, Matthew

ProtocolstoEfficientlySupport NestedNEMO(NEMO+) Ben McCarthy, Matthew

ProtocolstoEfficientlySupport NestedNEMO(NEMO+) Ben McCarthy, Matthew Jakeman, Dr Chris Edwards (Lancaster University) Pascal Thubert (Cisco Systems) PresentationOverview PresentationOverview Background:

320 views • 12 slides
Handling Mobility and Mul/-homing in the IP Internet

Handling Mobility and Mul/-homing in the IP Internet

11/10/16 CMPE 252A 252A: : Comput omputer er Communica ommunication ion SET 12: 12: Handling Mobility and Mul/-homing in the IP Internet 1 Why Are Mobility and Multi-Homing Important

583 views • 12 slides
ECEN 5032 Data Networks Course Description Peter Mathys mathys@colorado.edu University of

ECEN 5032 Data Networks Course Description Peter Mathys mathys@colorado.edu University of

ECEN 5032 Data Networks Course Description Peter Mathys mathys@colorado.edu University of Colorado, Boulder Data Networks, Course Description, c 19962005, P . Mathys p.1/6 Class, Instructor, Book Class: MWF 1-1:50 am, ECEE

661 views • 6 slides
Chapter 6 make it so complicated that there are no obvious Using UML, Patterns, and Java System

Chapter 6 make it so complicated that there are no obvious Using UML, Patterns, and Java System

Design Object-Oriented Software Engineering There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to Chapter 6 make it so complicated that there

138 views • 10 slides
Layout and Animation Language Why Would I Walk Through Mud? Ras Bodik, Thibaud Hottelier, James

Layout and Animation Language Why Would I Walk Through Mud? Ras Bodik, Thibaud Hottelier, James

Layout and Animation Language Why Would I Walk Through Mud? Ras Bodik, Thibaud Hottelier, James Ide, Doug Kimelman (IBM), Kimmo Kuusilinna (Nokia), Per Ljung (Nokia) # NY Times 2 How Fancy Layout Are Created Today Pick a canned layout from

509 views • 18 slides
Inside Firefox Robert O'Callahan robert@ocallahan.org Mozilla An open Internet An open Web A

Inside Firefox Robert O'Callahan robert@ocallahan.org Mozilla An open Internet An open Web A

Inside Firefox Robert O'Callahan robert@ocallahan.org Mozilla An open Internet An open Web A level playing field Our tool: Firefox Overview Why Web browsers are hard Mozilla development processes and tools Running a successful

350 views • 33 slides
COURSE OVERVIEW WEB SKILL SETS Front end Back end Design Front-End Back-End MY BLOG HTTP

COURSE OVERVIEW WEB SKILL SETS Front end Back end Design Front-End Back-End MY BLOG HTTP

CS 498RK FALL 2017 COURSE OVERVIEW WEB SKILL SETS Front end Back end Design Front-End Back-End MY BLOG HTTP POST This is my first post. ADD POST API DATABASE HTTP GET MY BLOG 02/23/15 This is my first post. NEW POST Client

356 views • 33 slides
Towards Dynamic Scripted pNFS Layouts Ma#hias Grawinkel , Tim

Towards Dynamic Scripted pNFS Layouts Ma#hias Grawinkel , Tim

Towards Dynamic Scripted pNFS Layouts Ma#hias Grawinkel , Tim S, Gregor Best, Ivan Popov, Andr Brinkmann MoDvaDon Massive amounts of data Huge variety in:

495 views • 15 slides

More recommend