Vulnerability Analysis and Protection Schemes of Universal Plug and Play Protocol

Universal Plug and Play (UPnP) technology is gaining popularity day by day since this technology reduces the complexity associated with the installation and management of devices and network services. As a result, most of the modern consumer electronics and intelligent appliances are now equipped wi...

Full description

Saved in:
Bibliographic Details
Published in2010 13th IEEE International Conference on Computational Science and Engineering pp. 222 - 228
Main Authors Hasib, A A, Mottalib, M A
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.12.2010
Subjects
Buffer overflow
Computer crime
Denial of service
IEEE news
IP networks
Performance evaluation
Power consumption
Power demand
Protocols
Servers
Universal Plug
Online AccessGet full text

Cover

More Information
Summary:Universal Plug and Play (UPnP) technology is gaining popularity day by day since this technology reduces the complexity associated with the installation and management of devices and network services. As a result, most of the modern consumer electronics and intelligent appliances are now equipped with UPnP capabilities. However, there exist several potential vulnerabilities in the UPnP protocol implementation that can be exploited by a malicious attacker to cause financial or reputation damage to a victim. In this paper, we have analyzed the general architecture of UPnP protocol and presented three potential vulnerabilities of UPnP protocol implementation namely Power consumption, Denial of Service and Buffer overflow. Furthermore, we have exploited these vulnerabilities to perform several attacks and analyzed the results of these attacks. Finally, we have proposed several schemes to thwart these attacks and to improve the security state of the UPnP protocol.
ISBN:9781424495917
1424495911
DOI:10.1109/CSE.2010.37