On Securing Home Networks
Senthil Sengodan,Robert Ziegler Linda Edlund Nokia Research Center Ericsson Telecom AB 5 Wayside Road P.O. Box 1885 Burlington, MA 01803, USA SE-581 17 Linkoping, Sweden {senthil.sengodan,robert.ziegler}@nokia.com linda.edlund@home.se
Abstract Home networking has widely been touted as the next frontier in the Internet and technology revolution. Within the home network itself, several technologies such as Bluetooth, 802.11, UPnP, JINI, HAVi, HomePNA, HomeRF, etc. have emerged. While some of these are competing technologies, others can act as complementary technologies. Alongside the development of these technologies, has risen the interest/need for secure and flexible delivery of services from a Wide Area Network (WAN) to such home networks. In this paper, we take a two-pronged approach. Firstly, an overview of the security features in several of the home networking technologies mentioned above, are discussed. Secondly, security aspects involved in service delivery from a WAN to a home network, are discussed. A discussion of personal firewalls, and the general trend of moving policy/firewall functionality to the edge is also made – within the context of home networks. Key words: home networks, security, personal firewalls, OSGi
1 Introduction The last couple of years have seen dramatic activity in the specification and standardization of home networking solutions. Home networking technologies that are used as an infrastructure for the transport of signaling and media, have seen rapid advances. This includes wireless technologies that may be used within the home such as Bluetooth, 802.11 and HomeRF. Similarly, networking technologies that are used to interconnect the home network with the Wide Area Network (WAN) have also matured. With the availability of network infrastructure technologies, the need for the development and standardization of middleware technologies arose. Technologies such as UPnP, HAVi, Jini and OSGi began to emerge, facilitating the ease of service/application development and deployment; and the ease of use by the end-user. The need for providing adequate security services to the different players – end-user, operator, service provider etc. – is paramount. Such security services include authentication, confidentiality, integrity, access control and possibly non-repudiation. In this paper, we discuss various aspects dealing with security of home networks. 2 Network Infrastructure and Communication Protocols The nature of the network infrastructure technology has an impact on the security of the entire system. Certain network infrastructure technologies are inherently more secure than others. Similarly, the security mechanisms incorporated within certain communication protocols are more sophisticated than those in others. We discuss two different categories:
2.1 Home Network Infrastructure technology The four main technologies for home network infrastructure are: (1) Phone-line based (2) Power-line based (3) Wireless technologies (4) Bus-based technologies. While security has been explicitly addressed at times, at other times security has been left to higher layers to handle. Where security has been specified, it is important that interoperability exists between the different implementations. The most popular phone-line based specifications are the two specifications by the Home Phoneline Networking Alliance (HomePNA) – Specification 1.0 at 1 Mbps and Specification 2.0 at 10 Mbps. The technology leverages off IEEE 802.3 (Ethernet) technology – HomePNA frames are similar, and the Medium Access Control (MAC) protocol is Carrier Sense Multiple Access with Collision Detection (CSMA/CD). Neither the physical layer [4] nor the link layer [5] specifications of the HomePNA specifications contain any explicit provisions for security. The most popular power-line based specification is that specified by the HomePlug Powerline Alliance. The alliance, after evaluating various powerline networking candidate solution, decided to adopt Intellon’s PowerPacket™ solution. This is an integrated physical and MAC solution that operates in the 4.3MHz – 20.9 MHz range, and is capable of achieving data rates of 14 Mbps. The MAC protocol is CSMA/CA. The PowerPacket™ technology also boasts secure communication. Other power-line networking solutions include X-10 (legacy, mainly unidirectional, used for controlling home lighting, appliances, heating etc.) and proprietary protocols by Enikia Incorporated (which provides security by using a 3-way handshake protocol and a token bus based Secure Sparse Token MAC protocol) and Inari. LonWorks by Echelon is yet another popular power-line technology, that has been standardized by the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE) and other bodies. Some of the popular wireless technologies for home networking include IEEE 802.11 (wireless LAN), Bluetooth, HomeRF, Digital Enhanced Cordless Telecommunications (DECT) etc. Due to the ease of eavesdropping in wireless technologies, the need for security is great. Consequently, all wireless technologies have incorporated security features into them. DECT uses dynamic channel selection and encryption techniques to prevent against eavesdropping, while Bluetooth and IEEE 802.11 have mechanisms for encryption as well. Bluetooth uses a stream cipher algorithm for encryption, IEEE 802.11 uses a 64-bit shared key encryption mechanism within its security mechanism termed WEP, while HomeRF uses a 56-bit shared key encryption mechanism. The popular high-speed bus technologies include the Universal Serial Bus (USB), the IEEE 1394 standard, and the IEEE 802.3 (Ethernet) standard. The USB 2.0 Specification does not explicitly mention security at all. IEEE 1394’s "5C" mechanism protects content that flows over the 1394 bus. In addition, service providers may incorporate their own content protection mechanisms.
2.2 Home Network Interconnectivity technology Some of the popular network infrastructure technologies for connecting a home network to a Wide Area Network (WAN) include Digital Subscriber Line (xDSL), Cable, Multichannel Multipoint Distribution System (MMDS), Local Multipoint Distribution System (LMDS), satellite technologies and powerline technologies. Since xDSL involves a dedicated physical line between the customer premises and the Central Office (CO), the chances of eavesdropping are small. When cable technology or wireless technologies such as MMDS, LMDS and satellite are used, the shared nature of the medium among several subscribers, implies that more sophisticated mechanisms are needed to prevent eavesdropping. The always-on nature of these technologies, while a convenience to subscribers, is an added security threat. Once an attacker is able to penetrate a user’s home network, he/she could potentially do one of two things:
The use of personal firewalls, as described in a later section, decreases the chances of an attacker successfully attacking a user’s home network. In addition, some recent effort within the IETF that facilitate in countering DDoS attacks include:
3 HAVi, Jini, UPnP, OSGi The Home Audio/Video Interoperability (HAVi) provides middleware in terms of a set of APIs that can be used to develop multimedia applications. HAVi devices use the IEEE 1394 technology as the underlying network technology. HAVi has security mechanisms built-in to protect against malicious applications:
The Universal Plug and Play (UPnP) uses open technologies and standards in order to communicate between devices. Such technologies include HTML/XML, HTTP and TCP/IP. Consequently, the security features that are available within these open standards, are applicable to UPnP as well. For instance, some of the security features that are provided within XML are – XML Access Control, XML Digital Signatures, and XML field encryption. Similarly, HTTP provides two mechanisms for authentication – basic and digest. The TCP/IP protocol suite includes the Transport Layer Security (TLS) and the IP Security (IPSec) protocols for security. Jini utilizes Java technology as a foundation. Consequently, the security features provided by Java 2 are directly applicable to Jini. For instance, the set of lookup services that a Jini service/application can discover is limited by access control policies determined by the Permissions class. Jini defines the net.jini.discovery.DiscoveryPermission class for this purpose. The Open Services Gateway Initiative (OSGi) provides an API that enables the easy development and deployment of new services. The API is based on the Java 2 platform, and leverages off the security capabilities offered by the Java 2 platform. The security specification, currently under development, is expected to be released with the next version of the OSGi specification. Some of the security features within the OSGi specification include:
4 Private Addressing, Personal Firewalls and VPNs 4.1 Private Addressing Private IPv4 addresses may be assigned to devices within a home network in order to cope with limited IPv4 address space. Since assignment of private IP addresses comes with no added cost to the user, this is attractive from a pricing perspective as well. However, when a device within the home network needs to communicate with a device that is outside the home network, one of two possible approaches is resorted to:
One of the security related features that NAT provides is the privacy of the endpoint within the home network. The remote endpoint outside the home network is not aware of the IP address or topology of the local endpoint within the home network. When a local and a remote endpoint communicate with each other at two different instances, the NAT feature prevents the remote endpoint from detecting that it is the same local endpoint, thereby facilitating privacy. There are two flavors of NATs that are commonly used within home networks – basic NAT and Network Address Port Translators (NAPT). With basic NAT, a subscriber with only one public IP address can have only one device within the home network communicating with a remote device outside the home network, at any given instance. However, with NAPT, although a subscriber may have only one public IP address, several devices within the home network may communicate with devices outside the home network simultaneously. The reason is that while basic NATs bind private IP addresses to public IP addresses, NAPTs bind a private transport address (IP address and port) to a public transport address. Thus, several devices within the home network may be bound to the same public IP address, while being distinguished by different port numbers. Although NATs provide privacy to some extent, they suffer from a serious security drawback, in that they break the end-to-end IP Security (IPSec) security model. When a local endpoint within the home network establishes an IPSec Authentication Header (AH) or Encapsulating Security Payload (ESP) Security Association (SA) for packet authentication purposes, any modification in the IP address and/or port number by the NAT would result in the packet being discarded at the remote endpoint. Using RSIP, a home user can obtain end-to-end IPSec authentication while coping with the problem of limited IPv4 addresses. Since a public transport address is assigned a local device communicating with a remote endpoint outside the home network, no address/port translation is needed, thereby facilitating interworking with IPSec authentication. 4.2 Personal Firewalls Firewalls have traditionally been used at the periphery of corporate networks, in order to protect these networks from outside attacks. In addition, they also act as a policy enforcement point whereby different policies may be enforced for different users/hosts within the protected domain. With the proliferation of networked devices within a home network, firewalls protecting home networks are desirable. These firewalls are typically referred to as personal firewalls. Typically, firewalls have come in three categories:
In light of the unsuitability of some of the traditional firewall solutions for home networks, newer solutions are being considered. One technique that holds promise is based on a Firewall Control Interface between a device within the home network and the firewall. Using such an open interface, all application level functionality can be moved towards the end-devices, and the end-device controls the firewall to allow legitimate traffic to pass through. 4.3 Virtual Private Networks (VPN) Users within a home network may need to connect securely with a remote network (such as a corporate network) while traversing through an insecure network (such as the public Internet). Some commonly used mechanisms to achieve this include the Layer 2 Tunneling Protocol (L2TP) and IP Security (IPSec) used in the tunnel mode. 5 Conclusion Although tremendous progress has been made within the home networking industry in recent years, several challenges remain. Particularly, making such systems secure from an end-to-end perspective is a critical area that needs greater investigation. For instance, one may have a scenario where Jini is used to discover available services within a community, following which an OSGi bundle is installed within the residential gateway, and HAVi is used to actually deliver the service itself. In such a case, the interworking of different technologies requires greater investigation into the security implications. Personal firewalls at the edges of the home network are beginning to become necessary specifically with the prevalent use of "always-on" technologies such as DSL and cable-modem. Suitable and user-friendly techniques are still lacking in this area, and a "firewall control interface" solution seems to hold most promise. Other standardization efforts within the IETF – such as for ICMP traceback and intrusion detection – were also discussed in the context of DDoS attack prevention.
References
|