- Original Paper
- Open access
- Published:
A UPnP extension for enabling user authentication and authorization in pervasive systems
Journal of the Brazilian Computer Society volume 16, pages 261–277 (2010)
Abstract
The Universal Plug and Play (UPnP) specification defines a set of protocols for promoting pervasive network connectivity of computers and intelligent devices or appliances. Nowadays, the UPnP technology is becoming popular due to its robustness to connect devices and the large number of developed applications. One of the major drawbacks of UPnP is the lack of user authentication and authorization mechanisms. Thus, control points, those devices acting as clients on behalf of a user, and UPnP devices cannot communicate based on user information. This paper introduces an extension of the UPnP specification called UPnP-UP, which allows user authentication and authorization mechanisms for UPnP devices and applications. These mechanisms provide the basis to develop customized and secure UPnP pervasive services, maintaining backward compatibility with previous versions of UPnP.
References
Loureiro E, Ferreira G, Almeida H, Perkusich A (2007) Pervasive computing: what is it anyway? In: Lytras M, Naeve A (eds) Ubiquitous and pervasive knowledge and learning management: semantics, social networking and new media to their full potential, pp 1–34
Weiser M (1999) The computer for the 21st century. SIGMOBILE Mob Comput Commun Rev 3(3):3–11. doi:10.1145/329124.329126
Presser A, Farrel L (2008) UPnP device architecture. http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf. Last access on May, 2008
Kumaran I, Kumaran SI (2001) Jini technology: an overview. Prentice-Hall PTR, Upper Saddle River
Consortium S (1999) Salutation architecture specification. ftp://ftp.salutation.org/salutesa20e1a21.ps
Guttman E, Perkins C, Veizades J, Day M (1999) Service location protocol, version 2. RFC. http://tools.ietf.org/html/rfc2608
W3C (2007) Simple object access protocol. http://www.w3.org/TR/soap/
Langille G et al. (2008) Mediaserver:3 device template version 1.01. http://upnp.org/specs/av/UPnP-av-MediaServer-v3-Device.pdf. Last access on May, 2009
Guedes A, Santos D, do Nascimento J, Sales L, Perkusich A, Almeida H (2008) Set your multimedia application free with BRisa framework: an open source UPnP implementation for resource limited devices. In: 5th IEEE consumer communications and networking conference, 2008. CCNC 2008, pp 1257–1258 (10–12 January 2008). doi:10.1109/ccnc08.2007.297
Lin JC, Chen JM, Liu CH (2008) An automatic mechanism for adjusting validation function. AINAW, pp 602–607. 10.1109/WAINA.2008.89
Prakash Iyer UW (2001) Internetgatewaydevice:1 device template version 1.01. http://upnp.org/standardizeddcps/documents/UPnP_IGD_1.0.zip. Last access on May, 2009
Hengartner U, Steenkiste P (2004) Protecting access to people location information. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 222–231
Robinson P, Beigl M (2004) Trust context spaces: an infrastructure for pervasive security in context-aware environments. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 119–129
Kvarnstrom H, Hedbom H, Jonsson E (2004) Protecting security policies in ubiquitous environments using one-way functions. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 71–85
Creese S, Goldsmith M, Roscoe B, Zakiuddin I (2004) Authentication for pervasive computing. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 439–488
Klemets A, Da Costa B (2008) UPnP authentication and authorization patent. http://www.freepatentsonline.com/y2008/0092211.html
Karl J (2010) UPnP CDS USER PROFILE. http://www.patents.com/UPnP-CDS-USER-PROFILE-20100125907.html
Ellison C (2003) DeviceSecurity: 1 Service Template. http://www.upnp.org/standardizeddcps/documents/DeviceSecurity_1.0cc_001.pdf. Last access on December, 2008
Ellison C (2003) SecurityConsole: 1 service template. http://www.upnp.org/standardizeddcps/documents/SecurityConsole_1.0cc.pdf. Last access on December, 2008
Nakajima T (2003) Pervasive servers: a framework for creating a society of appliances. Pers Ubiquitous Comput 7(3–4):182–188. doi:10.1007/s00779-003-0222-2
Chen W, Kuo SY, Chao HC (2009) Service integration with UPnP agent for an ubiquitous home environment. Inf Syst Front 11(5):483–490. doi:10.1007/s10796-008-9122-3
Sahm C, Langels HJ (2003) Dimmable light device template. http://www.upnp.org/standardizeddcps/documents/DimmableLight1.0cc.pdf. Last access on May, 2008
Kim K, Ko H, Choi W, Lee E, Kim U (2008) A collaborative access control based on XACML in pervasive environments. In: International conference on convergence and hybrid information technology, 2008. ICHIT’08, pp 7–13
Rahaman MA, Schaad A, Rits M (2006) Towards secure SOAP message exchange in a SOA. In: SWS’06: proceedings of the 3rd ACM workshop on secure web services. ACM, New York, pp 77–84. doi:10.1145/1180367.1180382
Snyder RM (2007) Security programming using python: man-in-the-middle attacks. In: InfoSecCD’07: proceedings of the 4th annual conference on information security curriculum development. ACM, New York, pp 1–6. doi:10.1145/1409908.1409911
Hashemipour S, Ali M (2004) MPEG-21 & DIDL: dawn of a new multimedia EVA. In: IEEE international symposium on consumer electronics, 2004, pp 91–95
Balabanovic M, Shoham Y (1997) FAB: content-based, collaborative recommendation. Commun ACM 40:66–72
Im I, Hars A (2007) Does a one-size recommendation system fit all? The effectiveness of collaborative filtering based recommendation systems across different domains and search modes. ACM Trans Inf Syst TOIS 26(1):4. doi:10.1145/1292591.1292595
Deshpande M, Karypis G (2004) Item-based top-n recommendation algorithms. ACM Trans Inf Syst 22(1):143–177. doi:10.1145/963770.963776
Benesty J, Chen J, Huang Y (2008) On the importance of the Pearson correlation coefficient in noise reduction. IEEE Trans Audio Speech Lang Process 16(4):757–765. 10.1109/TASL.2008.919072
Minker J (1977) Information storage and retrieval: a survey and functional description. SIGIR Forum 12(2):12–108. doi:10.1145/1095515.1095516
Yantao Z, Jianbo T, Jiaqin W (2007) An improved TFIDF feature selection algorithm based on information entropy. In: Chinese control conference, 2007. CCC 2007, pp 312–315. doi:10.1109/CHICC.2006.4346845
Sherwin L (2009) UPnP specifications named international standard for device interoperability for IP-based network devices. innovation validated by record-breaking number of UPnP implementations in 2008. http://www.upnp.org/news/documents/UPnPForum_02052009.pdf. Last access on September, 2009
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772. doi:10.1145/358790.358797
Malladi S, Alves-Foss J, Heckendorn RB (2002) On preventing replay attacks on security protocols. In: Proc international conference on security and management. CSREA Press, pp 77–83
Syverson P (1994) A taxonomy of replay attacks. In: Proceedings of the 7th IEEE computer security foundations workshop. Society Press, New York, pp 187–191
Yan Y, Zhang J, Yan M (2006) Ontology modeling for contract: using OWL to express semantic relations. In: 10th IEEE international enterprise distributed object computing conference, 2006. EDOC’06, pp 409–412. doi:10.1109/EDOC.2006.37
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License ( https://creativecommons.org/licenses/by/2.0 ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
About this article
Cite this article
Sales, T., Sales, L., Almeida, H. et al. A UPnP extension for enabling user authentication and authorization in pervasive systems. J Braz Comput Soc 16, 261–277 (2010). https://doi.org/10.1007/s13173-010-0022-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13173-010-0022-2