As the convergence of universal communications and ubiquitous computing pervades daily life, new networking architectures are evolving to meet a myriad of applications. Some architectures address desires for home appliance and utility automation, control, telemetry, and security. Others are designed to offer convenient, unified remote management of distributed personal audiovisual equipment. Still others describe hardware and protocols intended to deliver broadband content to a destination (e.g., a home) using existing commercial and public transmission networks. Yet others provide a simple shared services network infrastructure using the existing access points, conduits, and wiring available within many modern homes and offices.
A shared services network is one that is capable of providing disparate services using the same transmission medium, and that may be coupled to selected existing commercial and public transmission networks. Exemplary shared services network infrastructures include, without limitation, wireline telephony, electrical power utility, and cable-access services infrastructures. These latter architectures may be designed from the perspective of a consumer, where reliability, transparency, thriftiness, and simplicity, of installation, use, and upkeep (in the aggregate, “user-friendliness”) are among the most significant considerations in adoption of technology. Beneficially, many wireline and wireless architectures, devices, and protocols are converging to allow some degree of interoperability among networks intended for consumer home, or small office/home office environments (collectively, “end-point networks” or EPNs). An architectural commonality of EPNs is the shared signal transmission medium (i.e., shared medium). In a shared medium network, all communication devices share the multiple access transmission medium, but only one device can drive the network at a time. A shared services network can be a type of shared medium network.
Although convenient, shared medium architectures also share vulnerability to eavesdropping and compromise, leaving attached devices exposed to unauthorized access, misuse, and tampering (collectively, intrusion). Unfortunately, no unified, standard security implementation has been devised to protect every network in every environment, and security mechanisms effective in one environment for one type of shared medium network, may offer little protection to other implementations. In practical use, traditional network security mechanisms, such as usernames and passwords, can be cumbersome to implement and manage in an EPN. In addition, the use of passwords and keys can be unwieldy when authenticating headless devices, that is, devices that lack user interface components or peripherals. Despite the simplifications that current existing network security methods and apparatus may bring to the consumer network user, even “easy” mechanisms may require multiple steps, out-of-band security password or key transfers and, unfortunately, significant user interaction.
Oftentimes, EPN users elect not to activate beneficial security services that may be available with selected EPN devices because the security implementation process may be too cumbersome or too inconvenient for the average EPN user, even those processes are thought to be “simplified.” For example, a simplified, “two-button” security activation process, available with selected networking products, may require more interaction than is desirable to a user. A home-networking user can press a button on an authenticating device (AD) to initiate an existing security activation process, in which the AD is activated to be available to connect with a supplicant device (SD) for a defined availability period. During at least a portion of this security activation process, the AD may operate in an open, unsecured mode, and be vulnerable to intrusion by rogue or network-hopping devices. While the AD is activated and available, the home-networking user also activates the SD interface, placing the SD in a search mode, possibly for a limited time.
During the SD activation period, both the AP and the SD are available for a limited period. Over the limited span of this opportunity window, the SD is expected to locate the AD, and the AD is expected to identify the SD and to determine whether the SD is an “approved” device. During the opportunity window, at least one of the AD and the SD may communicate using a non-secure or partially-secure handshake, thereby becoming vulnerable to intrusion. Once the AD identifies the SD as an approved device, the AP then transmits security information to the SD over the open, unsecure communication channel of the shared transmission medium. In response to the security information from the AD, the SD then may initiate a more secure form of communication between itself and the AD, by exchanging security and configuration information, so long as the opportunity window remains open. Otherwise, the exchange of information is incomplete, the devices cannot establish a secure communication link, and the security activation attempt fails. Typically, an EPN user would repeat this standard “two-button” method until a secure communication link was established successfully between the AD and the SD. Each repetition, however, raises the intrusion exposure of the AD and the SD. To reduce this risk, one solution may be to further limit the common availability period of one or both of the AD and the SD. However, reducing the security activation opportunity window tends to increase the likelihood of security activation failure.
Thus, the apparent simplicity of this existing security management technique can be deceptive, because the limited opportunity window may not provide sufficient time to complete the intended security management task, security management may be insufficient to complete the task and one or both devices may time out. In this scenario, the user repeats the foregoing “two-button” technique, with the hope that a secure communication link between AD and client can be made prior to another time out. In addition, it is possible that a rogue supplicant may communicate with the AD during this opportunity window period, which may interfere intentionally with successful completion of the attempted security operation. Also, devices from adjacent networks may engage in “network hopping” and attempt to link to the soliciting AD. Moreover, even if this security activation can be accomplished without time-outs, interference, or subversion by rogue opportunists or network-hoppers, the network operator typically repeats the same “two-button” security activation technique for each client adapter being attached to the associated EPN.
Despite being a simplification of previous techniques to establish secure communication, the repetitive nature of this “two-button” technique can be burdensome. For example, the “two-button” sequence is repeated, for example, each time the network topology is reconfigured, or when a device leaves a network. With even a modest number of devices connectable to a network, the current “two-button” technique may be quite inefficient. For example, in order to add six devices to a network using a current “two-button” technique, a user may be required to repeat a security activation process six times, and to make at least twelve properly-sequenced activation process steps. A “two-button” security activation technique may be cumbersome to the point of being impractical, as may be in the case of AD or SD that are disposed in inconvenient or dangerous locations within a networked premises (e.g., in an attic or crawl space, or behind a large appliance or fixture). For shared services, shared medium (S3M) networks, physical ports coupled to the S3M network are frequently disposed at or near floor level, or are otherwise positioned for easy access to the shared services conveyed by the shared medium, with exemplary physical ports of this type including electrical power wall outlets, or telephone wall connectors. Also, headless devices, lacking a graphical user interface, frequently are so configured because they may be disposed in inconvenient or inaccessible locations.
A typical consumer user may be dissuaded from enjoying the benefits of AN EPN, because the aforementioned security burdens lack sufficient “user-friendliness” to be desirable, despite the daunting risks posed by an unsecured EPN operation. It is desirable, therefore, to provide methods and apparatus for simplifying network security deployment and use, including in an S3M network, thereby encouraging consumers to benefit from the use of a secure end-point networks.