UPnP 網路群組管理機制之研製

Abstract

UPnP 是用於資訊家電設備間相互溝通的網路通訊協定，其作用在於規範各個資訊設備間如>何找到彼此，如何使用對方的資源等等。 然而在UPnP原有的架構中，並未強調安全性的問題，因此任意使用者只要持有支援UPnP 的設備，就能任意使用網路中的設備。 因此，本文針對此一問題，提出下列改進方法，在不影響原有UPnP 網路運作的前提下，提供完善的安全機制，避免被有心人事惡意使用，造成危害： 認證:主控伺服器負責認證合法使用者，只有經過認證的使用者(client)才能存取群組內的資源。 轉送:負責傳遞指令訊息，配合認證機制能加強管理功能，或是作為整合異質網路的橋接器(Bridge)。 群組:依需求將裝置分類，每個群組由一個主控伺服器(server)負責管 理。所有的通訊都必需經由主控伺服器，而不能直接溝通。

Universal Plug and Play(UPnP) is an architecture for pervasive peer-to-peer network connectivity of internet appliances,wireless devices,and PCs of all form factors.It is designed to bring easy-to-use,flexible,standards-based connectivity to ad-hoc or unmanaged networks whether in the home,in a small business,public spaces,or attached to the Internet. However,it doesn't focus on the security issue in the UPnP architecture specification. Every device,which supports the UPnP protocol,can control the devices in the UPnP network arbitrarily. In this thesis, we present the following solutions which provide a better mechanism on secure issue in order to protect our devices from malicious usage and be compatible with original design of UPnP architecture: Authorization:Only the authorized client can access the resources . Forwarding:A server forwards the request from the control point to the device and hide the information about the device from control point. Grouping:Grouping the devices accroding to their attributes,every gruop has a server which manages those devices.