Course Outline: Fundamental Topics

System View of Network Security
 Network Security Model
 Security Threat Model & Security Services Model
 Overview of Network Security

Security Basis: Cryptography
 Secret key cryptography
 Hashes and message digests
 Public key cryptography
 Key distribution and management

Network Security Applications:
An Overview of Network
Security (II)
EE5723/EE4723
Spring 2012
 Authentication and security handshakes pitfalls
 Well known network security protocols such as
Kerberos, IPSec, SSL/SET, PGP& PKI, WEP
EE5723/EE4723
Spring 2012
ISO 7498-2: Security Architecture
of OSI Reference Model
Outline

Security Architecture of OSI Reference Model

Security Placement w/in Multiple Protocol
Layers
EE5723/EE4723
Spring 2012
 Internet Protocol Architecture
 The OSI reference model & its services
(ISO 7498-1)
 Details of ISO 7498-2
EE5723/EE4723
Spring 2012
1
Internet Protocol Layering
Internetworking
Host A
Host B
Application Layer
Application Layer
HTTP Message
Router
Network
B
Transport Layer
Internet Layer
IP Datagram
Network Layer
Host A
EE5723/EE4723
Router
Internet Layer
Internet Layer
Network
A
Transport Layer
TCP Packet
Host B
Ethernet
Frame
IP Datagram
Network Layer
Physical Network
Spring 2012
The OSI Reference Model:
ISO 7498-1
EE5723/EE4723
Network Layer
Physical Network
Spring 2012
Internet Protocols vs. OSI
Internet
OSI Reference Model - internationally
standardized network architecture.
 An abstract representation of an ideal
network protocol stack
 OSI = Open Systems Interconnection
 Specified
S
ifi d iin ISO 7498-1
7498 1
 Model has 7 layers
Ethernet
Frame
OSI

EE5723/EE4723
Spring 2012
5
Application
A li ti
Application
7
Presentation
6
Session
5
4
TCP
Transport
4
3
IP
Network
3
2
Network Interface
Data Link
2
1
Hardware
Physical
1
EE5723/EE4723
Spring 2012
2
Lower/Upper Layers

Layers
y
1-4 often referred to as “lower layers”.
y

Layers 5-7 are the “upper layers”.

Lower layers relate more closely to the
communications technology.

Upper layers relate to applications.
EE5723/EE4723
Spring 2012
Layer 6: Presentation Layer

Concerned with representation
p
of
transmitted data.

Deals with different data representations,
e.g. of numbers, characters.


Also deals with data compression and
encryption.
Layer for source coding.
EE5723/EE4723
Spring 2012
Layer 7: Application Layer

Home to wide variety of protocols for specific
user needs, e.g.:
 virtual
terminal service,
 file transfer,
 electronic mail,
 directory services.
EE5723/EE4723
Spring 2012
Layer 5: Session Layer

Allows establishment of sessions between
machines, e.g. to
 allow
remote logins
file transfer service.
 provide

Responsible for dialogue control.

Also performs token management and
synchronization.
EE5723/EE4723
Spring 2012
3
Layer 4: Transport Layer

Basic function is to take data from Session
Layer,
y split
p it up
p into smaller units, and
ensure that the units arrive correctly.

Concerned with efficient provision of service.

The Transport Layer also determines the
‘type
type of service
service’ to provide to the Session
Layer.

Also responsible for congestion control.
EE5723/EE4723
Spring 2012
Layer 2: Data Link Layer

Provides reliable, error-free service on top
of raw Level 1 service
service.
 include



Controls the subnet.

Key issue is routing in the subnet; can be
based on:
 static
tables,
 determined at start of session,
 highly dynamic (varying for each packet).
EE5723/EE4723
Frames used to manage errors via
acknowledgements and selective frame
retransmission.
Spring 2012
Spring 2012
Layer 1: Physical Layer

Concerned with bit transmission over
physical channel.

Issues include:
encoding, CRC, etc.
Breaks data into frames. Requires
creation of frame boundaries.
EE5723/EE4723
Layer 3: Network Layer
 definition
of 0/1,
 whether channel simplex/duplex,
 connector design.

Mechanical, electrical, procedural matters.
EE5723/EE4723
Spring 2012
4
Services & Protocols
Layering Principles

N+1
PDU
(N+1) Entity
Service User
SDU
(N) Entity
Service Provider
Layer N+1 protocol
(N+1) Entity
Service User
 Service
defines what each layer can do (but not
how it does it).
Layer N Service
Access Point (SAP)
Layer N protocol
N
PDU
(N) Entity
Service Provider

N
PDU
PDU - Protocol Data Unit
SDU - Service Data Unit
EE5723/EE4723
Spring 2012
ISO 7498-2: Security Architecture

Service = set of primitives provided by one
layer
y to layer
y above.
Protocol = set of rules g
governing
g data
communication between peer entities, i.e.
format and meaning of frames/packets.
EE5723/EE4723
Spring 2012
Policies, threats, services, & mechanisms

Provides standard definitions of security
terminology
In a secure system, the rules governing security
behavior should be made explicit in the form of a
security policy.
 Security
policy: ‘the set of criteria for the provision of
security services’.

Provides standard descriptions for security
services and mechanisms

A security threat is a possible means by which a
security policy may be breached (e.g. loss of
integrity or confidentiality).

Defines where in OSI reference model
security services may be provided


Introduces security management concepts
A security service is a measure which can be put in
place to address a threat (e.g. provision of
confidentiality).

A security mechanism is a means to provide a
service (e.g. encryption, digital signature).
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
5
Step1: Generic security policy
Security life-cycle in ISO 7498-2

Define security Model
 Define
D fi


ISO 7498-2 generic authorization policy:
 ‘Information
Information
may not be given to, accessed by,
nor permitted to be inferred by, nor may any
resource be used by, those not appropriately
authorized.’
security
it policy
li
 Analyze
 Define

security threats (according to policy)
security services to meet threats
Define security
y mechanisms to p
provide
services

Possible basis for more detailed policy.

Does not cover availability (e.g. DoS attack)
issues (for legitimate user).
Provide on-going management of security
EE5723/EE4723
Spring 2012
EE5723/EE4723
Policy Types

ISO 7498-2 distinguishes between 2 types
of security policies:
 Identity-based:
where access to and use of
resources are determined on the basis of the
identities of users and resources
 Rule
Rule-based:
based:
where resource access is
controlled by global rules imposed on all users,
e.g. using security labels.
EE5723/EE4723
Spring 2012
Spring 2012
Step 2: Fundamental threats

A threat is:

a person, thing, event or idea which poses some danger to an
asset (in terms of confidentiality, integrity, availability or
l iti t use).
legitimate
)

An attack is a realization of a threat

Safeguards = countermeasures (e.g. controls, procedures) to
protect against threats.

Vulnerabilities = weaknesses in safeguards

Four fundamental threats:




Information leakage
Integrity violation
DoS
illegitimate use
EE5723/EE4723
Spring 2012
6
Step3: Security Services


Security services in ISO 7498-2 are a special
class of safeguards applying to a communication
environment.
ISO 7498-2 defines 5 main categories of security
service:
Step 4: Security Mechanisms

To p
provide and support
pp security
y services

Can be divided into two classes:
 Specific
security mechanisms, used to provide
specific security services, and
 Pervasive security mechanisms (e.g., trust
functionality, intrusion/event detection, security
recovery), not specific to particular services.
 Authentication
(including entity authentication and
origin authentication)
 Access control
 Data confidentiality
 Data integrity
 Non-repudiation
EE5723/EE4723
Spring 2012
Specific security mechanisms


EE5723/EE4723
 encipherment
signature
 access control mechanisms
 data integrity mechanisms
 authentication exchanges
 traffic padding
 routing control
 notarization
Spring 2012
Encipherment mechanisms = encryption or cipher
algorithms.
g
 Can
 digital
EE5723/EE4723
Spring 2012
Specific Mechanisms (Cont’d)

Eight types:
Often expensive

provide data and traffic flow confidentiality.
Digital signature mechanisms
 signing
procedure (private)
 verification procedure (public).
 Can provide non-repudiation,
non repudiation origin authentication and
data integrity services.

Both can be basis of some authentication
exchange mechanisms.
EE5723/EE4723
Spring 2012
7
Specific Mechanisms (Cont’d)
Specific Mechanisms (Cont’d)


Access Control mechanisms
 The
addition of ‘pretend’ data to conceal real volumes of
data traffic.
traffic
 Provides traffic flow confidentiality.
 A server
using client information to decide whether to
grant access to resources

E.g. access control lists, capabilities, security labels.


Data integrity mechanisms
 Protection


sensitive data using insecure channels.
be chosen to use only physically secure
network components.

N t i ti mechanisms
Notarization
h i
 Integrity,
origin and/or destination of data can be
guaranteed by using a 3rd party trusted notary.
Authentication exchange mechanisms
entity authentication service.
EE5723/EE4723
Routing control mechanisms
 Used to prevent
 E.g. route might
against modification of data.
Provide data integrity and origin authentication services. Also
b i off some authentication
basis
th ti ti exchange
h
mechanisms.
h i
 Provide
Traffic padding mechanisms

Spring 2012
Notary typically applies a cryptographic transformation to the
data.
EE5723/EE4723
Service/mechanism table
Spring 2012
Service/mechanism table (cont’d)
 ISO 7498-2 indicates which mechanisms can be used to provide which services
 Illustrative NOT definitive.
Service
S
i
Entity authentication
Mechanism
Enciph ermentt
Y
Digital
sign.
i
Y
Origin authentication
Y
Y
Access control
Access
C t l
Control
Data
i t
integrity
it
Y
Connection confidentiality
Y
Connectionless
Y
confidentiality
Selective field confidentiality
Y
Traffic flow confidentiality
Y
Connection integrity with recovery
Y
Y
Connection integrity without recovery
Y
Y
Selective field connection integrity
Y
Connectionless integrity
Y
Y
Selective field connectionless integrity
Y
Y
Y
Non -repudiation of origin
Y
Y
Non -repudiation of delivery
Y
Y
EE5723/EE4723
Spring 2012
Y
Y
Mechanism Auth.
Service
exchange
Entity authentication
Y
Origin authentication
Access control
Connection confidentiality
Connectionlessconfidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selecti e field connection integrity
Selective
integrit
Connectionless integrity
Sele ctive field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
EE5723/EE4723
Traffic
padding
Routing
Control
Notaris ation
Y
Y
Y
Y
Y
Y
Spring 2012
8
Pervasive security mechanisms
Pervasive Mechanisms


 Any
functionality providing or accessing security
mechanisms should be trustworthy.
 May involve combination of software and hardware.
Five types identified:
functionality,
 security labels,
 event detection,
 security audit trail,
 security recovery.
 trusted
EE5723/EE4723
Spring 2012
Pervasive Mechanisms (Cont’d)


Security labels
 Any
resource (e.g. stored data, processing power,
communications bandwidth) may have security label
associated with it to indicate security sensitivity.
 Similarly labels may be associated with users. Labels
may need to be securely bound to transferred data.
EE5723/EE4723
Link and E2E Encryption:


(1) Link encryption:
–A lot of encryption devices
–Decrypt
yp each p
packet at every
y
switch
-Intermediate switch must be trusted
-Invisible to the users
Includes detection of

attempted security violations,
legitimate security-related activity.
Can be used to trigger event reporting (alarms), event logging,
automated recovery.
Security audit trail
(2) End-to-end encryption
–Addresses potential flaws in lower layers
–The source encrypt and the receiver
decrypts
–Payload
P l d encrypted
t d
–Header in the clear
–Only end nodes must be trusted

Log of past security-related events.
 Permits detection and investigation of past security breaches

Security recovery

Includes mechanisms to handle requests to recover from security
failures (security tolerant).
 May include immediate abort of operations, temporary invalidation
of an entity, addition of entity to a blacklist.
EE5723/EE4723
Spring 2012
Link vs. End-to-End Encryption
Event detection


Trusted functionality
Spring 2012
(3) High Security: Both link and E2E encrypion are
Ref: Network Security Essential,
by Stallings
EE5723/EE4723
needed
Spring 2012
9
Security Services & Layering in General
Typical Message: Link Encryption
Link-to-link Encryption
Sender
Protocol
layer
B
Intermediate Host
N
T
Message
message
(plaintext)
exposed
4. transport
E
Receiver
Message
5. application
M
Transport Header
Network Header
3. network
Data Link Header
2. data link
1. physical
Data Link Trailer

Message encrypted
Message in plaintext
EE5723/EE4723
Ref: Security in Computing, by Charles P.
Pfleeger & Shari Lawrence Pfleeger
Spring 2012
If all hosts on a network are reasonably trustworthy, but
the communications medium is shared w/ other users or
is not secure, link encryption is an easy control to use
EE5723/EE4723
Security Services & Layering in General
Spring 2012
Typical Message: End-to-End Encryption
End-to-End Encryption
S d
Sender
Protocol
layer
I t
Intermediate
di t Host
H t
R i
Receiver
B
N
T
M
E
Message
5. application
4. transport
message
(plaintext)
exposed
Message
Transport Header
3. network
2 d
2.
data
t li
link
k
Network Header
1. physical
Data Link Header
Data Link Trailer
Message encrypted
Message in plaintext
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
10
Comparison of Encryption Architecture

Link-to-link encryption
 Message is plaintext inside of hosts (trustworthy?): node
authentication needed
 Faster
F t (mostly
(
tl hardware);
h d
) Easier/invisible
E i /i i ibl ffor user
 one key per node/interface pair

End-to-end encryption
 Flexible (hardware or software)
 Application & user aware
 No trust in intermediate nodes required: need end user
authentication
 One key per host pair

Unavoidable multilayer security provisioning
EE5723/EE4723
Spring 2012
11