Secure universal plug and play network

Vesa Pehkonen; Juha Koivisto

doi:10.1109/ISIAS.2010.5604189

Secure universal plug and play network

Vesa Pehkonen
, Juha Koivisto

VTT Technical Research Centre of Finland

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

6 Citations (Scopus)

Abstract

Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)

Original language	English
Title of host publication	Proceedings
Subtitle of host publication	Sixth International Conference on Information Assurance and Security, IAS 2010
Place of Publication	Piscataway, NJ, USA
Publisher	IEEE Institute of Electrical and Electronic Engineers
Pages	11-14
ISBN (Electronic)	978-1-4244-7409-7
ISBN (Print)	978-1-4244-7407-3
DOIs	https://doi.org/10.1109/ISIAS.2010.5604189
Publication status	Published - 2010
MoE publication type	A4 Article in a conference publication
Event	Sixth International Conference on Information Assurance and Security, IAS 2010 - Atlanta, GA, United States Duration: 14 Oct 2010 → …

Conference

Conference	Sixth International Conference on Information Assurance and Security, IAS 2010
Abbreviated title	IAS 2010
Country/Territory	United States
City	Atlanta, GA
Period	14/10/10 → …

Access to Document

10.1109/ISIAS.2010.5604189

Cite this

@inproceedings{2fdb73e2f59c4f098c37e3bff641e42a,

title = "Secure universal plug and play network",

abstract = "Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)",

author = "Vesa Pehkonen and Juha Koivisto",

year = "2010",

doi = "10.1109/ISIAS.2010.5604189",

language = "English",

isbn = "978-1-4244-7407-3",

pages = "11--14",

booktitle = "Proceedings",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

address = "United States",

note = "Sixth International Conference on Information Assurance and Security, IAS 2010, IAS 2010 ; Conference date: 14-10-2010",

}

Pehkonen, V & Koivisto, J 2010, Secure universal plug and play network. in Proceedings: Sixth International Conference on Information Assurance and Security, IAS 2010. IEEE Institute of Electrical and Electronic Engineers, Piscataway, NJ, USA, pp. 11-14, Sixth International Conference on Information Assurance and Security, IAS 2010, Atlanta, GA, United States, 14/10/10. https://doi.org/10.1109/ISIAS.2010.5604189

Secure universal plug and play network. / Pehkonen, Vesa; Koivisto, Juha.
Proceedings: Sixth International Conference on Information Assurance and Security, IAS 2010. Piscataway, NJ, USA: IEEE Institute of Electrical and Electronic Engineers, 2010. p. 11-14.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Secure universal plug and play network

AU - Pehkonen, Vesa

AU - Koivisto, Juha

PY - 2010

Y1 - 2010

N2 - Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)

AB - Universal Plug and Play (UPnP) is a set of specifications to enable and simplify the networking of electronic devices. UPnP does not generally provide any security and assumes that only trusted devices have access to the network. For networks where untrusted devices have to be taken into account, this paper proposes a secure UPnP network architecture, including key management. The architecture uses Transport Layer Security (TLS) to secure all TCP traffic, which carries most of UPnP messages. To establish a TLS session, each node must have an X.509 certificate for authentication. Certificates are granted by a local Certificate Authority (CA) but only if the Administrator has accepted the new node. UPnP discovery phase uses User Datagram Protocol (UDP) where it is not possible to use TLS, but we encrypt UDP data. UDP encryption key is shared by the whole network and distributed using TLS. We verified the architecture by implementation. (9 refs.)

U2 - 10.1109/ISIAS.2010.5604189

DO - 10.1109/ISIAS.2010.5604189

M3 - Conference article in proceedings

SN - 978-1-4244-7407-3

SP - 11

EP - 14

BT - Proceedings

PB - IEEE Institute of Electrical and Electronic Engineers

CY - Piscataway, NJ, USA

T2 - Sixth International Conference on Information Assurance and Security, IAS 2010

Y2 - 14 October 2010

ER -

Secure universal plug and play network

Abstract

Conference

Access to Document

Fingerprint

Cite this