2020/4/16
Conclusions & Recommendations
Koji NAKAO
KDDI General Manager, Information Security Department ko-nakao@kddi.com
Home networking & home services, Tokyo, 17-18 June 2004

1) Securing Home Networks
Tsutomu Matsumoto
2) Standardized Firewall Management :
An IPCable2Home Perspective
Amol Bhagwat
3) Home Network Device Authentication
Ralph Brown
4) Standardized Precabling, the Efficient Road to secure and reliable Home Networks
Walter P. von Pattay
2020/4/16 Home networking & home services, Tokyo, 17-18 June 2004

Highlights from Presentation 1
“ Securing Home Networks ”
 The allowed computational complexity or the cost for mechanisms to enhance security may be highly limited
 Often the appliances DO NOT have their Identifiers in digital form
 Key Management
 including Key Establishment , Key Revocation , and
Key Renewal needs Innovative Technologies
How to achieve acceptable Quality of Security in such a tough environment
2020/4/16 Home networking & home services, Tokyo, 17-18 June 2004

Highlights from Presentation 2
“ Standardized Firewall Management :
An IPCable2Home Perspective ” o o o o o o
IPCable2Home requires the firewall to have SPF or ASP filtering capabilities.
Is session aware, keeps track of initiated vs. response packets.
Supports remote configuration by service provider as well as consumer configuration
Uses standardized configuration language
Need of the Management of Firewall
IPCable2Home standardizes configuration and management of firewalls including in the home gateway
2020/4/16 Home networking & home services, Tokyo, 17-18 June 2004




Highlights from Presentation 3
“ Home Network Device Authentication ”
Device authentication is more than just the protocols and cryptography used in devices
For device authentication to have value it must be backed by:





Detailed specifications
License agreements
Certification processes
Certification authority
Certification issuance
For exchanging high value content, these elements become even more important
2020/4/16 Home networking & home services, Tokyo, 17-18 June 2004

Highlights from Presentation 4
“ Standardized Precabling, the Efficient Road to secure and reliable Home Networks ”


Reasons for cabling (secure, safe, reliable…)
Standardization in SC25: ISO/IEC 11801 is world-widely used.
11801: Generic cabling for customer premises
 ISO/IEC 15018 (Cabling Infrastructure)
 This decreases the cost for protection against sabotage, masquerade and malfunctions.
2020/4/16 Home networking & home services, Tokyo, 17-18 June 2004

2020/4/16
Overview of issues in the session(1)
Threads in Home Network
Remote
Users
Information Leakage,
Masquerade,
Malfunctions (worms..)
DoS, DDoS
External
Network:
The
Internet
Home
GW
AP
Servers
Sabotage Devices
Users
Home networking & home services, Tokyo, 17-18 June 2004

2020/4/16
Overview of issues in the session(2)
Security Requirements a) confidentiality: the property that information is not made available or disclosed to unauthorized individuals, entities, or processes (ISO 7498-2:1988).
b) integrity: the property of safeguarding the accuracy and completeness of assets.
c) availability: the property of being accessible and usable upon demand by an authorized entity (ISO 7498-2:1988).
d) accountability: the property that ensures that the actions of an entity may be traced uniquely to the entity (ISO 7498-2:1988).
e) authenticity: the property that ensures that the identity of a subject or resource is the one claimed. Authenticity applies to entities such as users, processes, systems and information.
f) Reliability: the property of consistent intended behavior and results.
Home networking & home services, Tokyo, 17-18 June 2004

2020/4/16
Remote
Users
Recommendations
Devices
(a)Confidentiality
(b)Integrity
(c)Availability
(d)Authenticity
(e)Reliability
External
Network:
The
Internet
(a)(c)(d)
Home
GW
(a)(c)(d)
(a)(b)(c)(d)
(d)
(d)
Users
Home networking & home services, Tokyo, 17-18 June 2004

Follow-up actions : Security Management


Identify and classify home assets;
Risk analysis and assessment are required;


Select suitable controls for the assets in order to reduce the risks;
Implement the controls;
 Review and Check the controls implemented in a constant time period;


If additional risks are recognized, then action against the risks should be carried out.
Security Management Process : Plan-Do-Check-Act
2020/4/16 Home networking & home services, Tokyo, 17-18 June 2004

Conclusion: Good quality of security






Vulnerability and threads should be identified for HN
Risk assessment should be carried out for HN;
Study and standardize Specific Controls, such as
Firewall, Intrusion Detections System (IDS),
Device authentication,…
Collaboration with External standardization bodies such as ISO,
IETF should be strongly promoted;
Action
Good and acceptable standard should be promptly carried out;
Security Management is necessary.
Check
Refine &
Actions
Review &
Audit
Continuous improvement
Implement
& Operation
Do
Plan
Policy
Plan
2020/4/16 Home networking & home services, Tokyo, 17-18 June 2004