Over the past several years, there has been an increasing concern about the security of appliances such as disk drives, spoolers, printers, scanners and multi-functional peripherals. The concern is both around the privacy of the data being sent as well concern about whether one is interacting with the intended device or an imposter (i.e., is the printer address the one for the intended printer or a fraudulent address).
In the past, interception and “man in the middle” attacks were prevented by using 1-1 cables (such as centronix or universal serial bus). However, as appliances moved from being client peripherals to networked resources, the problem emerged of identifying the intended appliance and securing the communication to that appliance.
In the case of printers, a common approach (seen in many offices) has been to post a label of the printer name with its network address. In this manner, if an individual trusts the label, they could use that address to send a print job to the intended printer. Similar techniques are used for scanners, disk-drives, spoolers and other such appliances.
There are several problems with the label-based approach. The first is that many deployments-use the dynamic host control protocol (DHCP) and thus the address of the appliance can change over time. This means that while a client might have once had the correct address, the appliance address may change and the client can easily have a mis-directed message. Similarly, an imposter might intentionally mislabel an appliance such as a printer to intercept print jobs in public venues such as coffee shops or airport lounges.
Some manufacturers provide a user interface on their appliance that will report the address of the appliance on a screen or (in the case of some printers) on a printout. This helps overcome the intentional/accidental mislabeling of a device, but does not address dynamic protocol update or re-configuration of the client devices.
In addition, the above techniques do not address privacy of the transmitted data and thus eaves-droppers can intercept sensitive documents/material.
Sensitive documents can be addressed through techniques such as the secure sockets layer (SSL). In this protocol, the client and server agree on a session key that is used to encode messages exchanged between the client and server.
Other methods include IP Security Protocol (IP-Sec) which replaces the Internet Protocol with a secured packet routing mechanism. IPSec ensures that a message will be delivered only to the destination address but doesn't secure the association of the target with the address (i.e., the mechanism of discovering the correct IP address for the appliance is not addressed by either IP-Sec or SSL).
An approach to certifying the destination has been to use a challenge in the initial message from the client to the target. The challenge is encrypted with a shared secret or other keying mechanism and only the rightful recipient should be able to answer the challenge and thereby affirm the identity. The issue here is one of key distribution. If the key is shared across a family of appliances, than the imposter can redirect the print job to a second printer and intercept the material. If the key is particular to a printer, then discovering that key is an issue and similar to discovering the printer's IP address noted above.
Thus there remains a need to discover the provenance of an appliance's address, and/or to communicate with that appliance in a secure manner. At least some aspects of this disclosure are related to improved apparatus and methods for implementing electronic communications between electronic devices such as an appliance and a client in one embodiment.