lecture1-2-netsecurityintro

7/30/2019 lecture1-2-NetSecurityIntro

1/11

1

Course Outline: Fundamental Topics

System View of Network SecurityNetwork Security Model

Security Threat Model & Security Services Model

Overview of Network Security

Security Basis: Cryptography Secret key cryptographyHashes and message digests Public key cryptography

Spring 2012EE5723/EE4723

Network SecurityApplications: Authentication and security handshakes pitfallsWell known network security protocols such as

Kerberos, IPSec, SSL/SET, PGP& PKI, WEP

Security (II)

EE5723/EE4723 Spring 2012

Outline

Securit Architecture ofOSI ReferenceModel

Security Placement w/in Multiple ProtocolLayers


ISO 7498-2: Security Architectureof OSI Reference Model

Internet Protocol Architecture

The OSI reference model & its services(ISO 7498-1)

-



2/11

2

Internetworking

Host B

Router

Network

A

Network

B


Host A

Internet Protocol LayeringApplication Layer Application Layer

HTTPMessa e

Host BHost A

Transport Layer

Internet Layer

Transport Layer

Internet Layer

TCP Packet

IP Datagram IP Datagram

Internet Layer

Router


Network Layer

Physical Network

Network LayerEthernetFrame

Ethernet

Frame

Network Layer

Physical Network

The OSI Reference Model:

ISO 7498-1

OSI Reference Model - internationallystandardized network architecture.

An abstract representation of an ideal

network protocol stack

OSI = Open Systems Interconnection


pec e n -

Model has 7 layers

Internet Protocols vs. OSI

Internet OSI

pp ca on

Presentation

Session

Transport

Network

Application

TCP

IP3

4

5

3

4

6

5

7


Data Link

Physical

Network Interface

Hardware1

2

1

2


3/11

3

Lower/Upper Layers

La ers 1-4 often referred to as lower la ers.

Layers 5-7 are the upper layers.

Lower layers relate more closely to thecommunications technology.


Upper layers relate to applications.

Layer 7: Application Layer

user needs, e.g.:

virtual terminal service,

file transfer,

electronic mail,


directory services.

Layer 6: Presentation Layer

Concerned with representation oftransmitted data.

Deals with different data representations,e.g. of numbers, characters.

Also deals with data compressionand


encryption.

Layer for source coding.

Layer 5: Session Layer

Allows establishmentofsessions betweenmachines, e.g. toallow remote logins

provide file transfer service.

Responsible for dialogue control.


Also performs token management andsynchronization.


4/11

4

Layer 4: Transport Layer Basic function is to take data from Session

Layer, split it up into smalle units, andensure that the units arrive correctly.

Concerned with efficientprovision of service.

The Transport Layer also determines the


Layer.

Also responsible for congestioncontrol.

Layer 3: Network Layer

Controls the subnet.

Key issue is routing in the subnet; can bebased on:

static tables,

determined at start of session,


highly dynamic (varying for each packet).

Layer 2: Data Link Layer

Provides reliable, error-free service on top.

include encoding, CRC, etc.

Breaks data into frames. Requirescreation of frame boundaries.


acknowledgements and selective frameretransmission.

Layer 1: Physical Layer

Concerned with bit transmission overphysical channel.

Issues include:definition of 0/1,

whether channel simplex/duplex,


connector design.

Mechanical, electrical, procedural matters.


5/11

5

Layering PrinciplesN+1PDU

(N+1) Entity

Service User

(N) Entity

Service Provider

(N+1) Entity

Service User

(N) Entity

Service Provider

Layer N Service

Access Point (SAP)

Layer N protocol

Layer N+1 protocol

SDU


PDU - Protocol Data Unit

SDU - Service Data Unit

NPDU

NPDU

Services & Protocols

Service = set ofprimitives provided by onelayer to layer above.

Service defines whateach layer can do (but nothow it does it).

Protocol = set ofrules overnin data


communication between peer entities, i.e.formatand meaning of frames/packets.

ISO 7498-2: Security Architecture

Provides standard definitions of securityterminology

Provides standard descriptions for securityservices and mechanisms

Defines where in OSI reference model


security services may be provided

Introduces security managementconcepts

Policies, threats, services, & mechanisms

In a secure system, the rules governing securitybehavior should be made explicit in the form of asecurity policy.

Security policy: the set of criteria for the provision ofsecurity services.

A security threat is a possible means by which asecurity policy may be breached (e.g. loss ofintegrity or confidentiality).


place to address a threat (e.g. provision ofconfidentiality).

A security mechanismis a means to provide aservice (e.g. encryption, digital signature).


6/11

6

Security life-cycle in ISO 7498-2 Define security Model

e ne secur y po cy

Analyze security threats (according to policy)

Define security services to meet threats

Define securit mechanisms to rovide


services

Provide on-going management of security

Step1: Generic security policy ISO 7498-2 generic authorization policy:

Information ma not be iven to accessed b norpermitted to be inferred by, nor may anyresource be used by, those not appropriatelyauthorized.

Possible basis for more detailed policy.


Does not cover availability (e.g. DoS attack)issues (for legitimate user).

Policy Types

ISO 7498-2 distinguishes between 2 types

Identity-based:where access to and use of

resources are determined on the basis of theidentities of users and resources

-


controlled by global rules imposed on all users,e.g. using security labels.

Step 2: Fundamental threats

A threat is: a person, thing, event or idea which poses some danger to an

asset (in terms ofconfidentiality, integrity, availability oreg ma e use .

An attack is a realization of a threat

Safeguards =countermeasures (e.g. controls, procedures) toprotect against threats.

Vulnerabilities=weaknesses in safeguards


Information leakage

Integrity violation DoS illegitimate use


7/11

7

Step3: Security Services Security services in ISO 7498-2 are a special

class ofsafeguards applying to a communicationenvironment.

ISO 7498-2 defines 5 main categories of securityservice: Authentication (includingentity authentication and

origin authentication)


ccess con roData confidentiality

Data integrity

Non-repudiation

Step 4: Security Mechanisms

To rovide and su ortsecurit services

Can be divided into two classes:

Specific security mechanisms, used to providespecific security services, and

Pervasive security mechanisms (e.g., trust


functionality, intrusion/event detection, securityrecovery), not specific to particular services.

Often expensive

Specific security mechanisms

Eight types:

digital signature

access control mechanismsdata integritymechanisms

authentication exchanges


traffic padding

routing control

notarization

Specific Mechanisms (Contd)

Enciphermentmechanisms = encryption or cipheral orithms.

Can provide data and traffic flow confidentiality.

Digital signature mechanisms signing procedure (private)

verification procedure (public).


- ,data integrity services.

Both can be basis of some authenticationexchange mechanisms.


8/11

8


Access Control mechanisms

A serverusingclient information to decide whether togrant access to resources

E.g. access control lists, capabilities, security labels.

Data integrity mechanisms

Protection againstmodification of data.

Provide data integrity and origin authentication services. Also


as s o some au en ca on exc ange mec ansms.

Authentication exchange mechanisms

Provide entity authentication service.


Traffic padding mechanismsThe addition of pretend data to conceal real volumes of

. Provides traffic flow confidentiality.

Routing control mechanismsUsed to prevent sensitive data using insecure channels. E.g. route might be chosen to use only physically secure

network components.


Notarization mechanisms Integrity, origin and/or destination of data can be

guaranteed by using a 3rd partytrusted notary. Notary typically applies a cryptographic transformation to the

data.

Service/mechanism table ISO 7498-2 indicates which mechanisms can be used to provide which services

Illustrative NOT definitive.

Mechanism Enciph - Digital Access Data

erv ce ermen s gn. on ro n egr

Entity authentication Y Y

Origin authentication Y Y

Acc ess c on tro l Y

Connection confidentiality YConnectionless confident ial i ty Y

Selective field confidentiality Y

Traffic flow confidentiality Y

Connection integrity with recovery Y Y


Connection integrity without recovery Y Y

Selective field connection integrity Y Y

Connectionless integrity Y Y Y

Selective field connectionless int egrity Y Y Y

Non -repudiation of origin Y Y

Non -repudiation of delivery Y Y

Service/mechanismtable (contd)

MechanismService

Auth .exchange

Trafficpadding

RoutingControl

Notaris -ation

Entity authentication Y

Access c ont rol

Connection confidentiality Y

Connectionlessconfidentiality Y

Selective field conf identialityTraffic flow c onfidentiality Y Y

Connection integrity with recovery

Connection integrity without recovery


e ec ve e connec on n egr y

Connectionless integrity

Selective field connectionless integrity

Non-repudiation of origin Y

Non-repudiation of delivery Y


9/11

9

Pervasive security mechanisms

trusted functionality,

security labels,

event detection,

security audit trail,


security recovery.

Pervasive MechanismsTrusted functionality

mechanisms should be trustworthy.

May involve combination of software and hardware.

Security labels

Any resource (e.g. stored data, processing power,


associated with it to indicate security sensitivity .

Similarly labels may be associated with users. Labelsmay need to be securely bound to transferred data.

Pervasive Mechanisms (Contd) Event detection

Includes detection of

attempted security violations,

legitimate security-related activity.

Can be used to triggerevent reporting (alarms), event logging ,automated recovery.

Security audit trail Log of past security-related events.

Permits detection and investigation ofpast security breaches


Security recovery Includes mechanisms to handle requests to recover from security

failures (security tolerant).

May include immediate abort of operations, temporary invalidationof an entity, addition of entity to a blacklist.

Link vs. End-to-End EncryptionLink and E2E Encrypt ion:

(1)Li nk encryption:

A lot of encryption devices

Decrypt each packet at every

switch

-Intermediate swi tch must be trusted

-Invisible to the users

(2) End-to-end encryptionAddresses potential flaws in lower layers

The source encrypt and the receiver

decrypts


ay oa encrypte

Header in the clear

Onlyend nodes must be trusted

(3) High Security: Both link and E2E encrypion are

neededRef: Network Security Essential,by Stallings


10/11

10

Link-to-link Encryption

ProtocolSender Receiver Intermediate Host

Security Services & Layering in General

layer Messagemessage

(plaintext)

exposed

5. application

4. transport

3. network

2. data link


Message encrypted

Message in plaintext

Ref: Security in Computing, by Charles P.Pfleeger & Shari Lawrence Pfleeger

1. physical

Typical Message: Link Encryption

MTNB E

Message

Transport Header

Network Header

Data Link Header


Data Link Trailer

Ifall hosts on a network are reasonably trustworthy, butthe communications medium is shared w/ other users oris not secure, link encryption is an easy control to use

Secur ity Services & Layering in General

End-to-End Encryption

5. application

4. transport

3. network

Protocol

layer

en er ece ver n erme a e os

Messagemessage

(plaintext)exposed


. a a n

1. physical

Message encrypted

Message in plaintext

Typical Message: End-to-End Encrypt ion

Message

Transport Header

MTNB E


Data Link Header

Data Link Trailer


11/11

11

Comparison of Encryption Architecture

Link-to-link encryptionMessage is plaintext inside of hosts (trustworthy?): node

authentication needed

Faster mosty ar ware ; Eas er/nvs e or user

one key per node/interface pair

End-to-end encryption

Flexible (hardware or software)

Application & user aware


No trust in intermediate nodes required: need end userauthentication

One key per host pair

Unavoidable multilayer security provisioning

lecture1-2-netsecurityintro

Documents