- Universal Plug and Play
Universal Plug and Play (UPnP) is a set of
computer networkprotocols promulgated by the UPnP Forum.The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home (data sharing, communications, and entertainment) and corporate environments. UPnP achieves this by defining and publishing UPnP device control protocols built upon open, Internet-based communication standards.
The term UPnP is derived from
plug-and-play, a technology for dynamically attaching devices directly to a computer.
The [http://www.upnp.org/resources/upnpresources.zip UPnP architecture] allows
peer-to-peernetworking of PCs, networked appliances, and wirelessdevices. It is a distributed, open architecture based on established standards such as TCP/IP, UDP, HTTPand XML.
The UPnP architecture supports
zero-configurationnetworking. A UPnP compatible device from any vendorcan dynamically join a network, obtain an IP address, announce its name, convey its capabilities upon request, and learn about the presence and capabilities of other devices. DHCP and DNS servers are optional and are only used if they are available on the network. Devices can leave the network automatically without leaving any unwanted state information behind.
Other UPnP features include:; Media and device
independence: UPnP technology can run on many media that support IP including Ethernet, FireWire, IR ( IrDA), power lines (PLC) and RF ( Bluetooth, Wi-Fi). No special device driversupport is necessary; common protocols are used instead. ; User interface(UI) Control: UPnP architecture enables vendor control over device user interface and interaction using the web browser. ; Operating systemand programming languageindependence: Any operating system and any programming language can be used to build UPnP products. UPnP does not specify or constrain the design of an APIfor applications running on control points; OS vendors may create APIs that suit their customer's needs. UPnP enables vendor control over device UI and interaction using the browser as well as conventional application programmatic control.; Programmatic control: UPnP architecture also enables conventional application programmatic control. ; Extensibility: Each UPnP product can have device-specific services layered on top of the basic architecture.
The foundation for UPnP networking is IP addressing. Each device must have a Dynamic Host Configuration Protocol (DHCP) client and search for a DHCP server when the device is first connected to the network. If no DHCP server is available, that is, the network is unmanaged, the device must assign itself an address. If during the DHCP transaction, the device obtains a domain name, for example, through a DNS server or via
DNS forwarding, the device should use that name in subsequent network operations; otherwise, the device should use its IP address.
Given an IP address, the first step in UPnP networking is discovery. When a device is added to the network, the UPnP discovery protocol allows that device to advertise its services to control points on the network. Similarly, when a control point is added to the network, the UPnP discovery protocol allows that control point to search for devices of interest on the network. The fundamental exchange in both cases is a discovery message containing a few, essential specifics about the device or one of its services, for example, its type, identifier, and a pointer to more detailed information. The UPnP discovery protocol is based on the
Simple Service Discovery Protocol(SSDP).
The next step in UPnP networking is description. After a control point has discovered a device, the control point still knows very little about the device. For the control point to learn more about the device and its capabilities, or to interact with the device, the control point must retrieve the device's description from the URL provided by the device in the discovery message. The UPnP description for a device is expressed in
XMLand includes vendor-specific, manufacturer information like the model name and number, serial number, manufacturer name, URLs to vendor-specific web sites, etc. The description also includes a list of any embedded devices or services, as well as URLs for control, eventing, and presentation. For each service, the description includes a list of the commands, or actions, to which the service responds, and parameters, or arguments, for each action; the description for a service also includes a list of variables; these variables model the state of the service at run time, and are described in terms of their data type, range, and event characteristics.
The next step in UPnP networking is control. After a control point has retrieved a description of the device, the control point can send actions to a device's service. To do this, a control point sends a suitable control message to the control URL for the service (provided in the device description). Control messages are also expressed in XML using the Simple Object Access Protocol (SOAP). Like
function calls, in response to the control message, the service returns any action-specific values. The effects of the action, if any, are modeled by changes in the variables that describe the run-time state of the service.
The next step in UPnP networking is event notification, or "eventing". A UPnP description for a service includes a list of actions the service responds to and a list of variables that model the state of the service at run time. The service publishes updates when these variables change, and a control point may subscribe to receive this information. The service publishes updates by sending event messages. Event messages contain the names of one or more state variables and the current value of those variables. These messages are also expressed in XML and formatted using the General Event Notification Architecture (
GENA). A special initial event message is sent when a control point first subscribes; this event message contains the names and values for all evented variables and allows the subscriber to initialize its model of the state of the service. To support scenarios with multiple control points, eventing is designed to keep all control points equally informed about the effects of any action. Therefore, all subscribers are sent all event messages, subscribers receive event messages for all "evented" variables that have changed, and event messages are sent no matter why the state variable changed (either in response to a requested action or because the state the service is modeling changed).
The final step in UPnP networking is presentation. If a device has a URL for presentation, then the control point can retrieve a page from this URL, load the page into a
web browser, and depending on the capabilities of the page, allow a user to control the device and/or view device status. The degree to which each of these can be accomplished depends on the specific capabilities of the presentation page and device.
UPnP AV (Audio and Video) standards
UPnP AV stands for
UPnPAudio and Video, and is a grouping within the UPnP standards supervised by the DLNA (Digital Living Network Alliance), (formerly: Digital Home Working Group), which is a forum of vendors and manufacturers who work in the home entertainment industry, and offer a "DLNA CERTIFIED™" branding for those products which follow their Networked Device Interoperability Guidelines. The DLNA forum members "share a vision of a wired and wireless interoperable network of Personal Computers (PC), Consumer Electronics (CE) and mobile devices in the home enabling a seamless environment for sharing and growing new digital media and content services," and "DLNA is focused on delivering an interoperability framework of design guidelines based on open industry standards to complete the cross-industry digital convergence". On 12 July 2006 the UPnP Forumannounced the release of 'Enhanced AV Specifications', this release was version 2 of the UPnP Audio and Video specifications ( [http://www.upnp.org/news/documents/AV2_PR20060712.pdf UPnP AV v2] ), with new MediaServer version 2.0 and MediaRenderer version 2.0 classes. These enhancements are created by adding capabilities to the UPnP AV MediaServer and MediaRenderer device classes that allow a higher level of interoperability between MediaServers and MediaRenderers from different manufacturers.Some of the early devices complying with these standards were marketed by Philipsunder the Streamiumbrand name..
UPnP AV components
*UPnP MediaServer DCP - which is the UPnP-server (a 'slave' device) that shares/streams media-data (like audio/video/picture/files) to UPnP-clients on the network.
*UPnP MediaServer ControlPoint - which is the UPnP-client (a 'master' device) that can auto-detect UPnP-servers on the network to browse and stream media/data-files from them.
*UPnP MediaRenderer DCP - which is a 'slave' device that can render content.
*UPnP RenderingControl DCP - control MediaRenderer settings; volume, brightness, RGB, sharpness, and more).
*UPnP Remote User Interface (RUI) client/server - which sends/receives control-commands between the UPnP-client and UPnP-server over network, (like record, schedule, play, pause, stop, etc.).
**Web4CE (CEA 2014) for UPnP Remote UI [cite web | url = http://www.ce.org/standards | title = Web4CE (CEA 2014) for UPnP Remote UI (www.ce.org/standards)] - CEA-2014 standard designed by
Consumer Electronics Association's R7 Home Network Committee. Web-based Protocol and Framework for Remote User Interface on UPnP Networks and the Internet(Web4CE). This standard allows a UPnP-capable home network device to provide its interface (display and control options) as a web pageto display on any other device connected to the home network. That means that you can control a home networking device through any web-browser-based communications method for CE devices on a UPnP home network using ethernetand a special version of HTMLcalled CE-HTML.
*QoS (Quality of Service) - is an important (but not mandatory) service function for use with UPnP AV (Audio and Video). QoS (Quality of Service) refers to control mechanisms that can provide different priority to different users or data flows, or guarantee a certain level of performance to a data flow in accordance with requests from the application program. Since UPnP AV is mostly to deliver
streaming mediathat is often near real-timeor real-time audio/video data which it is critical to be delivered within a specific time or the stream is interrupted. QoS (Quality of Service) guarantees are especially important if the network capacity is limited, for example public networks, like the internet.
**QoS (Quality of Service) for UPnP consist of Sink Device (client-side/front-end) and Source Device (server-side/back-end) service functions. With classes such as; Traffic Class that indicates the kind of traffic in the traffic stream, (for example, audio or video). Traffic Identifier (TID) which identifies data packets as belonging to a unique traffic stream. Traffic Specification (TSPEC) which contains a set of parameters that define the characteristics of the traffic stream, (for example operating requirement and scheduling). Traffic Stream (TS) which is a unidirectional flow of data that originates at a source device and terminates at one or more sink device(s).
One solution for NAT (Network Address Translation) traversal, called the Internet Gateway Device (IGD) Protocol, is implemented via UPnP. Many routers and firewalls expose themselves as Internet Gateway Devices, allowing any local UPnP controller to perform a variety of actions, including retrieving the external IP address of the device, enumerate existing port mappings, and adding and removing port mappings. By adding a port mapping, a UPnP controller behind the IGD can enable traversal of the IGD from an external address to an internal client.
Problems with UPnP
Lack of Authentication
The UPnP protocol does not implement any
authentication, so UPnP device implementations must implement their own authentication mechanisms, or implement the Device Security Service. [cite web | title=Device Security and Security Console V 1.0 |url=http://www.upnp.org/standardizeddcps/security.asp] Unfortunately, many UPnP device implementations lack authentication mechanisms, and by default assume local systems and their users are completely trustworthy. [cite web | title= Shorewall firewall author on UPnP security | url=http://www.shorewall.net/UPnP.html | accessdate= 2007-09-30 ] [cite web | title= Linux-IDG authors on UPnP security | url=http://linux-igd.sourceforge.net/documentation.php#SECURITY | accessdate= 2007-09-30 ] Most notably, Routersand firewalls running the UPnP IGD protocol are vulnerable to attack since the framers of the UPnP implementation omitted to add any standard authentication method.
Adobe Flashprograms are capable of generating HTTPU( HTTPover UDP) requests. This allows a router implementing the UPnP IGD protocol to be controlled by a malicious web site when someone with a UPnP-enabled router simply visits that web site. [cite web | title=Flash UPnP attack|url=http://www.gnucitizen.org/blog/hacking-the-interwebs ] The following changes can be made silently by code embedded in an Adobe Flashobject hosted on a malicious website [cite web|url=http://www.gnucitizen.org/blog/flash-upnp-attack-faq|title=Flash UPnP Attack FAQ|date=January 14, 2008|publisher=gnucitizen.org] :
* Port forward internal services (ports) to the router external facing side (i.e. expose computers behind a
firewallto the internet)
* Port forward the router's web administration interface to the external facing side
Port forwardingto any external server located on the Internet, effectively allowing an attacker to attack an Internet host via the router, while hiding their IP address
* Change DNS server settings so that when victims believe they are visiting a particular site (such as an on-line bank), they are redirected to a malicious website instead.
* Change the DNS server settings so that when a victim receives any software updates (from a source that isn't properly verified via some other mechanism, such as a checking a digital certificate has been signed by a trusted source), they download malicious code instead.
* Change administrative
credentials to the router/firewall
* Change PPP settings
* Change IP settings for all interfaces
* Terminate connections
This only applies to the "firewall-hole-punching"-feature of UPnP; it does not apply when the IGD does not support UPnP or UPnP has been disabled on the IGD.Fact|date=January 2008 Also, not all routers can have such things as DNS server settings altered by UPnP because much of the specification (including LAN Host Configuration) is optional for UPnP enabled routers [cite web|url=http://www.upnp.org/standardizeddcps/igd.asp|title=Internet Gateway Device (IGD) V 1.0|date=November 12, 2001|publisher=UPnP Forum] .
* UPnP uses
HTTPover UDP (known as HTTPUand HTTPMUfor unicastand multicast), even though this is not standardized and is specified only in an Internet-Draftthat expired in 2001. [http://www.upnp.org/download/draft-goland-http-udp-04.txt]
* UPnP does not have a lightweight
authentication protocol, while the available security protocols are complex. As a result, some UPnP devices ship with UPnP turned off by default as a security measure.
The standard DPWS is a candidate successor for UPnP. It solves many of the problems of UPnP. A DPWS client is included in
Microsoft Windows Vistaas part of the Windows Rallytechnologies.
Another alternative, NAT-PMP, is an
IETFdraft introduced by Apple Incin 2005.
Golden G. Richard: Service and Device Discovery : Protocols and Programming, McGraw-Hill Professional, ISBN 0-07-137959-2
Michael Jeronimo, Jack Weast: UPnP Design by Example: A Software Developer's Guide to Universal Plug and Play, Intel Press, ISBN 0-9717861-1-9
Devices Profile for Web Services
Digital Living Network Alliance
UPnP AV MediaServersA list of Media Servers and Players
Zeroconfand Bonjour (software)
* [http://upnp.org/standardizeddcps/default.asp UPnP™ Forum Universal Plug and Play Device Standards]
* [http://www.upnp.org UPnP™ Forum]
* [http://www.dlna.org DLNA (Digital Living Network Alliance)]
* [http://developer.java.sun.com/developer/technicalArticles/jini/JiniVision/jiniology.html The Jini, Vision]
* [http://www.cswl.com/whitepapers/upnp-devices.html technique comparison]
* [http://www.microsoft.com/whdc/device/netattach/upnp/default.mspx Microsoft WHDC UPnP webpage & links]
* [http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/upnpxp.mspx Universal Plug and Play in Windows XP]
* [http://www.knoxscape.com/Upnp/NAT.htm Programmatically Controlling a UPnP-Capable Firewall] is a document providing some basic information about coding UPnP software controllers (VBScript example source code included).
* [http://www.upnp-hacks.org Hacking with UPnP]
* [http://www.last100.com/2008/05/27/dlna-certified/ DLNA certified: how your computer, cellphone, games console, media streamer and other devices can play nicely together]
* [http://www.kb.cert.org/vuls/id/347812 Vulnerability Note VU#347812 - UPnP enabled by default in multiple devices] at United States Department of Homeland Security - Computer Emergency Readiness Team (Wednesday, 9 April 2008).
* [http://www.theinquirer.net/default.aspx?article=38860 Security firm predicts Microsoft Windows UPnP exploit by the end of the week] at The Inquirer (Wednesday, 11 April 2007).
* [http://www.microsoft.com/athome/security/update/bulletins/200704.mspx Microsoft security updates for April 2007] to fix the above
Microsoft WindowsUPnP security issue.
* [http://www.gnucitizen.org/blog/hacking-the-interwebs How to use Flash and UPnP to punch holes in most home firewalls] at GNUCITIZEN (Saturday, 12 January 2008).
* [http://www.upnpworks.alcidelic.com/ UPnP Port Works (alias UPnPW)] is a software implementation to configure UPnP devices via commandline.
* [http://www.gupnp.org/ GUPnP] is an object-oriented open source framework for creating UPnP devices and control points, written in C using
GObjectand [http://live.gnome.org/LibSoup libsoup] .
* [http://pupnp.sourceforge.net/ Portable SDK for UPnP Devices] provides an API and open source code for building control points, devices, and bridges compliant with UPnP Device Architecture Specification v1.0 and support operating systems like Linux, *BSD, Solaris and others.
* [http://barracudaserver.com/UPnP.html Barracuda UPnP] Device and Control Point SDK for embedded devices.
* [http://www.grc.com/unpnp/unpnp.htm Unplug n' Pray] Utility to disable unnecessary UPnP servers running on home Windows machines.
* [https://coherence.beebits.net/ Coherence] Some free DLNA/UPnP tools (MediaServer/MediaRender) with a python framework. Running on Linux/BSD/Windows
* [http://brisa.garage.maemo.org/ BRisa] BRisa is written in Python for
Internet Tablet OSor other Unix platforms. It enables to create MediaServer/MediaRenderer devices allowing users to share and search content from UPnP A/V devices. It will offer a plugin architecture enabling new services such as Flickr to be added as UPnP services.
* [http://www.jrmediacenter.com J. River Media Center] includes a UPnP server (aka UPnP Device) for its library.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Universal plug and play — Pile de protocoles 7 • Application 6 • Présentation 5 • Session 4 • Tr … Wikipédia en Français
Universal Plug and Play — универсальная автоматическая настройка сетевых устройств. Реализация технологии автоматической настройки сети Linux и Windows. Состоит из набора сопутствующих протоколов. Содержание 1 Что такое UPnP? 2 Что означает технология UPnP для… … Википедия
Universal plug-and-play — универсальная автоматическая настройка сетевых устройств. Реализация технологии автоматической настройки сети Linux и Windows. Состоит из набора сопутствующих протоколов. Содержание 1 Что такое UPnP? 2 Что означает технология UPnP для… … Википедия
Universal Plug and Play — (UPnP) dient zur herstellerübergreifenden Ansteuerung von Geräten (Stereoanlagen, Router, Drucker, Haussteuerungen) über ein IP basierendes Netzwerk, mit oder ohne zentrale Kontrolle durch ein Residential Gateway. Es basiert auf einer Reihe von… … Deutsch Wikipedia
Universal Plug and Play — [dt. »universelles Einstecken und Loslegen«] (UPnP), Projekt für die Erweiterung des Konzepts Plug and Play hin zu einer Middleware, die in jedem Haus eine Vernetzung aller »intelligenten« Geräte ermöglicht, einschließlich der… … Universal-Lexikon
Universal Plug and Play — (UPnP) Conectar y Usar Universal, es una arquitectura software abierta y distribuida que de forma independiente al fabricante, sistema operativo, lenguaje de programación, etc. permite el intercambio de información y datos a los dispositivos… … Wikipedia Español
Universal Plug and Play — Pile de protocoles 7. Application 6. Présentation 5. Session 4. Tr … Wikipédia en Français
Plug-and-Play — (englisch für „Einstecken und Abspielen“ oder „Anschließen und Loslegen“), auch Plug n Play oder Plug Play (kurz PnP) genannt, ist ein Begriff aus dem Gebiet der Computertechnologie, mit dem man die Eigenschaft eines Computers beschreibt, neue… … Deutsch Wikipedia
Plug and play — (englisch für „Einstecken und Abspielen“ oder „Anschließen und Loslegen“), auch Plug n Play oder Plug Play (kurz PnP) genannt, ist ein Begriff aus dem Gebiet der Computertechnologie, mit dem man die Eigenschaft eines Computers beschreibt, neue… … Deutsch Wikipedia
Plug-and-Play — Le Plug and Play (l abréviation PnP est également utilisée), qui signifie littéralement connecter et jouer ou branche et utilise, est une procédure permettant aux périphériques récents d être reconnus rapidement et automatiquement par le système… … Wikipédia en Français