A Security Analysis for Home Gateway Architectures
Providing Services at Home has become over the last
few years a very dynamic and promising technological domain. It is
likely to enable wide dissemination of secure and automated living
environments. We propose a methodology for identifying threats to
Services at Home Delivery systems, as well as a threat analysis
of a multi-provider Home Gateway architecture. This methodology
is based on a dichotomous positive/preventive study of the target
system: it aims at identifying both what the system must do, and
what it must not do. This approach completes existing methods with
a synthetic view of potential security flaws, thus enabling suitable
measures to be taken into account. Security implications of the
evolution of a given system become easier to deal with. A prototype
is built based on the conclusions of this analysis.
[1] Digital Living Network Alliance. Dlna overview and vision whitepaper
2006. DLNA Whitepaper, 2006.
[2] Echonet Consortium. Echonet specifications, version 2.11.
http://www.echonet.gr.jp/english/8 kikaku/index.htm.
[3] D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NISTNCSC
National Computer Security Conference, pages 554-563, 1992.
[4] W. Haerick and S. Van Hoecke. Secure brokering of web services. In
5th FTW PhD Symposium, Ghent, Belgium, December 2004.
[5] A. Herzog and N. Shahmehri. Towards secure e-services: Risk analysis
of a home automation service. In 6th Nordic Workshop on Secure ITSystems
(Nordsec), pages 18-26, November 2001.
[6] HGI. Home gateway initiative, vision and whitepaper, 2005.
[7] M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press,
2001.
[8] International Standard Organization. Common criteria. International
Standard ISO 15408, 1999.
[9] M. D-Hooge (Trialog). Report on a secure home network architecture
and related protection profiles specification. Deliverable DA.3.7, ISTMediaNet
Project, February 2006.
[10] Muse Consortium. Muse project presentation. Muse Public Deliverable
D A0.1, July 2004.
[11] Muse Consortium. Detailed description of residential gateway and
advanced features. Muse Public Deliverables D TF3.2, December 2005.
[12] Y. Royon, S. Frenot, and F. LeMouel. Virtualization of service gateways
in multi-provider environment. In Component Based Software Engineering,
2006.
[13] T. Saito, I. Tomoda, Y. Takabatake, K. Teramoto, and K. Fujimoto.
Gateway technologies for home network and their implementations. In
IEEE Distributed Computing Systems Workshop,, pages 175-180, April
2001.
[14] Secretariat general de la defense nationale, DCSSI. Expression of needs
and identification of security objectives, February 2004.
[15] Theaha Project. Towards secure, zero-configuration seamless interworking
- architecture overview. Project IST-2004-507-029 Whitepaper,
November 2005.
[16] Trialog. e-protection of appliances through secure and trusted access.
E-Pasta IST Project Final Report 2000-26086, December 2002.
[17] S. Van Hoecke, W. Haerick, G. D. Jans, F. D. Turck, E. Laermans,
B. Dhoedt, and P. Demeester. Design and implementation of a secure
media content delivery broker architecture. In The 2005 International
Symposium on Web Services and Applications (ISWS-05) in Las Vegas,
USA, 2005.
[18] Y.-M. Wang, W. Russell, A. Arora, J. Xu, and R. K. Jagannathan.
Towards dependable home networking: An experience report. In
International Conference on Dependable Systems and Networks (DSN
2000), pages 43-48, 2000.
[19] D. Zhang, H. Lee, X. Ni, and S. Zheng. Open service residential gateway
for smart homes. In ISCE, December 2003.
[1] Digital Living Network Alliance. Dlna overview and vision whitepaper
2006. DLNA Whitepaper, 2006.
[2] Echonet Consortium. Echonet specifications, version 2.11.
http://www.echonet.gr.jp/english/8 kikaku/index.htm.
[3] D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NISTNCSC
National Computer Security Conference, pages 554-563, 1992.
[4] W. Haerick and S. Van Hoecke. Secure brokering of web services. In
5th FTW PhD Symposium, Ghent, Belgium, December 2004.
[5] A. Herzog and N. Shahmehri. Towards secure e-services: Risk analysis
of a home automation service. In 6th Nordic Workshop on Secure ITSystems
(Nordsec), pages 18-26, November 2001.
[6] HGI. Home gateway initiative, vision and whitepaper, 2005.
[7] M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press,
2001.
[8] International Standard Organization. Common criteria. International
Standard ISO 15408, 1999.
[9] M. D-Hooge (Trialog). Report on a secure home network architecture
and related protection profiles specification. Deliverable DA.3.7, ISTMediaNet
Project, February 2006.
[10] Muse Consortium. Muse project presentation. Muse Public Deliverable
D A0.1, July 2004.
[11] Muse Consortium. Detailed description of residential gateway and
advanced features. Muse Public Deliverables D TF3.2, December 2005.
[12] Y. Royon, S. Frenot, and F. LeMouel. Virtualization of service gateways
in multi-provider environment. In Component Based Software Engineering,
2006.
[13] T. Saito, I. Tomoda, Y. Takabatake, K. Teramoto, and K. Fujimoto.
Gateway technologies for home network and their implementations. In
IEEE Distributed Computing Systems Workshop,, pages 175-180, April
2001.
[14] Secretariat general de la defense nationale, DCSSI. Expression of needs
and identification of security objectives, February 2004.
[15] Theaha Project. Towards secure, zero-configuration seamless interworking
- architecture overview. Project IST-2004-507-029 Whitepaper,
November 2005.
[16] Trialog. e-protection of appliances through secure and trusted access.
E-Pasta IST Project Final Report 2000-26086, December 2002.
[17] S. Van Hoecke, W. Haerick, G. D. Jans, F. D. Turck, E. Laermans,
B. Dhoedt, and P. Demeester. Design and implementation of a secure
media content delivery broker architecture. In The 2005 International
Symposium on Web Services and Applications (ISWS-05) in Las Vegas,
USA, 2005.
[18] Y.-M. Wang, W. Russell, A. Arora, J. Xu, and R. K. Jagannathan.
Towards dependable home networking: An experience report. In
International Conference on Dependable Systems and Networks (DSN
2000), pages 43-48, 2000.
[19] D. Zhang, H. Lee, X. Ni, and S. Zheng. Open service residential gateway
for smart homes. In ISCE, December 2003.
@article{"International Journal of Information, Control and Computer Sciences:50323", author = "Pierre Parrend and Stephane Frenot", title = "A Security Analysis for Home Gateway Architectures", abstract = "Providing Services at Home has become over the last
few years a very dynamic and promising technological domain. It is
likely to enable wide dissemination of secure and automated living
environments. We propose a methodology for identifying threats to
Services at Home Delivery systems, as well as a threat analysis
of a multi-provider Home Gateway architecture. This methodology
is based on a dichotomous positive/preventive study of the target
system: it aims at identifying both what the system must do, and
what it must not do. This approach completes existing methods with
a synthetic view of potential security flaws, thus enabling suitable
measures to be taken into account. Security implications of the
evolution of a given system become easier to deal with. A prototype
is built based on the conclusions of this analysis.", keywords = "Security requirements, Connected Home, OSGi,
Sofware Components.", volume = "2", number = "11", pages = "3652-6", }
