Security for Ad-Hoc Service Information - Threat Analysis of the Service Location Protocol
Key: HS02-1
Author: Matthias Hollick, Ralf Steinmetz
Date: March 2002
Kind: In proceedings
Publisher: it Verlag für Informationstechnik GmbH, Höhenkirchen
Book title: Enterprise Security
Abstract: The discovery of appropriate information about networked services is a fundamental requirement to enable networking, ranging from small-scale ad-hoc to enterprise-scale networks. The IETF’s Service Location Protocol (SLP) allows for lightweight service discovery, targeted towards zero-configuration networking in static and ad-hoc systems which base on Internet technology. Service discovery protocols for ad-hoc usage or introducing dynamic behaviour in large scale systems often declare security optional or do not care for it at all, also we assume dealing with security crucial. This contribution clarifies upon the threats to service information in case of SLP. After a brief description of the protocol mechanisms we present an in depth threat analysis of the Service Location Protocol with respect to service information security from a systems perspective. The possible usage scenarios and corresponding attacks are described and subsequently visualized using attack trees. We conclude with outlining some of the open security issues within SLP.

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.