Jukka Tornberg
Helsinki University of Technology
[email protected]
Abstract
The Home Networking is coming more and more popular all the time. In the past, a home network was a closed net-work, in which some home computers were connected to each other with Ethernet cables.
The concept of home network will be changed in the fu-ture. In pervasive computing, there are not only computers connected to the home network, but also multimedia devices and domestic appliances are connected.
This paper shows some solutions to control access in Home Network. In the past on small closed networks, there were no needs for access control at all. In the future the pos-sibility to use home-networking services for the members of family and blocking the access from everyone else, will be very important thing.
This paper handles access control in a typical closed home network and compares some solutions of access control if a user wants to use home-networking services also outside home network, for example through the Internet.
KEYWORDS: Access Control, Home Networking, WLAN, VPN, SSH, IPsec
1
Introduction
The architecture of home networking is changing all the time. Ten years ago the most popular way to build a home network was connecting two (or three) computers with eth-ernet cable. The network architecture was closed because there were no connections to any outer network such as the Internet. The most popular services were sharing files and printers from one computer to the other and network games. There were no needs for access control in that kind of net-work because all users were completely trusted.
Nowadays the Internet is a part of everyday life. Almost all home networks are connected to the Internet with a con-nection that is always open, for example ADSL concon-nection or cable modem connection. It is more and more popular to build Internet connections into all new apartments when a new house is built. Some networks are wired but it is more and more popular to build wireless networks. There are still needs for traditional home-networking services. If a house-hold has a printer, it should be possible to use it from every computer and it should be possible to share files from one computer to the other. Now there are needs for some kind of access control in the home network because you do not want to share your files for everyone and you do not want to let everyone use your printer.
Access Control is defined in National Information Assur-ance Glossary [1] as “Limiting access to information system resources only to authorized users, programs, processes or other systems”. Access Control includes authentication, au-thorization and accountability.
Home networking is “the collection of elements that pro-cess, manage, transport, and store information, enabling the connection and integration of multiple computing, control, monitoring, and communication devices in the home.”, de-fined by Internet Engineering Consortium (IEC) [4]. Thus a home network is not only a set of computers connected to each other but also, for example, multimedia devices, and electronic devices such as refrigerators and freezers.
In this paper we discuss control of access in home net-working. We will assume that authorized users in a typical home network are the people who live in that apartment.
2
Home networking technologies
Home networking technologies can be devided to two sep-arate categories: wired home-networking technologies and wireless home-networking technologies.
Nearly all wired home-networks are based on the Institute of Electrical and Electronics Engineering (IEEE) Ethernet standard [5].
A twisted pair (also known as 10BASET) is nowadays the most popular implementation of the Ethernet. Hosts, for ex-ample PCs or some multimedia devices, are connected to a hub or switch with a 10BASE-T cable. Hubs and switches can also be connected to another hub or switch.
Wireless Local Area Network (WLAN) means linking network devices without using any cables. The most popular standards are created by IEEE group 802.11 [6]. WLAN uses radio frequencies. The most popular way to build WLAN is using access points. There are access points that are con-nected to wired LAN and all the wireless devices have wire-less connection one access point. It is also possible to use ad-hoc networking where wireless devices are connected di-rectly to each other.
In this paper we define that a home network is a network which provides services for one household. The home net-work can be wired ethernet or wireless. Access for home-networking services should be provided only for members of family. Current popular home-networking services are for example file and printer sharing. In pervasive computing the number of services provided by home-network can rapidly increase. In the future, not only computers of the house are connected to network, but also multimedia devices, such as digital television and domestic appliances, are connected to
the network. There can also be a connection to the Internet from a home network.
We also define that a public house network means that all the apartments (or some of them) of the house are connected to the same public house network which offers mainly an In-ternet connection as service. In addition to this, it is possible to offer some other house network services such as bulletin board. The access control for the house network is provided by house company. In this paper we discuss the methods to contol access for traditional home-networking services if the whole house is connected to same network.
We also define that a public wireless network, Wireless Fi-delity (Wi-Fi) is a network that is built not only for the use of people who live in the house but also for others. The service provider can be commercial or public organization. The net-work can be public, which provides services for everyone, or private, which provides services for authorized users only. Quite many Internet Services Providers (ISP) have built their own commercial wireless network in restricted area.
3
Access control principles
The access control means limiting access only to authorized persons. It is important that only authorized entities can read and change the information and the information is available for authorized users.
3.1
Authentication
The user authentication consists of two separate parts: iden-tification and verifiation. There are several different meth-ods to the authentication of which the use of a username and password is the most favoured. The username identifies the user and the password verifies that the user is surely the one who he claims to be. Some of other possible authentication methods are for example using fingerprints or authentication with keycard.
3.2
Authorization and access control
As a result of authentication we know exactly who a user is. The next phase is authorization. It means that the user is granted the rights to use the desired services of the network. The acceptance and rejection of service requests based on authentication is called access control. It can be based on access control lists (ACLs), Capabilities or some other ways to grant access.
In the ACL model the objects are taken as the starting point. There is a separate ACL for all objects and object groups. In a single ACL there is a list of users or user groups who has access to use the object, for example file or printer. The biggest benefit of using ACLs is the fact that it is very simple to implement. The biggest disadvantage is that it is not very simple to manage ACLs in a bigger network.
Another possibility in which the access control can be based on are capabilities. Every user or user group has own list of capabilities. In other words, every user group has a list of objects that it has access to use. The biggest weakness of
this kind of access model is the fact that if a system admin-istrator wants to know who has an access to use a resource, he has to go through all users.
It is also possible to group the users. For example in a home network it is quite popular to give all members of the family an access to use all services provided by home-network. The other user groups can be, for example, friends and neighbours. It is also possible that there are no needs to authenticate the user completely. Sometimes it is enough to know that a user is a member of the family and the system does not have to know, who he or she is.
4
Discussion
On the contrary to company network, the access control in a home network is relativly easy. In most cases there are only limited number of user groups. Quite often all members of the family are in the same user group. The biggest challenges in access control are problems with authentication. It is pos-sible to authorize all members of the family to use almost all services. There may also be needs to grant access to some services to the neighbours and friends.
4.1
Access control in private wired home
net-work
At the moment the absolutely most popular home network type is a private wired home network. In such network, the computers are connected to one wired ethernet. There can also be connection to the Internet via router. Nearly all present technology has been created to use a wired ethernet networks. Thus the private wired home network does not require any special measures from the user.
In a private home network the access control is relatively easy. We can assume that every person who has a physical access to network device has also right to use the network because there are not so many extersiors walking inside a typical home. A quite high level of the information secu-rity is obtained by authenticating the users by asking them to supply a username and password. After that the system can check that a user is a member of family and give him rights to all services. It is also possible to use system logging that provides accounting. In most cases there are no needs to cre-ate huge number of user groups like in a company network. In the normal situation the configuration should be made as easy as possible because if a professional is needed to main-tain the system, it is too expensive for home use.
So much attention does not need to be paid to the infor-mation security inside a private home network because all users of the network are trusted. The network is not espe-cially unsheltered even if there is no access control at all be-cause the number of untrusted users is very limited. Accord-ing to the article Home Network Security [2], the Principle of Least Privilege (that no person should be granted more access than he needs) should be used also inside a private home network in some cases. In that article it is mentioned that in single-person homes and couples with small children there are no bigger threats but if there are teenagers, it is possible that a teenager invites friends into the house and
they want to plug their own network components into the network. Adult guests are roommates are also mentioned as a risk. If it is possible that unauthorized persons are able to plug in their machines physically into the network, it is strongly recommended to use username/password authenti-cation in the most critical services. If there are, for exam-ple, confidentional files shared, it is quite easy to use user-name/password authentication and authorize the members of family only. It is not so important in services like a shared printer, in which the only threat is the possibility to print something.
The biggest threat comes through the Internet connection from outside the home network. The access control policy can be very easy: the access can be denied for everyone who is trying to use home-network services from the Internet. [2] The easiest and safest way to implement this is to block at least all inbound connections at the firewall. It might also be a good idea to block unneccessary outbound connections but at home it is not always clear, which programs are unneces-sary.
4.2
Access control in private wireless
home-network
In the private network, which includes also a Wireless Local Area Network (WLAN) connection, more attention needs to be paid to the access control. The user authentication and au-thorization must be reliable because anybody from the neigh-bourhood can try to connect to the WLAN. Unfortunately it is too popular to set a wireless network up and forget every-thing about security.
There are three popular methods for the creation of the access control. The first possibility is to use Wifi Protected Access - Pre Shared Key (WPA-PSK) authentication. In this authentication model, only one password is used and that is configured to the WLAN base station and all computers. [13]. If the password is properly configured, all traffic goes encrypted. If the password is not properly configured, the connection is rejected by the base station.
The second possibility is to direct the user to the secured World Wide Web (WWW) page on which a username and a password are asked. In other words the user is able to au-thenticate himself.
Third possibility to base the authentication on the MAC address of the network interface card. In that case it is sup-posed that if the person has a physical access to an autho-rized network device, we can trust that he has an access to network. For example, it is possible to assume that if some-body uses a laptop owned by a family, we can trust that he is a family member. The most of WLAN base stations sup-port both username and password based method and MAC address based method. The best security level can be made by using the both methods similarly.
4.3
Access control in home-networking via
public wired house network
The biggest problem in the control of access in a public house network are the traditional home network services, such as file and printer sharing. There are several methods of
authentication and authorization offered by the most popular operating systems. In the future there may also be some new services for home network which are meant only for mem-bers of the family. The most of us do not want to let the neightbours turn our sauna stove on which can be possible on the network in the future.
One possibility of access control is to use usernames and passwords. The most popular operating systems Mi-crosoft Windows XP, MiMi-crosoft Windows 2000 and al-most all Linux-based systems offer a Server Message Block / Common Internet File System (SMB/CIFS) based file and printer sharing service with quite good support of username/password-authentication. Most modern Samba or Windows SMB servers support encrypted passwords and the authentication is quite safe. The data itself goes unencrypted and it is not a good idea to send any kind of confidentional information through unencrypted network. In Windows op-erating system, the usernames and passwords can be admin-istrated with one Windows Server. It is also possible to set up usernames and passwords manually for every system. The idea of username and password authentication can also be used in new services in pervasive computing. There is a web-based administration page in quite many new network devices and it is possible to ask username and password ev-ery time.
The biggest benefit in service-based username-password-authentication is the fact that in most cases it does not need any kind of extra infrastructure. The only thing that an ad-ministrator has to do is to configure all the devices manually. If the home network is small enough, for example, a cou-ple of computers, it does not take a lot of time. In pervasive computing the number of network devices increases rapidly. If there are for example 20 network services and 4 residents, someone has to set up 80 username-password-pairs. In most cases a user wants to use same password with all the services and if a user wants to change his password, he has to change password 20 times.
One solution for password management problem is to use Windows Domain which is very popular in company networks. The Windows domain requires one Windows Server operating system. Then an administration has to set username-password-pairs only for server and all worksta-tions use the same authentication information. The Windows domain authentication works quite well with Microsoft Win-dows operating systems but the most part of new devices does not support it. The Windows Server operating system is designed for a corporate use and it is not very cheap solution for home use.
Another possibility of access control is based on IP ad-dresses. It is possible to configure a firewall to accept in-bound connections only from correct IP addresses. This kind of authentication is very insecure in a local area network be-cause every user can change his IP address and then try to connect. If the IP addresses are delivered via Dynamic Host Configuration Protocol (DHCP), they can also change. Thus it is a bad idea that the access control is based on the IP ad-dress.
4.4
Access control in home-networking via
public wireless house network
In a public wireless house network, the access control for house network is organized by house company as in wired house network situation. The access control for home-networking services can be organized exactly same way as in wired house network (see the previous section). If there is a wired home-network and a wireless house network, the ac-cess control problem is exactly same than the acac-cess control via public network (see the next section). The only differ-ence is that opening ports in firewall is little more secure be-cause in most cases the users that live in the house are more trusted.
4.5
Access control in home-networking via
public network
In this section, we discuss the access control methods for home-networking via public networks. We assume that there is some kind of home network and we want to be able to use home-networking services via public network, the Internet or public Wi-Fi network.
The needs to use home-networking services via public network will increase a lot in the future. One typical use case is a situation where there is a wired home-network and possibility to use some kind of public wi-fi with a laptop. There are no needs to build own private wireless network be-cause the wireless Internet access is already offered by some kind of commercial or public ISP. The own wireless network would increase the expenses of building the network. How-ever there are needs to use home-networking services, such as printers and home multimedia devices. Another typical use case is a situation where a member of the family is using Internet elsewhere, for example, at his workplace. If all ap-pliances are connected to home network, there will be lots of new home-networking services and quite many of them may be useful also outside home. For example, if a user remem-bers at the workplace that he wants to record a television programme, it will be very easy to connect to home-network and set up a DVD recorder to record the programme.
As mentioned in section “Access control in private wired home network” (Sec. 4.1), the safest way to protect private home network against attacks coming from the Internet, is to deny access for everyone by blocking all inbound connec-tions at the firewall. Now there are needs to grant access to specified services for authorized users (the members of fam-ily and maybe someone else), and deny access for everyone else.
One solution to implement access control is to open some ports in firewall and let a user connect directly to specified services. The user can be authenticated with username and password at the service server. Unfortunately this kind of infrastructure is very insecure because we grant everyone an access to connect to home-networking services without con-trolling access before the server at all. All services inside home network must be kept safe and must be frequently up-graded with security patches. It takes a lot of time and in most cases a user does not remember to keep the system safe. The automatic patches is one possibility but if there are lots
of services, there are always something insecure.
Another solution for the access control problem is using The Secure Shell [8] tunnel through the Internet and tunnel all packets with SSH software. The services does not have any kind of inner authentication service and the authentica-tion and authoricaauthentica-tion process is performed when the SSH tunnel is created. All connections from a client software are first made to the machine’s ssh tunnel port. The ssh program tunnels the packets to ssh server which is located in the home network. The firewall must be configured to allow packets to SSH server’s SSH port inside the home network and block all other inbound connections. The biggest benefit of the SSH solution is the fact that it is secure. The only service that must be secure is the SSH service in one home network ma-chine. The biggest disadvantage of the SSH solution is the fact that it is very difficult to use. At first, a user must con-figure every single software to connect to the machine itself. If there are web-based services, the connections are very dif-ficult to make. If a user has used computers very much and has a linux machine at home, it might be possible that a user is able to install a SSH server and client and use it but it can-not be recommended for a typical home user who has only a limited experience of the computer networks and the only operating system he has used, is Microsoft Windows.
Third solution for the access control problem is using vir-tual private networking (VPN). In VPN solution and there is a physical home network located at home and there are needs to use that network via Internet. An article “What is VPN” [7], explains a term VPN quite well: “A VPN is pri-vate network constructed within a public network infrastruc-ture, such as the global Internet.” In other words, the private home network can be virtually built over the Internet. The authentication and authorization process is performed when the VPN connection is made. The firewall is configured as in SSH case: all connections to VPN server are accepted and the other connections are blocked.
The biggest benefit of a VPN solution is the fact that it can be completely transparent. A user who is connected to the home network via the public network, can use all ser-vices exactly same way as at home. The most popular im-plementation is IP Security (IPsec) [9] tunnel mode. A user-name and password can be asked when the IPsec connection and the system takes care of all the rest. According to the source [10], the packet is transparently tunneled and may be encrypted. When the packet comes to home network, the packet is decapsulated and the system checks if the packet matches inbound security policies. If it does not match, the packet will be dropped. In most cases, the use of VPN is the easiest way for the final user to use the service. The other VPN protocols are Layer Two Tunneling Protocol (L2TP) [11] and Point to Point Tunneling Protocol (PPTP) [12]. Un-fortunately the VPN solutions are currently made to the cor-porate users and the commercial solutions are very expensive and the open source solutions are not enough easy to install in home environment.
5
Conclusion
In home networks, the access control policy depends a lot on the situation.
In wired home-network architecture, all users are trusted and the access control policy can be easy: the access is granted for all users inside the home network because they are trusted and the access is denied for all users who are try-ing to connect from the outside network, for example from the Internet
In wireless home network, more attention needs to be paid to security. The access is granted for all users from wired hosts. In wireless connections the user must be authenti-cated and if the user can authenticate himself as a member of the family, the access is granted. The MAC address of the network interface can also be checked. The access from the outside network to the home networking services is denied as in wired home network.
In public wired house network there are not only family members but also neighbours in the same network. One so-lution is to use username-password authentication in all ser-vices separately but if the number of serser-vices increases, in may be difficult to manage the situation. Another solution is to use Windows domain where a Windows Server manages usernames and passwords.
If a user wants to use home-networking services through public networks, some kind of security solution is needed. It is possible to let users connect directly to specified services, to use SSH tunneling or use some kind of VPN solution. Be-cause the use of VPN is completely transparent, the use of is it both secure and easy for final the final user. The current commercial VPN solutions are quite expensive but in the fu-ture it may be respectable choice also for home use.
References
[1] Committee on National Security Systems (CNSS). Na-tional Information Assurance Glossary. June 2006. http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf [2] Ellison, Carl M. Intel Corporation Home Network
Se-curity. Intel Technology Journal, 2002, vol 6, issue 4, p. 37.
[3] Cert Coordination Center.
Home Network Security. 2001. http://www.cert.org/tech_tips/home_networks.html [4] Internet Engineering Consortium. Home Networking.
2005. http://www.iec.org/online/tutorials/home_net/ [5] Institute of Electrical and Electronics
Engi-neering (IEEE) 802.3. CSMA/CD, Ethernet. http://grouper.ieee.org/groups/802/3/
[6] Institute of Electrical and Electronics Engi-neering (IEEE) 802.11. The Working Group Setting the Standards for Wireless LANs. http://grouper.ieee.org/groups/802/11/
[7] Ferguson, Paul. Huston, Geoff. What is a VPN?. http://www.gsia.cmu.edu/afs/andrew/gsia/45-871/Readings/vpn.pdf
[8] Ylönen, Tatu. SSH Communications Security Corp. The Secure Shell (SSH) Transport Layer Proto-col RFC 4253. Network Working Group. http://www.ietf.org/rfc/rfc4253.txt
[9] Kent S. Keo S. BBN Corp. Security Architecture for the Internet Protocol. RFC 4301. Network Working Group. http://www.ietf.org/rfc/rfc4301.txt
[10] Srisuresh, P. Lucent Technologies. Security Model with Tunnel-mode IPsec for NAT Do-mains. RFC 2709. Network Working Group. http://www.ietf.org/rfc/rfc2709.txt
[11] Townsley, W. Valincia, A. Rubens, G. Pall, G. Zorn, G. Palter, B. Microsoft Corporation. Layer Two Tunnel-ing Protocol “L2TP”. RFC 2661. Network WorkTunnel-ing Group. http://www.ietf.org/rfc/rfc2661.txt
[12] Hamzeh, K. Pall, G. Verthein, W. Taarud, J. Lit-tle, W. Zorn, G. Point-to-Point Tunneling Proto-col (PPTP). RFC 2637. Network Working Group. http://www.ietf.org/rfc/rfc2637.txt
[13] MacMichael, John L. Auditing Wi-Fi Protected Access (WPA) Pre-Shared Key Mode. Linux Journal. Volume 2005, Issue 137. September 2005.
