Blaž Primc (2010) Authenticating Identity Addressing. EngD thesis.
Abstract
This thesis tackles with security aspects of future home networks, where all devices will be connected to a home network and controlled by a control and management platform. Due to inclusion of critical devices e.g., alarm system, front door opener, etc., access to devices will have to be strictly controlled. An access control system will be needed by any such platform. Additionally, devices need to ensure that commands are executed at the intended device and nowhere else. Both problems are solvable with reliable identification and authentication of active network users and devices. The aim of this work is to provide the Autonomous Control and Management Platform (ACMP), which is being developed at the TU München, Chair for Network Architectures and Services with identification and authentication solution for the purposes of access control and reliable device communication. The problem of access control, identification and authentication is analysed, followed by an overview of related work and home environment needs. Based on gathered knowledge a list of system requirements is composed, after which the solution is designed and a prototype displaying key features implemented. The main contribution of this work are the design and implementation of architecture for authenticating identity addressing. The solution is founded on a home network Certificate Authority (CA) which controls home network membership by issuing certificates to devices. Device certificates are used for authentication and home network membership attestation. The combination of DNS and DHT overlay network is used for hierarchical addressing of device identities. With a mechanism for home network trust establishment, secure and reliable collaboration between devices of different home networks is feasible.
Actions (login required)