Doctoral Thesis Extended Personal Media Networks (XPMN) by Dirk Meyer Submitted to fulfill the requirements for a degree of “Doktor der Ingenieurwissenschaften” – Dr.-Ing. – at Fachbereich 3 (Mathematik und Informatik) Universitat¨ Bremen November 16, 2009 Reviewers: Prof. Dr.-Ing. Carsten Bormann (Universitat¨ Bremen) Prof. Dr. Rainer Malaka (Universitat¨ Bremen) Colloquium (Thesis Defense): March 4, 2010 Copyright 2009, Dirk Meyer. Licensed to the public under Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Germany License. Abstract The recent years have brought many changes to the way consumers interact with media assets. Today, consumers store their media digitally and access them using multiple devices; the role of the mobile phone as a universal control and playback device is still growing. Yet, there is no generic architecture for the various devices at home and on the Internet to interact with each other. In this thesis, we enhance the Extensible Messaging and Presence Protocol (XMPP) to be the core of an Extended Private Media Network (XPMN). Essentially, we create an end-to-end security layer for XMPP providing confidentiality, data integrity, and peer entity authentication between clients, keeping usability constrains for both the end-user and the developer in mind. In addition, this thesis covers device management, non-relayed TCP connections between peers in a challenging topology, and a generic device architecture—turning XMPP into a powerful peer-to-peer network for inter-device communication. To prove the applicability of the specifications, an exemplary implementation has been built within the scope of this thesis. Moreover, the core specifications were developed in an open standardization process and are either published as XMPP extension or Internet Draft. Zusammenfassung Die letzten Jahre brachten viele Veranderungen,¨ wie Konsumenten mit ihren Medieninhalten interagieren. Sie speichern ihre Medien heutzutage digital und greifen mit unterschiedlichen Geraten¨ darauf zu, und dabei wird die Rolle des Mobiltelefons als universelle Fernbedienung und Abspielgerat¨ immer wichtiger. Allerdings gibt es keine generische Architektur, die es er- laubt, dass die unterschiedlichen Gerate¨ zu Hause und im Internet interagieren konnen.¨ In dieser Arbeit wird das Extensible Messaging and Presence Protocol (XMPP) erweitert, damit es als Kern fur¨ ein erweitertes privates Medien-Netz (Extended Private Media Network, XPMN) eingesetzt werden kann. Dies beinhaltet hauptsachlich¨ die Entwicklung einer Ende-zu- Ende-Sicherheitsschicht fur¨ XMPP, um Geheimhaltung, Datenintegritat¨ und Authentisierung zu gewahrleisten.¨ Dabei gilt der Benutzbarkeit fur¨ den Endbenutzer, aber auch der Entwick- ler besonderer Aufmerksamkeit. Zusatzlich¨ behandelt diese Arbeit Gerateverwaltung,¨ TCP- Verbindungen zwischen Clients in komplexen Netztopologien und eine generische Device- Architektur – also eine Weiterentwicklung von XMPP in ein leistungsstarkes Peer-to-Peer-Netz fur¨ Gerateinteraktion.¨ Um die Anwendbarkeit der Spezifikationen nachzuweisen, entstand im Rahmen dieser Arbeit eine prototypische Implementierung. Daruber¨ hinaus wurden die Kernspezifikationen in einem offenen Standardisierungsprozess entwickelt und als XMPP-Erweiterung oder Internet Draft veroffentlicht.¨ iv Acknowledgments The research described in this thesis has been performed at the Universitat¨ Bremen in the Ar- beitsgruppe Rechnernetze headed by Prof. Dr.-Ing. Ute Bormann. Looking back the last one and a half years, many members of this research group have been involved in discussions or the architectural design of the extended personal media network. In particular I would like to thank Prof. Dr.-Ing. Carsten Bormann for supervising my work and pointing me in the right direction when needed. Furthermore, Kevin Loos for mentioning XMPP as a possible core protocol and the teamwork on various TZI projects. In 2007 and 2008, we worked together on the Scalenet and the M4 projects dealing with mobile media and covering a small subset of the possible use cases the architecture developed within the scope of this thesis can cover. These two projects started my research activities in this area. Yet, discussions with Volker Wittpahl and Nicolas Pauluhn at the CeBIT 2006 initially sparked my interest on the concept of extended personal media networks. Even though it took two more years until this thesis was started, these discussions provided me with new (sometimes overdrawn) ideas on the way we could deal with our media assets. During my time at the Arbeitsgruppe Rechnernetze and at the graduate school “Advances in Digital Media” I had the opportunity to work together with many people with various interests and knowledge. They provided me with insight to the fields of networking, security and usabil- ity. I would like to thank all of these people for their support, notably Sebastian Feige for a different view on the topic and some very informative usability conversations. I sincerely appreciate the support I have received from members of the XSF as well as the IETF; first and foremost I would like to thank Peter Saint-Andre, the co-author of the Internet Drafts and some XMPP extensions published within the scope of this thesis. Furthermore, Dave Crid- land, Justin Karneges, Alexey Melnikov, and Eric Rescorla for the fruitful discussions on the mailing lists and during meetings in Brussels and Stockholm on XMPP end-to-end security and TLS. In addition, I would like to thank Klaus Hartke for implementing some of the specifica- tions developed within the scope of this thesis in his XMPP library and giving me some helpful feedback. This thesis would not have been possible without support from the Klaus Tschira Foundation and the graduate school “Advances in Digital Media”—and Prof. Dr. Rainer Malaka for giving me the opportunity to be part of the graduate school. The one-year scholarship gave me the chance to focus on my research. Finally, I would like to thank my friends and family who supported me over the last years; they may not even be aware of their impact on this thesis. Most notably Niels Pollem, Olaf Bergmann, Stefan Prelle, Benjamin Walther-Franks, Andreas Busching,¨ and Alina Sturck¨ for reading parts of this thesis and giving me some final advice, and last but not least Birgit Ruopp for always listening to my (sometimes unjustified) complaints and for moral support. vi Contents 1 Introduction 1 2 Use Cases and Requirements 7 2.1 Use Cases ..................................... 7 2.1.1 Resource Management in the Home Network .............. 7 2.1.2 Access Restrictions ............................ 9 2.1.3 External Services ............................. 10 2.1.4 Remote Control .............................. 11 2.1.5 XPMN Interconnection .......................... 12 2.2 Requirements ................................... 13 2.2.1 Service Provider ............................. 13 2.2.2 Interoperability .............................. 14 2.2.3 Extensibility ............................... 15 2.2.4 Accessibility from Outside the Home Network ............. 15 2.2.5 Network Error Tolerant .......................... 17 2.2.6 Resource Discovery ........................... 18 2.2.7 Device Management ........................... 18 2.2.8 Interaction with Friends ......................... 19 2.2.9 Ease of Use ................................ 20 2.3 Summary ..................................... 21 3 Current Home Networks 23 3.1 State-of-the-Art: UPnP .............................. 23 3.1.1 Overview ................................. 23 3.1.2 Security .................................. 28 3.1.3 Extending UPnP ............................. 31 3.1.4 Comparing UPnP to the XPMN Requirements ............. 32 3.1.5 Summary ................................. 33 3.2 Other Local Coordination Technologies ..................... 34 3.2.1 Zeroconf Networking ........................... 34 3.2.2 D-Bus ................................... 38 3.2.3 Message Bus ............................... 42 3.3 Lessons Learned ................................. 44 4 Beyond the Home Network 47 4.1 Web-based Applications and Services ...................... 47 vii viii CONTENTS 4.1.1 Orb .................................... 47 4.1.2 Web-based UPnP Control Points ..................... 49 4.1.3 Web-based External Services ....................... 51 4.1.4 Media Center Web-Pages ......................... 53 4.1.5 Lessons Learned ............................. 54 4.2 Peer-to-Peer Networks .............................. 55 4.2.1 Architecture of Peer-to-Peer Networks .................. 55 4.2.2 Popular P2P Networks .......................... 56 4.2.3 Lessons Learned ............................. 59 4.3 SIP-based Approach ............................... 61 4.3.1 Overview ................................. 61 4.3.2 NAT Traversal .............................. 63 4.3.3 Applying SIP to the Problem ....................... 64 4.3.4 Lessons Learned ............................. 67 4.4 XMPP-based Approach .............................. 67 4.4.1 XMPP Core ................................ 68 4.4.2 Extensions ................................ 69 4.4.3 “Jabber going Social” .......................... 72 4.4.4 Applying XMPP to the Problem ..................... 74 4.4.5 Lessons Learned ............................. 75 4.5 Summary ..................................... 76 5 Refining the Requirements 79 5.1 Initial Requirements ................................ 79 5.2 Networking Layer ................................. 80 5.2.1 Media Transport