I'm Sunil, a final year undergraduate student from India. I've been working on a Google Summer of Code project under Maemo, where the aim is to bridge UPnP networks securely over the Internet. It will allow UPnP users not only to share resources with local entities but with the ones in a different domain. Similarly, it will allow them to take actions on their UPnP resources even from a foreign network. My mentor is Zeeshan Ali.
UPnP is a set of protocols which allows users to share their resources and discover shared resources on the network, e.g media servers . Such servers could automatically be discovered by a UPnP control point through a series of steps and actions can be taken on the resource. UPnP uses multicast messaging due to which its reach has been limited to local domains, also due to a couple of other factors such as security because standard UPnP specifications do not handle it.
The project is basically divided into two sections - developing components which would allow to extend UPnP discovery mechanisms and would make a communication possible between UPnP entities present in two different domains. Another is to have a foreign host trust and identification mechanism through which users can specify foreign hosts to search in for UPnP devices, and hosts that are allowed to search in our network.
The idea for the first part is that a proxy running at the external interface will handle and map UPnP discovery packets coming from inside and outside the local network. Also, to run a SoupServer for each combination of foreign host and local device where the SoupServer acts as a proxy device to the foreign host. Whenever a request comes from that particular foreign host, a new SoupMessage for the local device is created and header and body sections are copied after translating the addresses. I've developed a basic proxy in Vala (spent some time learning the language in the beginning) using Libsoup performing the task, but that has yet to be integrated with GUPnP.
To securely bridge two networks, my initial discussion with my mentor has given us a thought that users can use and exchange self generated X.509 certificates if they trust each other. Although we won't be able to authenticate since there is no central CA, but we will be able to encrypt a session. More about SSL encryption without authentication.
That's it, will appreciate any kind of feedback! The next implementation will be of the mentioned proxy features.
Subscribe to:
Post Comments (Atom)
Is the code available somewhere yet?
ReplyDelete