Security: Context filtering
- From: Ludovic Ferrandis <ludovic ferrandis linux intel com>
- To: gupnp-list gnome org
- Subject: Security: Context filtering
- Date: Thu, 27 Jun 2013 18:10:59 +0200
Sort of security in DLNA.
Introduction for UPnP/DLNA newcomers.
UPnP/DLNA have been developed with the concept that all components are
running on trusted network.
At this time, only HND (Home Network Device) were available and it was
easy to define or setup a trusted network.
Now we are in a world of mobility. You can connect devices from
everywhere (restaurant, hotel, public places, ...)
It's to be able to handle such mobility that a new class of device has
been defined, the MHD (Mobile Handheld Device).
Security issues appears with the development of the wireless
connectivity. Do you want your photos to be shared on a public network?
Security issues are not the same for servers and clients.
On the server side, you probably don't want to be visible and share data
on untrusted networks.
On the client side, you probably don't want to connect to untrusted
servers that can send you damaged data.
The proposed solution is to managed a white list of trusted networks.
This is not a strong security system with password, trusted encrypted
password server etc...
How would it work?
The solution is not new, is the one already implemented in Rygel. It's
based on a white list.
The white list could be composed of ip address, SSID or network type
(eth, wlan, ...).
Only interfaces defined in the white list will be trusted, the other
ones will be rejected.
An empty white list means all interfaces are trusted. This will ensure
compatibility behavior with applications that already use GUPnP but
doesn't manage white list.
How to implement it?
The solution is to implement the white list management in GUPnP, BUT NOT
the white list settings/file management.
The concept is to manage the white list in memory by GUPnP. GUPnP is
linked to an application, so the white list will be available only for
this application.
The file/setting will be managed by the applications (Rygel, dLeyna,
others).
GUPnP will filter out available GUPnP context based on the white list.
The filter is dynamic, that means if the white list is updated by the
application during it's lifetime, GUPnP context will be made available
or discarded accordingly.
The comparison will be strict. "eth" will not match "eth0", "eth1".
Impacts on GUPnP applications?
Applications that will use the new GUPnP library but don't use the white
list API, will have the same behavior, as the GUPnP default behavior is
to disable the white list feature.
Applications, like Rygel, that manage their own white list and would not
use the new API, will have the same behavior. I will post another email
in Rygel mailing list about Rygel application itself.
API proposal:
GUPnP: The white list APIs should be part of GUPnP Context.
void gupnp_context_white_list_enable(gboolean enable)
Enable or disable the white list.
When disabled, it will broadcast all available context.
This will also allow to build the white list using add/remove/reset API
without performing filtering at each call of these functions.
When enabled, it will filter out all available contexts, accordingly to
the white list.
When enabled, each call to add/remove/reset has an immediate action.
This function doesn't change the content of the white list.
gboolean gupnp_context_white_list_is_enabled(void)
Return the status of the white list.
gboolean gupnp_context_white_list_add_interface(gchar* interface)
gchar* interface: is a semi colon separated string list of interface
name. ("eth0" or "127.0.0.1;192.168.1.1")
Add new interface(s) to the white list. It has an immediate effect only
if it's enabled.
Return false if one can't be added to the white list.
gboolean gupnp_context_white_list_remove_interface(gchar* interface)
gchar* interface: is a semi colon separated string list of interface
name. ("eth0" or "127.0.0.1;192.168.1.1")
Remove new interface(s) to the white list. It has an immediate effect
only if it's enabled.
Return false if all interfaces are not found, true otherwise.
gchar *gupnp_context_white_list_get_interface(void)
Return the list of interfaces in the white list.
It's a semi colon separated string list of interface name. ("eth0" or
"127.0.0.1;192.168.1.1")
void gupnp_context_white_list_reset_interface(void)
Remove all interfaces in the white list.
It doesn't change the enabled flag.
As for add/remove, changes are immediate or no, depending of the enabled
flag.
Firewall Zone
First, it's not a priority and could be implemented later.
It's only available with the new Network Manager (available in Ubuntu
13.04).
IMPORTANT: It's disabled by default!
What is Firewall Zone?
It simply the fact to enable a firewall locally, on your computer, not
on your network, as your company by example.
The firewall zone has the ability to affect different predefined
firewall rules, to connections.
So you can tag connection as trusted, public or whatever.
The problem is that firewall could prevent DLNA device to works if the
firewall rules blocks the needed communication ports or protocols.
There are 2 kinds of firewall.
The one you install yourself. In this case, we can't do anything at all.
The one installed by Ubuntu/Network Manager. In this case we can do a
very small feature to simplify things a bit.
The firewall installed by Network Manager is called FirewallD and
provide a dbus API.
The only feature that interest us is the notification when the current
active zone is changed.
This use case should be exceptional, but we can manage it.
In this case, GUPnP could perform a 'Refresh'. Depending of the new
active firewall rules, servers will appears or disappears immediately in
application (like dleyna).
Otherwise we should wait, for the disappears case, the SSDP time out
that is 30 min.
This feature should be implement in the Network Manager plug-in of GUPnP
Connection Manager.
As I said, the feature is simple to implement, but it's very low priority.
Any comments are welcome.
Thanks,
Ludovic
--
Ludovic Ferrandis
Open Source Technology Center
Intel Corporation
--
Ludovic Ferrandis
Open Source Technology Center
Intel Corporation
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]