World Library  
Flag as Inappropriate
Email this Article

Universal Plug and Play

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment. UPnP is intended primarily for residential networks without enterprise-class devices.

The UPnP technology is promoted by the UPnP Forum, a computer industry initiative to enable simple and robust connectivity to stand-alone devices and personal computers from many different vendors. The Forum consists of over eight hundred vendors involved in everything from consumer electronics to network computing.

The concept of UPnP is an extension of plug-and-play, a technology for dynamically attaching devices directly to a computer, although UPnP is not directly related to the earlier plug-and-play technology. UPnP devices are "plug-and-play" in that when connected to a network they automatically establish working configurations with other devices.


  • Overview 1
  • Protocol 2
    • Addressing 2.1
    • Discovery 2.2
    • Description 2.3
    • Control 2.4
    • Event notification 2.5
    • Presentation 2.6
  • UPnP AV standards 3
  • UPnP AV components 4
    • Media server 4.1
    • Other components 4.2
  • NAT traversal 5
  • Problems with UPnP 6
    • Authentication 6.1
    • Access from the Internet 6.2
  • Future developments 7
  • See also 8
  • References 9
  • Sources 10
  • External links 11


The UPnP architecture allows device-to-device networking of consumer electronics, mobile devices, personal computers, and networked home appliances. It is a distributed, open architecture protocol based on established standards such as the Internet Protocol Suite (TCP/IP), HTTP, XML, and SOAP. UPnP control points (CPs) are devices which use UPnP protocols to control UPnP controlled devices (CDs).[1]

The UPnP architecture supports zero configuration networking. A UPnP compatible device from any vendor can dynamically join a network, obtain an IP address, announce its name, advertise or convey its capabilities upon request, and learn about the presence and capabilities of other devices. Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers are optional and are only used if they are available on the network. Devices can disconnect from the network automatically without leaving state information.

UPnP was published as a 73-part international standard, ISO/IEC 29341, in December, 2008.[2][3][4]

Other UPnP features include:

Media and device independence
UPnP technology can run on many media that support IP including Ethernet, FireWire, IR (IrDA), home wiring ( and RF (Bluetooth, Wi-Fi). No special device driver support is necessary; common network protocols are used instead.
User interface (UI) Control
Optionally, the UPnP architecture enables devices to present a user interface through a web browser (see Presentation below).
Operating system and programming language independence
Any operating system and any programming language can be used to build UPnP products. UPnP stacks are available for most platforms and operating systems in both closed and open source forms.
Each UPnP product can have device-specific services layered on top of the basic architecture. In addition to combining services defined by UPnP Forum in various ways, vendors can define their own device and service types, and can extend standard devices and services with vendor-defined actions, state variables, data structure elements, and variable values.


UPnP uses common Internet technologies. It assumes the network must run Internet Protocol (IP) and then leverages HTTP, SOAP and XML on top of IP, in order to provide device/service description, actions, data transfer and eventing. Device search requests and advertisements are supported by running HTTP on top of UDP using multicast (known as HTTPMU). Responses to search requests are also sent over UDP, but are instead sent using unicast (known as HTTPU). UPnP uses UDP due to its lower overhead in not requiring confirmation of received data and retransmission of corrupt packets. HTTPU and HTTPMU were initially submitted as an Internet Draft but it expired in 2001;[5] these specifications have since been integrated into the actual UPnP specifications.[6]

UPnP uses UDP port 1900 and all used TCP ports are derived from the SSDP alive and response messages.[7]


The foundation for UPnP networking is IP addressing. Each device must implement a DHCP client and search for a DHCP server when the device is first connected to the network. If no DHCP server is available, the device must assign itself an address. The process by which a UPnP device assigns itself an address is known within the UPnP Device Architecture as AutoIP. In UPnP Device Architecture Version 1.0,[8] AutoIP is defined within the specification itself; in UPnP Device Architecture Version 1.1,[9] AutoIP references IETF RFC 3927.[10] If during the DHCP transaction, the device obtains a domain name, for example, through a DNS server or via DNS forwarding, the device should use that name in subsequent network operations; otherwise, the device should use its IP address.


Once a device has established an IP address, the next step in UPnP networking is discovery. The UPnP discovery protocol is known as the Simple Service Discovery Protocol (SSDP). When a device is added to the network, SSDP allows that device to advertise its services to control points on the network. This is achieved by sending SSDP alive messages. When a control point is added to the network, SSDP allows that control point to actively search for devices of interest on the network or listen passively to the SSDP alive messages of device. The fundamental exchange is a discovery message containing a few essential specifics about the device or one of its services, for example, its type, identifier, and a pointer (network location) to more detailed information.


After a control point has discovered a device, the control point still knows very little about the device. For the control point to learn more about the device and its capabilities, or to interact with the device, the control point must retrieve the device's description from the location (URL) provided by the device in the discovery message. The UPnP Device Description is expressed in XML and includes vendor-specific manufacturer information like the model name and number, serial number, manufacturer name, (presentation) URLs to vendor-specific web sites, etc. The description also includes a list of any embedded services. For each service, the Device Description document lists the URLs for control, eventing and service description. Each service description includes a list of the commands, or actions, to which the service responds, and parameters, or arguments, for each action; the description for a service also includes a list of variables; these variables model the state of the service at run time, and are described in terms of their data type, range, and event characteristics.


Having retrieved a description of the device, the control point can send actions to a device's service. To do this, a control point sends a suitable control message to the control URL for the service (provided in the device description). Control messages are also expressed in XML using the Simple Object Access Protocol (SOAP). Much like function calls, the service returns any action-specific values in response to the control message. The effects of the action, if any, are modeled by changes in the variables that describe the run-time state of the service.

Event notification

Another capability of UPnP networking is event notification, or eventing. The event notification protocol defined in the UPnP Device Architecture is known as General Event Notification Architecture (GENA). A UPnP description for a service includes a list of actions the service responds to and a list of variables that model the state of the service at run time. The service publishes updates when these variables change, and a control point may subscribe to receive this information. The service publishes updates by sending event messages. Event messages contain the names of one or more state variables and the current value of those variables. These messages are also expressed in XML. A special initial event message is sent when a control point first subscribes; this event message contains the names and values for all evented variables and allows the subscriber to initialize its model of the state of the service. To support scenarios with multiple control points, eventing is designed to keep all control points equally informed about the effects of any action. Therefore, all subscribers are sent all event messages, subscribers receive event messages for all "evented" variables that have changed, and event messages are sent no matter why the state variable changed (either in response to a requested action or because the state the service is modeling changed).


The final step in UPnP networking is presentation. If a device has a URL for presentation, then the control point can retrieve a page from this URL, load the page into a web browser, and depending on the capabilities of the page, allow a user to control the device and/or view device status. The degree to which each of these can be accomplished depends on the specific capabilities of the presentation page and device.

UPnP AV standards

UPnP AV architecture is an audio and video extension of the UPnP, supporting a variety of devices such as TVs, VCRs, CD/DVD players/jukeboxes, settop boxes, stereos systems, MP3 players, still image cameras, camcorders, electronic picture frames (EPFs), and personal computers. The UPnP AV architecture allows devices to support different types of formats for the entertainment content, including MPEG2, MPEG4, JPEG, MP3, Windows Media Audio (WMA), bitmaps (BMP), and NTSC, PAL or ATSC formats. Multiple types of transfer protocols are supported, including IEEE 1394, HTTP, RTP and TCP/IP.[11]

On 12 July 2006, the UPnP Forum announced the release of version 2 of the UPnP Audio and Video specifications,[12] with new MediaServer (MS) version 2.0 and MediaRenderer (MR) version 2.0 classes. These enhancements are created by adding capabilities to the MediaServer and MediaRenderer device classes, allowing a higher level of interoperability between products made by different manufacturers. Some of the early devices complying with these standards were marketed by Philips under the Streamium brand name.

Since 2006, versions 3 and 4 of the UPnP audio and video device control protocols have been published.[13] In March 2013, an updated uPnP AV architecture specification was published, incorporating the updated device control protocols.[11]

The UPnP AV standards have been referenced in specifications published by other organizations including Digital Living Network Alliance Networked Device Interoperability Guidelines,[14] International Electrotechnical Commission IEC 62481-1,[15] and Cable Television Laboratories OpenCable Home Networking Protocol.[16]

UPnP AV components

Media server

A UPnP AV media server is the UPnP-server ("master" device) that provides media library information and streams media-data (like audio/video/picture/files) to UPnP clients on the network. It is a computer system or a similar digital appliance that stores digital media, such as photographs, movies, or music and shares these with other devices.

UPnP AV media servers provide a service to UPnP AV client devices, so called control points, for browsing the media content of the server and request the media server to deliver a file to the control point for playback.

UPnP media servers are available for most operating systems and many hardware platforms. UPnP AV media servers can either be categorized as software-based or hardware-based. Software-based UPnP AV media servers can be run on a PC. Hardware-based UPnP AV media servers may run on any NAS devices or any specific hardware for delivering media, such as a DVR. As of May 2008, there were more software-based UPnP AV media servers than there were hardware-based servers.

Other components

  • UPnP MediaServer ControlPoint - which is the UPnP-client (a 'slave' device) that can auto-detect UPnP-servers on the network to browse and stream media/data-files from them.
  • UPnP MediaRenderer DCP - which is a 'slave' device that can render (play) content.
  • UPnP RenderingControl DCP - control MediaRenderer settings; volume, brightness, RGB, sharpness, and more.
  • UPnP Remote User Interface (RUI) client/server - which sends/receives control-commands between the UPnP-client and UPnP-server over network, (like record, schedule, play, pause, stop, etc.).
  • QoS (Quality of Service) - is an important (but not mandatory) service function for use with UPnP AV (Audio and Video). QoS (Quality of Service) refers to control mechanisms that can provide different priority to different users or data flows, or guarantee a certain level of performance to a data flow in accordance with requests from the application program. Since UPnP AV is mostly to deliver streaming media that is often near real-time or real-time audio/video data which it is critical to be delivered within a specific time or the stream is interrupted. QoS (Quality of Service) guarantees are especially important if the network capacity is limited, for example public networks, like the internet.
    • QoS (Quality of Service) for UPnP consist of Sink Device (client-side/front-end) and Source Device (server-side/back-end) service functions. With classes such as; Traffic Class that indicates the kind of traffic in the traffic stream, (for example, audio or video). Traffic Identifier (TID) which identifies data packets as belonging to a unique traffic stream. Traffic Specification (TSPEC) which contains a set of parameters that define the characteristics of the traffic stream, (for example operating requirement and scheduling). Traffic Stream (TS) which is a unidirectional flow of data that originates at a source device and terminates at one or more sink device(s).
  • Remote Access - defines methods for connecting UPnP device sets that are not in the same multicast domain.

NAT traversal

One solution for NAT traversal, called the Internet Gateway Device Protocol (IGD Protocol), is implemented via UPnP. Many routers and firewalls expose themselves as Internet Gateway Devices, allowing any local UPnP control point to perform a variety of actions, including retrieving the external IP address of the device, enumerate existing port mappings, and add or remove port mappings. By adding a port mapping, a UPnP controller behind the IGD can enable traversal of the IGD from an external address to an internal client.

Problems with UPnP


The UPnP protocol, as default, does not implement any authentication, so UPnP device implementations must implement the additional Device Protection service,[18] or implement the Device Security Service.[19] There also exists a non-standard solution called UPnP-UP (Universal Plug and Play - User Profile)[20][21] which proposes an extension to allow user authentication and authorization mechanisms for UPnP devices and applications. Unfortunately, many UPnP device implementations lack authentication mechanisms, and by default assume local systems and their users are completely trustworthy.[22][23]

When the authentication mechanisms are not implemented, routers and firewalls running the UPnP IGD protocol are vulnerable to attack. For example, Adobe Flash programs running outside the sandbox of the browser (e.g. this requires specific version of Adobe Flash with acknowledged security issues) are capable of generating a specific type of HTTP request which allows a router implementing the UPnP IGD protocol to be controlled by a malicious web site when someone with a UPnP-enabled router simply visits that web site.[24] This only applies to the "firewall-hole-punching"-feature of UPnP; it does not apply when the IGD does not support UPnP or UPnP has been disabled on the IGD. Also, not all routers can have such things as DNS server settings altered by UPnP because much of the specification (including LAN Host Configuration) is optional for UPnP enabled routers.[25] As a result, some UPnP devices ship with UPnP turned off by default as a security measure.

A simple measure to avoid attacks of this kind is to randomize the port of the HTTP (SOAP) server.

Access from the Internet

In 2011, researcher Daniel Garcia developed a tool designed to exploit a flaw in some UPnP IGD device stacks that allow UPnP requests from the Internet.[26][27] The tool was made public at DEFCON 19 and allows portmapping requests to external IP addresses from the device and internal IP addresses behind the NAT. The problem is widely propagated around the world, with scans showing millions of vulnerable devices at a time.[28]

In January 2013 the security company Rapid7 in Boston reported[29] on a six-month research programme. A team scanned for signals from UPnP-enabled devices announcing their availability for internet connection. Some 6900 network-aware products from 1500 companies at 81 million IP-addresses responded to their requests. 80% of the devices are home routers, others include printers, webcams and surveillance cameras. Using the UPnP-protocol, many of those devices can be accessed and/or manipulated.

In February 2013, the UPnP forum responded in a press release[30] by recommending more recent versions of the used UPnP stacks, and by improving the certification program to include checks to avoid further such issues.

Future developments

UPnP continues to be actively developed. In the fall of 2008, the UPnP Forum ratified the successor to UPnP 1.0 Device Architecture UPnP 1.1.[31] The Devices Profile for Web Services (DPWS) standard was a candidate successor to UPnP, but UPnP 1.1 was selected by the UPnP Forum.

The UPnP Internet Gateway Device (IGD)[25] standard has a WANIPConnection service that contains a competing solution known as NAT-PMP, which is an IETF draft introduced by Apple Inc. in 2005. However, NAT-PMP is focused only on NAT traversal. Version 2 of IGD is standardized.[32]

See also


  1. ^ "Using the UPnP Control Point API".  
  2. ^ International Electrotechnical Commission, 2008-12-09. Retrieved on 2009-05-07.
  3. ^ "ISO/IEC standard on UPnP device architecture makes networking simple and easy".  
  4. ^ "UPnP Specifications Named International Standard for Device Interoperability for IP-based Network Devices" (PDF).  
  5. ^ Goland, Yaron Y.; Schlimmer, Jeffrey C. (2 October 2000). "Multicast and Unicast UDP HTTP Messages". UPnP Forum Technical Committee. Archived from the original on 30 December 2006. Retrieved 11 September 2014. 
  6. ^ "UPnP Device Architecture V1.0" (PDF). UPnP Forum Technical Committee. 15 October 2008. Retrieved 11 September 2014. 
  7. ^ "How Windows Firewall affects the UPnP framework in Windows XP Service Pack 2".  
  8. ^ "UPnP Device Architecture version 1.0" (PDF).  
  9. ^ "UPnP Device Architecture version 1.1" (PDF).  
  10. ^ Cheshire, S., et al, IETF RFC 3927, "Dynamic Configuration of IPv4 Link-Local Addresses", May 2005
  11. ^ a b "UPnP AV Architecture" (PDF).  
  12. ^ "UPnP Forum Releases Enhanced AV Specifications Taking Home Network to the Next Level" (PDF).  
  13. ^ "Device Control Protocols".  
  14. ^ "DLNA Networked Device Interoperability Guidelines".  
  15. ^ "Digital living network alliance (DLNA) home networked device interoperability guidelines - Part 1: Architecture and protocols".  
  16. ^ "OpenCable Specifications Home Networking 2.0 - Home Networking Protocol 2.0 Revision 10" (PDF).  
  17. ^ "CEA-2014-B (ANSI) - Web-based Protocol and Framework for Remote User Interface on UPnP Networks and the Internet (Web4CE)".  
  18. ^ "Device Protection V 1.0".  
  19. ^ "Device Security and Security Console V 1.0".  
  20. ^ "UPnP-UP - Universal Plug and Play - User Profile". 
  21. ^ Sales, Thiago; Sales, Leandro; Almeida, Hyggo; Perkusich, Angelo (November 2010). "A UPnP extension for enabling user authentication and authorization in pervasive systems". Journal of the Brazilian Computer Society (Springer-Verlag) 16 (4): 261–277. Retrieved 11 September 2014. 
  22. ^ Eastep, Thomas M. (4 June 2014). "Shorewall and UPnP". Retrieved 11 September 2014. 
  23. ^ "Linux UPnP Internet Gateway Device - Documentation - Security". Retrieved 11 September 2014. 
  24. ^ "Hacking The Interwebs". 12 January 2008. Retrieved 11 September 2014. 
  25. ^ a b "Internet Gateway Device (IGD) V 1.0".  
  26. ^ Garcia, Daniel. "UPnP Mapping" (PDF). Retrieved 11 September 2014. 
  27. ^ "US-CERT Vulnerability Note VU#357851".  
  28. ^ "Millions of devices vulnerable via UPnP - Update". The H. 30 January 2013. Archived from the original on 29 August 2014. Retrieved 11 September 2014. 
  29. ^ Moore, H. D. (29 January 2013). "Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.". Retrieved 11 September 2014. 
  30. ^ "UPnP Forum Responds to Recently Identified LibUPnP/MiniUPnP Security Flaw." (PDF).  
  31. ^ Bodlaender, M.P. (February 2005). "UPnP™ 1.1 - designing for performance & compatibility". Consumer Electronics, IEEE Transactions on 51 (1): 69–75.  
  32. ^ "UPnP Forum Gateway Working Committee: IGD:2 Improvements over IGD:1" (PDF).  


  • Golden G. Richard: Service and Device Discovery : Protocols and Programming, McGraw-Hill Professional, ISBN 0-07-137959-2
  • Michael Jeronimo, Jack Weast: UPnP Design by Example: A Software Developer's Guide to Universal Plug and Play, Intel Press, ISBN 0-9717861-1-9

External links

  • The UPnP Forum
  • ISO/IEC 29341-1:2011
  • Community-based database of UPnP/AV Devices.
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.