Promise Technology SmartStor NS2300N User Manual

UPnP Forum and GatewayUPnP Forum and Gateway committee overviewcommittee overviewMarch 15, 2010Mika Saaranen – NokiaUPnP Gateway ChairMark Baugher–Cis

Security in Gateway V1• IGD and other UPnP DCPs have had the option of iUPPDiS itfth t6using UPnP Device Security for the past 6 years• This is a high

Gateway v2 overview• Enhanced security by new DeviceProtection service li d t ll IGD i bl d tiapplied to all IGD variables and actions• Enhanced portm

Addressing Security in V2• Threats: Malicious edits to critical configuration variablesDiP i ibli(hid)•DeviceProtection service uses public(unauthenti

Security in Gateway V2• Gateway v2 will use UPnP Device Protection• Does not require a third-device as a security console• Uses X.509 certificates and

Access Controls in IGD:2Access control is definedAccess control is defined• For all IGD ActionsThree levels of access• Admin•Basic• PublicBetter overa

UDA Annex A IPv6 Changes• IPv6 support in UDA 1.0 and 1.1 evolved with the li t d devolving standard• Deprecation of site-local addressing• Developmen

Time tableThis presentation covers on-going work and may change before publication Target timeline is:change before publication. Target timeline is:•

Summary• IGD:2 introduces two new services:•DeviceProtection :1 to enable authentication and accessDeviceProtection :1 to enable authentication and ac

Technical details

WANIPCONNECTION:2

IntroductionIntroduction• This is a public presentation of the the UPnP Forum’s Gateway workthe UPnP Forum’s Gateway work • The contents of this prese

Key Use CasesKey Use Casesz Use case #1 Add portmappingUser has an application that needs to be contacted from thezUser has an application that needs

List of Key changes Features -actionsz DeletePortMappingRange() allows removing a range ft iof portmappingsz GetListOfPortmappings() allows retrieving

List of Key changes Features New –state variablesz SystemUpdateID is used to track changes in NAT tiportmappingsz A_ARG_TYPE_MANAGE is a parameter use

List of Key changes Features –policy changesz PortmappingLeaseTime can have values between 1 to 604800 secondssecondsz If control point uses value 0 t

DeviceProtection:1Vic Lortz (Intel) chair of UPnP Gateway security Task ForceyMika Saaranen (Nokia), Chair of UPnP Gateway committeey

Background• Ease of use is generally at odds with secure use• People find that passwords and other authentication methods are a challenge to manage on

Basic Security Requirements1. Simple to understand and useMt l th ti ti2.Mutual authentication3. Access control4. Privacy5Align with widely-supported

Device Protection Properties1. Trust based on physical proximity and access¾ Such as reading a PIN¾ Pushing a button,¾ NFC touch, etc.2. Bootstraps st

Trust Boostrapping by Introduction1. Pair-wise introductionPINbdDeviceDeviceA.PIN-based, run onceB. Establishes trust in self-signed certs of both Dev

Securing the Control PlaneDeviceSecure URLStart TLS TLS HandshakeProtocolto HTTPSRecordProtocolfor UPnPControl URLActionsUser Control Point

What is UPnP Technology1. UPnP Technology is an open international ISO/IEC standard for device & service discovery & control of devices on an

D-P Functional Block DiagramACLD-PD-PervicesTLSserviceOtherEmbeddeddevicesTLSLogicOther seTLSlogicCertOtherservicesTLSlogicCertDEVICE CONTROL POINT

IGD User ExperienceIGD User Experience Scenario

IGD ScenarioIGDIGDControl Pointw CP on laptop and IGD are already connected to an IP network (may be wired or wireless)U i t d CP t IGD (IGD d CP hwUs

Example Setup UI FlowSetup…Setup…CP’s GUICP’s GUIGatewayXYZGatewayXYZ1234567812345678Please enter GatewayXYZ’s SETUP PIN number.Please enter GatewayXY

Administrator Login (rarely needed)SettingsSettingsIGDIGD……TLS connectionTLS connectionTLS connectionTLS connectionConfiguration UIConfiguration UIAdv

Concept UI of Administrative CPAdvanced SettingsAdvanced SettingsStP i iStP i i**************Administrator Password: Administrator Password: Set Permi

SOAP Actions & Roles for the D-P Service• SendSetupMessage() [Public] • GetSupportedProtocols() [Public] GetAssignedRoles() [Public]•GetAssignedRo

Summary1. CPs and Devices authenticate each other using certificates, users of shared CPs can also authenticate with Username/password over TLSADevice

WANIPv6FirewallControl:1Mika Saaranen, NokiaFabrice Fontaine OrangeFabrice Fontaine, OrangeMark Baugher, Cisco

Introduction• It is expected that massive roll-outs of IPv6 will start itlfin next couple of years• In IPv6, we likely won’t have NATs, but it seems t

Diversity of UPnP Vendors & Products1. Acer Aspire Laptop PC series2. Buffalo HS-DS Network Attached Storage (NAS) series3. Canon Digital Camera D

Key use casesz Use case #1 Add pinholeUh liih d b dzUser has an application that needs to be contacted from the internetz Usually, no user interaction

State variables• FirewallEnabled : is firewall enabled• InboundPinholeAllowed : Can pinholes be created• OutboundPinholeTimeout : How long a pinhole c

Actions• GetFirewallStatus() : returns information if the fi ll i ti d i h l b t dfirewall is active and new pinholes can be created• GetOutboundPinho

Summary• IGD:2 has release target in Q4/2010 including:• WANIPConnection:2• DeviceProtection:1•WANIPv6Firewall control:1WANIPv6Firewall control:1• Pre

For the interconnected lifestyle

UPnP Working Committees• UPnP protocols are developed in UPnP Working CommitteesCommittees• There are many past and present WCs including• Audio/Video

What is UPnP?•UPnP Addressing •UPnP Control•UPnP Addressing •UPnP Control•UPnP Discovery •UPnP Eventing•UPnP Description•UPnP Devi

UDA OverviewUPnP Discovery•Device sends SSDP Notify •Control Point sends SSDP MSearch messagesAnnouncementsSSDP MSearch messages•Devices respond with

The Risks of Home Networking• Home networks face risks• Well-known admin passwordsHome networks are vulnerable to malware and war driverspasswords• Li

Gateway V1 overview• Manage and configure physical connections e.g. tdi tconnect or disconnect• Automatic and seamless configuration of Internet acces