You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by we...@bt.com on 2006/12/04 17:44:38 UTC
UPnP security
Hi ,guys
I am trying to develop a upnp security console. But I am not able
to find any API for security? Can anyone who is the expert of UPnP help
me? Thanks very much!
Regards
Wei Hui Tan
Student Researcher
BT
Office: +44 (0)1473 605441
Mobile: +44 (0)7816 162922
Fax: +44 (0)1473 606702
Email: weihui.tan@bt.com
British Telecommunications plc
Registered office: 81 Newgate Street London EC1A 7AJ
Registered in England no. 1800000
This electronic message contains information from British
Telecommunications plc which may be privileged or confidential. The
information is intended to be for the use of the individual(s) or entity
named above. If you are not the intended recipient be aware that any
disclosure, copying, distribution or use of the contents of this
information is prohibited. If you have received this electronic message
in error, please notify us by telephone or email (to the numbers or
address above) immediately.
Activity and use of the British Telecommunications plc email system is
monitored to secure its effective operation and for other lawful
business purposes. Communications using this system will also be
monitored and may be recorded to secure effective operation and for
other lawful business purposes.
Re: UPnP security
Posted by Marcel Offermans <ma...@luminis.nl>.
On Dec 10, 2006, at 18:52 , Francesco Furfari wrote:
> Is there anybody that has experience with gateways/routers managed/
> developed in Java?
There is, or was, this nice router called the Possio PX-30 which was
completely based on OSGi. However, that was never a big hit and I
don't think they sell them anymore. I don't know of any other ones.
Greetings, Marcel
Re: UPnP security
Posted by Francesco Furfari <fr...@isti.cnr.it>.
Hi Simon,
I've just read the paper you mention, thanks it'is very interesting.
It seems that the author has mixed up the definition of control point
and device but the questions that he poses are right.
In SOHO environment there are serious issues without authentication
mechanism, while in Home networks it is convenient only when the network
is trusted, that's UPnP is used mainly by AV devices in a LAN isolated
by internet or at least without UPnP gateways ;-).
Anyway the counter measure of disabling UPnP completely seems to me extreme.
It would be nice to have a UPnP Internet Gateway running on OSGi
platform, i'm sure that we could manage the security aspects with ad hoc
permissions. Is there anybody that has experience with gateways/routers
managed/developed in Java?
regards,
francesco
Simon Willnauer wrote:
> Hi I can not help you out with an UPnP API but I read a very
> interesting paper about this specific topic.
> This could be very helpful:
>
> Universal Plug and Play: Dead simple or simply deadly?
> http://www.sane.nl/sane2006/program/final-papers/R6.pdf
>
> best regards Simon
>
> On 12/4/06, weihui.tan@bt.com <we...@bt.com> wrote:
>> Hi ,guys
>> I am trying to develop a upnp security console. But I am not able
>> to find any API for security? Can anyone who is the expert of UPnP help
>> me? Thanks very much!
>>
>> Regards
>> Wei Hui Tan
>> Student Researcher
>> BT
>>
>> Office: +44 (0)1473 605441
>> Mobile: +44 (0)7816 162922
>> Fax: +44 (0)1473 606702
>> Email: weihui.tan@bt.com
>>
>> British Telecommunications plc
>> Registered office: 81 Newgate Street London EC1A 7AJ
>> Registered in England no. 1800000
>>
>> This electronic message contains information from British
>> Telecommunications plc which may be privileged or confidential. The
>> information is intended to be for the use of the individual(s) or entity
>> named above. If you are not the intended recipient be aware that any
>> disclosure, copying, distribution or use of the contents of this
>> information is prohibited. If you have received this electronic message
>> in error, please notify us by telephone or email (to the numbers or
>> address above) immediately.
>>
>> Activity and use of the British Telecommunications plc email system is
>> monitored to secure its effective operation and for other lawful
>> business purposes. Communications using this system will also be
>> monitored and may be recorded to secure effective operation and for
>> other lawful business purposes.
>>
>>
>>
>>
Re: UPnP security
Posted by Simon Willnauer <si...@googlemail.com>.
Hi I can not help you out with an UPnP API but I read a very
interesting paper about this specific topic.
This could be very helpful:
Universal Plug and Play: Dead simple or simply deadly?
http://www.sane.nl/sane2006/program/final-papers/R6.pdf
best regards Simon
On 12/4/06, weihui.tan@bt.com <we...@bt.com> wrote:
> Hi ,guys
> I am trying to develop a upnp security console. But I am not able
> to find any API for security? Can anyone who is the expert of UPnP help
> me? Thanks very much!
>
> Regards
> Wei Hui Tan
> Student Researcher
> BT
>
> Office: +44 (0)1473 605441
> Mobile: +44 (0)7816 162922
> Fax: +44 (0)1473 606702
> Email: weihui.tan@bt.com
>
> British Telecommunications plc
> Registered office: 81 Newgate Street London EC1A 7AJ
> Registered in England no. 1800000
>
> This electronic message contains information from British
> Telecommunications plc which may be privileged or confidential. The
> information is intended to be for the use of the individual(s) or entity
> named above. If you are not the intended recipient be aware that any
> disclosure, copying, distribution or use of the contents of this
> information is prohibited. If you have received this electronic message
> in error, please notify us by telephone or email (to the numbers or
> address above) immediately.
>
> Activity and use of the British Telecommunications plc email system is
> monitored to secure its effective operation and for other lawful
> business purposes. Communications using this system will also be
> monitored and may be recorded to secure effective operation and for
> other lawful business purposes.
>
>
>
>
Re: UPnP security
Posted by Francesco Furfari <fr...@isti.cnr.it>.
hi weihui,
I've never heard of people addressing such topic in this ML, but many
people working on funded projects should have some experience.
As far as I know there aren't API/bundle helping on this.
Try to ask to the author of "cyberlink for java" project.
http://sourceforge.net/project/showfiles.php?group_id=75638
francesco
weihui.tan@bt.com wrote:
> Hi ,guys
> I am trying to develop a upnp security console. But I am not able
> to find any API for security? Can anyone who is the expert of UPnP help
> me? Thanks very much!
>
> Regards
> Wei Hui Tan
> Student Researcher
> BT
>
> Office: +44 (0)1473 605441
> Mobile: +44 (0)7816 162922
> Fax: +44 (0)1473 606702
> Email: weihui.tan@bt.com
>
> British Telecommunications plc
> Registered office: 81 Newgate Street London EC1A 7AJ
> Registered in England no. 1800000
>
> This electronic message contains information from British
> Telecommunications plc which may be privileged or confidential. The
> information is intended to be for the use of the individual(s) or entity
> named above. If you are not the intended recipient be aware that any
> disclosure, copying, distribution or use of the contents of this
> information is prohibited. If you have received this electronic message
> in error, please notify us by telephone or email (to the numbers or
> address above) immediately.
>
> Activity and use of the British Telecommunications plc email system is
> monitored to secure its effective operation and for other lawful
> business purposes. Communications using this system will also be
> monitored and may be recorded to secure effective operation and for
> other lawful business purposes.
>
>
>