Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Security Services

advertisement 
SECURITY THREATS FOR
TELEMATIC COMMUNICATIONS
SECURITY IN WIRELESS NETWORKS
Carlos Rey-Moreno – crey-moreno@uwc.ac.za
Introduction to Security Services
 How secure are our data networks?
❍ What is a Threat?
❍ What is an Attack?
❍ What is a Vulnerability?
 Common types of network attacks
❍ Eavesdropping
❍ Masquerading
❍ Man-in-the-middle
❍ Denial of service
 What is a Security Service?
❍ ITU-T Definition
❍ Services to reduce design
vulnerabilities
 X.800 Security Services
for Open Systems
❍ Confidentiality
❍ Integrity
❍ Authentication
❍ Access Control
❍ Non Repudiation
❍ Anonymity
❍ Availability
How secure are we on a data
network?
 What is a Threat?
A potential for violation of security, which
exists when there is an entity, circumstance,
capability, action, or event that could cause
harm.
How secure are we on a data
network?
 What is a Threat?
A potential for violation of security, which
exists when there is an entity, circumstance,
capability, action, or event that could cause
harm.
Something that can be wrong!!!
How secure are we on a data
network?
 Why do we have to minimize the threats?
❍ Because the threats lead to attacks
An intentional act by which an entity
attempts to evade security services and
violate the security policy of a system. That
is, an actual assault on system security that
derives from an intelligent threat. (See:
penetration, violation, vulnerability.)
How secure are we on a data
network?
 Why do we have to minimize the threats?
❍ Because the threats lead to attacks
An intentional act by which an entity
attempts to evade security services and
violate the security policy of a system. That
is, an actual assault on system security that
derives from an intelligent threat. (See:
penetration, violation, vulnerability.)
Actions to damage a system!!!
How secure are we on a data
network?
 How is implemented an attack?
❍ Attacks are implemented through vulnerabilities
A flaw or weakness in a system's design,
implementation, or operation and
management that could be exploited to
violate the system's security policy.
How secure are we on a data
network?
 How is implemented an attack?
❍ Attacks are implemented through vulnerabilities
A flaw or weakness in a system's design,
implementation, or operation and
management that could be exploited to
violate the system's security policy.
The ways to damage a system!!!
How secure are we on a data
network?
Threats
Vulnerabilities
The threats are exploited by attacks. The
attacks are designed taking advantage of the
vulnerabilities of the network protocols and
systems (one attack can involve several
vulnerabilities). If the attack succeeds the
systems may get down.
Attacks
Success
HARM
How secure are we on a data
network?
 Example 1: e-commerce web server attack
Vulnerabilities
database
http://nvd.nist.
gov/home.cfm
❍ Threat. Attacker impersonating a customer
❍ Vulnerability. Check the vulnerabilities of the web server
(brand, version, operating system…). For example we
discovered that the users database is opened to LDAP
queries in the current web server version.
❍ Attack. The attacker designs an attack based on the
discovered vulnerabilities. He/She makes thousands of
queries to users database to get potential targets. Try the
most popular passwords with all the gathered users until
gets a valid user/password credential. Finally the attacker
can make a purchase with charge to the victim.
How secure are we on a data
network?
 So we have to know the threats of a system
in order to define the appropriate security
services to avoid or minimize the
consequences of attacks
❍ We have to know the threats
❍ We have to discover the potential attacks (the
way that the threats become reality)
❍ We have to incorporate security services in the
systems to minimize (or avoid) the harm caused
by attacks
Common Types of Network Attacks
 Eavesdropping
❍ An attacker who has gained access to the data path in the
network listen or read the traffic.
Information
for Bob
Alice
Attacker
Information
for Bob
Information
for Bob
Bob
The attacker gets
the information
sent to Bob
illegally
Common Types of Network Attacks
 Masquerading
❍ The attacker impersonates one of the participants in the
communication.
Attacker
Alice
Hello Bob, I am Alice, could you please send me the money to
this address: XXX?
Hello Alice, of course I will send you the money to that address
Bob
Common Types of Network Attacks
 Man-in-the-middle
❍ The attacker controls the communication transparently. The
participants believe that they are communicating directly
with each other.
I need 10 €
I need 5 €
Alice
I need 5 €
Attacker
I need 10 €
Bob
The attacker
modifies the
information and
nobody knows
Common Types of Network Attacks
 Denial of service
❍ The attacker prevents the normal use of the network
resources.
Alice
Bob
Attacker
The attacker turns
the network down
We already know the threats and
now… what?
 What can we do?
 How can we protect the networks?
First Step: To remove the design vulnerabilities
Deploying Security Services
What is a security service?
“A service, provided by a layer of
communicating open systems, which
ensures adequate security of the
systems or of data transfers”.
Recommendation X.800
What is a security service?
“A service, provided by a layer of
communicating open systems, which
ensures adequate security of the
systems or of data transfers”.
Recommendation X.800
What does it mean?
What is a layer of an open system?
What is the adequate security?
What is a security service?
 Layered communication model: What is that?
The model of layered architecture
is the dominant paradigm to design
final telecommunication solutions
What is a security service?
 Layered communication model: Why is widely
accepted?
You can face the big problem
through small problems
Divide and Conquer strategy!!!
L5
L4
Big
Layer
L3
L2
L1
F(x) = Functionality of x
F(Big Layer) = F(L5) + F(L4) + F(L3) + F(L2) + F(L1)
C(x) = Complexity of x
C(Big Layer) >> C(L5) + C(L4) + C(L3) + C(L2) + C(L1)
R (x) = Reutilization of x
R(Big Layer) <<< R(L5) or R(L4) or R(L3) or R(L2) or R(L1)
What is a security service?
 Development of a telematic solution – Security of
the Design State
L5
S1
L4
L3
S2
S3
Number of vulnerabilities: N
S5
L4
L3
S4
L2
L1
L5
Security services are
functionalities added to the
layers to reduce the number of
vulnerabilities (implies the
reduction of threats too)
L2
L1
Number of vulnerabilities: S
S<<N
What are these functionalities
to provide security?
X.800 Security Services for Open
Systems
 The ITU-T X.800 Recommendation
defines five security services
❍
❍
❍
❍
❍
Confidentiality
Integrity
Authentication
Non-repudiation
Access Control
 Currently there are two more
common security services widely accepted
❍ Anonymity
❍ Availability
X.800 Security Services for Open
Systems

Confidentiality
❍ When it is provided, it protects the network users from attacks of
eavesdropping. Only the authorized recipient of the information
will access the information.
Eavesdropping attack
Information
for Bob
Information
for Bob
Bob
Alice
Confidentiality
Service
Attacker
Information
for Bob
The attacker gets
the information
sent to Bob
illegally
X.800 Security Services for Open
Systems

Integrity
❍ When it is provided, it guarantees that the data received by the
authorized receiver is the same as the data sent by the authorized
sender.
MIMT attack
I need 10 €
I need 5 €
Alice
Integrity
Service
I need 5 €
Attacker
I need 10 €
Bob
The attacker
modifies the
information and
nobody knows
X.800 Security Services for Open
Systems

Authentication
❍ When it is provided, it guarantees the identity of the users involved
in the communication.
Masquerading attack
Authentication
Service
Attacker
Alice
Bob
X.800 Security Services for Open
Systems

Non repudiation
❍ When it is provided, it avoids that either the issuer or the receiver
can deny the participation in a communication.
Alice
Attacker
Notification 1
Have you got the notification?
Non repudiation
Service
NO
You can not deny
that you have
signed the
message
X.800 Security Services for Open
Systems

Access Control
❍ When it is provided, it guarantees that only the authorized people
can access to protected resources.
Access Control
Service
Attacker
Bob
Bob
Shared between
Bob and Alice
Bob’s resources
Security Services <=> Layers
 Now we know the common security services to protect the
layers from attacks, but…
What services do we have to provide in each layer?
It depends on the layer that we are considering… let’s go to
talk about wireless layer - Wifi (link level according to ITU-T
X.200 Recommendation)
Confidentiality
Access Control
Authentication
How do we implement those services?
How to implement Security Services
Security Services
Security Protocols
Security Mechanism
Tools for providing security
Cryptographic Mechanism
With cryptography we can build security mechanisms
(e.g. with RSA we build Digital Signatures)
With security mechanisms we can build security Protocols
(e.g. with digital signatures we build IPSec or SSL)
With security protocols we can build security services
(e.g. with IPSec we provide integrity, confidentiality and
authentication)
With security services we can build secure services
(e.g. with integrity, confidentiality and authentication we build ecommerce solution)
The content of this presentations has used materials
from:
- Iván Pau de la Cruz @ UPM, Spain
Thanks to him!
Related documents
Lecture 3
Lecture 3
Problem sheet 01_ans..
Problem sheet 01_ans..
sequence authentication
sequence authentication
solution
solution
Finding_26
Finding_26
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
Did you miss Bob Andres on FOX Business? Last Friday Bob Andres
Did you miss Bob Andres on FOX Business? Last Friday Bob Andres
In today world of advance computing and more computer conneted
In today world of advance computing and more computer conneted
Chapter 2 - Department of Accounting and Information Systems
Chapter 2 - Department of Accounting and Information Systems
Download
advertisement