Intelligent Home Network Authentication: Home Device Authentication ...

Intelligent Home Network Authentication: Home Device Authentication Using Device Certification Deok-Gyu Lee, Yun-kyung Lee1, Jong-wook Han1, Jong Hyuk Park2, and Im-Yeong Lee3 1

Electronics and Telecommunications Research Institute, 161 Gajeong-dong, Yuseoung-gu, Daejeon, Korea {deokgyulee, neohappy, hanjw}@etri.re.kr http://www.etri.re.kr 2 Kyungnam University, 449 Wolyoung-dong, Masan, Korea [email protected] 2 Soonchunhyung University, Eupnae-ri, Shinchang-myun, Asan-si, Korea [email protected]

Abstract. The intelligent home network environment is thing which invisible computer that is not shown linked mutually through network so that user may use computer always is been pervasive. As home network service is popularized, the interest in home network security is going up. Many people interested in home network security usually consider user authentication and authorization. But the consideration about home device authentication almost doesn’t exist. In this paper, we describes home device authentication which is the basic and essential element in the home network security. We propose home device authentication, registration of certificate of home device and issuing method of certificate of home device. Our profile of certificate of home device is based on the X.509v3 certificate. And our device authentication concept can offer home network service users convenience and security. Keywords: home device authentication, home device certificate.

1 Introduction The intelligent home network computing aims at an environment in which invisible computers interconnected via the network exist. In this way, computers are smart enough to provide a user with context awareness, thus allowing the user to use the computers in the desired way. Intelligent home computing has the following features: Firstly, a variety of distributed computing devices exist for specific users. Secondly, computing devices that are uninterruptedly connected via the network exist. Thirdly, a user sees only the personalized interface because the environment is invisible to him/her. Lastly, the environment exists in a real world space and not in a virtual one. As the home devices have various functions and have improved computing power and networking ability, the importance of home device authentication is increasing for improving of home network users’ security. In using home network service, user authentication and authorization technology are applied to home network services only for authorized persons to use the home network services. But It has some R. Meersman and Z. Tari et al. (Eds.): OTM 2007, Part II, LNCS 4804, pp. 1688–1700, 2007. © Springer-Verlag Berlin Heidelberg 2007

Intelligent Home Network Authentication

1689

problems : the leakage of user authentication information by user’s mistake, usage of guessable authentication information, and finding of new vulnerability about existing authentication method. So it is necessary that home network service user can be served the secure home network service by only using credible device. This means that home device authentication besides user authentication and authorization is essential to the secure home network service. Also, the unauthorized accessing possibility for our home network is very high by the device included in neighbor home network because of the home network characteristic; various wired/wireless network devices is used in the home network. This is an additional reason about the necessity of device authentication. Finally, we think that the secure relationship among home network devices is very important factor because home network service evolves into more convenient one; user’s role in receiving home network service is minimized and the service served by cooperation among home devices is maximized. Device authentication ensures that only specific authorized devices by specific authorized credential is compromised, the security between two parties is still protected as long as the authorized device is not used. Besides this, the device authentication is a mandatory technology that enables emerging context-aware services providing service automatically through device cooperation without user intervention, and DRM systems also need the device authentication [1, 2]. This paper describes device authentication. Sections 2 briefly discuss previous related researches and describe the reason for using PKI in device authentication and our device authentication framework. In section 3, we propose device certificate profile. Finally, our paper concludes with section 4.

2 Related Work and Home Device Authentication So far, several mechanisms have been proposed for this purpose. Some industries suggest hardware fingerprint based approach [3,4] that extract the secret information from the unique hardware fingerprint and trust the device by verifying the secret. Bluetooth [5] and Zigbee [6] provide device authentication mechanism based on shared symmetric key, and CableLab [7] also provides PKI based one. Personal CA [8, 9] provides localized PKI model. However, to the best of our knowledge none of them are applicable for multi-domain environment for several reasons [10]. 2.1 JARM Scheme In 2002, Jalal’s proposed a method that supports the user authentication level concept[3]. Different levels of user authentication information can be stored in different devices, which mean that minimum user information can even be stored in watches and smart rings. Medium-level user information can also be stored in a smart device like a PDA. With this method, if a device is moved from one user domain to another, the device can use the new user information in the new domain. However, the device cannot use the authentication information of the new domain, which restricts users who move from one domain to another from using the device. Therefore, with this method, all devices in one domain have authentication information, and a user can be authenticated through a device and can be

1690

D.-G. Lee et al.

authenticated against all devices using the level authentication information. This method cites multiple steps when it comes to the authentication through trust values for level authentication information. A device obtains a trust value by using the authentication protocol suitable for each device. The method that authenticates devices through trust values provides efficient authentication to a smart device, but the method often requires a high-level device to confirm the entire authentication or the smart authentication. If a middle-level device or a high-level device above the smart device is lost or located elsewhere, the entire authentication becomes impossible, thus requiring the redistribution of trust values to devices below that which was lost. The system is discussed in detail below. 1. The entire authentication information corresponds to the sum of trust values from device 0 to device N. 2. If a device is moved or lost, the entire authentication against devices below the lost device becomes impossible. The JARM method can be described in detail as follows: In the ubiquitous computing environment, a user can be authenticated through various devices. A user can be authenticated through one device, and little devices can be authenticated during multiple steps. During the multiple-step authentication process, authentication information is transmitted from higher-level devices to lower-level devices. The biggest concern in this process is how to trust devices. For instance, when a given password is used by a device, it is the choice of the device whether to trust the given password to authenticate trusted entities or not. Trust values can be transmitted to a device through its proper protocols. When a user wants to use one particular authentication method, trust values can be widely used. Examples for trust values in this method are shown below. C net = 1 − (1 − C 1 )(1 − C 2 )L (1 − C n )

C net becomes here the trust value of the user. And C 1 , C 2 , L , C n becomes also a new appointment price of an each device. This method uses Kerberos, which was used as the authentication method for existing distributed systems. However, Kerberos has been adapted to suit the ubiquitous environment. Here, AD (Active Domain) means a domain for authentication, and is configured as Kerberos. This AD consists of three authentication components. The first component is AS (Authentication Server), which supports SSO within the active domain. The second component is TGS (Ticket-granting Server), which grants tickets that allow a user access to the active domain. The third component is the database, which stores all the information required for user authentication within the active domain.

2.2 Requirements for Intelligent Home Network With the advent of user-oriented home network computing, which is described as pervasive, or invisible computing, a user can concentrate on tasks without being aware that he is using computers. Despite the many benefits of the digital technology that home network computing utilizes, home network computing has unseen problems. Without addressing these problems, home network computing cannot be applied. Since a user uses many devices, user information can be copied in large volume and can be transmitted to unauthorized devices. This illegitimately collected

Intelligent Home Network Authentication

1691

user information can be used maliciously after changes on the network. These features and the environment of ubiquitous computing have allowed for a wide range of malicious attacks and uses, which are likely to become huge obstacles to the development of home network computing. Thus, to overcome these problems, the following requirements must be met when designing the home network computing system. • Mobility: A user’s home device that contains the authentication information must be mobile and be used for all services. • Entity Authentication: Even when a user with home device moves away from single-domain, the user must be authenticated using the information of home device in other single-domain. • Corresponding Entity Authentication: When home device is located in singledomain, the corresponding entity authentication verifies that home device and identity are identical entities. This method implements the authentication for devices through the previous user’s entity when several devices are connected to one domain. This method can provide a wide range of protection functions. • Connection/Non-connection Confidentiality: Home device in single-domain must provide connection confidentiality for the user data. Single-domain receives home device’s information to obtain the final authentication from the higher-level device. Non-connection confidentiality means that device B must provide confidentiality for the user data prior to the connection to a specific domain. 2.3 Home Device Authentication Framework This paper proposes home device authentication mechanism using PKI. It covers intra-home device authentication and inter-home device authentication. We consider not personal CA [8, 9] but public CA. The use of personal CA [8, 9] may be proper solution if only device authentication in the intra-PAN (Personal Area Network) is considered. But if we consider inter-home network, public CA is more proper. Figure 1 shows our home device authentication framework. In figure 1, our home device authentication framework has hierarchical PKI (Public Key Infrastructure) structure. That is, root CA (Certificate Authority) manages it’s subordinate CAs and CAs manage home devices and HRA(Home Registration Authority). HRA is a home device which has enough computing power for public key operation, communication ability with other home devices and user interface equipment (for example, monitor, keypad, etc.). And it functions as RA (Registration Authority) and has more authority and requirement. The devices in the figure 1 means home devices included in the home network. They can communicate with each other and have basic computing ability. That is, internet-microwave, internet-refrigerator, digital TV such as IPTV, internet-washing machine, PDA, notebook computer, wall-pad, PC, cellular phone, etc. are included in our home device. Many home devices are used in everyday life. And more and more home devices will be developed. Device certification path will be root CA -> CA1 -> CA2-> … -> HRA/device. And it will be different if the devices are included different CAs. In this case, home devices are authenticated by using CA’s trust list which is made by agreement between the CAs.

1692

D.-G. Lee et al.

Fig. 1. Home device authentication framework

2.4 Home Device Registration and Certificate Issuing This section describes home device registration and device certificate issuing process. Figure 2 shows home device registration and certificate issuing process.

Fig. 2. Issuing process of home device public certificate

Home device registration and certificate issuing process need user intervention. In figure 2, (1) and (7) processes expressed by broken line specially are off-line processes by user. Home device registration and certificate issuing processes are as follows;

Intelligent Home Network Authentication

1693

(0) Buy home device with home networking ability and bring it home. (1) Register the home device through HRA at home. In this time, user must inp ut device identity information and other information which is necessary for certificate issuing.

Device → HRA : [IDD , AP ]

(2) TLS channel is established between HRA and device manufacturer portal. HRA requests device manufacturer portal to verify the validity of that devic e by forwarding the device identity through the TLS channel.

HRA → Manufacturer : [IDD , IDHRA , AP ]

(3) Device manufacturer portal checks whether the device is his product or not through the received device identity. (4) If HRA receives ‘verification success’ message from device manufacturer p ortal, then HRA generates a key pair: public key and private key for the dev ice. (5) HRA sends the request of the device certificate issuing to CA.

HRA → CA : [IDD , IDHRA , AP ]

(6) If CA receives ‘verification success’ message from device manufacturer port al and ‘certificate request’ message from HRA, then CA issues a certificate of the home device. If CA doesn’t receive ‘verification success’ message fro m device manufacturer portal, then CA rejects the certificate request. And CA can reject the certificate request if the device is already registered and is included in a report of the lost devices.

CA → HRA : CertCA [IDD , IDHRA , AP ]

(7) HRA sends the received certificate of the home device and generated key p air to the device. This process needs user intervention. Maybe it is processe d by off-line method for security.

HRA → Device : Cert HRA [IDD , h(CertCA r )] AP

Home device identity referred before is a factor which can identify a device. It can be a new device identity system or existing information such as device serial number, barcode, or MAC address, etc. Our HRA verifies the certificate contents and the identity of the device like RA (Registration Authority) in general PKI. Two RA models exist in general PKI. In the first model, the RA collects and verifies the necessary information for the requesting entity before a request for a certificate is submitted to the CA. the CA trusts the information in the request because the RA already verified it. In the second model, the CA provides the RA with information regarding a certificate request it has already received. The RA reviews the contents and determines if the information accurately describes the user. The RA provides the CA with a “yes” or “no” answer [12]. Our HRA is similar to the first model of general RA, but it is not CA had public trust but a home device of the kind. It is a device that has the same or more computing power,

1694

D.-G. Lee et al.

memory, and data protection module. So, HRA generates key pair and requests and receives certificates for other home devices. 2.5 Home Device Certificate Profile Home device certificate follows the basic form of internet X.509 certificate [13]. That is, it is the same with X.509 version 1 certificate, but it adds some other extensions about home device authentication. Whatever they has different target: our home device certificate authenticates home devices, but internet X.509 certificate authenticates human, enterprise, server, router, and so on. It is more efficient that home device certificate is implemented based on X.509 certificate because of popularity of the X.509 certificate. It means that implementation of our home device authentication frame work can be easier and spread of our mechanism can be faster. Table 1 and 2 show our home device certificate profile. Table 1. Basic device certificate profile version serialNumber signature issuer validity * subject subjectPublicKeyInfo * extensions signatureAlgorithm signature

In Table 1, subject and extensions fields signed with ‘*’ are different with those of X.509 certificate. In table 2, four extensions signed with ‘*’ are newly added in our home device certificate. Table 2. Extensions of home device certificate Extensions *Device information *HRA information *Device ownership *Device description Authority key identifier Subject key identifier

Explain Home device manufacturer and device identity The location of HRA(Home Registration Authority) The information of home device owner and whether the device is HRA or not Description about the basic function of home device Provides a means for identifying certificates signed by a particular CA private key Provides a means for identifying certificates containing a particular public key

Intelligent Home Network Authentication

1695

Table 2. (continued) Subject alternative name Issuer alternative name Basic constraints CRL distribution points Authority information access

Additional information about home device Additional information about CA Maximum number of subsequent CA certificates in a certification path Where it is end device or not Acquisition method of CRL information The method of accessing CA information and services (LDAP location)

Now, we describe home device certificate fields which are different with X.509 certificate fields. 2.5.1 Subject Fundamentally, subject field of our certificate follows that of X.509 certificate. Subject field of CA certificate is the same with that of X.509 certificate. But subject field of end-device certificate has some difference. In other words, ‘detail-locality’, ‘city’, and ‘state’ attribute is added to the naming attributes of the subject field and we recommend ‘locality’ attribute is filled with detailed postal address and ‘common name’ attribute is filled with the kind of home device(for example, refrigerator, PDA, TV, microwave, notebook, and so on). If there are two TVs at home, they can be distinguished with appended number: TV1 and TV2. ‘detail-locality’ attribute is filled with concrete location of the device; bed room, living room, porch, kitchen, and so forth. For example: Country = KR, city = Daejeon, locality = 101-302, Hankook apartment, Yuseong-gu, common name = notebook1, serial number = 1, pseudonym = father’s favorite device, detail-locality = study room. Country = KR, state = Kyunggi-do, city = ilsan, locality = 1102-507, Donghwa apartment, common name = refrigerator1, detail-locality = kitchen. 2.5.2 Device Information Extension Device information extension describes the information of the home device. This extension consists of ‘manufacturer’ attribute and ‘device recognition number’ attribute. ‘manufacturer’ attribute fills with the name of manufacturer. ‘device recognition number’ attribute means unique number of the device; it is determined by the manufacturer. It can be serial number or MAC address. This extension is useful in identifying of home device and deciding whether device manufacturer serves after-sales service or not. 2.5.3 HRA(Home Registration Authority) Information Extension HRA information extension describes the location of HRA related with the device. The location of HRA is filled with IP address of the HRA and postal address of the home. If we lost a home device and notice it to the CA, this extension can help taking back it.

1696

D.-G. Lee et al.

2.5.4 Device Ownership Extension Device ownership extension describes the device owner’s information. This extension and HRA information extension give the information of the device owner and give the owner legal and moral responsibility about using home service through the device. And this extension describes whether the device is HRA or not. Device ownership extension consists of ‘hRA’, ‘sharing’, and ‘owner’ attributes. ‘hRA’ attribute means whether the device is HRA or not, ‘sharing’ attribute means whether the device owner is one person or not, and ‘owner’ attribute is the real name or role in the home(i.e. father, mother, son, daughter, grand-parents, and so on.) of the device owner. If ‘hRA’ attribute is TRUE (this means the device is HRA), then ‘sharing’ attribute must be FALSE (this means the owner of the device is one person) and ‘owner’ attribute must be the real name of representative of the home. Also, it must be verified by credible agency. If ‘hRA’ attribute is FALSE (this means the device is general end-device), then there is no restriction. But, if ‘sharing’ attribute is TRUE (it means this device is shared by two or more persons), then “OWNER_GROUP” of the ‘owner’ attribute must be “public”. ASN.1 syntax of this extension is as follows; ownerShipInfo

::= SEQUENCE{ hRA BOOLEAN DEFAULT FALSE, sharing BOOLEAN DEFAULT FALSE, owner Owner } Owner ::= SEQUENCE{ OwnerGroup OWNER_GROUP OPTIONAL, Real_name IA5String OPTIONAL } OWNER_GROUP ::= CHOICE{ Public [0], Father [1], Mother [2], Son [3], Daughter [4], Guest [5] }

3 Single-Domain/Multi-domain Authentication The detailed flow of these proposed schemes is described below. In the first scheme, when a user moves to single-domain with home device and attempts to use devices in the new single-domain, the user is authenticated using the home device in which the user authentication information is stored. In the second scheme, when a user moves to the multi-domain and attempts to use devices there, the user is authenticated using the home-device in which user authentication information is stored. 3.1 Authentication in the Single Home Domain When home device on User’s HRA attempts to use home Device in single-domain, home device uses existing information as is. Step 1. Home device exists in the single-domain and sends the movement signal to HRA when the movement occurs.

Intelligent Home Network Authentication

1697

Device → HRA : Signal (Outgoing ) Step 2. HRA notifies in single-domain of home device movement.

HRA → Single − domain : E PK HRA [IDD , HRAC ]

Step 3. HRA also transmits home device information to other single-domain.

[

]

HRA → Other − Single − domain : IDD′ , EPK HRA [IDD , HRAC ]

Step 4.

Other single-domain uses the authentication information received from single-domain to send its information to HRA.

[

]

Other − Single − domain → HRA : IDD′ , EPK HRA [IDD , HRAC ]

Step 5. HRA also confirms the authentication information received from singledomain by comparing it to the information received from other signledomain, and then approving the home device authentication.

[

]

HRA : DSK HRA EPK HRA [IDD , HRAC ] = IDD′ , HRAC ′ IDD , HRAC ≅ IDD′ , HRAC ′

Step 6. HRA completes the confirmation and accepts the authentication for home device.

HRA → Device : [IDD , AuthD ] Step 7. After home device provides its values and compares the values, it approves the use of other single domain. 3.2 Authentication in the Multi Home Domain When home device in single-domain moves to multi-domain and uses User’s information to use multi-domain and other home device, home device uses User’s information as is. Step 1. A movement signal is sent using HRA in single-domain. If HRA receives the movement signal from home device, it removes itself from the space list.

HomeDevice → HRA : Signal (Outgoing ) HRA : HDList [Delete(IDD )]

Step 2. HRA notifies the CA that it is moving out of single-domain. If it moves to a different CA, it notifies RCA (Root CA).

HRA → CA : [IDD , IDHRA ]

CA → RCA : [IDD , IDHRA , IDCA ] Step 3. After notification that home device is finally located in multi-domain, it requests authentication from other HRA in multi-domain.

1698

D.-G. Lee et al.

HomeDevice → HRA : Signal (Ongoing ) HomeDevice : ESK HRA [HRAC ] HomeDevice → HRAC : ESK HRA [HRAC ]

Step 4. Other HRA in multi-domain verifies the authentication information from HRAC.

[

]

HRA : DPK HRA ESK HRA [HRAC ] = HRAC ′

Step 5. If the other HRA authentication information is passed, HRA transmits the authentication information to the CA.

HRA → CA : IDHRA , ESK HRA [HRAC ]

Step 6. The CA verifies that the authentication information is generated from multidomain User. If confirmed, the CA approves the authentication for home device.

[

]

CA : DPK HRA ESK HRA [HRAC ] = HRAC ′

Step 7. In multi-domain, HRA accepts the received authentication for home device, and allows for the use of application in multi-domain.

4 Conclusions Rapid expansion of the Internet has required a home network computing environment that can be accessed anytime anywhere. In this home network environment, a user ought to be given the same service regardless of connection type even though the user may not specify what he needs. Authenticated devices that connect user devices must be used regardless of location. This paper described the necessity of home device authentication. It needs to provide home network security and user convenience. And this paper proposed home device authentication method using PKI. We described the process of home device registration and the issuing process of home device certificate. Finally, we proposed home device certificate profile based on internet X.509 certificate. Home device certificate differs from internet X.509 certificate in some fields of certificate. They are subject, device information extension, HRA information extension, device ownership extension, device description extension. That is, device sort and the main detail-location(i.e. bedroom, living room, study room, etc.) are included in the subject field value of home device certificate. Device information extension includes device manufacturer information and device identity information. HRA extension includes the postal address of the home which is subordinated by the HRA and IP address of the HRA. It is possible to find out the lost home device, and to relate HRA and the home device. Device ownership extension indicates whether the home device is personal possession or not. If the device is possessed by one person, then the person can use simple home network service only by device authentication.

Intelligent Home Network Authentication

1699

Finally, device description extension can provide the information about computing power of the device and the accessible home service. It is useful in device access control. Therefore, attempts to solve the existing authentication problem. With regard to the topics of privacy protection, which is revealed due user movement key simplification (i.e., research on a key that can be used for a wide range of services), and the provision of smooth service for data requiring higher bandwidth, the researcher has reserved them for future researches.

References 1. Lee, J., et al.: A DRM Framework for Distributing Digital Contents through the Internet. ETRI Journal 25(6), 423–436 (2003) 2. Jeong, Y., Yoon, K., Ryou, J.: A Trusted Key Management Scheme for Digital Right Management. ETRI Journal 27(1), 114–117 (2005) 3. Device Authentication, http://www.safenet-inc.com 4. TrustConnector 2, http://phoenix.com 5. Bluetooth Core Specification v2.0. http://www.bluetooth.org/spec/ (2004) 6. ZigBee Specification v1.0, http://www.zigbee.org/en/spec_download/ (December 2004) 7. OpenCable Security Specification. http://www.opencable.com/specifications/ (2004) 8. Gehrmann, C., Nyberg, K., Mitchell, C.J.: The personal CA-PKI for a personal area network. IST Mobile and Wireless Telecommunications Summit, 31–35 (2002) 9. Intermediate specification of PKI for heterogeneous roaming and distributed terminals, IST-2000-25350-SHAMAN (March 2003) 10. Hwang, J.-b., Lee, H.-k., Han, J.-w.: Efficient and User Friendly Inter-domain Device Authentication/Access control in Home Networks. In: Sha, E., Han, S.-K., Xu, C.-Z., Kim, M.H., Yang, L.T., Xiao, B. (eds.) EUC 2006. LNCS, vol. 4096, Springer, Heidelberg (2006) 11. O’Gorman, L.: Comparing Passwords, Tokens, and Biometrics for User Authentication. In: Proceedings of the IEEE, vol. 91(12) (December 2003) 12. Planning for PKI: Best Practices Guide for Developing Public Key Infrastructure. John Wiley & Sons, Inc., Chichester (2001) 13. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List(CRL) Profile, RFC 3280, April 2002. In: Baldonado, M., Chang, C.-C.K., Gravano, L., Paepcke, A. (eds.) The Stanford Digital Library Metadata Architecture. Int. J. Digit. Libr., vol. 1, pp. 108–121 (1997) 14. Al-Muhtadi, J., Ranganathan, A., Campbell, R., Mickunas, M.D.: A Flexible, PrivacyPreserving Authentication Framework for Ubiquitous Computing Environments. In: ICDCSW 2002, pp. 771–776 (2002) 15. Roman, M., Campbell, R.: GAIA: Enabling Active Spaces. In: 9th ACM SIGOPS European Workshop, Kolding, Denmark (September 17th-20th, 2000) 16. Gen-Ho, L.: Information Security for Ubiquitous Computing Environment. In: Symposium on Information Security 2003, KOREA, pp. 629–651 (2003) 17. Lee, S.-Y., Jung, H.-S.: Ubiquitous Research Trend & Future Works. Wolrdwide IT 3(7), 1–12 (2002) 18. Lee, Y.-C.: Home Networks Technology & Market Trend. ITFIND Weeks Technology Trend(TIS-03-20)(1098), 22–33 (2003)

1700

D.-G. Lee et al.

19. Lee, D.G., Kang, S.-II., Seo, D.-H., Lee, I.-Y.: Authentication for Single/Multi Domain in Ubiquitous Computing Using Attribute Certification. In: Gavrilova, M., Gervasi, O., Kumar, V., Tan, C.J.K., Taniar, D., Laganà, A., Mun, Y., Choo, H. (eds.) ICCSA 2006. LNCS, vol. 3983, pp. 326–335. Springer, Heidelberg (2006) 20. Lee, Y.-K., Lee, D.-G., Han, J.-w., Chung, K.-i.: Home Network Device Authentication: Device Authentication Framework and Device Certificate Profile. In: ASWAN 2007. The international workshop on Application and Security Service in Web and pervAsive eNvironments (2007)