1.1 Introduction
Information appliances, such as mobile devices, printers, cameras, etc, have become Internet capable and usually to be referred to as network appliances (NA). Some of them are having more functionalities and more powerful computing power, like taking pictures, video recoding, playing music, GPS receiver built-in, etc. As a result, there are many emerging applications dedicated to them, including GPS navigation system, Mobile TV, E-mail services and so on. Hence, users tend to have more and more networked appliances in the future. It is clear that how to enable them to communicate with each other conveniently and securely is becoming an important issue.
At the same time, there are many standards, such as UPnP [1] and HAVI [2], focusing on the device communications in the home network. With the help of these technologies, we can integrate our home appliances, move digital audio/video content and share information among devices. Therefore, there is a trend with these smart information appliances working together.
With the rapid expansion of the Internet, many new group-oriented applications, such as tele/video conferences and community games, have become so popular today that users have more opportunities to interact with each other. Thus, a reliable platform, where users can utilize their networked appliances to communicate and share resources with each other across the Internet is needed. To provide the access control and security over the Internet, a platform with secure group communication is necessary.
1.2 Related work
To enable simple and reliable connectivity among information appliances, many solutions have been proposed. One of the well-known, UPnP, offers network connectivity of
intelligent appliances and wireless devices. It is also an open, distributed architecture developed for proximity networking, and an Internet-based technology, built upon IP, TCP, UDP, HTTP, and XML, among others. In addition, UPnP enables communication between any two devices under the command of any control device on the network (LAN).
Home Audio Video interoperability (HAVI), a standard for networking digital audio-video appliances, allows users home appliances to communicate with each other. It is focusing on the transfer and processing of digital audio-video contents among digital information appliances. IEEE 1394 standard is used as the interconnection medium, supporting isochronous communication which can guarantee packet delivery at fixed intervals, so that it can meet the real time constraints of audio and video streams.
For accessing the networked appliances outside of the local network domain, some approaches using the Session Initiation Protocol (SIP) have been proposed [3, 4]. In those approaches, there were some problems, including device discovery and registration as well as security and access management that need to be resolved. These problems are essential for devices communications because of the following reasons. Device discovery involves how to locate a particular device, searching the device that users are interested in. Device registration allows NAs to register their name and information. Security protects the data integrity and confidentiality, while access management makes sure that only authenticated and authorized users have the access right.
To provide security with network appliances, Tat Chan and Senthil Sengodan proposed a solution based on SIP [5]. They focus on the system architecture where NAs can communicate directly through the Residential Gateway (RGW). The RGW is responsible for authentication, authorization, and encryption of SIP messages. They use secret key encryption to achieve device communication security. For access control, which is related to authorization, they proposed a rule-based access right system with centralized authorization performed at the RGW.
However, both UPnP and HAVI are mainly designed for the home domain network. This limitation means that the user can only access network appliance on the local network domain.
Another approach accesses the network appliances through the RGW, which implies the loading of the RGW will be heavy. Hence, we conceive an idea that users can connect their network appliances together through a platform on the Internet. Users can directly access their network appliances on the Internet as compared to be restricted on the home network. Unlike accessing network appliances through a RGW, in our system, users can access network appliances in the same group of users directly, which reduces the overhead of the server.
1.3 Objective
We propose a secure and reliable platform that can be used on the IP network, where users can access their networked appliances and share the resources of the appliances with others. For the user authentication, we use an E.164 number based user authentication approach for VoIP [6]. Moreover, we exploit an authentication server based on Kerberos architecture to support single sign-on services [7], which can enable a user authenticate once for accessing other services in the system afterwards.
Furthermore, our platform supports group operations, such as creating, joining and leaving specific groups. This allows users to manage their NAs in convenient way and even to establish their own groups for providing services. To support access control, security, data integrity and confidentiality across the Internet, group key management is employed in the platform.
1.4 Overview of the thesis
The remaining of this thesis is organized as follows. Chapter 2 describes the essential background knowledge related to our system. Chapter 3 provides the details of our system
design. Chapter 4 presents the implementation issues. Finally, the conclusion is given in Chapter 5.