CS 689 (Research Methods)

Security in Asynchronous Transfer Mode(ATM)

By

SOBHA SIRIPURAPU

Introduction

ATM – Asynchronous Transfer Mode

Originally designed to implement B-ISDN (Broadband Integrated Services Digital Network) technology so that all forms of data traffic ( voice , video, data etc.) can be transferred over telecommunication networks.

Introduction (contd…)

ATM’s flexibility to deliver different classes of traffic at high or low speeds has made it a popular choice for many networks.

Therefore security is an emerging concern in the ATM networks.

Problem Description

Security is becoming more and more significant in network environment with the emergence of the internetworking technology.

Security in ATM networks is developing into a major concern because it was not a part of the original design.

This research describes why security in ATM networks is a potential issue and details the security measures needed to protect the network.

ATM networks require adequate security features to protect the involved systems, their interfaces and the information they process. The security requirements for ATM networks originate from the following sources : -

----- Customers / subscribers who use the ATM network

Motivation

Motivation (contd…)

---- the public communities / authorities who demand security using directives to ensure availability of services, fair competition and privacy protection.

---- network operators / service providers who require security to safeguard their interests.

Objective

The primal objectives in ATM security are:

Confidentiality : Confidentiality of stored and transferred data

Data Integrity : Protection of stored and transferred information.

Accountability : Accountability for all ATM networks and transactions.

Objective (contd…)

Availability : All legitimate requests should be allowed to pass.

In this research, we first examine the threats to ATM networks, the requirements of ATM security and its implementation issues.

Threats to ATM networks The following intentional threats should be considered

in a threat analysis of an ATM network: Masquerade(“spoofing”):

The pretence by an entity to be a different entity. Eavesdropping:

A breach of confidentiality by monitoring communication.Unauthorized access:

An entity attempts to access data in violation to the security policy in force.

Threats to ATM networks (contd…)

Loss or corruption of informationRepudiation:

An entity involved in a communication exchange subsequently denies the fact.ForgeryDenial of Service:

This occurs when an entity fails to perform its function or prevents other entities from performing their functions.

Requirements of a Secured Network

Verification of Identities : Establish and verify the identity of the user.

Controlled access and authorization : No access to unauthorized information.

Protection of Confidentiality : Stored and communicated data should be

confidential.Protection of Data Integrity :

Guaranteed integrity of communicated data.

Requirements of a Secured Network (contd…)

Strong Accountability : An entity can’t deny the responsibility of its performed

actions as with their effects.Activity Logging :

Should support the capability to retrieve information about security activities.Alarm reporting :

Should be able to generate alarm notification about selective security related events.

Requirements of a Secured Network (contd…)

Audit : During security violations, the system should be able

to analyze the logged data relevant to security. Security recovery :

Should be able to recover from successful or services derived from the above.Security Management :

The security system should be able to manage the security services derived from the above requirements.

Main Security Objecti-ves

Masque-rade

Eaves

Droppi-ng

Un-authoriz-ed Access

Loss or Corruption of (transferred)information

Repudiation

Forger y Denial of service

Confidentiality

x x x

Data Integrity

x x x x

Accountability

x x x x

Availability

x x x x

Generic Threats

Mapping of Objectives and Threats

ATM Security Scope

ATM architecture includes three planes :User Plane : this is responsible for transfer of user data.Control Plane : is responsible for connection establishment, release etc.Management Plane : is responsible for proper functioning of various entities in the above two planes.

Figure 1 : ATM Architecture

User Plane Security The user plane entities interact directly with user and have to be flexible to meet the requirements.It provides security services like access control,authentication, data confidentiality and integrityDepending on customer requirements services like key exchange, certification infrastructure and negotiation of security options, might be useful.

Control Plane SecurityThis configures the network to provide communication channel for a user; it interacts with the switching table or manages the virtual channel.Most of the threats to security are relative to control plane. Therefore it is very important to secure the control plane.This plane may be secured by providing authentication and confidentiality of the signal.

If the message recipient can verify the source of this message, then denial of service attack cannot happen.

Control plane authentication can also be used to provide the auditing information for accurate billing which should be immune to repudiation.

Management Plane Security

This plane considers bootstrapping security, authenticated neighbor discovery, the Interim Local Management Interface security and permanent virtual circuit security.

Security recovery and security management have to be provided in security framework.

Figure 2

Security of the ATM layer

ATM layer entities perform ATM data transfer on behalf of the other entities in the three planes as shown in figure 2.

Since all data have to be transferred through ATM layer, the security of ATM layer is extremely important.

Draft of Phase I Security Specification

To solve the security problem for ATM security, ATM Forum Security Working Group is working on an ATM security infrastructure and have come up with Phase I Security Specification.

This deals mainly with security mechanisms in user plane and a part of control plane.

It includes mechanisms for authentication, confidentiality, data integrity and access control for the user plane.

ATM FirewallsFirewalls are widely used security mechanisms in the internet as of today.Traditional firewalls are not sufficient for ATM networks because of two main reasons :

--- A Packet filtering router needs to terminate end-to-end ATM connections in order to extract IP packets for inspection.

--- The filtering bandwidth of a traditional firewall is far less than the typical ATM rate of data transfer.

Two approaches to solve the problem of incorporating firewalls in ATM networks are as follows :

a) Parallel Firewalls:In this, distribution of load is done in two ways. i) Static Distribution of connections: One way is to provide a separate proxy server for reach service that has to be supported.By distributing the proxy servers among different hosts, the security can also be improved.ii) Dynamic Distribution of Connections : A proxy server may be replicated on multiple processors.Connections can then be dynamically mapped to replicated proxy servers.

The advantage of this solution is that meta proxy may gather status and load statistics from the proxy servers that enables a fair and balanced distribution of incoming connections.ATM Firewalls with FQoS :

The concept of Firewall Quality of Service (FQoS) is to optimize the effort to make the connections secure.

Conclusions ATM has been predicted to be the most

popular network technology in coming years. Therefore making ATM secure in terms of data transmission is a prime concern in network research and development. Though the Security Framework (Phase I) published by the ATM forum gives us a general overall view of the requirement, solutions meeting these are very few in number today.

Referenceshttp://www.3com.com- 3 Com Corporationhttp://www.gdc.com-General Datacomm,Inc.http://www.cisco.com -Cisco systems, Inc.http://www.newbridge.com -Newbridge Networks Corporation.ATM Forum Security Framework (Phase 1)http://www.atmforum.comhttp://www.computerworld.comhttp://www.network.comhttp://www.nortel.com

QUESTIONS?QUESTIONS?