April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

1

Hailiang MeiH.Mei@tue.nl

Security and Privacy Concern in Remote Personal Device Management

Framework

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

2

Outline

• Background of RPDM– Why RPDM is important

• Security threat– Attack tree model and threat analysis

• Examining current RDM systems– SNMP, VNC, MRDP, Web-based

• Design of RPDM framework– Based on SyncML DM

• Conclusion and future work

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

3

Background of RPDM

3 Repair

2 Diagnosis

1 Observing

Remote server

Remote server can be within local network or at service provider’s site

Self observes problem + Remote diagnosis + Remote Repair

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

4

Why RPDM is Important?

• Recent studies show that there are at least 4 times as many electronic machines in the world as there are people. – This gap is still increasing fast– New devices require maintenance, but personnel

are expensive

• An online survey shows 57% users feel befuddled by their computer, mobile phone, home security system, etc.

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

5

Outline

• Background of RPDM– Why RPDM is important

• Security threat– Attack tree model and threat analysis

• Examining current RDM systems– SNMP, VNC, MRDP, Web-based

• Design of RPDM framework– Based on SyncML DM

• Conclusion and future work

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

6

Attack Tree Model

Threats

Unintended threats

Deliberate threat (attack)

Nature threats

Removing important

component

Lost password

Active Passive

Interception

Traffic analysis

Repudiation

DoS

Interruption

Impersonation

Replay

Modification

Dictionary attack

We are going to prevent

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

7

Threat Analysis (one example)

Security requirement

Attack Techniques Confidentiality

Integrity Availability

Non-repudiation

VR

R.1 (Impersonation, dictionary attack) Fabricate the operator account

Y D

R.2 (Modification) Modifying data in the diagnosis message

Y Y B

R.3 (Modification, repudiation) Misusing visualization tool

Y Y C

R.4 (Impersonation) IP spoofing

Y A

R.5 (Repudiation) Deny the executed diagnosis by end user or operator

Y B

Vulnerability Rating (VR): A Probable; B Highly Possible; C Possible; D Unlikely; E Impossible.

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

8

Outline

• Background of RPDM– Why RPDM is important

• Security threat– Attack tree model and threat analysis

• Examining current RDM systems– SNMP, VNC, MRDP, Web-based

• Design of RPDM framework– Based on SyncML DM

• Conclusion and future work

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

9

Evaluation Factors

• System load & Network load– criteria related to performance

• Expressive power– indicates the generalization of the

technique

• Device IQ– defines how intelligent the target device is when it

is being managed

• Security– the most important concern

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

10

Simple Network Management Protocol

UDP

IP IP

SNMP manager

SNMP

SNMP agent

SNMP

MIB

set/get requests

response and traps

read/change

managing device managed device

TCP TCP UDP

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

11

Virtual Network Computing

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

12

Virtual Network Computing

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

13

Web Server

•The device runs a small web server application

•A service runs on the device to generate run-time HTML file

•The remote terminal manager access the device via the web browser and execute scripts on the device

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

14

Web Server (example)

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

15

SyncML DM (OMA)

OMA DM

Inside client

Server

DM protocol

root

Vendor SyncML

… X*

… …

client

Data Synch protocol

•Add

•Get

•Replace

•Exec

Logical tree for addressing purposes.

In scope of DM standard!

proprietaryWAPclient

proprietaryupgrade

client

Over the air

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

16

SyncML DM (OMA)

OMA DM

• Server<Get>

<CmdID>4</CmdID>

<Item>

<Target>

<LocURI>Vendor/Ring_signals/Default_ring</LocURI>

</Target>

</Item>

</Get>

• Client<Results>

<CmdRef>4</CmdRef>

<CmdID>7</CmdID>

<Item>

<Data>MyOwnRing</Data>

</Item>

</Results>

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

17

Comparison of RDM Systems

OMA DM

Evaluation factor

Weight SNMPv3

VNC Web-based

RDP SyncML

DM

System load

20% +/- - - - +/-

Network load

20% + - +/- +/- +/-

Expressive power

25% - + +/- + +

Security 25% + - + +/- +

Device IQ 10% + - +/- - +

Equal weight score

20% each

0.4 -0.6 0 -0.2 0.6

Weighted score

0.3 -0.5 0.05 -0.05

0.6

*We define “+”=1, “+/-”=0 and “-”=-1 to calculate the overall performance score

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

18

Outline

• Background of RPDM– Why RPDM is important

• Security threat– Attack tree model and threat analysis

• Examining current RDM systems– SNMP, VNC, MRDP, Web-based

• Design of RPDM framework– Based on SyncML DM

• Conclusion and future work

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

19

RPDM Overview

Management server

Management server

Management server

Management server

Management server

•Security

•Privacy

•Performance

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

20

Internal Architecture of RPDM Client Managed Device

HTTP adapter

WSP adapter

OBEX adapter

Authentication manager

ACL

PKs

Connection manager

(De)

encr

yptio

n

mod

uleObjects

invocation

Access manager

LoggingmoduleMobj1

Mobjn

Mobj3

Mobj2

Reporter

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

21

Connection Manager

Session existed?

Connection manager receives a new request

Decrypt the message with the known

session key

Log and create response

Call the corresponding object

Authorized?

Send out the response

Check with Authentication

manager

Create error message

Check with Access manager

Receive return value?

Authenticated?

Create ACK response

Setup session key and create a new session

No

No

No

No

Yes

Yes

Yes

Yes

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

22

Authentication Manager

• PKI based authentication• MD5 digest authentication

– Digest = H(B64(H(serverrname:password)):nonce)

• PKs database itself is a Mobj, and it can be managed as well if the access right is granted. E.g. a trusted management server can introduce a new management server by adding its public key or its hashed name string into the PKs database.

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

23

Access Control List Tree

•Each node (object) is identified by an URI•Each node has a set of properties•This tree can be extended by “add” message or a new installations on the device•Leaf node can be either a value or a pointer to an executable command

/Add=&Get=&Replace

=&Delete=&Exec=

ObjectAGet=ServerC&Replace=S

erverC

Object1Get=*

ObjectCGet=ServerA&Replace

=ServerA

ObjectBGet=ServerA&Replace=

ServerA

Object2ACL=

Object3Get=ServerB&Replace=Ser

verB&Delete=ServerB

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

24

View of Prototype

Callback functions to Mobjs of managed device

Security and ACL layer

SyncML parser

HTTP handler

CLI-based management server application

Security layer

SyncML parser

HTTP handler

Management server (Debian Linux)

Managed device (Redhat 9 Linux)

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

25

Conclusion

• SyncML DM based system offers good system performance and security protection

• Our C prototype is one of the first open implementations based on the SyncML DM specifications.

• But, the network load is a bit heavy– A “Get” SyncML message is 709 bytes v.s. 81

bytes in SNMP– However, it becomes better for a more realistic

and complex management session

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

26

Future Work

• Complete implementation• Think about management server?

Management server

Management server

Management server

Management server

Management server ?

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

27

• Thanks for your attention!

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

28

Apps

GamesMp3 player Agenda

Net

CPUMem

HWOSRRE

Root

Agenda Control

Agenda Display

Agenda Datamanager

I-goTTT

April 11, 2023 Hailiang Mei, H.Mei@tue.nlTU/e Computer Science, System Architecture and Networking

29

RDM complexity

Network load

SyncML DM

SNMP