25 July, 2014 Hailiang Mei, [email protected] TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei [email protected] Remote Terminal Management.

April 11, 2023 Hailiang Mei, [email protected]/e Computer Science, System Architecture and Networking

1

Hailiang [email protected]

Remote Terminal Management (RTM) and Access Control in SPACE4U


2

Outline

• Goals of RTM• Possible RTM Approaches (review of

existing solutions)• Consideration on Security and Access

Control• Design of RTM Framework• Conclusion and Future Work


3

Scenarios

3 Repair

2 Diagnosis

1 Observing

Remote server

Remote server can be within local network or at service provider’s site

Self observes problem + Remote diagnosis + Remote Repair


4

Requirements for RTM

• Secured RTM (RTM.01, mandatory)• Management client oriented

– Healthy terminal oriented• Component downloading due to context changing

(CAC.01&02)• (Legal) Component sharing (RTM.02, optional)• Service discovery (RTM.03, optional)

– Non-healthy terminal oriented• Remote diagnosis (RTM.04, similar to HM.03, Mandatory ) • Remote repair (RTM.05, similar to HM.04, Mandatory )

• Management server oriented• User service data survey (RTM.06, optional)

• User transparent control (RTM.07, Mandatory)


5

Outline





6

Possible RTM approaches

• Telnet/SSH• Virtual Network Computing (VNC)• Web server• UPnP• SNMP• SyncML (Open Mobile Alliance)


7

Virtual Network Computing


8

Virtual Network Computing


9

Web Server

•The device runs a small web server application

•A service runs on the device to generate run-time HTML file

•The remote terminal manager access the device via the web browser and execute scripts on the device


10

Web Server (example)


11

UPnP

UPnP Vendor Defined

UPnP Forum WorkingCommittee Defined

UPnP Device ArchitectureDefined

SOAP

HTTP

TCP

IP

UPnP Vendor Defined

UPnP Forum Working Committee Defined

UPnP Device Architecture Defined

HTTPMU(Discovery)

HTTPU(Discovery)

SOAP(Control)

HTTP(Description)

UDP TCP

SSDP GENA SSDP

IP

HTTP

GENA(Events)

Overall stack Control stack


12

SNMP

UDP

IP IP

SNMP manager

SNMP

SNMP agent

SNMP

MIB

set/get requests

response and traps

read/change

managing device managed device

TCP TCP UDP


13

SNMP (example)

Network

DVD

Printer

Remote server

Dis

patc

h ag

ents

Monitoring


14

SyncML DM (OMA)

OMA DM

Inside client

Server

DM protocol

root

Vendor SyncML

… X*

… …

client

Data Synch protocol

•Add

•Get

•Replace

•Exec

Logical tree for addressing purposes.

In scope of DM standard!

proprietaryWAPclient

proprietaryupgrade

client

Over the air


15

SyncML DM (OMA)

OMA DM

• Server<Get>

<CmdID>4</CmdID>

<Item>

<Target>

<LocURI>Vendor/Ring_signals/Default_ring</LocURI>

</Target>

</Item>

</Get>

• Client<Results>

<CmdRef>4</CmdRef>

<CmdID>7</CmdID>

<Item>

<Data>MyOwnRing</Data>

</Item>

</Results>


16

SyncML DM (OMA)

OMA DM


17

Review of approaches

• Virtual Network Computing (VNC, open source) (Dropped due to obvious security problems)

• Web server (Dropped due to less flexibility and limited functionalities)

• UPnP based (Dropped due to less competitive with SyncML DM)

• SNMP based (Continuing as the complementary)

• SyncML DM (Continuing as the main reference)


18

Outline





19

Scenario

RTM ClientRTM Server

Remote server


20

Hacker on the link


Confidentiality+ Integrity

Remote server


21

Hacker on RTM Server


Remote server

Confidentiality( Authentication + Authorization )

Availability


22

User is a “Hacker”


Non-repudiation

Remote server


23

Hackers 4 ALL



Non-repudiation

Remote server


Availability

CIA + non-repudiation


24

“Kill” Hackers



Non-repudiation

Remote server


Availability

PKI is the solution !


25

Security and Access Control

• Security assurance– PKI solve confidentiality, integrity and non-

repudiation

• Access Control– Tree structure access control list looks promising,

which is included by SNMP, Microsoft Active Directory and SyncML


26

Outline





27

Terminal Terminal Stub TM Stub Terminal Manager

Terminal ready

Start Terminal

Start TM stub

TM stub ready

Fetch models

Remote object request

Fetch models

Models

Remote object reply

Models

Check models

Repair plans

Remote object request

Repair plans

Acknowledgement

Remote object reply

Acknowledgement

Start terminal

Start TM

Relation with SIMRemote server

get/exec

add/replace

delete/exec


28

Terminal Access manager

Start access manager

Access manager ready

Start terminal

Fetch models

Failed response

Success response with models

Repair plans

Acknowledgement

SCommunication

Start TM

Verify access rights

Grant/refuse

Models

Failed response

Incoming repair message

Verify access rights

Grant/refuse

Receive request

ACK

OK

OK

Incoming diagnosis message

Terminal ready

RTM Framework inside Device

Security setting


29

Access Management for RTM

•Each node (object) is identified by an URI•Each node has a set of properties•This tree can be extended by “add” message or a new installations on the device•Leaf node can be either a value or a pointer to an executable command

/Add=&Get=&Replace=&Delet

e=&Exec=

ObjectAGet=ServerC&Replace=ServerC

Object1Get=*

ObjectCGet=ServerA&Replace=Serv

erA

ObjectBGet=ServerA&Replace=ServerA

Object2ACL=

Object3Get=ServerB&Replace=Serv

erB&Delete=ServerB

Object5Get=ServerB&Replace=Serv

erB&Delete=ServerB

Object4ACL=


30

Secure Communication

• Authentication• Decryption and encryption• Maintain log file• Can keep user update with latest operations

(Transparent control)


31

Comply with ROBOCOP Framework

OS/drivers

•RCDP component is available•Scommunication can be implemented based on open-SSL and SyncML protocol stack•Access Manager is open

Middleware

RTM component

RC N. . .RC 2RC 1

Robocop Run-time Environment

RCDP component

Service Manager

DL target

DL Initiator

RCDP Component

RTM Component

AccessManager

Service ManagerSCommunication

Reporter


32

Conclusion

• Secured RTM (RTM.01, mandatory)• Management client oriented


(CAC.01&02)• (Legal) Component sharing (RTM.02, optional)• Service discovery (RTM.03, optional)

– Non-healthy terminal oriented• Remote diagnosis (RTM.04, similar to HM.03, Mandatory ) • Remote repair (RTM.05, similar to HM.04, Mandatory )




33

Conclusion

• Secured RTM (RTM.01, mandatory) • Management client oriented


(CAC.01&02)• (Legal) Component sharing (RTM.02, optional) • Service discovery (RTM.03, optional)

– Non-healthy terminal oriented• Remote diagnosis (RTM.04, similar to HM.03, Mandatory) • Remote repair (RTM.05, similar to HM.04, Mandatory )




34

Future Work

• Formulate access control mechanism– Some ideas borrowed from SNMP and SyncML– Limiting the root node access rights properties– Certain access management might be done by

interacting with users

• Define communication protocol and message format – Largely based on SyncML

• Implementing…


35

Questions?

25 July, 2014 Hailiang Mei, [email protected] TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei [email protected] Remote Terminal Management.

Documents

hailiang mei

computer science

system architecture

rtm secured rtm rtm

snmp slide

mandatory slide

device slide

client server