Title :
Vulnerability Analysis and Protection Schemes of Universal Plug and Play Protocol
Author :
Hasib, A.A. ; Mottalib, M.A.
Author_Institution :
Dept. of Comput. Sci. & Inf. Technol., Islamic Univ. of Technol. (IUT), Gazipur, Bangladesh
Abstract :
Universal Plug and Play (UPnP) technology is gaining popularity day by day since this technology reduces the complexity associated with the installation and management of devices and network services. As a result, most of the modern consumer electronics and intelligent appliances are now equipped with UPnP capabilities. However, there exist several potential vulnerabilities in the UPnP protocol implementation that can be exploited by a malicious attacker to cause financial or reputation damage to a victim. In this paper, we have analyzed the general architecture of UPnP protocol and presented three potential vulnerabilities of UPnP protocol implementation namely Power consumption, Denial of Service and Buffer overflow. Furthermore, we have exploited these vulnerabilities to perform several attacks and analyzed the results of these attacks. Finally, we have proposed several schemes to thwart these attacks and to improve the security state of the UPnP protocol.
Keywords :
consumer electronics; peer-to-peer computing; protocols; security of data; consumer electronics; intelligent appliance; protection scheme; security state; universal plug and play technology; vulnerability analysis; Computer crime; IEEE news; IP networks; Performance evaluation; Power demand; Protocols; Servers; Buffer overflow; Denial of service; Play; Power consumption; Universal Plug;
Conference_Titel :
Computational Science and Engineering (CSE), 2010 IEEE 13th International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-9591-7
Electronic_ISBN :
978-0-7695-4323-9
DOI :
10.1109/CSE.2010.37
