Secure universal plug and play network

Vesa Pehkonen, Juha Koivisto

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationSixth International Conference on Information Assurance and Security, IAS 2010
Place of PublicationPiscataway, NJ, USA
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages11-14
ISBN (Electronic)978-1-4244-7409-7
ISBN (Print)978-1-4244-7407-3
DOIs
Publication statusPublished - 2010
MoE publication typeA4 Article in a conference publication
EventSixth International Conference on Information Assurance and Security, IAS 2010 - Atlanta, GA, United States
Duration: 14 Oct 2010 → …

Conference

ConferenceSixth International Conference on Information Assurance and Security, IAS 2010
Abbreviated titleIAS 2010
CountryUnited States
CityAtlanta, GA
Period14/10/10 → …

Fingerprint

Network protocols
Network architecture
Authentication
Cryptography
Specifications

Cite this

Pehkonen, V., & Koivisto, J. (2010). Secure universal plug and play network. In Proceedings: Sixth International Conference on Information Assurance and Security, IAS 2010 (pp. 11-14). Piscataway, NJ, USA: Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ISIAS.2010.5604189
Pehkonen, Vesa ; Koivisto, Juha. / Secure universal plug and play network. Proceedings: Sixth International Conference on Information Assurance and Security, IAS 2010. Piscataway, NJ, USA : Institute of Electrical and Electronic Engineers IEEE, 2010. pp. 11-14
@inproceedings{2fdb73e2f59c4f098c37e3bff641e42a,
title = "Secure universal plug and play network",
abstract = "Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)",
author = "Vesa Pehkonen and Juha Koivisto",
year = "2010",
doi = "10.1109/ISIAS.2010.5604189",
language = "English",
isbn = "978-1-4244-7407-3",
pages = "11--14",
booktitle = "Proceedings",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Pehkonen, V & Koivisto, J 2010, Secure universal plug and play network. in Proceedings: Sixth International Conference on Information Assurance and Security, IAS 2010. Institute of Electrical and Electronic Engineers IEEE, Piscataway, NJ, USA, pp. 11-14, Sixth International Conference on Information Assurance and Security, IAS 2010, Atlanta, GA, United States, 14/10/10. https://doi.org/10.1109/ISIAS.2010.5604189

Secure universal plug and play network. / Pehkonen, Vesa; Koivisto, Juha.

Proceedings: Sixth International Conference on Information Assurance and Security, IAS 2010. Piscataway, NJ, USA : Institute of Electrical and Electronic Engineers IEEE, 2010. p. 11-14.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Secure universal plug and play network

AU - Pehkonen, Vesa

AU - Koivisto, Juha

PY - 2010

Y1 - 2010

N2 - Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)

AB - Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)

U2 - 10.1109/ISIAS.2010.5604189

DO - 10.1109/ISIAS.2010.5604189

M3 - Conference article in proceedings

SN - 978-1-4244-7407-3

SP - 11

EP - 14

BT - Proceedings

PB - Institute of Electrical and Electronic Engineers IEEE

CY - Piscataway, NJ, USA

ER -

Pehkonen V, Koivisto J. Secure universal plug and play network. In Proceedings: Sixth International Conference on Information Assurance and Security, IAS 2010. Piscataway, NJ, USA: Institute of Electrical and Electronic Engineers IEEE. 2010. p. 11-14 https://doi.org/10.1109/ISIAS.2010.5604189