Information about http://www.cl.cam.ac.uk/~rja14/Papers/homeplug-soupspaper.pdf

Protecting Domestic Power-line Communications …

Tags: cambridge university, cambridge university uk, case history, cise, communications applications, corporation usa, engineering department, gainesville fl, generation power, homeplug av, information science, intellon corporation, novel protocol, personal video recorder, power line communications, power mains, protection goals, sharp labs, ufl edu, university of florida,
Pages: 11
Language: english
Created: Fri May 26 15:47:01 2006

Display cached document

Page 1

Page 2

Page 3

Page 4

Page 5

Page 6

Page 7

Page 8

Page 9

Page 10

Page 11

Protecting Domestic Power-line Communications
Richard Newman1, Sherman Gavette2, Larry Yonge3, Ross Anderson4
University of Florida
1
Computer and Information Science and Engineering Department
PO Box 116120 Gainesville, FL 32611-6120 USA
nemo@cise.ufl.edu
2
Sharp Labs, USA
3
Intellon Corporation, USA
4
Cambridge University, UK

Abstract � In this paper we describe the and Sony) is now developing an improved, 150 Mbps
protection goals and mechanisms in HomePlug standard called HomePlug AV for multimedia
AV, a next-generation power-line communications applications [3,4,5,6]. The goal is that all kinds of
standard. This is a fascinating case-history in electronic equipment should be able to communicate
security usability. There are also novel protocol within the home (or office) via the power mains. A
issues; interactions with mechanisms at other consumer buying a personal video recorder will
layers; and opportunities for both researchers and simply plug it into the mains, whereupon it will
third-party vendors to build on the mechanisms discover the TV, the set-top box, and other relevant
provided. The central problem � being sure equipment. The devices will form a logical network
whether a device being enrolled in the network is without the need for additional physical wiring.
the device you think, not a similar one nearby � is This raises interesting and important questions of
not well solved by conventional mechanisms such security and reliability. Many customers live in
as public-key infrastructures, but appears to apartments and other buildings that share power lines,
require either very old-fashioned or very novel and so signals can cross property boundaries just as
approaches. wireless signals can. If I bring home a video recorder
and plug it in, how can I be sure that it connects to my
Categories and Subject Descriptors � K.6.5 home network rather than my neighbor's? There may
[Security and Protection] � Authentication be other boundaries at an even finer granularity. For
example, students occupying a shared house might
want to have one network each, and adolescents might
General Terms � Security, Human Factors.
want bedroom networks distinct from the general
network in their parents' house. So we have to support
Keywords � authentication, power-line multiple virtual networks. However, security
communication, security. management in traditional systems is beyond the
average person's patience. The majority of home
I. INTRODUCTION� wireless LANs go unprotected [7].
Power-line communications are similar, from the
Low-bandwidth power-line communications, such security viewpoint, with short-range radio
as X10 [1], have existed for many years. Since 2000, communications such as wireless LANs, Bluetooth
14-Mbps HomePlug 1.0 equipment has been and UWB. There are three main differences that make
commercially available for in-home power-line the security design exercise different and instructive.
communication [2]. This technology provides data First, while short-range radio is inherently range-
communications aimed at computers and gaming. The limited, power-line networks can become
HomePlug consortium (sponsored by Cisco, Comcast, unmanageably large. If all the devices in a large
Earthlink, GE, Intel, Motorola, Radio Shack, Sharp apartment block are allowed to assemble themselves
into a single network, the performance drops
�
Copyright is held by the authors. Permission to make digital or hard significantly. This phenomenon, known as `The
copies of all or part of this work for personal or classroom use is granted
without fee. Symposium On Usable Privacy and Security (SOUPS), July Borg', means that networks may have to be
12-14, 2006, Pittsburgh, PA, USA.
partitioned into logical networks for performance decisions. Since the frame control must be very
reasons, even if security is not an issue. reliable, it is heavily coded and is inefficient.
Second, power-line networking is aimed at a very To make the most of the channel, each pair of
wide range of consumer electronic devices, from PCs communicating stations adapts the bit-loaded
and DSL routers down to devices such as fire alarm Orthogonal Frequency Division Multiplexing
sensors and loudspeakers. Not all of these devices (OFDM) modulation according to the current channel
have CPUs capable of public-key cryptography, and characteristics [8]. In HomePlug AV, this means
not all have rich user interfaces: some may have no choosing one of eight possible modulation rates (from
more than a reset button. none to 10 bits per symbol per carrier) for each of 917
Third, the physical layer provided by the carriers. This modulation information, along with the
modulation scheme in HomePlug AV [3,4,5,6] can forward error correction coding rate (1/2 or 16/21)
provide a certain amount of assurance even in the and the guard interval duration (three choices)
absence of cryptography. It has basically two modes. constitutes the tone map. This tone map is set by the
In broadcast mode, the bit rate is low but if two receiver and then used by the sender to transmit the
stations transmit simultaneously, this is likely to be data payload. An attacker might be able to measure
detected. Normal mode is point-to-point and uses a which of the roughly 22753 possible tone maps is in use
much higher bit rate. In order to achieve this, tone on a particular link, but even knowing the tone map,
maps (bit loading choices per carrier) must be demodulation by a station other than the intended
adaptively selected for each direction of recipient is problematic. The modulation rate for each
communication on each virtual link. This makes carrier is adapted to be very close to the maximum
wiretapping fairly difficult, in ways that we will rate possible given the signal to noise ratio. While not
describe more fully below. impossible, interception of the data payload is a
This paper describes the issues involved in (and significant challenge, which we discuss below.
explores other possible approaches to) designing the Tone-mapped communication requires that sender
security layer for this protocol standard. It must not and receiver agree on the tone maps, which in turn
only have satisfactory security characteristics, but also requires some initial communication. Two broadcast
support desirable experiences for a wide range of tone maps are defined for this purpose. They work
users. Before proceeding with the details of security well for almost all channels, and are used for system
requirements and architecture, we first give a basic broadcasts as well as for pairs that have not yet
introduction to power-line communications, and to the adapted to their channel. Both modes are very
emerging HomePlug AV standard. reliable.
For efficiency, reliability, and the deterministic
II. IN-HOME POWER-LINE COMMUNICATIONS AND latency needed by multimedia applications, HomePlug
HOMEPLUG AV AV uses a beacon-based medium access approach.
This also allows coordination among adjacent,
The power mains in homes and small businesses interfering networks. Each logical network has a
are inherently a broadcast medium, with frequency- controller that issues a network beacon, which
selective attenuation dependent on where the specifies time allocations for specific data streams as
transmitter and the receiver attach. Attenuation is well as a period for CSMA/CA access. To handle
high for all frequencies, and there is much noise of hidden nodes in a logical network, a proxy coordinator
various types, so carrier detection is difficult, and may repeat the beacon.
collision detection is even harder. Hence, earlier When a logical network is formed, a Network
systems used Carrier Sense Multiple Access with Membership Key (NMK) is distributed to all its
Collision Avoidance (CSMA/CA) for access to the stations. Possession of the NMK defines the stations in
medium, as in IEEE 802.11. (CSMA is "listen before the network, whose name is the security level and a
talk," and in the absence of reliable collision hash of the NMK. The controller distributes a
detection, stations only attempt to access the medium periodically changing Network Encryption Key (NEK)
probabilistically.) Virtual Carrier Sense, based on to each station, encrypted using the NMK. The NEK
information supplied in the robustly broadcast frame in turn encrypts data payloads. The encryption used is
control field, is used to inform medium access 128-bit AES CBC. Transmissions between networks
are not encrypted with the NEK.
While communication is very reliable for stations 6. Harry is retired and technophobic. He buys
located within a single residence or small office, more equipment, plugs it in, and it had better work. If
than one layer of hidden nodes can cause significant not, he will take it back to the shop and demand a
performance problems. Hence, even if confidentiality refund. He lives in an old semi-detached house
is not an issue, it is desirable that logical networks be that shares a power feed with a neighbor. He
formed, with the controllers exchanging information suffers occasional power outages and spikes
so that they can avoid interfering with one another. because of poor supply, and also has occasional
partial power failures in his house when old
III. USE CASES wiring or appliances trip one of the earth-return
circuit breakers.
A wide range of node capabilities is anticipated. These use cases present a range of the scenarios
Some will be computers with a full user interface and that one may expect to encounter with residential
a powerful processor. Others will be cheap electronic power-line communications.
devices, with perhaps a single button that may be
pressed to signal intent. In between, we will have IV. USABILITY VERSUS CRYPTOGRAPHY
televisions, personal video recorders, DSL routers and
the like with various user interfaces and computing One of the fascinating design questions we faced
capabilities. The protocols have to support devices was the interaction between security and usability.
over this entire range. Security engineers tend to think first in terms of
When evolving the security specification we establishing a shared key between two devices in
considered a number of use (and abuse) cases: order to bootstrap trust. Initiatives such as Trusted
1. Alice lives in a suburban house in the USA, and is Computing may ensure that in the future many
not concerned about eavesdroppers. However, her devices will come with some form of public-key
teenage son Bob wants to have a separate logical certificate [9]. The reuse of identities is known to be a
network for privacy reasons. He wants his hard problem [10]: using names designed for one
network to be able to share a small number of system in another can lead to a wide range of issues.
devices with hers, such as the DSL router. Certificate revocation is also a problem: in the
2. Carol also lives in a suburban house, but works absence of a dependable update mechanism for many
from home as a patent attorney. She is aware that devices, revocation post-manufacture may be hard.
private detectives might attempt to compromise But suppose these problems can be overcome (and
her clients' confidentiality. She is not concerned that we can ignore for now the many cheap devices
with attacks at a government-agency level of that are not capable of public key crypto) can we do
sophistication (she takes no Tempest precautions) anything useful with public key mechanisms?
but needs at least the equivalent of wire-line The following example should illustrate the core
security. of the problem. Suppose, for example, that an attacker
3. Dorothy is the private detective trying to break (Eddie) jams Carol's TV set-top box using a
Carol's security. She has hired Eddie, a CS/EE directional barrage jammer [11], and then attaches a
major at the local university, to build an attack new box of the same make and model to the power
tool. line outside her house. Carol suspects a network
4. Feng lives in an apartment block in Singapore. He failure and looks at the network controller app on her
is not at all concerned about attacks, but does PC. It informs her that `Set-top box, Brand A, Model
want his many consumer electronic devices to XYZ123, cert hash 2E15 3490 AC43 870D 14DA,
work. He is highly averse to the embarrassment seeks admission'. If she now assumes that her set-top
that would result if one of his gadgets were box somehow got decoupled from her network and
captured by a neighbor's network, or vice versa. presses the `admit' button, she recruits the Trojan �
5. Gordon runs a law firm in a converted warehouse, and Eddie is now an authorized user of her network.
which is also home to six other businesses. He If Carol were prudent, she would check the
wants to use power-line communications to certificate hash against the value printed on the device
provide a small office LAN, and wants to be able label � but how many users will do that even once
to prove if need be that he took appropriate unless they are somehow compelled to do so?
measures to protect his clients' confidentiality.
One cause of this problem is that a certificate variant of phishing: Eddie would send her an email
conveys the authorization of the device manufacturer, pretending to be from her satellite-TV provider and
while what we actually need is the authorization of asking her to enter the code in order to enable an
the user. Because of the cost of implementing a upgrade to her service. (Controller apps should
protocol such as HomePlug (on which we will have therefore contain phishing defenses.)
more to say later) it is reasonable to assume that
The value added by certificates
almost all attack devices will be adaptations of
authorized equipment and would thus come furnished Setting up a public-key infrastructure to certify the
with certificates. So while a certificate can stop a keys loaded into a large number of consumer
rogue device doing a middleperson attack, this is not electronic devices would be extremely expensive. As
our main worry! Whether we are focused on the noted above, the Trusted Computing Group is
robustness aspects (as Alice, Feng and Harry are), the working on the problem, but we would not like either
privacy aspects (Bob, Carol and Gordon), or the due- to duplicate their effort or delay the launch of
diligence issues (Carol and Gordon) the main problem HomePlug AV until their system is deployed.
is that a network might recruit a device that it should Another possibility is to use public-key crypto but
not. without certificates. In such a scheme, which formed
part of our initial design, each capable device
Assurance of intent generates a public key and sends it to the controller on
This leads us to a novel view of assurance. registration. The controller then uses them to set up
Normally, security may be measured according to temporary encryption keys that in turn protect the
whether an RSA key is 1024 or 2048 bits long, or network master key. The risk of a man-in-the-middle
whether an operating system has been evaluated to a attack can be dealt with at the high-assurance level by
particular level. But here the key element of assurance getting users to enter hashes of keys, and at a
is whether the user has assented to a device's joining medium-assurance level using the characteristics of
the network by performing a positive action. the physical layer (by sending public keys using the
There are some circumstances where high low-bitrate assured broadcast mechanism). The more
assurance of intent can be conveyed by unambiguous important verification of intent � that the right device
physical actions. For example, in the Resurrecting is being recruited � would come with high assurance
Duckling protocol, devices are physically touched from manual key-hash entry if that option were used,
together to set up initial key material [12]; and and otherwise at low assurance using confirmation
technologies such as near-field communications may mechanisms to be described below.
provide the opportunity to do something similar. This design exercise taught two things. First, there
However, our protocols are intended for use in a is little benefit gained from public-key certificates. If
broad range of low-cost devices, many of which will high assurance of intent is required, and obtained by
lack extra electrical connectors, near-field capability, the user typing in a certificate hash, then the user can
or even decent user interfaces. All we can guarantee is as easily type in a key hash directly, and the huge
that each device has a reset button and a label with a expense of a central PKI can be saved. Second, if the
unique high-entropy number. user has to type in a string per device in order to
High-assurance device recruitment, for present obtain high assurance, then this string might as well
purposes, therefore means entering a high-entropy be an AES key. That way, we can dispense with the
string (such as 2E15 3490 AC43 870D 14DA in our public-key crypto and we no longer have to provide
above example) either manually or using a suitable separate mechanisms for cheap devices that cannot do
trusted device. Low-assurance recruitment means it � with all the attendant complexity of multiple
confirming the identity of the candidate device using security levels and multiple modes of operation, as
simple actions such as pushing a button in response to well as the increased risk of bugs and blunders.
a flashing light.
Device Confirmation
Note that we require that the string be entered,
rather than just confirmed! Thus, for Carol to enroll Since no mechanism other than manual key
Eddie's Trojan set-top box, she would have to obtain establishment gives sufficiently general high assurance
this string somehow and enter it into her network of intent, we decided to use manual keying for high-
assurance operation.
controller app. The most likely attack would be some
But manual key establishment may often be This should allow the user to minimize the chances of
excessive or impractical. A customer using power-line recruiting the wrong device inadvertently, but it is not
communications to hook up her TV, set-top box and effective against spoofing (deliberate or coincidental,
hi-fi will probably not care about the security of the as when two neighbors shop together and purchase
content transmitted over her network; she will take the same type of equipment). Regardless of how a
the view that this is all broadcast or published wrong device is recruited, the only way to remove the
material anyway. She will care about network rogue is to reform the network with the desired
performance, though, and if a loudspeaker she has just devices. If a device with a decent user interface is
bought starts to play music coming from the available, then the user may elect to use the high
apartment above, she will want a simple and direct assurance mechanism rather than wrestle with the
way to put it right � failing which the loudspeaker button-pushing method.
will go back to the shop. Keeping device returns low
is a significant concern for HomePlug licensees. A V. MANDATORY SECURITY MODES
significant part of our design exercise therefore
focused on the usability of mechanisms for device Following the above analysis, we decided that we
recruitment, confirmation and revocation. needed two modes that must be supported by all
A user may cause a station already in the network implementations, regardless of the capabilities of the
to recruit a new station. If she is operating a network device. These are Secure Mode and Simple Connect
controller with a proper user interface � say, a Mode.
network controller app on her PC � this is simply a Secure Mode, which involves manual key entry, is
matter of selecting `enroll a new device' on a menu. If very similar to two of the key distribution
the controller does not have a proper UI, she will mechanisms that were supported in HomePlug 1.0,
press a button that puts it into `recruit' mode. but with one more layer of keys. User experience
The device to be recruited may be configured by with HomePlug 1.0 has been very positive, with few
the manufacturer to enter `recruit me' mode by returns. Its intended environment, however, is rather
default when it is first powered up, or this may require different, since it is data-centric and thus is used in
an action such as pressing a `recruit me' button. The networks with at least one capable computer. Users
two devices run a key-establishment protocol can easily enter passwords into the computer for
(described in the next section) that establishes a secure operation. Mechanisms using this will continue
temporary encryption key (TEK). This provides the to be available in HomePlug AV, though a number of
two stations with a reasonably confidential channel. details have been improved over HomePlug 1.0. For
Using this channel, the user can test the new network example, device passwords must now be 12
station, which may be simply by operating it (e.g. alphanumeric characters long rather than eight.
trying to play music through a new loudspeaker). Simple Connect Mode improves over the
The user will have to reset the station if it is unprotected mode of HomePlug 1.0, which allows
recruited into the wrong network. Every HomePlug stations to use a single key derived from a fixed
compliant device must have some means of resetting password, "HomePlug." While unprotected mode
the device, including the security state. Thus if you supports a `plug-and-play' experience for the user, it
buy a new loudspeaker, plug it in, and hear someone has the potential to create serious performance
else's music after it is recruited by your neighbor, you problems when the default network becomes large, as
will perform some action such as holding down the noted above. Hence HomePlug AV includes a more
sophisticated approach � device authentication that
`recruit me' button for three seconds in order to reset
requires minimal user interaction to signal intent, and
it. The device will then blacklist the network that it
incurs minimal increased cost per station. The latter
just attempted to join, and will try to join all other consideration is very important with low-end
reachable networks first before it tries that network consumer electronic devices, which may not even
again. have a processor apart from the dedicated chip which
When a network recruits the wrong device, it is just implements the basic standard.
more problematic. It is anticipated that most users
will have a controller with a decent user interface, Secure Mode
whether as part of the device itself or exported via a In Secure Mode, key distribution is effected
browser (e.g. where the controller is a DSL router). manually. Working at a device with an interface that
permits alphanumeric entry, the user enrolls each
other device into its logical network by entering into
Simple Connect Mode
the controller a Device Password (DPW) that is
normally printed on the label stuck to the equipment. The objective of Simple Connect Mode is to ensure
The DPW must be at least 12 characters long, giving that casual users can get as close to a `plug and play'
at least 72 bits of key entropy, and it may be longer. experience as is possible while avoiding the risk of
This is hashed to a Device Access Key (DAK), which creating unmanageably large networks. They should
in turn encrypts the Network Membership Key be able to ensure that the devices in their home, and no
(NMK). Possession of the NMK enables a device to other devices, are bound to their network, without
join a network. The mechanism for creating a key having to intervene in system configuration or
from a password is the PBKDF1 function, as shown management any more than strictly necessary. If
in the PKCS #5 v2.0 standard, Password-based possible, things should just work; else binding a
Cryptography Standard [13], using truncated SHA- device to a network should involve just a button-push.
256 as the underlying hash algorithm [14]. Even if a recently-purchased device binds to a
The advantage of Secure Mode is simplicity, both neighbor's network by mistake, recovery should be
of implementation and of operation. Secure Mode is easy, and the sequence of steps should be intuitive:
the correct choice for Carol and Gordon in our above something like `press the reset button until it works.'
use cases, and perhaps for Bob. It has two main At our first pass at the specification, we started off
disadvantages, especially for the more casual user. with an `unprotected mode' in which all devices use
The first is that, if wireless LAN products are any the same default NMK (as in HomePlug 1.0). There,
guide, many users will not want to make the effort to users who do not bother with security will have all
enter passwords. The second is that it may not be their devices join a default network, and security will
feasible to enter a password for every device � the never get in the way. This is ideal for an isolated
network might have no device with a keyboard to act household with no opponents. It may even be tolerable
as controller, or a device might have no known where occasionally two houses' networks link up,
password (e.g., its label has fallen off or become depending on the applications in use; if Harry's DSL
unreadable). line gets used unwittingly by his neighbor, then maybe
An alternative in this mode is for the user to choose no harm is done. However, as applications get
a network password (NPW) and enter it into each complex there will be problems; and regardless of the
device, where it is hashed to form the NMK. It is applications in use, network amalgamation is not
possible for the device itself to generate a random acceptable in large shared premises such as apartment
NPW and provide it to the user for later use. Manual blocks. The result is a huge network many of whose
password entry is discouraged because of the risk of stations are not directly accessible to the controller,
weak password choice, and because most devices will causing a large drop in efficiency.
not have interfaces for password entry. However, Our first pass at a fix for this involved public-key
password entry at network devices provides a cryptography, which we abandoned once we
compatibility option whereby an NMK can be understood its limitations as discussed in the last
distributed by other protocols. We will return to this section. The current mechanism is much simpler. Each
issue later. network has one or more user-interface stations that
To make things more formal, we want Secure can introduce new stations. A basic UI station has a
Mode to provide the following assurances. First, a single `admit' button. On acquiring a new device, the
network station should not be able to join a logical user presses the `admit' button and then plugs in the
network unless the user by positive action expresses device to the mains for the first time. On power-up, the
confidence that it is equipment she wants to add; and new device may seek an open network to join, or the
stations within a network should enjoy message user may press a button on the new device to cause it
confidentiality, integrity and authenticity. We assume to search for an open network. The local network
that all equipment so added to a network by the remains open for a fixed period of time after the
authorized user is trustworthy and behaves according `admit' button is pressed, and so with high probability
to the HomePlug specification. the device sees only one welcoming controller. (If it
sees more than one, it decides based on signal
strength.)
Once the device has bound with the controller � opponent who observes the exchange can derive the
which involves operations such as synchronizing with TEK and thus the NMK.
its beacon signal and exchanging tone maps � a key The communications engineer's viewpoint is that
exchange takes place. Each device sends the other a the tone-map negotiation uses low-bit-rate broadcast
nonce, and the hash of these nonces is then established communications � in effect a dependable broadcast
as a Temporary Encryption Key (TEK). The TEK is channel � so it is difficult to mount a man-in-the-
used to protect a proper NMK, which is then used as middle attack which would leave the attacker sharing
before to protect working keys. an optimal tone map with each end. As for passive
attacks, the key exchange uses high bit-rate
Given that the goal is robust communication rather
communications, which are hard for other stations to
than security, it would be acceptable for the key
decode � even given knowledge of the tone maps �
exchange to take place entirely in the clear; there are because the signal-to-noise ratio will in general be too
other applications in which initial key establishment is poor at different locations for many of the carriers
not the critical aspect of protection [15]. However, the (that is why tone maps have to be negotiated).
characteristics of the HomePlug physical layer allow Furthermore, for an attacker outside the premises, the
us to do somewhat better than that, and at zero signal to noise ratios for almost all carriers will be
marginal cost. We note in passing that the use of RF worse than those for a pair of stations inside the
channel characteristics in communications security has premises, at least in one direction. Using the hash of
a long history, from spread-spectrum and meteor- the two nonces requires the attacker to be able to
scatter radio to more modern ideas such as the use of demodulate traffic in both directions. As chips sold by
radio channels with fading as a `wiretap channel' HomePlug and its licensees will not support such
mechanism for key exchange [16]. attacks, an attacker would have to produce a partial
From the user's point of view, Simple Connect implementation of the HomePlug protocols. This
resembles Buffalo Technology's AirStation OneTouch would not only be unlicensed and thus unlawful; it
Secure System (AOSS) [17] and BroadCom's Secure could also be expensive.
Easy Setup (SES) [18,19]. However, these A full implementation of the HomePlug protocol
technologies use complex public-key cryptosystems might take 30 people 3 years and cost $15m; a very
and protocols. Although version 1.0 of the HomePlug bare partial implementation, just enough to monitor
any observable traffic, would likely be a PhD project
AV specification provided for an optional public-key
rather than a summer project. The attacker would have
protocol with user confirmation, complexity and cost
to start with perhaps $100,000 worth of professional
considerations precluded this option from mandatory test equipment. (Of course, advances in software
inclusion in the specification. Once we had studied the radios may bring costs down over time, and
costs and benefits of public-key provision, even professional test equipment may end up on the second-
optional inclusion in the standard was dropped. We hand market.)
realized that the attack described in section IV above Even so, the attacker would have to be smart.
undermines the value of using public key exchange Perhaps he can flood the target power-line network
with simple confirmation protocols where the with cleverly designed noise that downgrades the tone-
challenge is to tell genuine equipment from genuine maps to relatively low-bitrate communications, and
but tampered equipment. subtract out the noise again to get the nonces.
However, he would have to keep on jamming in order
Security of Key Exchange to collect the encrypted data traffic; and presumably
the target would notice the performance degradation.
The security analysis of this tone-map key Also, to compromise Carol's network (in the attack
exchange mechanism is interesting. First discussions taxonomy discussed above) two further things would
reveal a serious cultural gap: while a traditional
have to happen. First, Carol would have to run in
cryptographer will consider attacks on Simple Connect
Simple Connect Mode rather than Secure Mode, and
mode communications to be `obviously' almost trivial,
a communications engineer will consider them to be second, Dorothy would have to be monitoring Carol's
`obviously' almost impossible. power-line traffic at the very time when Carol was
The cryptographer's viewpoint is that the protocol adding a new device to the network. (In theory,
traffic in the initial key exchange (including both the Dorothy might give Carol a present of an attractive
nonces) is all sent in the clear, and so a capable device that had the label missing, in the hope of
causing a switch to Simple Connect Mode � but Making downgrading too easy would undermine
Dorothy could just as easily give Carol a device that the value of Secure Mode, so we ensured that an NMK
operated correctly in Secure Mode but was Trojanned for a Secure network will be different from the NMK
in other ways. If you connect untrustworthy kit to your for the same network run at Simple Connect. It is up to
network, then layer 2 defenses cannot buy you much.) the vendors of equipment suitable for use as
To sum up, a middleperson attack on Simple controllers to provide, if they wish, a means of
Connect mode key exchange might just be possible for distributing an SC-level NMK using already-
Eddie, but would cost him a lot of work, and success established DAKs. This can provide a centrally-
would not be certain. A private detective prepared to managed way to downgrade a network.
stake out a target residence with a technician and a We recommend that devices with a single push-
vanload of surveillance equipment would collect much button return to SC on reset. Otherwise it might be
more through other channels, from phishing scams and difficult to get a device from Secure mode to SC � say,
laser microphones, through flowers and other presents if the label had fallen off and the controller that knows
containing bugs, to Tempest; and if Carol is even its DAK becomes dysfunctional.
potentially facing such an opponent, then she is Note that the existence of two separate security
grossly negligent not to use Secure Mode. modes, associated with the NMKs and hence the
Returning now to Planet Earth, the robustness networks, is a departure from other commercial
concerns mostly have to do with failures rather than approaches using a button-push approach, such as
attacks. For example, what happens if the power fails SES. In SES, a key that had been previously
in half of a customer's house, knocking out the distributed using more secure methods can be
controller? The controller issuing the beacon always distributed among SES-compliant devices using SES,
maintains a hot backup, to take over if it fails. This whereas in HomePlug AV, securely distributed keys
does not cause a change in the NMK or even the NEK. must not be distributed using the more vulnerable
Should the old controller return, it will rejoin (using button-push mechanism. Keeping keys at the `Secure'
the NMK that it remembers) as any other node would. and `Simple Connect' levels separate from each other
To make things more formal, we want Simple permits much greater assurance: Carol and Gordon
Connect Mode to provide the following assurances. It know that their master keys were never, and will never
should be hard for another logical network to capture a be, distributed using the button-push method.
user's equipment, but easy for him to reclaim it once
he realizes it has been captured; it should also be easy
for him to expel an alien station captured by accident. VI. OPTIONAL SECURITY MODES
It should be easy to identify equipment reliably despite
limited user interfaces. The specification must keep
Manufacturer keying
complexity, cost and time-to-market reasonable; in
particular it must support out-of-the-box, low-return- The standard also supports an optional security
rate products. It must also be possible to reset a device mode in which a manufacturer installs an NMK in
and sell or give it to someone else. equipment sets. For example, someone selling packs
that contain a home DSL router and three wireless
LAN base stations might install a different, randomly-
Switching Security Modes chosen NMK in each pack, to guarantee plug-and-play
Having two security levels in a network potentially performance with no user intervention. However, here
raises many of the problems associated with multi- there remains an option for the user to enroll the
level secure systems [20]. For example, a user could devices in a larger network by either the Secure Mode
end up with two networks at different levels, but since or Simple Connect Mode mechanisms.
she must have a device with a capable UI in order to
have set up a Secure Mode network, we expect that
External keying
she will have diagnostic software with which she can
view the connected devices and their security levels, Trust can also be bootstrapped from other layers or
and thus diagnose the problem. She can then choose to networks. The home of the future is likely to have
downgrade the Secure network, or upgrade the SC multiple communications modalities � wireline phone,
network. DSL, Bluetooth, UWB, Near Field, HomePlug and
goodness knows what else. These will interact in NFC standards have been spearheaded by Philips
various ways. For example, a GSM or DECT mobile [23] and Sony [24], and standards are now set by
phone might act as a home controller, or Near Field ECMA and ISO [25]. Similar in some respects to
Communications might be used to implement a Radio Frequency ID tags (RFIDs), NFC operates in
bonding protocol under which the user recruits a the 13.56 MHz band. However, unlike RFIDs, NFC
device to his network by placing it on top of the TV allows interactive data exchange at a distance of 10-
when he first plugs it in after a reset. 20 cm., rather than simply remote read of a fixed
The specification therefore supports key value. When two NFC-compliant devices are brought
distribution via higher layer protocols, in order to close together, they detect each other; they negotiate
permit use by both existing and yet-undefined key what data they can transfer and how they can do it.
distribution mechanisms. These generally appear to For authentication, this may allow a "wand" to be
HomePlug devices as though the user had typed in the used to transfer keys to all suitably compliant devices.
NPW directly to the device. While this could support a very desirable user
Two approaches that have recently been heralded experience, again the cost for inclusion of this
are the USB-stick approach of Windows Connect technology in inexpensive consumer electronics
Now (WCN) proposed by Microsoft or Aladdin, and products may be too high for many manufacturers.
the Near Field Communication (NFC) proximity Also, the utility of such approaches diminishes as they
approach pioneered by Philips and Sony. become less ubiquitous. Still, as with the USB-based
In the WCN approach [21], the user sets up approach, NFC authentication is supported by the
security parameters on a master station, then loads baseline HomePlug protocol � it can be implemented
parameters for other stations into files that are as the host device downloading the NMK directly to
transferred to a USB-based removable storage device the station.
(flash drive). This flash drive is then inserted into the A possible future concern is that NFC may also be
other devices, which find and read the appropriate used for reading an RFID attached to the device. This
security configuration file to set keys and other could contain the device's DPW, which could then be
protection parameters. From a practical use used to derive the DAK and provision the NMK using
standpoint, this approach requires users to interact the DAK-based approach, as though the user entered
with a fairly capable interface device, so they should the DPW by hand. While this approach is attractive
be able to enter DPWs on it just as easily. Equally from the perspective of cutting the per-device costs, it
significant, the inclusion of a USB port in the bill of raises serious concerns over the degree to which the
materials and in fabrication is likely to raise the cost DAK is protected. Given recent results in reading
of including this technology on simple devices (such RFIDs from much greater distances than advertised,
as speakers) above the acceptable price points. use of RFIDs in this manner could open a large hole
The WCN approach is supported by the HomePlug in the security of the system (even the RFID Journal
standard through direct NMK entry. When the NMK admits that passive RFIDs can be read up to 20 feet
is derived from an NPW, only the NMK is sent across away [26]).
the interface to be loaded on the station, which does The standard is agnostic about how a DAK is
not know where the NMK came from. So the NMK acquired; the network does not know whether the
may be obtained from a configuration file on a flash DAK was derived from a DPW that was entered
drive just as easily as from a hashed NPW entered manually, or from some kind of automated reader that
through a rich user interface. scanned the device for its DAK. A vendor who
Aladdin also has USB flash-drive tokens, but these implemented DAK scanning would have to consider
are mostly for user authentication on hosts and further issues, such as whether Eddie could set up an
networks. The USB devices they make, however, are attack in which his equipment broadcast a DPW and
more than just storage devices, and have smart card waited for Carol's controller to read it.
capabilities [22]. They could support USB token- In general, OEMs designing key-management
based password management in power-line systems. protocols that use multiple communications modes
Objections to use of these systems are similar to those need to beware of a wide range of security
for the WCN approach, and, like the WCN approach, engineering issues, from naming problems through
they can be supported at the host level if desired. API defects to protocol interactions, compositional
issues, policy incompatibilities and attacks based on
changing environmental assumptions [20]. Resurrecting Duckling
Connecting two secure systems together is almost This protocol [12] enables manufacturers to make
always harder than it looks. products theft-resistant by ensuring that a device once
bonded to a controller cannot be properly reset without
Fillgun the cooperation of that controller. This can be easily
implemented on top of HomePlug. Although we
Going back once more to pre-public-key
recommend that manufacturers return a device to
technology, one option is the fillgun. These were
simple-connect mode by default when the reset button
devices used to load key material into military cipher
is pressed, this is not mandatory; devices may be
equipment. The power-line equivalent might be sold
manufactured (or configured later) to reset to Secure
as an adapter, with a male plug and a female socket.
Mode. The binding between such a device and its
The user plugs it into the wall, then plugs each
controller can be made permanent by removing the
appliance into it in turn, pressing the appliance reset
label. A thief who steals the device will not know the
button as he does so. The fillgun loads an NMK into
DPW, and thus will be unable to introduce it to a
each of them: a simple solution for the consumer who
network, short of reverse-engineering it.
wants security but can't be bothered to type DPWs
Of course, with many low-cost products, a default
into his TV, and perhaps also for the small business
of theft-resistance would likely annoy the legitimate
that's seriously worried about phishing. Physical
owners much more than any burglars. However the
contact was the traditional method of keying
theft-resistance facility of the Resurrecting Duckling
cryptographic devices; its simplicity and usability
protocol is available when needed.
have led to a resurgence of interest [12].
A fillgun could also use the existing Simple
Connect mode. The device can have a low-pass filter
VII. CONCLUSIONS
between the female socket and the male extension
cord, and between the filter and the female socket is a
We have discussed some interesting trust problems
HomePlug AV chip with an embedded host. The
with home networking, and described how they are
embedded host has a primitive user interface that
tackled in the next generation of power-line
allows a new NMK to be generated when requested
communications. The main problem is that users may
by the user. This node always behaves as a controller,
recruit the wrong devices to their networks, and
and is always willing to distribute the NMK that it has
conventional trust mechanisms such as public-key
to a new station (i.e., any device that is plugged into
certificates simply don't deal with this. To check that
its female socket). The usual Simple Connect Mode
you're recruiting the right device you need to check its
protocol works the same as before, only now there is
label, or perform some other physical action with it;
no possibility that an eavesdropper can demodulate
and in that case, there are cheaper ways to do things.
the key exchange messages, as the low-pass filter
In our design, we provide two simple modes of
eliminates the signal containing these messages. This
operation: Simple Connect Mode (which prevents
approach has the decided advantage that neither the
accidental recruitment) and Secure Mode (which
device's DAK nor the NMK can be read remotely (as
blocks more sophisticated malice). These correspond
in RFIDs and potentially, NFC), and there is no
to low and high grades of assurance about user intent �
additional cost per device � only the cost of the
an issue to which we believe insufficient attention has
fillgun itself.
been paid so far. We also provide the hooks necessary
In fact, a nervous user could even employ devices
for licensees and third-party vendors to create their
already present and in use in the home to get an extra
own approaches, and to support competition between
level of protection. Many surge protectors are also
different network personalization technologies.
effective low pass filters. Hence, if a user just plugs a
controller into the same surge protector as a new
device that is to be recruited to the network, then Acknowledgements
presses buttons on both, the Simple Connect key We are grateful to Frank Stajano and to the
exchange mechanism may become significantly anonymous referees for comments that improved this
harder to attack. paper, and to colleagues in the HomePlug project for
feedback at various stages during the design process.
http://www.microsoft.com/windowsxp/using/networking/learnmore/
bowman_05june13.mspx)
REFERENCES [22] Alladin, "Make Your Token Authentication
Solution a Reality with a Token Management System," white paper
[1] Brown, P.A., "Power line communications � past, WP_eToken_TMS, March 1, 2006, (last read May 25, 2006, at
present, and future", Proceedings of International Symposium on ftp://ftp.aladdin.com/pub/marketing/eToken/White_Papers/WP_eTo
Power-line Communications and its Applications, Sept 1999, pp. 1-- ken_TMS.pdf)
8 [23] Harold, Peter, "Close up and in the Comfort Zone,"
[2] Lee, M. K., R. Newman, H. A. Latchman, S. Katar, Philips Password, issue 24, Sept. 2005, (last read May 25, 2006, at
and L. Yonge, "HomePlug 1.0 Powerline Communication LANs � http://www.research.philips.com/password/archive/24/downloads/pa
Protocol Description and Comparative Performance Results", ssword24.pdf)
International Journal on Communication Systems on Powerline [24] Sony, Felica product site, (May 25, 2006)
Communications, May 2003, pp 447�473 http://www.sony.net/Products/felica/index.html
[3] HomePlug Powerline Alliance, "HomePlug AV 1.0 [25] ISO, ISO/IEC 21092 Standard � Near Field
Specification," December 16, 2005 (visit http://www.homeplug.org) Communication -- Interface and Protocol (NFCIP-1)
[4] HomePlug Powerline Alliance, "HomePlug AV http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CS
White Paper," August 18, 2005 (last read May 25, 2006, at NUMBER=38578&ICS1=35&ICS2=100&ICS3=10 or download at
http://www.homeplug.org/en/docs/HPAV-White-Paper_050818.pdf) http://isotc.iso.org/livelink/livelink/fetch/2000/2489/Ittf_Home/Publi
[5] Afkhamie, K. H., S. Katar, L. Yonge, and R. clyAvailableStandards.htm
Newman, "An Overview of the upcoming HomePlug AV Standard," [26] RFID Journal FAQ, "Privacy and Data Collection,"
proceedings of International Symposium on Powerline http://www.rfidjournal.com/faq/28/138
Communications (ISPLC 2005), Vancouver, BC, 2005, pp. 400-
404..
[6] Katar, S., R. Newman, H. Latchman, and L. Yonge,
`Efficient Framing and ARQ for High-Speed PLC Systems',
proceedings of International Symposium on Powerline
Communications (ISPLC 2005), Vancouver, BC, 2005, pp. 27-31.
[7] W. David Gardner, "Wireless Survey: Many Nets
Open To Security Breaches", Information Week, Mar 10, 2005 , see
http://www.informationweek.com/story/showArticle.jhtml?articleID
=159400875.
[8] Prasad, R., van New, R., `OFDM Wireless
Multimedia Communications', Artech House, Norwood, MA, 2000.
[9] X.509, The Directory � Authentication Framework.,
CCITT, ITU-T, 1988; the IETF version is available as `Internet
X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile' at http://www.ietf.org/rfc/rfc3280.txt
[10] R. Needham. "Names" In S. Mullender, (ed.),
Distributed Systems, Addison-Wesley, 1993, pp. 315--327.
[11] D Richardson, `Techniques and Equipment of
Electronic Warfare', Salamander Books, ISBN 0-8601-265-8
[12] Frank Stajano, Ross Anderson, "The Resurrecting
Duckling: Security Issues for Ad-hoc Wireless Networks", Security
Protocols, 7th International Workshop Proceedings, 1999, 172--194.
[13] RSA Labs, PKCS #5 v2.0 standard, Password-based
Cryptography Standard.
[14] FIPS 180-2, NIST, "Secure Hash Standard," August
26, 2002, (including the change notice dated February 25, 2004,
concerning truncation)
[15] R Anderson, HW Chan, A Perrig, "Smart Trust for
Smart Dust", ICNP, Berlin, Oct. 5�8 2004, pp 206�215
[16] J Barros, MRD Rodrigues, "Secrecy Capacity of
Wireless Channels", IEEE Symposium on Information Theory 2006
[17] Buffalo Technology, "AirStation OneTouch Secure
System (AOSS)," white paper, Oct. 2004, (last read May 24, 2006 at
http://www.buffalotech.com/documents/pdf/AOSS_WP_Final.pdf)
[18] Broadcom, Securing Home Wi-Fi Networks: A
Simple Solution Can Save Your Identity," white paper Wireless-
WP200-x, May 21, 2005, (last read May 25, 2006, at
http://www.54g.org/pdf/Wireless-WP200-RDS.pdf)
[19] Moran, Joseph, "Push-Button Wireless Security,"
Small Business Computing.com Web Management ezine, December
2, 2005 (last read May 24, 2006 at
http://www.smallbusinesscomputing.com/webmaster/article.php/356
7981)
[20] R Anderson, `Security Engineering � A Guide to
Building Dependable Distributed Systems', Wiley 2001
[21] Bowman, Barb, "Set up a secure wireless network
using Windows Connect Now," Microsoft XP ezine, June 13, 2005,
(last read May 25, 2006, at