25 july, 2014 hailiang mei, h.mei@tue.nl tu/e computer science, system architecture and networking 1...
Post on 31-Mar-2015
214 Views
Preview:
TRANSCRIPT
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
1
Hailiang MeiH.Mei@tue.nl
Security and Privacy Concern in Remote Personal Device Management
Framework
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
2
Outline
• Background of RPDM– Why RPDM is important
• Security threat– Attack tree model and threat analysis
• Examining current RDM systems– SNMP, VNC, MRDP, Web-based
• Design of RPDM framework– Based on SyncML DM
• Conclusion and future work
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
3
Background of RPDM
3 Repair
2 Diagnosis
1 Observing
Remote server
Remote server can be within local network or at service provider’s site
Self observes problem + Remote diagnosis + Remote Repair
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
4
Why RPDM is Important?
• Recent studies show that there are at least 4 times as many electronic machines in the world as there are people. – This gap is still increasing fast– New devices require maintenance, but personnel
are expensive
• An online survey shows 57% users feel befuddled by their computer, mobile phone, home security system, etc.
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
5
Outline
• Background of RPDM– Why RPDM is important
• Security threat– Attack tree model and threat analysis
• Examining current RDM systems– SNMP, VNC, MRDP, Web-based
• Design of RPDM framework– Based on SyncML DM
• Conclusion and future work
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
6
Attack Tree Model
Threats
Unintended threats
Deliberate threat (attack)
Nature threats
Removing important
component
Lost password
Active Passive
Interception
Traffic analysis
Repudiation
DoS
Interruption
Impersonation
Replay
Modification
Dictionary attack
We are going to prevent
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
7
Threat Analysis (one example)
Security requirement
Attack Techniques Confidentiality
Integrity Availability
Non-repudiation
VR
R.1 (Impersonation, dictionary attack) Fabricate the operator account
Y D
R.2 (Modification) Modifying data in the diagnosis message
Y Y B
R.3 (Modification, repudiation) Misusing visualization tool
Y Y C
R.4 (Impersonation) IP spoofing
Y A
R.5 (Repudiation) Deny the executed diagnosis by end user or operator
Y B
Vulnerability Rating (VR): A Probable; B Highly Possible; C Possible; D Unlikely; E Impossible.
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
8
Outline
• Background of RPDM– Why RPDM is important
• Security threat– Attack tree model and threat analysis
• Examining current RDM systems– SNMP, VNC, MRDP, Web-based
• Design of RPDM framework– Based on SyncML DM
• Conclusion and future work
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
9
Evaluation Factors
• System load & Network load– criteria related to performance
• Expressive power– indicates the generalization of the
technique
• Device IQ– defines how intelligent the target device is when it
is being managed
• Security– the most important concern
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
10
Simple Network Management Protocol
UDP
IP IP
SNMP manager
SNMP
SNMP agent
SNMP
MIB
set/get requests
response and traps
read/change
managing device managed device
TCP TCP UDP
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
11
Virtual Network Computing
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
12
Virtual Network Computing
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
13
Web Server
•The device runs a small web server application
•A service runs on the device to generate run-time HTML file
•The remote terminal manager access the device via the web browser and execute scripts on the device
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
14
Web Server (example)
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
15
SyncML DM (OMA)
OMA DM
Inside client
Server
DM protocol
root
Vendor SyncML
… X*
… …
client
Data Synch protocol
•Add
•Get
•Replace
•Exec
Logical tree for addressing purposes.
In scope of DM standard!
proprietaryWAPclient
proprietaryupgrade
client
Over the air
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
16
SyncML DM (OMA)
OMA DM
• Server<Get>
<CmdID>4</CmdID>
<Item>
<Target>
<LocURI>Vendor/Ring_signals/Default_ring</LocURI>
</Target>
</Item>
</Get>
• Client<Results>
<CmdRef>4</CmdRef>
<CmdID>7</CmdID>
<Item>
<Data>MyOwnRing</Data>
</Item>
</Results>
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
17
Comparison of RDM Systems
OMA DM
Evaluation factor
Weight SNMPv3
VNC Web-based
RDP SyncML
DM
System load
20% +/- - - - +/-
Network load
20% + - +/- +/- +/-
Expressive power
25% - + +/- + +
Security 25% + - + +/- +
Device IQ 10% + - +/- - +
Equal weight score
20% each
0.4 -0.6 0 -0.2 0.6
Weighted score
0.3 -0.5 0.05 -0.05
0.6
*We define “+”=1, “+/-”=0 and “-”=-1 to calculate the overall performance score
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
18
Outline
• Background of RPDM– Why RPDM is important
• Security threat– Attack tree model and threat analysis
• Examining current RDM systems– SNMP, VNC, MRDP, Web-based
• Design of RPDM framework– Based on SyncML DM
• Conclusion and future work
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
19
RPDM Overview
Management server
Management server
Management server
Management server
Management server
•Security
•Privacy
•Performance
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
20
Internal Architecture of RPDM Client Managed Device
HTTP adapter
WSP adapter
OBEX adapter
Authentication manager
ACL
PKs
Connection manager
(De)
encr
yptio
n
mod
uleObjects
invocation
Access manager
LoggingmoduleMobj1
Mobjn
Mobj3
Mobj2
Reporter
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
21
Connection Manager
Session existed?
Connection manager receives a new request
Decrypt the message with the known
session key
Log and create response
Call the corresponding object
Authorized?
Send out the response
Check with Authentication
manager
Create error message
Check with Access manager
Receive return value?
Authenticated?
Create ACK response
Setup session key and create a new session
No
No
No
No
Yes
Yes
Yes
Yes
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
22
Authentication Manager
• PKI based authentication• MD5 digest authentication
– Digest = H(B64(H(serverrname:password)):nonce)
• PKs database itself is a Mobj, and it can be managed as well if the access right is granted. E.g. a trusted management server can introduce a new management server by adding its public key or its hashed name string into the PKs database.
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
23
Access Control List Tree
•Each node (object) is identified by an URI•Each node has a set of properties•This tree can be extended by “add” message or a new installations on the device•Leaf node can be either a value or a pointer to an executable command
/Add=&Get=&Replace
=&Delete=&Exec=
ObjectAGet=ServerC&Replace=S
erverC
Object1Get=*
ObjectCGet=ServerA&Replace
=ServerA
ObjectBGet=ServerA&Replace=
ServerA
Object2ACL=
Object3Get=ServerB&Replace=Ser
verB&Delete=ServerB
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
24
View of Prototype
Callback functions to Mobjs of managed device
Security and ACL layer
SyncML parser
HTTP handler
CLI-based management server application
Security layer
SyncML parser
HTTP handler
Management server (Debian Linux)
Managed device (Redhat 9 Linux)
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
25
Conclusion
• SyncML DM based system offers good system performance and security protection
• Our C prototype is one of the first open implementations based on the SyncML DM specifications.
• But, the network load is a bit heavy– A “Get” SyncML message is 709 bytes v.s. 81
bytes in SNMP– However, it becomes better for a more realistic
and complex management session
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
26
Future Work
• Complete implementation• Think about management server?
Management server
Management server
Management server
Management server
Management server ?
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
27
• Thanks for your attention!
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
28
Apps
GamesMp3 player Agenda
Net
CPUMem
HWOSRRE
Root
Agenda Control
Agenda Display
Agenda Datamanager
I-goTTT
April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking
29
RDM complexity
Network load
SyncML DM
SNMP
top related