Networks such as Ethernet (Intranet, Internet), wireless (cell phone,
WiFi), and power-line communication (PLC) each consist of a server or
base station and the nodes or network devices. Such networks have
spawned a wide array of network-capable devices.
To implement a controlled and reliable network, however, you face
two challenges: any device connected to the network must be authentic,
and it should also allow remote feature upgrades from the server.
But verifying the authenticity of a network-connected device can be
difficult. And a non-authentic device can jeopardize the provider's
revenue stream by degrading performance and frustrating users.
Providers, however, can capture a second potential revenue stream by
allowing the users of authentic network devices to purchase feature
upgrades enabled remotely by the providers' servers.
1.Providers don't usually have access to local networks (left) after
they are in customer's hands. Remote networks (right) allow access to
the server even after the system is in place.
What is authentication and what
Authentication is the process whereby two objects (the server and a
network device in this case) establish proof of their identity. The
form of authentication must not be easily duplicated or emulated by a
nonauthorized or clone manufacturer.
The best way to implement this authentication is with an onboard
token. A microprocessor in the network device performs the
authentication by communicating with the authentication token. Then, by
limiting access to a properly configured authentication token, you can
prevent any unauthorized reproduction of the network device.
A local network is one in which the server is close to the network
devices, and not easily updated by the manufacturer. Consider, for
example, a printer with accessory modules such as toner cartridges. The
server in this case is a microprocessor in the printer, and the network
devices are the modules.
A remote network is one in which the server is in a secure
environment, yet remains accessible by the provider of the service.
Remote networks present some difficulties, such as communication over
unsecured links, but they actually offer a benefit: decisions by a
central server can be used to augment and circumvent potential attacks
on the network after it is installed (Figure
A closer look at the remote server environment and the costs vs.
advantages for several methods of controlling access can provide
insight regarding the implementation of an authentication scheme in
your system. The various methods include simple password
authentication, symmetric key authentication, public key
authentication, and hash authentication. The following discussion also
covers the benefit of enabling remote feature upgrades to network
2. Step 3 in the communication sequence for password authentication is
susceptible to eavesdropping.
Simple password authentication
Authentication can be as simple as the acceptance of a password. This
approach is relatively inexpensive because it requires no additional
hardware or software encryption/authentication algorithms.
A password transmitted in the clear, however, over the communication
channel, can easily be intercepted and later cloned (Figure 2 above). The simple password
approach is therefore relatively weak (Table
1. Password-only attributes
For basic password authentication, the network device and server
must have an agreed-upon secret password. If the network device has a
unique identifier, then that identifier can serve as a password unique
to that device.