home network security and pki role - sakurai...
TRANSCRIPT
www.softforum.com1
2004.9
Home Network Security Home Network Security and PKI Roleand PKI Role
www.softforum.com2
Definition of Home Network
What is considered Home Network here?
Home Network is the network where all digitalized appliances are connected-By networking home devices provide home automations and user convenience -Examples of Home Networking Items
-Turning on the Heating/Air Conditioning System using cell phone prior to arrival-Centralizing the lighting system and able to program using home PC-Locking and Unlocking windows, rooms, garage and main entrance-Monitoring motion sensors or video surveillance-Online banking or credit card payment on TV set top box during home shopping-Recording a favorite TV programs away from home using phone or internet-Activate and control robotic vacuum cleaners over internet or wireless device-Managing utility (Electric, Gas etc) usage and control for maximize energy savings-More…..
www.softforum.com3
Home Network Structure
Typical Home Network Layout
INTERNET
xDSL
Cable/Wireless Area Community Area
CableService
Fiber
PC & Office Device
AV & Entertainment
House Appliance
Wireless Cyber Home
PLCHomeRF
IrDA(Infrared)EthernetIEEE1394
(Direct CableEtc.
User
CDMA 2000 1X, 1x EV-DO, W-
CDMAPortable Internet
Home Network Server
APWLAN Application Server
Wireless
Local Broadcasting P.P
Telematics
Core Network Home Gateway Home Network Net Terminal
HomeGateway
Resident Area
Residential ManagementSystem (RMS)
www.softforum.com4
Home Network Technology
What’s Available Now
- Protocol Converter
- Bridge- Router- Traffic Isolation
- Security- Home Automat.
- EnergyManage
PSTN
HWW HAVi Jini
Home Server
802.11, 15
HomeRF
Bluetooth
Wireless
Home PNA
IEEE1394
Cable
ISDN
xDSL
Cable
B-WLL
Wireless
Satellite
Mobile OperatorHome
Network
UPnP
Voice
Data
Comm Device
Remote Metering Metering Device
Internet PC Notebook
PDA Scanner
Data Device
X.10
PLC
DVHS
DTV
Video Phone
Audio
Appliance
STB
Middleware
Refrigerator
Washer
Home Gateway Home Network TerminalsAccess Network
www.softforum.com5
Home Network Standard
Standards Available
①① Home Server/Home Gateway
• Home PNA, PLC, IEEE1394, Bluetooth, Home RF can interface with local home
digital appliances
• What can be Home Server : Digital TV, PC, Internet Refrigerator etc. any appliance
which cab be hook up 24/7.
Home Network Standards in the area of Home Server, Middleware standard, and communication protocol.
②② Middleware• Living Network, A/V Network, PC Network.
• HAVi (Home Audio Video interoperability ), UPnP (Universal Plug and Play – MS
central requires high memory and CPU), OSGi (Open Services Gateway initiative), Jini – Sun Supported, high cost due to each JVM installation
Home Server connects where ADSL or dedicated line, ISDN brings external internet meets with home appliances.
Middleware plays all communication protocol between Home server and Appliances.
③③ Communication Protocol• Wire : Home PNA (Home Phone line Networking Alliance), IEEE1394, PLC etc
• Wireless : Home RF (Home Radio Frequency), Bluetooth, IrDA (Infrared Data
Association) etc.
Wireless and Wire
www.softforum.com6
Central Hub – Home GW
Home Network Hub – Home Gateway
Home Gateway should act as internet device, set top box
and other communication channel.
Gateway must be protected from unwanted visitors over the
network
Gateway provides access control, home automation and
total security control management
Home Network Trend
Centralizing Appliances through Home Gateway
We need to develop gateway to interoperate with already
existing schemes of digital appliances
There is possibility for existing set top box or game
machines can play as gateway in the future
24X7 available appliances are good candidate for gateway
Security is critical to home gateway for passing all information though central location
Existing ServiceExisting Service Home Gateway Service Home Gateway Service
Telecom
ISP
CATV
Security Co
Phone
Modem/PC
Set top/TV
CCTV
Voice
Internet
Cable TV
Security Service
Telecom
ISP
CATV
Security Co
Phone
PC
TV
CCTV
Home Gateway
Appliance
www.softforum.com7
Home Network Security Issue
PKI’s Role in Protecting Home Network
Digital Signature
All actions must have evidence and should be non-repudiated
Non-Repudiation
DRM
Certificate
Digital Signature
Encryption/Decryption
Digital rights to contents.How to protect piracy?
Digital Rights Management
Can someone else login to my home network?Is the person I’m communicating with is the right person?
Authentication
Can someone alter my TV internet election vote decision?Can someone send me the incorrect billing?
Integrity
Can someone else view my video surveillance?Can someone else listening my communication?
confidentiality FigureQuestion보안 이슈
Eavesdrop
Fraud
Impersonating
Issue Question Figure
claimSender Rec
?
Solution
ServiceProvider
ConsumerRights
Piracy
www.softforum.com8
Home Network Security Example
Example Securing Home Network
Security ThreatSecurity Threat
Security hole in Home Automation can threaten financial status and privacy of networked homes.
-DOS attack on Home Gateway must be prevented to protect valuable assets or information
Home Gateway
DOS Attack to obtain
authorization
Detection orEavesdropping
Obtain access to Security
alarm, Home control
Secure SolutionSecure Solution
To prevent attacker, following items can be applied• Channel Encryption between User& Home Gateway • Certificate based Authentication
Unable to intercept
Attacker
Secure Channel Firewall
Certificate basedAuthentication
Home Gateway
www.softforum.com9
Home Network Secured Area
Where Security is applied
Phone Co.
ISP
CATV
Security Co.
Phone
PC
DTV
Alarm
ResidentialGateway
Appliance Co.
Banks
Mall
Broadcasting
A/V
Secure ChannelSecure ChannelSecure Channel
User User AuthenticationAuthentication
Service Provider/External Network Service User/Internal Network
INTERNET
FirewallFirewall
DigitalDigitalSignatureSignature
DigitalDigitalSignatureSignature
DigitalDigitalSignatureSignature
User User AuthenticationAuthentication
DRMDRM
User User AuthenticationAuthentication
Secure ChannelSecure ChannelSecure Channel
www.softforum.com10
Residential Management System
RMS is important gateway for flowing of information from external source to internal home appliances. All information passing through RMS must be secured from unwanted forces.
RMS Security AdvantageRMS Security Advantage
Authenticate all users connecting to RMSAuthorization to G/W and privileged servicesApply encryption to sensitive informationRMS can be provided by service provider such as ISP, Cable TV operator or it can be located on residential community
Home Network Application Overview
Browser
Appliance
Residential Gateway
Users
RMS
Telephone
PC
DTV(IP Set top)
WallPad
•Control InformationInternet
•User Information•Control Information
Secure Channel
Security Module
Authenticate
Security Module
Security Module
www.softforum.com11
Sectional Security Requirements
• For example, low usage such as Bluetooth can use ID/Pwdmutual authenticationID/Password based
• Certificate based mutual authentication• Biometric authentication
EAP-TLS/Biometric AuthenticationWireless
Access Authentication
• Appliance & G/W mutual authentication기기/GW인증
• Based on security protocol, apply secure encryptionSecure ChannelAppliance Authentication
G/W Appliances
• RMS verifies secure G/W and • G/W verifies correct RMS.
Server/GW Secure Authentication
• Data Encryption between RMS and G/WSecure ChannelHome Automation server AuthenticationRMS G/W
• User AuthenticationUser/Server Auth
• Provide Encryption Library to various Middleware protocolsSecure ChannelFor services without RMS
Appliance External
• Example of content paymentsG/W Authentication
• Contents or Service authorization and authenticationSecure ChannelService or Content Authentication
Application
• Certificate based user/server authentication• Based on user profile, authorization to connect to Home
gateway
• Secured data communication between RMS and Web browser/PDA
• End-to-End security
Description
Authenticate Home Network Users
Secure Channel
Applied Security
Client/Server Security
WEB RMS(Residential Management
System)
Section
www.softforum.com12
Certificate UsageCertificate Usage
Limitation to certificate management : Difficult to manage certificate to digitalized home appliances. It would be recommended to store certificate to home PC or IT-STB to roaming it around the appliances whenever necessary.Home Security Manager tool is required to manage certificate usage
T-banking
IP-STBGateway
Certificate
Security Auth Mod
I-Banking Server
Internet
Public CA
I-shopping Server
Private CA
User
Auth Mod
Auth Mod
Public Authentication
Private Authentication
PKI Role in Home Networking
How to manage Certificates
Either from Home to Outside or Outside to Home, all authentication is forced to present certificates.
www.softforum.com13
PKI Role in Home Networking
HSM (Home Security Manager) Overview
HSM (Home Security Manager) is security tool to manage home network area such as public certificate management, roaming of certificate, private certificate issuing & management, and electronic wallet management etc.
HSM FeaturesHSM Features
Appliance Search: Able to search appliances with Home Security Agent such as Home Gateway, D-TV, IP-STB etc Electronic Wallet Management : Wallet View/Edit, Wallet Roaming.Certificate Management : Public Certificate Roaming, Certificate PWD Management, Generating Private certificateAuthorization Management : Access ControlData Security : Elec. Wallet on the appliances or content encryption and protectionSupported Appliance : RGW, IP-STB, DTV-STB, REF, LNDRY, LIGHT, CAM, DOOR, SVR etc.Appliance Manufacturer : ICROSS, SNET, IBRIGE, COMMAX, SAMSUNG HEAVY INDUSTRY etc (more to come)
Certificate or electronic
wallet management
via PC etc.
Automatic control of home network appliances
Certificate
Electronic Wallet
PC
HSA
Electronic Wallet
HSA : Home Security Agent
Certificate
HSM
• Send
HSM : Home Security Manager
Home Security Manager Main Screen