Network Security

Part I: Introduction
Introductory Security
Concepts
SECURITY INNOVATION 2003
2
Outline
1. Introduction
2. Security domains and policies
3. Security threats
4. Security services
5. Security mechanisms
SECURITY INNOVATION 2003
3
1 Introduction
ISO 7498-2:
provides standard definitions of security
terminology,
provides standard descriptions for security
services and mechanisms,
defines where in OSI reference model security
services may be provided,
introduces security management concepts.
SECURITY INNOVATION 2003
4
Security Life-Cycle
Model is as follows:
define security policy,
analyze security threats (according to policy),
define security services to meet threats,
define security mechanisms to provide services,
provide on-going management of security.
SECURITY INNOVATION 2003
5
Threats, Services and
Mechanisms
A security threat is a possible means by which a
security policy may be breached (e.g. loss of integrity
or confidentiality).
A security service is a measure which can be put in
place to address a threat (e.g. provision of
confidentiality).
A security mechanism is a means to provide a service
(e.g. encryption, digital signature).
SECURITY INNOVATION 2003
6
2 Security Domains and Policies
In a secure system, the rules governing
security behavior should be made explicit in
the form of a Security policy.
Security policy: the set of criteria for the
provision of security services.
Security domain: the scope of a single security
policy.
SECURITY INNOVATION 2003
7
Generic Security Policy
ISO 7498-2 generic authorization policy:
Information may not be given to, accessed by, nor
permitted to be inferred by, nor may any resource
be used by, those not appropriately authorized.
Possible basis for more detailed policy.
It does not cover availability (e.g. denial of
service) issues.
SECURITY INNOVATION 2003
8
Policy Types
ISO 7498-2 distinguishes between 2 types of
security policy:
identity-based: where access to and use of
resources are determined on the basis of the
identities of users and resources,
rule-based: where resource access is controlled by
global rules imposed on all users, e.g. using
security labels.
SECURITY INNOVATION 2003
9
3 Security Threats
A threat is:
a person, thing, event or idea which poses some danger to an
asset (in terms of confidentiality, integrity, availability or
legitimate use).
An attack is a realization of a threat.
Safeguards = measures (e.g. controls, procedures) to
protect against threats.
Vulnerabilities = weaknesses in safeguards.
SECURITY INNOVATION 2003
10
Risk
Risk is a measure of the cost of a vulnerability
(taking into account probability of a successful
attack).
Risk analysis determines whether expenditure
on (new/better) safeguards is warranted.
SECURITY INNOVATION 2003
11
Fundamental Threats
Four fundamental threats (matching
Confidentiality, Integrity, Availability
legitimate use):
Information leakage,
Integrity violation,
Denial of service,
Illegitimate use.
SECURITY INNOVATION 2003
12
Fundamental Threat Examples
Integrity violation
USA Today, falsified reports of missile attacks on
Israel, 7/2002
Denial of service
Yahoo, 2/2000, 1Gbps
Information Leakage
Prince Charles mobile phone calls, 1993
Illegitimate use
Vladimir Levin, Citibank, $3.7M, 1995
SECURITY INNOVATION 2003
13
Primary Enabling Methods
Realization of any of these threats can lead
directly to a realization of a fundamental
threat:
Masquerade,
Bypassing controls,
Authorization violation,
Trojan horse,
Trapdoor.
SECURITY INNOVATION 2003
14
Primary Enabling Methods:
Examples
Masquerade
Royal Opera House web site, 8/2002 Information Leakage
Bypassing controls
ADSL modem passwords Illegitimate Use
Authorization violation
Cross site scripting Information Leakage
Trojan horse
PWSteal.Trojan, 1999 Information Leakage
Trapdoor
Ken Thompson, Unix login Reflections on Trusting Trust,
1975 - Illegitimate Use
SECURITY INNOVATION 2003
15
4 Security Services
Security services in ISO 7498-2 are a special
class of safeguard applying to a
communications environment.
Hence they are the prime focus of IC3.
Computer security safeguards are covered in
IC4.
SECURITY INNOVATION 2003
16
Security Service Classification
ISO 7498-2 defines 5 main categories of
security service:
Authentication (including entity authentication
and origin authentication),
Access control,
Data confidentiality,
Data integrity,
Non-repudiation.
SECURITY INNOVATION 2003
17
Authentication
Entity authentication provides checking of a
claimed identity at a point in time.
Typically used at start of a connection.
Addresses masquerade and replay threats.
Origin authentication provides verification of
source of data.
Does not protect against duplication or
modification of data.
GSM, web servers
SECURITY INNOVATION 2003
18
Access Control
Provides protection against unauthorized use
of resource, including:
use of a communications resource,
reading, writing or deletion of an information
resource,
execution of a processing resource.
Remote users
SECURITY INNOVATION 2003
19
Data Confidentiality
Protection against unauthorized disclosure of
information.
Four types:
Connection confidentiality,
Connectionless confidentiality,
Selective field confidentiality,
Traffic flow confidentiality.
Internet banking session
Encrypting routers as part of Swift funds transfer
network
SECURITY INNOVATION 2003
20
Data Integrity
Provides protection against active threats to
the validity of data.
Five types:
Connection integrity with recovery,
Connection integrity without recovery,
Selective field connection integrity,
Connectionless integrity,
Selective field connectionless integrity.
MD5 hashes
http://www.apache.org/dist/httpd/binaries/linux/


SECURITY INNOVATION 2003
21
Non-repudiation
Protects against a sender of data denying that
data was sent (non-repudiation of origin).
Protects against a receiver of data denying
that data was received (non-repudiation of
delivery).
Analogous to signing a letter and sending recorded
delivery


SECURITY INNOVATION 2003
22
5 Security mechanisms
Exist to provide and support security services.
Can be divided into two classes:
Specific security mechanisms, used to provide
specific security services, and
Pervasive security mechanisms, not specific to
particular services.
SECURITY INNOVATION 2003
23
Specific Security Mechanisms
Eight types:
encryption,
digital signature,
access control mechanisms,
data integrity mechanisms,
authentication exchanges,
traffic padding,
routing control,
notarization.
SECURITY INNOVATION 2003
24
Specific Mechanisms I
Encryption mechanisms = encryption or
cipher algorithms.
Can provide data and traffic flow confidentiality.
Digital signature mechanisms
signing procedure (private),
verification procedure (public).
Can provide non-repudiation, origin
authentication and data integrity services.
Both can be basis of some authentication
exchange mechanisms.
SECURITY INNOVATION 2003
25
Specific Mechanisms II
Access Control mechanisms
A server using client information to decide
whether to grant access to resources
E.g. access control lists, capabilities, security labels.
Data integrity mechanisms
Protection against modification of data.
Provide data integrity and origin authentication services.
Also basis of some authentication exchange mechanisms.
Authentication exchange mechanisms
Provide entity authentication service.
SECURITY INNOVATION 2003
26
Specific Mechanisms III
Traffic padding mechanisms
The addition of pretend data to conceal real volumes of data
traffic.
Provides traffic flow confidentiality.
Routing control mechanisms
Used to prevent sensitive data using insecure channels.
E.g. route might be chosen to use only physically secure
network components.
Notarization mechanisms
Integrity, origin and/or destination of data can be
guaranteed by using a 3rd party trusted notary.
Notary typically applies a cryptographic transformation to the
data.
SECURITY INNOVATION 2003
27
Pervasive Security Mechanisms
Five types identified:
trusted functionality,
security labels,
event detection,
security audit trail,
security recovery.
SECURITY INNOVATION 2003
28
Pervasive Mechanisms I
Trusted functionality
Any functionality providing or accessing security
mechanisms should be trustworthy.
May involve combination of software and hardware.
Security labels
Any resource (e.g. stored data, processing power,
communications bandwidth) may have security label
associated with it to indicate security sensitivity.
Similarly labels may be associated with users. Labels may
need to be securely bound to transferred data.
SECURITY INNOVATION 2003
29
Pervasive Mechanisms II
Event detection
Includes detection of
attempted security violations,
legitimate security-related activity.
Can be used to trigger event reporting (alarms), event
logging, automated recovery.
Security audit trail
Log of past security-related events.
Permits detection and investigation of past security breaches.
SECURITY INNOVATION 2003
30
Pervasive Mechanisms II
Security recovery
Includes mechanisms to handle requests to recover from
security failures.
May include immediate abort of operations, temporary
invalidation of an entity, addition of entity to a blacklist.

SECURITY INNOVATION 2003
31
Services Versus Mechanisms
ISO 7498-2 indicates which mechanisms can
be used to provide which services.
Illustrative NOT definitive.
Omissions include:
use of integrity mechanisms to help provide
authentication services,
use of encryption to help provide non-repudiation
service (as part of notarization).
SECURITY INNOVATION 2003
32
Service/Mechanism Table I
S Se er rv vi ic ce e/ / M Me ec ch ha an ni is sm m

E En nc cr ry yp pt ti io on n D Di ig gi it ta al l
S Si ig gn na at tu ur re e
A Ac cc ce es ss s
C Co on nt tr ro ol l
D Da at ta a
I In nt te eg gr ri it ty y
Entity authentication
Y Y
Origin authentication
Y Y
Access control
Y
Connection confidentiality
Y
Connectionless confidentiality
Y
Selective field confidentiality
Y
Traffic flow confidentiality
Y
Connection integrity with recovery
Y Y
Connection integrity without recovery
Y Y
Selective field connection integrity
Y Y
Connectionless integrity
Y Y Y
Selective field connectionless integrity
Y Y Y
Non-repudiation of origin
Y Y
Non-repudiation of delivery
Y Y


SECURITY INNOVATION 2003
33
Service/Mechanism Table II
S Se er rv vi ic ce e M Me ec ch ha an ni is sm m

A Au ut th ho or ri iz za at ti io on n
e ex xc ch ha an ng ge e
T Tr ra af ff fi ic c
p pa ad dd di in ng g
R Ro ou ut ti in ng g
C Co on nt tr ro ol l
N No ot ta ar ri is sa at ti io on n
Entity authentication
Y
Origin authentication

Access control

Connection confidentiality
Y
Connectionless confidentiality
Y
Selective field confidentiality

Traffic flow confidentiality
Y Y
Connection integrity with recovery

Connection integrity without recovery

Selective field connection integrity

Connectionless integrity

Selective field connectionless integrity

Non-repudiation of origin
Y
Non-repudiation of delivery
Y


SECURITY INNOVATION 2003
34
Services Versus Layers
ISO 7498-2 lays down which security services
can be provided in which of the 7 layers.
Layers 1 and 2 may only provide
confidentiality services.
Layers 3/4 may provide many services.
Layer 7 may provide all services.
SECURITY INNOVATION 2003
35
Service/Layer Table
S Se er rv vi ic ce e / / L La ay ye er r L La ay ye er r 1 1 L La ay ye er r 2 2 L La ay ye er r 3 3 L La ay ye er r 4 4 L La ay ye er r 5 5/ /6 6 L La ay ye er r 7 7
Entity authentication
Y Y Y
Origin authentication
Y Y Y
Access control
Y Y Y
Connection confidentiality
Y Y Y Y Y
Connectionless confidentiality
Y Y Y Y
Selective field confidentiality
Y
Traffic flow confidentiality
Y Y Y
Connection integrity with recovery
Y Y
Connection integrity without recovery
Y Y Y
Selective field connection integrity
Y
Connectionless integrity
Y Y Y
Selective field connectionless integrity
Y
Non-repudiation of origin
Y
Non-repudiation of delivery
Y