Universal Plug and Play

[edit]

From Wikipedia, the free encyclopedia

This article needs additional citations for verification. Please help improve thisarticle by adding citations to reliable sources. Unsourced material may be challengedand removed. (October 2011)

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personalcomputers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presenceon the network and establish functional network services for data sharing, communications, and entertainment. UPnP isintended primarily for residential networks without enterprise class devices.

The UPnP technology is promoted by the UPnP Forum. The UPnP Forum is a computer industry initiative to enable simple androbust connectivity to stand-alone devices and personal computers from many different vendors. The Forum consists of overeight hundred vendors involved in everything from consumer electronics to network computing.

The concept of UPnP is an extension of plug-and-play, a technology for dynamically attaching devices directly to a computer,although UPnP is not directly related to the earlier plug-and-play technology. UPnP devices are "plug-and-play" in that whenconnected to a network they automatically establish working configurations with other devices.

Contents [hide]

1 Overview2 Protocol

2.1 Addressing2.2 Discovery2.3 Description2.4 Control2.5 Event notification2.6 Presentation

3 UPnP AV standards4 UPnP AV components

4.1 Media server4.2 Other components

5 NAT traversal6 Problems with UPnP

6.1 Lack of authentication6.2 Accepting WAN requests6.3 Other problems6.4 Vulnerabilities detected in 2013

7 Future developments8 See also9 References10 Books11 External links

OverviewThe UPnP architecture allows device-to-device networking of personal computers, networked home appliances, consumerelectronics devices and wireless devices. It is a distributed, open architecture protocol based on established standards such asthe Internet Protocol Suite (TCP/IP), HTTP, XML, and SOAP. UPnP control points are devices which use UPnP protocols tocontrol UPnP devices.[1]

The UPnP architecture supports zero configuration networking. A UPnP compatible device from any vendor can dynamically joina network, obtain an IP address, announce its name, convey its capabilities upon request, and learn about the presence andcapabilities of other devices. Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers areoptional and are only used if they are available on the network. Devices can disconnect from the network automatically withoutleaving state information.

UPnP was published as a 73-part international standard, ISO/IEC 29341, in December, 2008.[2][3][4]

Other UPnP features include:

Media and device independenceUPnP technology can run on many media that support IP including Ethernet, FireWire, IR (IrDA), home wiring (G.hn) and RF(Bluetooth, Wi-Fi). No special device driver support is necessary; common network protocols are used instead.

User interface (UI) ControlUPnP architecture enables devices to present a user interface through a web browser (see Presentation below).

Operating system and programming language independenceAny operating system and any programming language can be used to build UPnP products. UPnP does not specify orconstrain the design of an API for applications running on control points; OS vendors may create APIs that suit their

Read Edit View historyArticle Talk Search

Main pageContentsFeatured contentCurrent eventsRandom articleDonate to Wikipedia

InteractionHelpAbout WikipediaCommunity portalRecent changesContact Wikipedia

Toolbox

Print/export

Languagesةیبرعلا

CatalàČeskyDanskDeutschEspañolFrançais한국어

ItalianoLietuviųMagyarNederlands日本語

Norsk bokmålPolskiPortuguêsРусскийСрпски / srpskiSuomiSvenskaTürkçeУкраїнська中文

Edit links

Create account Log in

Universal Plug and Play - Wikipedia, the free encyclopedia 1-5-13

https://en.wikipedia.org/wiki/Universal_Plug_and_Play 1 / 5

[edit]

[edit]

[edit]

[edit]

[edit]

[edit]

[edit]

[edit]

customer's needs.[clarification needed]

Programmatic controlUPnP architecture also enables conventional application programmatic control.[clarification needed]

ExtensibilityEach UPnP product can have device-specific services layered on top of the basic architecture. In addition to combiningservices defined by UPnP Forum in various ways, vendors can define their own device and service types, and can extendstandard devices and services with vendor-defined actions, state variables, data structure elements, and variable values.

ProtocolUPnP uses UDP port 1900 and TCP port 2869.[5]

AddressingThe foundation for UPnP networking is IP addressing. Each device must implement a DHCP client and search for a DHCP serverwhen the device is first connected to the network. If no DHCP server is available, the device must assign itself an address. Theprocess by which a UPnP device assigns itself an address is known within the UPnP Device Architecture as AutoIP. In UPnPDevice Architecture Version 1.0,[6] AutoIP is defined within the specification itself; in UPnP Device Architecture Version 1.1,[7]

AutoIP references IETF RFC 3927 .[8] If during the DHCP transaction, the device obtains a domain name, for example, througha DNS server or via DNS forwarding, the device should use that name in subsequent network operations; otherwise, the deviceshould use its IP address.

DiscoveryOnce a device has established an IP address, the next step in UPnP networking is discovery. The UPnP discovery protocol isknown as the Simple Service Discovery Protocol (SSDP). When a device is added to the network, SSDP allows that device toadvertise its services to control points on the network. Similarly, when a control point is added to the network, SSDP allows thatcontrol point to search for devices of interest on the network. The fundamental exchange in both cases is a discovery messagecontaining a few essential specifics about the device or one of its services, for example, its type, identifier, and a pointer to moredetailed information.

DescriptionAfter a control point has discovered a device, the control point still knows very little about the device. For the control point tolearn more about the device and its capabilities, or to interact with the device, the control point must retrieve the device'sdescription from the URL provided by the device in the discovery message. The UPnP description for a device is expressed inXML and includes vendor-specific manufacturer information like the model name and number, serial number, manufacturer name,URLs to vendor-specific web sites, etc. The description also includes a list of any embedded devices or services, as well asURLs for control, eventing, and presentation. For each service, the description includes a list of the commands, or actions, towhich the service responds, and parameters, or arguments, for each action; the description for a service also includes a list ofvariables; these variables model the state of the service at run time, and are described in terms of their data type, range, andevent characteristics.

ControlHaving retrieved a description of the device, the control point can send actions to a device's service. To do this, a control pointsends a suitable control message to the control URL for the service (provided in the device description). Control messages arealso expressed in XML using the Simple Object Access Protocol (SOAP). Much like function calls, the service returns anyaction-specific values in response to the control message. The effects of the action, if any, are modeled by changes in thevariables that describe the run-time state of the service.

Event notificationAn additional capability of UPnP networking is event notification, or eventing. The event notification protocol defined in the UPnPDevice Architecture is known as General Event Notification Architecture (GENA). A UPnP description for a service includes a listof actions the service responds to and a list of variables that model the state of the service at run time. The service publishesupdates when these variables change, and a control point may subscribe to receive this information. The service publishesupdates by sending event messages. Event messages contain the names of one or more state variables and the current value ofthose variables. These messages are also expressed in XML. A special initial event message is sent when a control point firstsubscribes; this event message contains the names and values for all evented variables and allows the subscriber to initialize itsmodel of the state of the service. To support scenarios with multiple control points, eventing is designed to keep all controlpoints equally informed about the effects of any action. Therefore, all subscribers are sent all event messages, subscribersreceive event messages for all "evented" variables that have changed, and event messages are sent no matter why the statevariable changed (either in response to a requested action or because the state the service is modeling changed).

PresentationThe final step in UPnP networking is presentation. If a device has a URL for presentation, then the control point can retrieve apage from this URL, load the page into a web browser, and depending on the capabilities of the page, allow a user to control thedevice and/or view device status. The degree to which each of these can be accomplished depends on the specific capabilities ofthe presentation page and device.

UPnP AV standards

This section may require cleanup to meet Wikipedia's quality standards. Nocleanup reason has been specified. Please help improve this section if you can. (March2011)

Universal Plug and Play - Wikipedia, the free encyclopedia 1-5-13

https://en.wikipedia.org/wiki/Universal_Plug_and_Play 2 / 5

[edit]

[edit]

[edit]

[edit]

[edit]

[edit]

UPnP AV is an audio and video extension of UPnP. On 12 July 2006 the UPnP Forum announced the release of version 2 of theUPnP Audio and Video specifications,[9] with new MediaServer version 2.0 and MediaRenderer version 2.0 classes. Theseenhancements are created by adding capabilities to the MediaServer and MediaRenderer device classes that allow a higher levelof interoperability between MediaServers and MediaRenderers from different manufacturers. Some of the early devices complyingwith these standards were marketed by Philips under the Streamium brand name.

The UPnP AV standards have been referenced in specifications published by other organizations including Digital Living NetworkAlliance Networked Device Interoperability Guidelines,[10] International Electrotechnical Commission IEC 62481-1,[11] and CableTelevision Laboratories OpenCable Home Networking Protocol.[12]

UPnP AV components

Media serverA UPnP AV media server is the UPnP-server (a 'master' device) that provides media library information and streams media-data (like audio/video/picture/files) to UPnP-clients on the network. It is a computer system or a similar digital appliance thatstores digital media, such as photographs, movies, or music and shares these with other devices.

UPnP AV media servers provide a service to UPnP AV client devices, so called control points, for browsing the media content ofthe server and request the media server to deliver a file to the control point for playback.

UPnP media servers are available for most operating systems and many hardware platforms. UPnP AV media servers can eitherbe categorized as software-based or hardware-based. Software-based UPnP AV media servers can be run on a PC. Hardware-based UPnP AV media servers may run on any NAS devices or any specific hardware for delivering media, such as a DVR. Asof May 2008, there were more software-based UPnP AV media servers than there were hardware-based servers.

Other componentsUPnP MediaServer ControlPoint - which is the UPnP-client (a 'slave' device) that can auto-detect UPnP-servers on thenetwork to browse and stream media/data-files from them.UPnP MediaRenderer DCP - which is a 'slave' device that can render (play) content.UPnP RenderingControl DCP - control MediaRenderer settings; volume, brightness, RGB, sharpness, and more.UPnP Remote User Interface (RUI) client/server - which sends/receives control-commands between the UPnP-client andUPnP-server over network, (like record, schedule, play, pause, stop, etc.).

Web4CE (CEA 2014) for UPnP Remote UI[13] - CEA-2014 standard designed by Consumer Electronics Association'sR7 Home Network Committee. Web-based Protocol and Framework for Remote User Interface on UPnP Networks andthe Internet (Web4CE). This standard allows a UPnP-capable home network device to provide its interface (display andcontrol options) as a web page to display on any other device connected to the home network. That means that one cancontrol a home networking device through any web-browser-based communications method for CE devices on a UPnPhome network using ethernet and a special version of HTML called CE-HTML.

QoS (Quality of Service) - is an important (but not mandatory) service function for use with UPnP AV (Audio and Video).QoS (Quality of Service) refers to control mechanisms that can provide different priority to different users or data flows, orguarantee a certain level of performance to a data flow in accordance with requests from the application program. SinceUPnP AV is mostly to deliver streaming media that is often near real-time or real-time audio/video data which it is critical tobe delivered within a specific time or the stream is interrupted. QoS (Quality of Service) guarantees are especially important ifthe network capacity is limited, for example public networks, like the internet.

QoS (Quality of Service) for UPnP consist of Sink Device (client-side/front-end) and Source Device (server-side/back-end) service functions. With classes such as; Traffic Class that indicates the kind of traffic in the traffic stream, (forexample, audio or video). Traffic Identifier (TID) which identifies data packets as belonging to a unique traffic stream.Traffic Specification (TSPEC) which contains a set of parameters that define the characteristics of the traffic stream,(for example operating requirement and scheduling). Traffic Stream (TS) which is a unidirectional flow of data thatoriginates at a source device and terminates at one or more sink device(s).

Remote Access - defines methods for connecting UPnP device sets that are not in the same multicast domain.

NAT traversalOne solution for NAT traversal, called the Internet Gateway Device Protocol (IGD Protocol), is implemented via UPnP. Manyrouters and firewalls expose themselves as Internet Gateway Devices, allowing any local UPnP control point to perform a varietyof actions, including retrieving the external IP address of the device, enumerate existing port mappings, and add or remove portmappings. By adding a port mapping, a UPnP controller behind the IGD can enable traversal of the IGD from an external addressto an internal client.

Problems with UPnP

Lack of authenticationThe UPnP protocol, as default, does not implement any authentication, so UPnP device implementations must implement theirown authentication mechanisms, or implement the Device Security Service.[14] There also exists a non-standard solution calledUPnP-UP (Universal Plug and Play - User Profile)[15][16] which proposes an extension to allow user authentication andauthorization mechanisms for UPnP devices and applications.

Unfortunately, many UPnP device implementations lack authentication mechanisms, and by default assume local systems andtheir users are completely trustworthy.[17][18]

Most notably, routers and firewalls running the UPnP IGD protocol are vulnerable to attack since the framers of the IGDimplementation omitted a standard authentication method. For example, Adobe Flash programs are capable of generating aspecific type of HTTP request which allows a router implementing the UPnP IGD protocol to be controlled by a malicious web

Universal Plug and Play - Wikipedia, the free encyclopedia 1-5-13

https://en.wikipedia.org/wiki/Universal_Plug_and_Play 3 / 5

[edit]

[edit]

[edit]

[edit]

[edit]

[edit]

site when someone with a UPnP-enabled router simply visits that web site.[19] This only applies to the "firewall-hole-punching"-feature of UPnP; it does not apply when the IGD does not support UPnP or UPnP has been disabled on the IGD. Also, not allrouters can have such things as DNS server settings altered by UPnP because much of the specification (including LAN HostConfiguration) is optional for UPnP enabled routers.[20]

Accepting WAN requestsIn 2011, researcher Daniel Garcia developed a tool designed to exploit a flaw in some UPnP IGD device stacks that allow UPnPrequests from the WAN.[21][22] The tool was made public at DEFCON 19 and allows portmapping requests to external IPaddresses from the device and internal IP addresses behind the NAT. The problem is widely propagated around the world, withscans showing millions of vulnerable devices at a time.[23]

Other problemsUPnP uses HTTP over UDP (known as HTTPU and HTTPMU for unicast and multicast). HTTP communication usually takesplace over TCP/IP connections. The default port is TCP 80, but other ports can be used. This does not preclude HTTP from beingimplemented on top of any other protocol on the Internet, or on other networks. UPnP uses UDP due to its lower overhead in notrequiring confirmation of received data and retransmission of crc failed packets. As streaming media is time sensitive this hasproven a good compromise, even though this is specified only in an Internet-Draft that expired in 2001. Archived December 30,2006 at the Wayback Machine

UPnP does not have a lightweight authentication protocol, while the available security protocols are complex. As a result,some UPnP devices ship with UPnP turned off by default as a security measure.

Vulnerabilities detected in 2013January 2013 the security company Rapid7 in Boston reported[24] on a six-month research programme. A team scanned forsignals from UPnP-enabled devices announcing their availability for internet connection. Some 6900 network-aware productsfrom 1500 companies at 81 million IP-addresses responded to their requests. 80% of the devices are home routers, othersinclude printers, webcams and surveillance cameras. Using the UPnP-protocol, many of those devices can be accessed and/ormanipulated.

Future developments

This section may require cleanup to meet Wikipedia's quality standards. Nocleanup reason has been specified. Please help improve this section if you can. (March2011)

UPnP continues to be actively developed. In the fall of 2008, the UPnP Forum ratified the successor to UPnP 1.0, UPnP 1.1.[25]

See [26] for documents describing the published standard.

The DPWS standard was a candidate successor to UPnP, but UPnP 1.1 was selected by the Forum.

The UPnP Internet Gateway Device (IGD)[27] standard has a WANIPConnection service that contains a competing solutionknown as NAT-PMP, which is an IETF draft introduced by Apple Inc. in 2005. However, NAT-PMP is focused only on NATtraversal. Version 2 of IGD is currently under development.[28]

See alsoComparison of UPnP AV media serversDevices Profile for Web ServicesDigital Living Network Alliance (DLNA)List of UPnP AV media servers and clientsZeroconf

References1. ̂"Using the UPnP Control Point API" . Microsoft. Retrieved 2011-03-02.2. ̂International Electrotechnical Commission, 2008-12-09. Retrieved on 2009-05-07.3. ̂International Organization for Standardization "ISO/IEC standard on UPnP device architecture makes networking simple and

easy" , 2008-12-10. Retrieved on 2009-05-07.4. ̂UPnP Forum "UPnP Specifications Named International Standard for Device Interoperability for IP-based Network Devices" ,

2009-02-05. Retrieved on 2009-05-07.5. ̂"How Windows Firewall affects the UPnP framework in Windows XP Service Pack 2" . Microsoft. Retrieved 2012-05-14.6. ̂UPnP Forum, UPnP Device Architecture version 1.0 , 2008-04-247. ̂UPnP Forum, UPnP Device Architecture version 1.1 , 2008-10-158. ̂Cheshire, S., et al, IETF RFC 3927 , "Dynamic Configuration of IPv4 Link-Local Addresses", May 20059. ̂"UPnP Forum Releases Enhanced AV Specifications Taking Home Network to the Next Level" (PDF). 2006-07-12. Retrieved

2012-05-14.10. ̂Digital Living Network Alliance, DLNA Networked Device Interoperability Guidelines , 2006-1011. ̂International Electrotechnical Commission, IEC 62481-1 ,"Digital living network alliance (DLNA) home networked device

interoperability guidelines - Part 1: Architecture and protocols", 2007-08-3012. ̂Cable Television Laboratories, OpenCable Home Networking Protocol , 2006-06-3013. ̂"Web4CE (CEA 2014) for UPnP Remote UI (www.ce.org/standards)" .14. ̂"Device Security and Security Console V 1.0" .15. ̂"UPnP-UP - Universal Plug and Play - User Profile" .16. ̂"A UPnP extension for enabling user authentication and authorization in pervasive systems" .17. ̂"Shorewall firewall author on UPnP security" . Retrieved 2007-09-30.18. ̂"Linux-IGD authors on UPnP security" . Retrieved 2007-09-30.

Universal Plug and Play - Wikipedia, the free encyclopedia 1-5-13

https://en.wikipedia.org/wiki/Universal_Plug_and_Play 4 / 5

Privacy policy About Wikipedia Disclaimers Contact Wikipedia Mobile view

This page was last modified on 12 March 2013 at 20:06.

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Useand Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.

[edit]

[edit]

19. ̂"Flash UPnP attack" .20. ̂"Internet Gateway Device (IGD) V 1.0" . UPnP Forum. November 12, 2001.21. ̂"UPnP Mapping" .22. ̂"US-CERT Vulnerability Note VU#357851" .23. ̂Millions of devices vulnerable via UPnP - Update , The H, 2013-01-30, retrieved 2013-02-0224. ̂"Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play." . Retrieved 2013-02-09.25. ̂"UPnP 1.1 - designing for performance & compatibility (Consumer Electronics, IEEE Transactions on)" .26. ̂http://www.upnp.org/resources/documents.asp27. ̂"UPnP InternetGateway:1" .28. ̂"UPnP Forum Gateway Working Committee: IGD:2 Improvements over IGD:1" .

BooksGolden G. Richard: Service and Device Discovery : Protocols and Programming, McGraw-Hill Professional, ISBN 0-07-137959-2Michael Jeronimo, Jack Weast: UPnP Design by Example: A Software Developer's Guide to Universal Plug and Play, IntelPress, ISBN 0-9717861-1-9

External linksThe UPnP ForumISO/IEC 29341-1:2011upnp-database.info Community-based database of UPnP/AV Devices.

Categories: Network protocols Windows administration Windows communication and services Digital mediaMobile content Servers (computing) Media servers

Universal Plug and Play - Wikipedia, the free encyclopedia 1-5-13

https://en.wikipedia.org/wiki/Universal_Plug_and_Play 5 / 5