7/30/2019 lecture1-2-NetSecurityIntro
1/11
1
Course Outline: Fundamental Topics
System View of Network SecurityNetwork Security Model
Security Threat Model & Security Services Model
Overview of Network Security
Security Basis: Cryptography Secret key cryptographyHashes and message digests Public key cryptography
Spring 2012EE5723/EE4723
Network SecurityApplications: Authentication and security handshakes pitfallsWell known network security protocols such as
Kerberos, IPSec, SSL/SET, PGP& PKI, WEP
Security (II)
EE5723/EE4723 Spring 2012
Outline
Securit Architecture ofOSI ReferenceModel
Security Placement w/in Multiple ProtocolLayers
Spring 2012EE5723/EE4723
ISO 7498-2: Security Architectureof OSI Reference Model
Internet Protocol Architecture
The OSI reference model & its services(ISO 7498-1)
-
Spring 2012EE5723/EE4723
7/30/2019 lecture1-2-NetSecurityIntro
2/11
2
Internetworking
Host B
Router
Network
A
Network
B
Spring 2012EE5723/EE4723
Host A
Internet Protocol LayeringApplication Layer Application Layer
HTTPMessa e
Host BHost A
Transport Layer
Internet Layer
Transport Layer
Internet Layer
TCP Packet
IP Datagram IP Datagram
Internet Layer
Router
Spring 2012EE5723/EE4723
Network Layer
Physical Network
Network LayerEthernetFrame
Ethernet
Frame
Network Layer
Physical Network
The OSI Reference Model:
ISO 7498-1
OSI Reference Model - internationallystandardized network architecture.
An abstract representation of an ideal
network protocol stack
OSI = Open Systems Interconnection
Spring 2012EE5723/EE4723
pec e n -
Model has 7 layers
Internet Protocols vs. OSI
Internet OSI
pp ca on
Presentation
Session
Transport
Network
Application
TCP
IP3
4
5
3
4
6
5
7
Spring 2012EE5723/EE4723
Data Link
Physical
Network Interface
Hardware1
2
1
2
7/30/2019 lecture1-2-NetSecurityIntro
3/11
3
Lower/Upper Layers
La ers 1-4 often referred to as lower la ers.
Layers 5-7 are the upper layers.
Lower layers relate more closely to thecommunications technology.
Spring 2012EE5723/EE4723
Upper layers relate to applications.
Layer 7: Application Layer
user needs, e.g.:
virtual terminal service,
file transfer,
electronic mail,
Spring 2012EE5723/EE4723
directory services.
Layer 6: Presentation Layer
Concerned with representation oftransmitted data.
Deals with different data representations,e.g. of numbers, characters.
Also deals with data compressionand
Spring 2012EE5723/EE4723
encryption.
Layer for source coding.
Layer 5: Session Layer
Allows establishmentofsessions betweenmachines, e.g. toallow remote logins
provide file transfer service.
Responsible for dialogue control.
Spring 2012EE5723/EE4723
Also performs token management andsynchronization.
7/30/2019 lecture1-2-NetSecurityIntro
4/11
4
Layer 4: Transport Layer Basic function is to take data from Session
Layer, split it up into smalle units, andensure that the units arrive correctly.
Concerned with efficientprovision of service.
The Transport Layer also determines the
Spring 2012EE5723/EE4723
Layer.
Also responsible for congestioncontrol.
Layer 3: Network Layer
Controls the subnet.
Key issue is routing in the subnet; can bebased on:
static tables,
determined at start of session,
Spring 2012EE5723/EE4723
highly dynamic (varying for each packet).
Layer 2: Data Link Layer
Provides reliable, error-free service on top.
include encoding, CRC, etc.
Breaks data into frames. Requirescreation of frame boundaries.
Spring 2012EE5723/EE4723
acknowledgements and selective frameretransmission.
Layer 1: Physical Layer
Concerned with bit transmission overphysical channel.
Issues include:definition of 0/1,
whether channel simplex/duplex,
Spring 2012EE5723/EE4723
connector design.
Mechanical, electrical, procedural matters.
7/30/2019 lecture1-2-NetSecurityIntro
5/11
5
Layering PrinciplesN+1PDU
(N+1) Entity
Service User
(N) Entity
Service Provider
(N+1) Entity
Service User
(N) Entity
Service Provider
Layer N Service
Access Point (SAP)
Layer N protocol
Layer N+1 protocol
SDU
Spring 2012EE5723/EE4723
PDU - Protocol Data Unit
SDU - Service Data Unit
NPDU
NPDU
Services & Protocols
Service = set ofprimitives provided by onelayer to layer above.
Service defines whateach layer can do (but nothow it does it).
Protocol = set ofrules overnin data
Spring 2012EE5723/EE4723
communication between peer entities, i.e.formatand meaning of frames/packets.
ISO 7498-2: Security Architecture
Provides standard definitions of securityterminology
Provides standard descriptions for securityservices and mechanisms
Defines where in OSI reference model
Spring 2012EE5723/EE4723
security services may be provided
Introduces security managementconcepts
Policies, threats, services, & mechanisms
In a secure system, the rules governing securitybehavior should be made explicit in the form of asecurity policy.
Security policy: the set of criteria for the provision ofsecurity services.
A security threat is a possible means by which asecurity policy may be breached (e.g. loss ofintegrity or confidentiality).
Spring 2012EE5723/EE4723
place to address a threat (e.g. provision ofconfidentiality).
A security mechanismis a means to provide aservice (e.g. encryption, digital signature).
7/30/2019 lecture1-2-NetSecurityIntro
6/11
6
Security life-cycle in ISO 7498-2 Define security Model
e ne secur y po cy
Analyze security threats (according to policy)
Define security services to meet threats
Define securit mechanisms to rovide
Spring 2012EE5723/EE4723
services
Provide on-going management of security
Step1: Generic security policy ISO 7498-2 generic authorization policy:
Information ma not be iven to accessed b norpermitted to be inferred by, nor may anyresource be used by, those not appropriatelyauthorized.
Possible basis for more detailed policy.
Spring 2012EE5723/EE4723
Does not cover availability (e.g. DoS attack)issues (for legitimate user).
Policy Types
ISO 7498-2 distinguishes between 2 types
Identity-based:where access to and use of
resources are determined on the basis of theidentities of users and resources
-
Spring 2012EE5723/EE4723
controlled by global rules imposed on all users,e.g. using security labels.
Step 2: Fundamental threats
A threat is: a person, thing, event or idea which poses some danger to an
asset (in terms ofconfidentiality, integrity, availability oreg ma e use .
An attack is a realization of a threat
Safeguards =countermeasures (e.g. controls, procedures) toprotect against threats.
Vulnerabilities=weaknesses in safeguards
Spring 2012EE5723/EE4723
Information leakage
Integrity violation DoS illegitimate use
7/30/2019 lecture1-2-NetSecurityIntro
7/11
7
Step3: Security Services Security services in ISO 7498-2 are a special
class ofsafeguards applying to a communicationenvironment.
ISO 7498-2 defines 5 main categories of securityservice: Authentication (includingentity authentication and
origin authentication)
Spring 2012EE5723/EE4723
ccess con roData confidentiality
Data integrity
Non-repudiation
Step 4: Security Mechanisms
To rovide and su ortsecurit services
Can be divided into two classes:
Specific security mechanisms, used to providespecific security services, and
Pervasive security mechanisms (e.g., trust
Spring 2012EE5723/EE4723
functionality, intrusion/event detection, securityrecovery), not specific to particular services.
Often expensive
Specific security mechanisms
Eight types:
digital signature
access control mechanismsdata integritymechanisms
authentication exchanges
Spring 2012EE5723/EE4723
traffic padding
routing control
notarization
Specific Mechanisms (Contd)
Enciphermentmechanisms = encryption or cipheral orithms.
Can provide data and traffic flow confidentiality.
Digital signature mechanisms signing procedure (private)
verification procedure (public).
Spring 2012EE5723/EE4723
- ,data integrity services.
Both can be basis of some authenticationexchange mechanisms.
7/30/2019 lecture1-2-NetSecurityIntro
8/11
8
Specific Mechanisms (Contd)
Access Control mechanisms
A serverusingclient information to decide whether togrant access to resources
E.g. access control lists, capabilities, security labels.
Data integrity mechanisms
Protection againstmodification of data.
Provide data integrity and origin authentication services. Also
Spring 2012EE5723/EE4723
as s o some au en ca on exc ange mec ansms.
Authentication exchange mechanisms
Provide entity authentication service.
Specific Mechanisms (Contd)
Traffic padding mechanismsThe addition of pretend data to conceal real volumes of
. Provides traffic flow confidentiality.
Routing control mechanismsUsed to prevent sensitive data using insecure channels. E.g. route might be chosen to use only physically secure
network components.
Spring 2012EE5723/EE4723
Notarization mechanisms Integrity, origin and/or destination of data can be
guaranteed by using a 3rd partytrusted notary. Notary typically applies a cryptographic transformation to the
data.
Service/mechanism table ISO 7498-2 indicates which mechanisms can be used to provide which services
Illustrative NOT definitive.
Mechanism Enciph - Digital Access Data
erv ce ermen s gn. on ro n egr
Entity authentication Y Y
Origin authentication Y Y
Acc ess c on tro l Y
Connection confidentiality YConnectionless confident ial i ty Y
Selective field confidentiality Y
Traffic flow confidentiality Y
Connection integrity with recovery Y Y
Spring 2012EE5723/EE4723
Connection integrity without recovery Y Y
Selective field connection integrity Y Y
Connectionless integrity Y Y Y
Selective field connectionless int egrity Y Y Y
Non -repudiation of origin Y Y
Non -repudiation of delivery Y Y
Service/mechanismtable (contd)
MechanismService
Auth .exchange
Trafficpadding
RoutingControl
Notaris -ation
Entity authentication Y
Access c ont rol
Connection confidentiality Y
Connectionlessconfidentiality Y
Selective field conf identialityTraffic flow c onfidentiality Y Y
Connection integrity with recovery
Connection integrity without recovery
Spring 2012EE5723/EE4723
e ec ve e connec on n egr y
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin Y
Non-repudiation of delivery Y
7/30/2019 lecture1-2-NetSecurityIntro
9/11
9
Pervasive security mechanisms
trusted functionality,
security labels,
event detection,
security audit trail,
Spring 2012EE5723/EE4723
security recovery.
Pervasive MechanismsTrusted functionality
mechanisms should be trustworthy.
May involve combination of software and hardware.
Security labels
Any resource (e.g. stored data, processing power,
Spring 2012EE5723/EE4723
associated with it to indicate security sensitivity .
Similarly labels may be associated with users. Labelsmay need to be securely bound to transferred data.
Pervasive Mechanisms (Contd) Event detection
Includes detection of
attempted security violations,
legitimate security-related activity.
Can be used to triggerevent reporting (alarms), event logging ,automated recovery.
Security audit trail Log of past security-related events.
Permits detection and investigation ofpast security breaches
Spring 2012EE5723/EE4723
Security recovery Includes mechanisms to handle requests to recover from security
failures (security tolerant).
May include immediate abort of operations, temporary invalidationof an entity, addition of entity to a blacklist.
Link vs. End-to-End EncryptionLink and E2E Encrypt ion:
(1)Li nk encryption:
A lot of encryption devices
Decrypt each packet at every
switch
-Intermediate swi tch must be trusted
-Invisible to the users
(2) End-to-end encryptionAddresses potential flaws in lower layers
The source encrypt and the receiver
decrypts
Spring 2012EE5723/EE4723
ay oa encrypte
Header in the clear
Onlyend nodes must be trusted
(3) High Security: Both link and E2E encrypion are
neededRef: Network Security Essential,by Stallings
7/30/2019 lecture1-2-NetSecurityIntro
10/11
10
Link-to-link Encryption
ProtocolSender Receiver Intermediate Host
Security Services & Layering in General
layer Messagemessage
(plaintext)
exposed
5. application
4. transport
3. network
2. data link
Spring 2012EE5723/EE4723
Message encrypted
Message in plaintext
Ref: Security in Computing, by Charles P.Pfleeger & Shari Lawrence Pfleeger
1. physical
Typical Message: Link Encryption
MTNB E
Message
Transport Header
Network Header
Data Link Header
Spring 2012EE5723/EE4723
Data Link Trailer
Ifall hosts on a network are reasonably trustworthy, butthe communications medium is shared w/ other users oris not secure, link encryption is an easy control to use
Secur ity Services & Layering in General
End-to-End Encryption
5. application
4. transport
3. network
Protocol
layer
en er ece ver n erme a e os
Messagemessage
(plaintext)exposed
Spring 2012EE5723/EE4723
. a a n
1. physical
Message encrypted
Message in plaintext
Typical Message: End-to-End Encrypt ion
Message
Transport Header
MTNB E
Spring 2012EE5723/EE4723
Data Link Header
Data Link Trailer
7/30/2019 lecture1-2-NetSecurityIntro
11/11
11
Comparison of Encryption Architecture
Link-to-link encryptionMessage is plaintext inside of hosts (trustworthy?): node
authentication needed
Faster mosty ar ware ; Eas er/nvs e or user
one key per node/interface pair
End-to-end encryption
Flexible (hardware or software)
Application & user aware
Spring 2012EE5723/EE4723
No trust in intermediate nodes required: need end userauthentication
One key per host pair
Unavoidable multilayer security provisioning