 | ||
September 29, 2004 |
||
|
Success in the development of security technology for home gateway that enables remote control over network appliances at home ... Secure and convenient usage of network appliances, in a way that "anyone can access at anytime and immediately as requested" |
||
Nippon Telegraph & Telephone Corporation (hereafter referred to as NTT; Head office: Chiyoda-ku, Tokyo; President: Norio Wada) has developed home gateway (*1) security technology that enables users to connect to network appliances at home from outside and to control them remotely in a secure and convenient manner. NTT's newly developed technology provides a secure and convenient means of remote usage of network appliances at home. This is achieved by a secure access control function to home gateways that are deployed at the entrance of home networks. The secure access control function dynamically controls remote access from outside the home. The above feature does not require any installation of additional software into equipment either at home or outside. Users can access various equipment at home from the Internet environment outside in a way that "anyone can access at anytime and immediately as requested". Equipment at home could be a personal computer, or appliances such as TV, HDD (Hard Disk Drive) Recorder, or Web Camera. By the use of this technology, users can, for example, remotely watch motion pictures stored in a digital camera or a video recorder, as if they were at home. Once users share access permission among friends or family members, they can immediately access large-sized content data at home that cannot be shared using communication measures such as E-mail, as shown in Figure 1. The above technology is expected to be a driving force for the creation of new businesses such as content sharing and remote control by service providers, as well as a platform for ubiquitous services that fully utilize the potential capability of optical broadband networks. Background of the development The prevalence of a broadband network access environment such as optical networks has been accompanied the emergence of various related services. Many home appliances are beginning to be networked. Not only personal computers with a TV recording function, but also network-enabled appliances, so called network appliances, such as TVs with a Web browser, HDD recorders, and digital videos/still cameras, are now gaining popularity among consumer appliances. Although these network appliances technically have the ability to be accessed via a network from outside, such usage, however, has not yet gained popularity among users. This is because of the lack of security countermeasures and the complexity in the handling of addressing information. Permission to use an external network connection would allow any user on the Internet to connect to the devices at home. However, that leads to the increased risk of unintended usage with a malicious intention. To prevent such unwelcome access, only access from registered devices should be permitted by deploying a home gateway at a user's home network. In the present situation, users should enter information such as IP address (*2) and port number (*3) in the home gateway for configuring access control. Moreover, network information about external devices should be registered in the home gateway in order to restrict access from external devices. Such configuration tasks not only require procedures that are difficult for ordinary users, but also restrict the manner of usage since the control can only be done from limited devices or areas. In order to make remote access to home network appliances easier, NTT has started the research and development of access security technology for network appliances, and been successful in the development of technology with which ordinary users can remotely connect to the network appliances at home in a secure and simple manner, in a way that "anyone can access at anytime and immediately as requested." Key Features Characteristics of NTT's technology, as shown in Figure 2, are described as follows. (1)Simplified security settings: simplification of access rights configuration for network appliances. Configuration for the usage of network appliances at home can even be conveniently done with a remote controller of Web-browser-enabled Television. Configuration of the gateway for external access can also be done without complicated procedures. Moreover, access control of external connections can be configured for each user. The configured information is only used by Dynamic Firewall (described in the next subsection) on necessary occasions. (2)Dynamic Firewall: temporary permission for external connections to be made by registered users. In the case in which a registered user from outside requests to connect to devices at home, Dynamic Firewall will temporarily permit access by opening the port for the requested device at home. Access by nonregistered users will be refused. When the registered user finishes, the corresponding port number will be closed automatically. Security is maintained by refusing any unregistered access requests from outside. Even in the case in which more than one device shares the same IP address (and port number), Dynamic Firewall is capable of distinguishing access for a device in which a user wants to use from access for other devices. (3)IPsec Proxy adapter: secure communication route by external adapter device. Our technology utilizes IPsec (*4) communication for further security requirements such as protection against wiretapping and tampering. IPsec used to be too complicated for ordinary users, since it requires complicated tasks for device configuration. Our system, however, allows users to use IPsec immediately without complicated configuration tasks. All they have to do is physically install an external adapter device in front of the entrance of a home network. Further development plans NTT intends to expand the applicability of our home gateway technology further in order to achieve a secure and convenient service environment for broadband connectionless access services such as optical networks. Further promotion of research and development will be done for achieving a secure and convenient network technology that serves as a platform for society. NTT aims to contribute to the improvement of customer satisfaction and to the further expansion of a global information sharing society. The above system is to be demonstrated at the CEATEC JAPAN 2004 exhibition, which will be held at Makuhari Messe, Chiba, Japan, starting from October 5th, 2004. Glossary *1 home gateway A functional unit installed at the boundary between a home and external network that transits communications between those networks. Although the term "home gateway" is used to represent a variety of functions, we assume in this document that its main purpose is to provide a firewall function for preventing unauthorized access. *2 IP address IP address is information that identifies a node in networks. Most home networks would have a single global IP address for the home network and more than one private IP address for each network appliance. Global IP addresses, similar to main phone numbers in a company, are uniquely identified throughout the whole Internet, while private IP addresses, similar to extension phone numbers, are uniquely identified only within the local network. *3 port number Additional subaddress information appended to an IP address in order for devices to communicate with more than one node at the same time. External devices will use the combination of IP address with port number in order to identify each device in the home network. *4 IPsec IPsec is a specification for encrypted communication on the Internet. The specification includes powerful security features such as authentication and message integrity. Services (or in other words application for the network services) that use IP communications need not be conscious of the encryption procedure of IP packets, which is delegated to the IPsec function. |
||
- Figure 1. Use case of the service - Figure 2. Key Features | ||
|
||
|
