A local network, and more particularly a domestic network, is formed of a set of devices (televisions, digital recorders, computers, personal digital assistants, etc.) networked together and which self-configure and interact in a manner that is transparent to the user so as to offer him enhanced services. UPnP described in “UPnP™ Device Architecture 1.0”, HAVi described in “HAVi Specification version 1.1” and Rendezvous described by E. Guttman in “Autoconfiguration for IP networking: Enabling local communication” IEEE Internet Computing, May 2001, are a few current proposals for standards for domestic networks. The appliances belonging to a user or a family of users will share one and the same security policy. These appliances are interconnectable via multiple networks. These networks may be wired networks within the home such as IEEE 1394, IEEE Ethernet or the like. They may also be wireless networks such as IEEE 802.11, Bluetooth or the like. The appliances may also communicate via the Internet such as for example a mobile device that the user will have carried with him to his workplace and which will communicate with the network of the residence via the company network and the Internet.
These communities must be made secure if one wishes to deploy them widely. Specifically, there are motives and genuine opportunities for attacking the appliances of a user. The first step for securing a community of domestic appliances consists in marking its boundary, that is to say in defining which devices belong to the community.
The second step for securing these domestic communities is to define a policy for filtering the communications between the appliances of the community and the outside world, or even between the appliances of the community themselves. Filters of this kind, called firewalls, are well known. There exist several types of firewall.
In particular, it is known to equip a company network with a firewall disposed on the link between this company network and the outside. Specifically in this type of network, all the communications between the network and the outside pass via one or more well-identified points of connection. In this case the firewall is administered by the competent personnel in a position to define the security policy and to implement it.
It is also known to equip a personal computer linked directly to the Internet with what is commonly referred to as a personal firewall. This firewall is a software filter on the computer filtering the network traffic between the computer and the outside world. This filter is effected as a function of a policy defined by the user. For this purpose, tools exist allowing him to express this policy in a simple manner and to translate it into the form of packet filter rules as a function of the protocols used, of the services used or of the direction of the communication. Despite these tools intended to facilitate the user's task, he is nevertheless in charge of the management of his firewall and of alterations to the security policy on his computer.
For the management of the firewall policy in networks possessing several points of access to the outside has been developed the notion of distributed firewall. In this type of firewall, the security policy is defined at a point of the network serving as policy server and applied at multiple points, typically on all the network access points. In this way, the consistency of the firewall policy is ensured over the whole network by centralizing the policy rules and their updating at a single point.
The characteristics of the communities of modern domestic appliances raise a certain number of problems when attempting to protect them with a firewall according to one of the techniques mentioned above. The use of RF media, which are by nature shared, the communication between devices across the Internet, the uncovering and the automatic exchanging of services between devices placed face to face are so many factors that blur the physical boundary of domestic networks and the location of the points of access between the appliances of the domestic network and the outside. In such a community, each appliance is able to communicate with appliances outside the network without this communication necessarily passing through an identified access point.
Moreover, the appliances of the domestic community are liable to develop a fault, to be turned off or carried away by the user beyond reach of the means of communication of the remainder of the community. It is therefore clear that the security policy must apply on the one hand to the appliances carried away from the residence and to those that remain within the residence. It is not therefore possible to bank on the presence in the network of an appliance playing a privileged role to ensure the security of the community. Moreover, it is necessary that the policy take account of alterations to the community, the addition or the removal of new appliances.