We have implemented the AS and GMS on PCs. In addition, we have developed programs for NA on PDAs, laptops, and PCs. We will describe the development tools and software used in our system first, and then the implementation of system components.
4.1 The Platform and Tools
We construct our system using Mini UA and SIP UA, developed by Computer
&Communication Research Laboratories (CCL) of Industrial Technology Research Institute (ITRI). Mini UA is the mobile device version of SIP UA; therefore, we use Mini UA for PDA development and SIP UA for general PC implementation. The development tool for Mini UA and SIP UA are Microsoft Embedded Visual C++ and Microsoft Visual C++ 6.0.
4.2 The Implementation of GMS
4.2.1 Device Registration
Users have to register their NAs to the GMS before requesting services from the GMS.
We first describe the registration procedure of the GMS. Figure 4-1 shows the flow chart of the procedure. After verifying the grant ticket, the GMS determines the type of registered NA belonging to AD or UD. According to the username in the register message, then the GMS searches the database to decide if the PDG has already existed. If the PDG is not existed, the GMS will create a PDGkey for this group. Afterward, the record of the registered NA is inserted into the database.
Receive register
Figure 4-1 The Flow chart of device registration
4.2.2 Functions
Figure 4-2 illustrates the processing flow chart of the GMS. When receiving requests from the NAs, the GMS will verify the ticket and check if the client has registered. The GMS maintains the list of user group and services, supporting users to create groups. After verifying the ticket, registration procedure is executed if the message type is “REGISTER”; otherwise, according to the request message type, creating group, returning group or service lists will be performed, respectively.
Figure 4-2 The processing flow chart of the GMS
4.3 The Implementation of Group Operations
We have implemented the program run on NAs based on SIP UA. We modify the SIP UA to support the group operations, joining, leaving, and creating groups. Table 4-1 shows the functions we have developed for supporting group operations. The function Create_Group is used when a user wants to create a user group. The parameter is the user group name, group type (public or private), group description, and the identifier of the NA that creates the group.
The function Join_Group is used when a NA sends request for joining a user group. The parameter group public key is generated by a NA and is used for computing a new group key.
The function Leave_Group is used when a NA leaves a group, and the parameter is the group name, and the identifier of NA.
Function name Corresponding SIP Method Function parameters
Create_Group REGISTER GroupName, type, description, identifier Join_Group INVITE GroupName, group public key, identifier
Leave_Group BYE GroupName, identifier
Table 4-1 The functions of group operations
Chapter 5 Conclusions
We have designed a platform that organizes network appliances of users into personal device groups, where users can access their network appliances on the Internet. In addition, users can create user groups to share resources with others. The Internet, however, is an open network, where anyone could be impersonated; therefore, authenticating the identity of a user is required. We adopt a Kerberos-like architecture for device authentication in our system. To acquire a grant ticket, a user has to perform the dual-connection device authentication using their network appliances. With the grant ticket, the user can sign in the group management server to obtain the list of groups, to access their devices in their PDG, to create user groups for sharing, and to join other groups to get services.
In group management and communication, we have to ensure that only group members can access the resources. Our solution is that each member shares a group key in a group, in which the primary challenges are how to agree a common group key and refresh the group key when a user joins or leaves the group. We adopt Diffie-Hellman key exchange algorithm and extend it for our group key agreement. To refresh the group key, we use multicast to transmit the public key that is needed to calculate the new group key for efficiency; thus, each group is associated with a group distribution key tree used for multicasting the group public key. Upon each member receiving the public key, the new group key can be calculated individually.
In future work, device control can be considered in the platform. A general model to discover the functionalities is provided in network appliances is a major concern, and to support those appliances designed for some specific protocols, such as X10 and LonWorks can be contemplated.
References
[1] UPnP, http://www.upnp.org [2] HAVI, http://www.havi.org
[3] S. Moyer, D. Marples, and S. Tsang, “A Protocol for Wide Area Secure Networked Appliance Communication,” IEEE Commun. Mag., Oct. 2001.
[4] M. Rahman, D. Braun, D. Bushmitch, “ A Framework to Access Networked Appliances in Wide Area Networks”, Consumer Communications and Networking Conference, Jan.
2005.
[5] T. Chan, S. Sengodan, “On Applying SIP Security to Networked Appliances”, IEEE 4 International Workshop on, pages 31-40, 2002.
th
[6] Daniel Collins, “Carrier Grade Voice over IP”, McGraw Hill, New York, 2001.
[7] C. Neuman, T. Yu, S. Hartman, “The Kerberos Network Authentication Service (V5)”, RFC 4120, IETF, July 2005.
[8] William Stallings, “Network Security Essentials: Applications and Standards”, N.J:
Prentice Hall, 2000.
[9] H. Harney, C.Muckenhirn, “Group Key Management Protocol (GKMP) Specification”, RFC 2093, IETF, July 1997.
[10] Y. Kim, A. Perrig, G. Tsudik, “Tree-Based Group Key Agreement”, ACM Transactions on Information and System Security (TISSEC), 2004.
[11] Chun-Hsien Chiang, “A Mobile Payment System for PLMN/IP Dual Networks”, National Chiao Tung University, June 2006.
[12] J. Rosenberg, H. Schulzrinne, G. Camarillo et al, “SIP: Session Initiation Protocol”, RFC3261, IETF, June 2002.