ZigBee 세미나 071109.ppt [호환 모드]winner.ajou.ac.kr/publication/data/invited/20071109.pdf · 2008-03-21 · Device types FFD (Full Function Device) A device capable of operating

ZigBeeZigBee SecuritySecurity

2007 11 092007. 11. 09.국가보안기술연구소

김 재 현

[email protected] Information aNd Network Engineering Research Lab.

School of Electrical and Computer Engineering p g gAjou University, Korea

AgendaAgenda

ZigBee Overviewg

ZigBee Security

Security Stack Implementation

Improvement of Authentication Procedure d P f A l iand Performance Analysis

ConclusionConclusion

Jae Hyun KimAjou University 1

AgendaAgenda

ZigBee Overviewg

ZigBee Security





The ZigBee AllianceThe ZigBee Alliance

User wants network which allows…

Low power consumptionUsers expect battery to last months to years!

Low cost

High density of nodes per networkHigh density of nodes per network

Simple protocol, global implementation

But…

Standard in a fragmented marketS a da d a ag e ed a eMany proprietary solutions have interoperability issues



Organized as an independent, neutral, nonprofit corporation in 2002

Open and globalOpen and globalAnyone can join and participate

Membership is globalMembership is global

Activity includes Specification creation

Certification and compliance programs

Branding, market development, and user education



Has made its specification publicly availableZigBee is open to all-ZigBee 2006 now available

http://www.zigbee.org/

ZigBee 2007 is on going


ZigBee Alliance MembersZigBee Alliance Members

and many more....


Applications of ZigBeeApplications of ZigBee

securityHVAC

ZigBee CONSUMER

TVVCRDVD/CDremoteBUILDING

HVACAMR

lighting controlaccess control ZigBee

Wireless Control that Simply Works

ELECTRONICS remoteAUTOMATION

patient

PC & PERIPHERALS

PERSONAL HEALTH CARE

mousekeyboardjoystick

monitoringfitness

monitoring

TELECOM SERVICES

security

PERIPHERALS

asset mgtt l

HEALTH CARE

m-commerceinfo servicesobject interaction (Internet of Things)

HOME CONTROL

securityHVAClighting controlaccess control

INDUSTRIALCONTROL

process controlenvironmental

energy mgt


(Internet of Things) irrigation

ZigBee HistoryZigBee History

December 14, 2004ZigBee v.1.0 draft ratified

February 17, 2006ZigBee Specification r06

December 1, 2006,Release ZigBee-2006 Specification

May 31 2007May 31, 2007ZigBee-2007 Specification(r16) incorporating errata and clarifications

O t b 19 2007October 19, 2007ZigBee-2007 Specification(r17) incorporating errata and clarifications


ZigBee OverviewZigBee Overview

Features

Low Rate (Maximum 250Kbps)

Low Cost, Low PowerLow Cost, Low Power

Short Range (10m~80m)

Tree, mesh, star topology


The IEEE 802 Wireless SpaceThe IEEE 802 Wireless Space

WWANWWAN IEEE 802.22

IEEE 802.20

ange

WMANWiMax

IEEE 802.16

R

ZigBeeWLAN WiFi

802.11802.15.4

15.4c802.15.3802.15.3cWPAN

Bluetooth802.15.1

Data Rate (Mbps)0.01 0.1 1 10 100 1000

ZigBee standard uniquely fills a gap ZigBee standard uniquely fills a gap


g ee sta da d u que y s a gapg ee sta da d u que y s a gapfor low data rate applicationsfor low data rate applications

IEEE 802.15 OverviewIEEE 802.15 Overview

802.15.1 802.15.3 WiMedia 802.15.4ObjectivesObjectives Bluetooth High Rate UWB Low Rate/ZigbeejjFrequency Frequency

bandband 2.4~2.4835Ghz 2.4GHz 3.1GHz~10.6GHz 868/915MHz2.4GHz

FH/TDD CSMA/CA, CSMA/CAMACMAC 79 Ch, 1600hop/sec

S-Aloha,TDMA

CSMA/CATDMA

TopologyTopology Piconet,Piconet,

Child piconet, Peer2Peer Star,TopologyTopology ,Scatternet

p ,Neighbor piconet

Peer2Peer ,Peer2peer

Data RateData Rate < 3Mbps(sync.)< 723Kbps(Async ) < 55Mbps 53.3Mbps

~480Mbps 20k~250kbps< 723Kbps(Async.) ~480Mbps

ModulationModulation GFSKQPSK, DQPSK, 16/32/64-QAM (11,22,33,44,55

Mbps)QPSK, DCM

BPSK(868/915MHz)

O-QPSK(2.4GHz)Mbps)

RangeRange 1m(1mW)100m(100mW) 5~10m 10~20m

Major Major Nokia,Sony

Xtremespectrum

HP, Intel, Microsoft Philips Motorola

Jae Hyun KimAjou University 11 11

jjVenderVender Sony,

Ericssonspectrum,

TimedomainMicrosoft, Samsung

Philips, Motorola

Frequency AllocationFrequency Allocation

2MHz 5MHzChannel 1-10 Channel 11-26Channel 0

868MHz 902MHz 928MHz 2.4GHz 2.4835GHz

Jae Hyun KimAjou University 12 12

Basic Network CharacteristicsBasic Network Characteristics

65 536 t k ( li t) d65,536 network (client) nodes

27 h l27 channels

250Kbps data rate250Kbps data rate

Optimized for timing criticalOptimized for timing-critical applications and power management

Network coordinatorFull Function nodeReduced Function nodeg

Full Mesh Networking SupportCommunications flowVirtual links


g pp

Device typesDevice types

FFD (Full Function Device)A device capable of operating as a ZigBee coordinator or router or

device, implementing the complete protocol set.

RFD (Reduced Function Device)A device operating with a minimal implementation of the IEEEA device operating with a minimal implementation of the IEEE

802.15.4 protocol.

Can not be a ZigBee coordinator or routerCan not be a ZigBee coordinator or router


TopologyTopology

ZigBee CoordinatorZigBee Router


ZigBee End Device

<Mesh>

ZigBee Protocol Stack OverviewZigBee Protocol Stack Overview



ZigBee Device Object (ZDO) Initializing APS, NWK layer and Security Service ProviderAssembling configuration information from end applicationsDevice discovery and Service discovery

Application Support Sublayer (APS)Application Support Sublayer (APS) APSDE(APS Data Entity)

Generation of the application level PDU (APDU)Device BindingDevice BindingGroup address filtering

filter group-addressed messages based on endpoint group membership.Reliable transporte ab e a spo

retransmissionDuplicate rejectionFragmentation

APSME(APS Management Entity)Binding managementAIB management


SecurityGroup management


Network(NWK) LayerNLDE(Network Layer Data Entity)NLDE(Network Layer Data Entity)

Generation of the Network level PDU (NPDU)Topology-specific routingSecurity

NLME(Network Layer Management Entity)Configuring a new deviceConfiguring a new deviceStarting a networkJoining, rejoining and leaving a networkAdd iAddressing

ZigBee coordinators and routers can assign addresses to devices joining the network

Route discoveryReception control

control to when the receiver is activated and for how long, enabling MAC sub-layer synchronization or direct reception.


Routing


MAC Layer & PHY Layer : IEEE 802.15.4-2003 (LR-WPAN)Over the air data rates of 250 Kbps 40 Kbps and 20 KbpsOver-the-air data rates of 250 Kbps, 40 Kbps, and 20 Kbps

Star or peer-to-peer operation

Allocated 16-bit short or 64-bit extended addresses

Optional allocation of guaranteed time slots (GTSs): TDMA

Carrier sense multiple access with collision avoidance (CSMA-CA) channel access

Fully acknowledged protocol for transfer reliability (use retransmission)retransmission)

Low power consumption

Energy detection (ED)Energy detection (ED)

Link quality indication (LQI)16 channels in the 2450 MHz band, 10 channels in the 915 MHz b d d 1 h l i h 868 MH b d


band, and 1 channel in the 868 MHz band

Frame StructureFrame Structure


Frame StructureFrame Structure

APS layerExtended header

for fragmentation

NWK layerNWK layerRadius

the range(maximum number of hops) of a radius-limited transmission.Sequence number

prevent routing same packetsSource route subframe

for source routing, store the route information from source to destination

MAC layeryPAN ID

allows communication between devices within a network and enables transmissions between devices another networks


transmissions between devices another networks

AgendaAgenda

ZigBee Overviewg

ZigBee Security





Design objectives for ZigBee SecurityDesign objectives for ZigBee Security

ZigBee devices areb d ti i t llbased on tiny microcontrollershave low memory (code and data)deployed in home/industrial scenariosdeployed in home/industrial scenarios easy to use

So we needencryption primitive must be simple to implement and executelow overhead for key storage / maintenanceflexible enough to support home/industrialeasy to use


Design objectives for ZigBee SecurityDesign objectives for ZigBee Security

Secure the InfrastructureNetwork access controlNetwork access controlIntegrity of packet routingPrevent unauthorized use of packet transportp p

Application data securitypp yMessage integrity

protects message from being modified in transit

A th ti tiAuthenticationprovides assurance on the originator of message

Freshnessprevents replay attacks

Privacyprevents an eavesdropper from listening messages


prevents an eavesdropper from listening messages

History of ZigBee Security

Version r14Entity authentication is addedEntity authentication is addedIncorporating errata and clarifications

Version r15, r16Residential/Commercial mode is changed to Standard/Hi-security modeCommand tunneling is addedCommand tunneling is addedPermission control table is addedIncorporating errata and clarificationsIncorporating errata and clarifications

Version r17Entity authentication is used for frame counter synchronizationMore test vectors for securityIncorporating errata and clarifications


Incorporating errata and clarifications

ZigBee SecurityZigBee Security

- AES : Advanced Encryption Standard, one of block cipher function- CCM : CTR-CBC-MAC mode of operation


- CCM* : CTR-CBC-MAC mode of operation with some modification- CTR : CounTeR mode of operation- CBC-MAC : Cipher-Block Chaining-Message Authentication Code mode of operation

ZigBee Device Types on SecurityZigBee Device Types on Security

Trust center(TC)ZigBee CoordinatorZigBee CoordinatorTrust Manager

Authenticate devices that request to join networkj

Network ManagerMaintains and distributes network keys

Configuration Managerg gEnables end-to-end security between devices by assisting in setup of link keys

RouterRouting security informationLiaison for devices which not haveLiaison for devices which not have network key

End device


End device

Key TypesKey Types

Link keyMaster key Derived using SKKE yBasis of security between two devices (insider protection)Derived using SKKE between

yBasis for long-term security

gtwo devices

Network KeyNetwork Keyshared key : basis of network-wide securityprotects infrastructure and application data from outsider attacks

Keys can be factory-installed or setup over the air or using out-of-band mechanismseavesdropping should be prevented when this is setup

Link and Network keys can be updated periodically


y p p y

* SKKE : Symmetric-Key Key-Establishment

SymmetricSymmetric--Key Key Establishment Key Key Establishment (SKKE) Protocol(SKKE) Protocol


QEU, QEV : 16-byte random sequence


Initiator U Responder V

Secret Key GenerationZ = HashMasterKey(U | V | QEU | QEV)

Secret Key GenerationZ = HashMasterKey(U | V | QEU | QEV)

Key Derivation Functionmackey = Hash(Z | 0x01)linkkey = Hash(Z | 0x02)

Key Derivation Functionmackey = Hash(Z | 0x01)linkkey = Hash(Z | 0x02)

Keyed Hash FunctionMacTag2 = Hashmackey(0x03 | U | V | QEU | QEV)

Keyed Hash FunctionMacTag2' = Hashmackey(0x03 | U | V | QEU | QEV)

(3) Send SKKE-3 frame(with MacTag2)

Compare MacTag2 and MacTag2'(If different, stop SKKE)


* | : Concatenation

V believe that U is correct device


U believe that V is correct device


Standard ModeStandard Mode

Residential mode in ZigBee 2006Provide reduced security in ZigBee

No SKKENo SKKENo device authentication during joining procedureUse only one key type : Network key

Key typeNetwork key

Provides network layer frame security & integrity (protect external attack)integrity (protect external attack)

AdvantageMinimize storageL bili d iLow capability device can act as trust centerTrust center can be easily replaced with another deviceEasy to maintain

DisadvantageCannot protect internal attacksNo authentication during joining procedure


g j g p

HiHi--security Modesecurity Mode

Commercial mode in ZigBee 2006Provide full security in ZigBee

Do SKKE

C : KN , KM,AC, KL,AC KM,BC, KM,BC

Do SKKEDevice authentication during joining procedureUse all key types

D : KN , KM,AD, KL,AD

Key typeMaster keyLink key

S f & B : K K KProvides APS layer frame security & integrity (protect internal attack)

Network keyProvides network layer frame security & A : KN , KM,AB, KL,AB

B : KN , KM,AB, KL,AB KM,BC, KL,BC

integrity (protect external attack)

AdvantageProvide all security functions in ZigBee

ZigBee CoordinatorZigBee Router

KM,AC, KL,AC KM,AD, KM,AD

Provide all security functions in ZigBee

DisadvantageIncrease storage overhead

ZigBee End Device

KN Network Key

K M t k b t A d B


Low capability device cannot act as trust center KL,AB Link key between A and B

KM,AB Master key between A and B

ZigBee Security ServiceZigBee Security Service

128-bit Symmetric Key CryptographyBlock Cipher Mode : 128-bit AES(Advanced EncryptionBlock Cipher Mode : 128-bit AES(Advanced Encryption Standard)Low overheadStrongNIST(National Institute of Standards and Technology) approved securityapproved security

Frame SecurityFrame SecurityEncryption & Message Authentication : AES-CCM*Device level and/or network levelIntegrity is option : 0, 32, 64 or 128 bit MIC(Message Integration Code)

Message protection vs Message overhead


Message protection vs. Message overhead

ZigBee Security ServiceZigBee Security Service

Key ManagementHash

AES MMO(AES M t M O )AES-MMO(AES-Matyas-Meyer-Oseas)Cryptographic Hash

HMAC(keyed-Hash Message Authentication Code) with AES-MMOKey Establishment ProtocolKey Establishment Protocol

SKKE protocolNetwork key & Link key Update

AuthenticationSKKE ProtocolEntity AuthenticationEntity Authentication

Similar to SKKE protocolUse network key instead of master keyNot establish link key

Device ManagementDevice UpdateD i L i


Device Leaving

Example of Frame Security Example of Frame Security (APS layer, Outgoing)(APS layer, Outgoing)

UnsecuredPayload

Frame Counter(4)

Source Address(8)

Security Control(1)

<Nonce N>

Security Level(3bits)

Key Identifier(2bits)

Extended Nonce(1bit)

Reserved(2bits)

000

Link Key

Authentication data

00 CCM* Encryption &

Authentication

Nonce

Security Control(1)

Frame Counter(4)

Key Sequence Number(1)

APS Header Auxiliary frame Header Secured APS payload & MIC


* Colored block represent same value

Example of Frame Security Example of Frame Security (Network layer, Outgoing)(Network layer, Outgoing)

UnsecuredPayload

Frame Counter(4)

Source Address(8)

Security Control(1)

<Nonce N>

Security Level(3bits)

Key Identifier(2bits)

Extended Nonce(1bit)

Reserved(2bits)

011

Network Key

Authentication data

00 CCM* Encryption &

Authentication

Nonce

Security Control(1)

Frame Counter(4)

Source Address(8)

Key Sequence Number(1)

NWK Header Auxiliary frame Header Secured NWK payload & MIC


* Colored block represent same value

Procedures Procedures --Device Authentication & UpdateDevice Authentication & Update

Hi-Security Mode

Receive NWK address

device updatep(a device joined!)

Transport master key(if master key not preconfigured)

Do device authentication and establish link key

Transport network key

Authenticate between router and joiner device


Procedures Procedures --Device Authentication & UpdateDevice Authentication & Update

Standard Mode


Procedures Procedures --Network key updateNetwork key update

TrustCenter Device1 Device2

T t K C d(NWK K N)

Replace alternate or active network key with network key

N

Transport-Key Command(NWK Key, N)

Switch-Key Command(N)

Make network key N the activeMake network key N the active network key or Ignore

Transport-Key Command(NWK Key, N)

Replace alternate or active network key with network key

N

Switch-Key Command(N)

Make network key N the active network key or Ignore


Procedures Procedures --EndEnd--toto--end key establishmentend key establishment


Procedures Procedures --Network leaveNetwork leave

RouterTrustCenter Device

Remove Device Command

Leave CommandLeave Command

RouterTrustCenter Leaving Device

Leave Command

Update-Device Command


ApplicationApplication--specificspecific

Out of band methods for key setup

Wired line(RS-232), NFC, RFID, USB, etc.

Cost/Security tradeoff for number of link keys needed

With 128KB flash / 8KB RAM / debug mode : about 6-10 link

keyskeys

Policy for expiration and update of keys

Hours or days

Policy for accepting new devices

ID/Password, MAC address filtering, etc.


Disadvantage/Disadvantage/Weakness in ZigBee SecurityWeakness in ZigBee Security

No MAC layer security

Due to program code size or message length limitationDue to program code size or message length limitation

Possible attacksW h l tt k A k l d t fi Att k hi h t tWorm-hole attack, Acknowledgement spoofing, Attack which targets channel reservation, etc.

Trust center based securityy

Authentication, End-to-end key establishment contain communication between device and trust centercommunication between device and trust center

If device is far from TC, then it has too much overhead


AgendaAgenda

ZigBee Overviewg

ZigBee Security





Security Stack ImplementationSecurity Stack Implementation

Hardware environmentChipset : Chipcon CC2430

802.15.4 support

128KB flash memory128KB flash memory

8KB RAM

Support AES block cipher modes

Board : Aiji ZDB Ver 2.0

Software environmentIAR Embedded Workbench for MCS-51 Evaluation(C code)

Chipcon 802.15.4 packet snifferp p

Implement security stack on UbiFOS(ZigBee stack of Aiji system)


Test EnvironmentTest Environment

Using Chipcon 802.15.4 Sniffer for CC2430


Test Test -- Device authentication(1Device authentication(1--hop)hop)

Direction : Device ←→ TC

Association Request →

Beacon Request →

Beacon ←q

Association Response ←

Transport-Key(Master key) ←


SKKE-1 ←

Test Test -- Device authentication(1Device authentication(1--hop)hop)

SKKE-2 →

SKKE-3 ←

SKKE-4 →

Transport-key(Network key) ←


End-Device Announcement

(broadcast)

AgendaAgenda

ZigBee Overviewg

ZigBee Security





Problem in Problem in Device Authentication Authentication ProcedureProcedure

Device authentication in Hi-security modeTC must do & complete SKKE protocol with joiner device

For multi-hop environmento u t op e o e tRouting some messages from TC(joiner device) to joiner

device(TC)device(TC)

Attacker can target this featureRepeat authentication procedure

possible even if attacker doesn’t have master key


Problem in Problem in Device Authentication Authentication ProcedureProcedure

Too much Overhead


Possible SolutionPossible Solution

Reduce the message exchange between TC and device, and

router and device.

Reduce unnecessary network traffic from attacker

Reduce authentication time


Performance : Preliminary Results

Actual completion time during device authentication (for 2-hop)ZigBee 2007 r16 : about 300msZigBee 2007 r16 : about 300msProposed : about 220ms => 26.7% Improvement

Performance Expectation(@ 250kbps, no processing delay)Completion Time(@250kbps)

0.25

0 15

0.2

)

R16Proposed

0.1

0.15

Tim

e(s)

0

0.05


0 2 4 6 8 10Number of hops between Coordinator and Joiner

AgendaAgenda

ZigBee Overviewg

ZigBee Security





Conclusion

Overview of ZigBeeZigBee AllianceZigBee AllianceFeaturesZigBee Protocol Stack Overview

ZigBee SecurityDesign objectiveDesign objectiveSecurity ServicesExample proceduresa p e p ocedu esPossible weaknesses

Implementation of ZigBee Security StackStill working on the improvement of Authentication Procedure


Procedure

ReferenceReference

[1] ZigBee Alliance Homepage, http://www.zigbee.org/

[2] ZigBee Alliance ZigBee-2006 Specification: ZigBee Document 053474r13[2] ZigBee Alliance, ZigBee-2006 Specification: ZigBee Document 053474r13, December 2006.

[3] ZigBee Alliance, ZigBee-2007 Specification: ZigBee Document 053474r16, May 2007.

[4] IEEE Std. 802.15.4-2003, Wireless Medium Access Control (MAC) and Ph i l L (PHY) S ifi ti f L R t Wi l P l APhysical Layer (PHY) Specification for Low Rate Wireless Personal Area Networks, 2003.

[5] ZigBee Alliance, ZigBee Security Overview[5] ZigBee Alliance, ZigBee Security Overview

[6] ZigBee Alliance, ZigBee Alliance Tutorial, available at http://www.zigbee.org/en/resources/presentations.asp

[7] TSC system, 홈네트워크 ZigBee 보안 – ZigBee 1.0 Security

[8] ZigBee Alliance, ZigBee-2007 Specification: ZigBee Document 053474r17, O


October 2007.

Thank o !Thank o !Thank you!Thank you!

Back psBack psBackupsBackups

Scanning Worm Scanning Worm ggDetectionDetection

Scanning Worm DetectionScanning Worm Detection

Scanning wormSend packets with randomly generated addresses to find vulnerable hostsSend packets with randomly generated addresses to find vulnerable hosts that are susceptible to infectionScanning Worm causes severe network congestion

R d l t k dd t fi d l bl h tRandomly scan network addresses to find vulnerable hostsPropagation speed is faster than human reaction

ExampleC d R d I 2 (2001년 월발생 14시간내 3 9 000 h 감염)Code-Red I v2 (2001년 7월발생, 14시간내 359,000 hosts 감염)Slammer (2003년 1월발생, 10분내 75,000 hosts 감염)Blaster (2003년 8월발생, 수시간내 500,000 hosts 감염)Witty (2004년 3월발생, 45분내 12,000 hosts 감염)

Early detection is required to protect networksUsing packet header information

High accuracy, slow detectionUsing network traffic characteristics


Low accuracy, fast detection

Scanning Worm DetectionScanning Worm Detection

Traffic ParametersBits per unit timeBits per unit timeNumber of packets per unit timePacket inter-arrival time

Traffic AnalysisVarianceVMR (Variance to Mean Ratio)VMR (Variance to Mean Ratio)Correlation coefficient

Detection criteriaVariance : If variance at time t(sec) is greater than averaged value for αseconds, we consider that a worm is detectedVMR : If VMR at time t(sec) is greater than averaged value for β secondsVMR : If VMR at time t(sec) is greater than averaged value for β seconds, we consider that a worm is detectedCorrelation coefficient : If Correlation coefficient at time t(sec) is greater than γ we consider that a worm is detected


than γ, we consider that a worm is detected

62

Simulation ResultsSimulation Results

2.5

3 x 108

2

2.5 x 1012

CodeRed

Slammer

Witty

1.5

2

affic

Vol

ume

(bits

/sec

)

1

1.5

Var

ianc

e

Normal

0 100 200 300 400 500 600 700 800 9000

0.5

1

Time (sec)

Tra

CodeRedSlammerWittyNormal

200 300 400 500 600 700 800 9000

0.5

Time (sec) 200 300 400 500 600 700 800 900Time (sec)

5

6

CodeRed

Slammer

Witty0.8

1

CodeRed

Slammer

Witt

< Traffic Volume (bits/sec) > < Variance >

3

4

VMR

Witty

Normal

0 2

0.4

0.6

elat

ion

Coe

ffici

ent

Witty

Normal

1

2

-0.2

0

0.2

Cor

re


200 300 400 500 600 700 800 9000

Time (sec)200 300 400 500 600 700 800 900

-0.4

Time (sec)

< Variance to mean ratio > < Correlation coefficient >

Detection resultsDetection results

Worm breaks out

Criteria Normal Normal + CodeRedIv2

Normal + Slammer

Normal + Witty

Variance No detection 34 2 2

VMR No detection 43 2 2

Correlation coefficient No detection 47 4 43


Frame SecurityFrame Security


Entity Authentication ProtocolEntity Authentication Protocol

Initiator U Responder Vp

Challenge Generation (Generate QEU)

(1) Send EA-1 frame(with QEU)

Challenge Generation (Generate QEV)

(2) Send EA-2 frame(with QEV)


QEU, QEV : 16-byte random sequence


Initiator U Responder V

Keyed Hash FunctionMacTag2 = HashNetworkKey(0x03 | U | V

| QEU | QEV)

Keyed Hash FunctionMacTag2' = HashNetworkKey(0x03 | U | V

| QEU | QEV)

(3) Send EA-3 frame(with MacTag2 & frame counter)

Compare MacTag2 and MacTag2'(If different, stop EA)

V believe that U is correct device


* | : Concatenation


U believe that V is correct device


Documents

ZigBee 세미나 071109.ppt [호환 모드]winner.ajou.ac.kr/publication/data/invited/20071109.pdf · 2008-03-21 · Device types FFD (Full Function Device) A device capable of operating