May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
1
Hailiang [email protected]
Security and Privacy Concern in Remote Personal Device Management
Framework
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
2
Outline• Background of RPDM
– Why RPDM is important• Security threat
– Attack tree model and threat analysis• Examining current RDM systems
– SNMP, VNC, MRDP, Web-based• Design of RPDM framework
– Based on SyncML DM• Conclusion and future work
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
3
Background of RPDM
3 Repair
2 Diagnosis
1 Observing
Remote serverRemote server can be within local network or at service provider’s site
Self observes problem + Remote diagnosis + Remote Repair
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
4
Why RPDM is Important?• Recent studies show that there are at least
4 times as many electronic machines in the world as there are people. – This gap is still increasing fast– New devices require maintenance, but personnel
are expensive• An online survey shows 57% users feel
befuddled by their computer, mobile phone, home security system, etc.
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
5
Outline• Background of RPDM
– Why RPDM is important• Security threat
– Attack tree model and threat analysis• Examining current RDM systems
– SNMP, VNC, MRDP, Web-based• Design of RPDM framework
– Based on SyncML DM• Conclusion and future work
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
6
Attack Tree ModelThreats
Unintended threats
Deliberate threat (attack)
Nature threats
Removing important
componentLost
password
Active Passive
Interception
Traffic analysis
Repudiation
DoS
Interruption
Impersonation
Replay
Modification
Dictionary attack
We are going to prevent
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
7
Threat Analysis (one example)
Security requirement
Attack Techniques Confidentiality
Integrity Availability
Non-repudiation
VR
R.1 (Impersonation, dictionary attack) Fabricate the operator account
Y D
R.2 (Modification) Modifying data in the diagnosis message
Y Y B
R.3 (Modification, repudiation) Misusing visualization tool
Y Y C
R.4 (Impersonation) IP spoofing
Y A
R.5 (Repudiation) Deny the executed diagnosis by end user or operator
Y B
Vulnerability Rating (VR): A Probable; B Highly Possible; C Possible; D Unlikely; E Impossible.
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
8
Outline• Background of RPDM
– Why RPDM is important• Security threat
– Attack tree model and threat analysis• Examining current RDM systems
– SNMP, VNC, MRDP, Web-based• Design of RPDM framework
– Based on SyncML DM• Conclusion and future work
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
9
Evaluation Factors• System load & Network load
– criteria related to performance• Expressive power
– indicates the generalization of the technique
• Device IQ– defines how intelligent the target device is when it
is being managed• Security
– the most important concern
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
10
Simple Network Management Protocol
UDP
IP IP
SNMP manager
SNMP
SNMP agent
SNMP
MIB
set/get requests
response and traps
read/change
managing device managed device
TCP TCP UDP
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
11
Virtual Network Computing
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
12
Virtual Network Computing
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
13
Web Server
•The device runs a small web server application
•A service runs on the device to generate run-time HTML file
•The remote terminal manager access the device via the web browser and execute scripts on the device
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
14
Web Server (example)
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
15
SyncML DM (OMA)OMA DM
Inside client
Server
DM protocol
root
Vendor SyncML
… X*
… …
client
Data Synch protocol•Add•Get•Replace•Exec
Logical tree for addressing purposes.In scope of DM
standard!
proprietaryWAPclient
proprietaryupgrade
client
Over the air
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
16
SyncML DM (OMA)OMA DM
• Server<Get>
<CmdID>4</CmdID> <Item> <Target> <LocURI>Vendor/Ring_signals/Default_ring</LocURI> </Target> </Item>
</Get>
• Client<Results>
<CmdRef>4</CmdRef> <CmdID>7</CmdID> <Item>
<Data>MyOwnRing</Data></Item>
</Results>
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
17
Comparison of RDM SystemsOMA DM
Evaluation factor
Weight SNMPv3
VNC Web-based
RDP SyncML DM
System load
20% +/- - - - +/-
Network load
20% + - +/- +/- +/-
Expressive power
25% - + +/- + +
Security 25% + - + +/- +
Device IQ 10% + - +/- - +
Equal weight score
20% each
0.4 -0.6 0 -0.2 0.6
Weighted score
0.3 -0.5 0.05 -0.05
0.6
*We define “+”=1, “+/-”=0 and “-”=-1 to calculate the overall performance score
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
18
Outline• Background of RPDM
– Why RPDM is important• Security threat
– Attack tree model and threat analysis• Examining current RDM systems
– SNMP, VNC, MRDP, Web-based• Design of RPDM framework
– Based on SyncML DM• Conclusion and future work
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
19
RPDM Overview
Management server
Management server
Management server
Management server
Management server
•Security
•Privacy
•Performance
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
20
Internal Architecture of RPDM Client Managed Device
HTTP adapter
WSP adapter
OBEX adapter
Authentication manager
ACL
PKs
Connection manager
(De)
encr
yptio
n m
oduleObjects
invocation
Access manager
LoggingmoduleMobj1
Mobjn
Mobj3
Mobj2
Reporter
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
21
Connection Manager
Session existed?
Connection manager receives a new request
Decrypt the message with the known
session key
Log and create response
Call the corresponding object
Authorized?
Send out the response
Check with Authentication
manager
Create error message
Check with Access manager
Receive return value?
Authenticated?
Create ACK response
Setup session key and create a new session
No
No
No
No
Yes
Yes
Yes
Yes
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
22
Authentication Manager• PKI based authentication• MD5 digest authentication
– Digest = H(B64(H(serverrname:password)):nonce)
• PKs database itself is a Mobj, and it can be managed as well if the access right is granted. E.g. a trusted management server can introduce a new management server by adding its public key or its hashed name string into the PKs database.
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
23
Access Control List Tree
•Each node (object) is identified by an URI•Each node has a set of properties•This tree can be extended by “add” message or a new installations on the device•Leaf node can be either a value or a pointer to an executable command
/Add=&Get=&Replace
=&Delete=&Exec=
ObjectAGet=ServerC&Replace=S
erverC
Object1Get=*
ObjectCGet=ServerA&Replace
=ServerA
ObjectBGet=ServerA&Replace=
ServerA
Object2ACL=
Object3Get=ServerB&Replace=Ser
verB&Delete=ServerB
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
24
View of Prototype
Callback functions to Mobjs of managed device
Security and ACL layer
SyncML parser
HTTP handler
CLI-based management server application
Security layer
SyncML parser
HTTP handler
Management server (Debian Linux)
Managed device (Redhat 9 Linux)
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
25
Conclusion• SyncML DM based system offers good
system performance and security protection• Our C prototype is one of the first open
implementations based on the SyncML DM specifications.
• But, the network load is a bit heavy– A “Get” SyncML message is 709 bytes v.s. 81
bytes in SNMP– However, it becomes better for a more realistic
and complex management session
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
26
Future Work• Complete implementation• Think about management server?
Management server
Management server
Management server
Management server
Management server ?
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
27
• Thanks for your attention!
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
28
Apps
GamesMp3 player Agenda
Net
CPUMem
HWOSRRE
Root
Agenda Control
Agenda Display
Agenda Datamanager
I-goTTT
May 3, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking
29
RDM complexity
Network load
SyncML DM
SNMP