IC31 Network security

1
IC3-1 Network security

• Part 1 - Introductory network concepts
• Matthew Joyce
• Dresdner Kleinwort Wasserstein

2
Outline

• Internet Protocols
• Protocol hierarchies
• The OSI reference model
• Services in the OSI model
• Example networks

3
1. Internet Protocols
Network
Web Browser
Web Server
4
Application Layer

• How does web browser retrieve data from web
  server?
• Application Protocol Hypertext Transfer Protocol
  (HTTP).
• Users invoke applications which speak using
  application protocol.
• Applications interact with a transport protocol
  to send or receive data.
• Others FTP, SMTP, DNS, SMB,

5
Application Layer Example

• HTTP outline
• GET /directory/dirsearch.html HTTP/1.1
• Host www.phoenix.co.uk

GET /directory/dirsearch.html HTTP/1.1 Host
www.phoenix.co.uk
HTTP Message
6
Transport Layer

• Provides end-to-end communication between
  applications.
• Transport Protocol Transport Control Protocol
  (TCP)
• A transport protocol may be reliable, flow may be
  regulated.
• Divides stream of application messages into
  packets.
• Interacts with Internet Layer to send or receive
  data.
• Others UDP, ICMP

7
Transport Layer Example

• TCP outline
• Source Port 1081
• Destination Port 80
• Checksum 0xa858

GET /directory/dirsearch.html HTTP/1.1 Host
www.phoenix.co.uk
Src 1081 Dst 80 Chksum 0xa858
HTTP Message
TCP header
8
Internet Layer

• Communication between one machine and another.
• Accepts requests to send packets to destination
  address.
• Encapsulates packets in IP datagram with IP
  header and uses routing algorithm to decide if to
  send directly or indirectly.
• Also handles incoming IP datagrams.
• If addressed to local machine, remove the IP
  datagram header and pass up to transport layer.

9
Internet Layer Example

• IP outline
• Time to live 128
• Header checksum 0x57d1
• Source pelican (192.168.0.40)
• Destination www.phoenix.co.uk (192.168.0.50)

HTTP Message
TCP header
IP datagram header
GET /directory/dirsearch.html HTTP/1.1 Host
www.phoenix.co.uk
Src 1081 Dst 80 Chksum 0xa858
Src 192.168.0.40 Dst 192.168.0.50 TTL 128
10
Network Interface Layer

• Accepts IP datagrams and transmits over specific
  networks.
• Maybe a simple device driver (e.g. an Ethernet
  driver) or a complex subsystem with further data
  link protocols.

11
Network Interface Layer Example

• Ethernet outline
• Destination 00a0cc541d4e
• Source 00e0811019fc
• Type IP

Ethernet Frame
Src 00e0811019fc Dst 00a0cc541d4e
Type IP
GET /directory/dirsearch.html HTTP/1.1 Host
www.phoenix.co.uk
Src 1081 Dst 80 Chksum 0xa858
Src 192.168.0.40 Dst 192.168.0.50 TTL 128
12
Protocol Layering
Host A
Host B
Application Layer
Application Layer
Message
Transport Layer
Transport Layer
Packet
Internet Layer
Internet Layer
Datagram
Network Layer
Network Layer
Frame
Physical Network
13
Protocol Layering
Web Browser
Web Server
Application Layer
Application Layer
HTTP Message
Transport Layer
Transport Layer
TCP Packet
Internet Layer
Internet Layer
IP Datagram
Network Layer
Network Layer
Ethernet Frame
Physical Network
14
Internetworking

• No single networking technology can satisfy all
  requirements.
• Universal interconnection is desired.
• Protocols allow communication between nodes
  without understanding underlying mechanisms.

15
Routing
Network B
Router
Web Browser
Network A
Web Server
16
Protocol Layering
Host B
Host A
Application Layer
Application Layer
HTTP Message
Transport Layer
Transport Layer
TCP Packet
Router
Internet Layer
Internet Layer
Internet Layer
IP Datagram
IP Datagram
Network Layer
Network Layer
Network Layer
Ethernet Frame
Ethernet Frame
Physical Network
Physical Network
17
2 Protocol hierarchies

• Protocols are stacked vertically as series of
  layers.
• Each layer offers Services to layer above,
  shielding implementation details.
• Layer n on one machine communicates with layer n
  on another machine (they are peer
  processes/entities) using Layer n Protocol.

18
Layers, protocols interfaces
Layer n/n1 interface
Layer n/n1 interface
Layer n protocol
Layer n
Layer n
Layer n-1/n interface
Layer n-1/n interface
Layer 2/3 interface
Layer 2/3 interface
Layer 2 protocol
Layer 2
Layer 2
Layer 1/2 interface
Layer 1/2 interface
Layer 1 protocol
Layer 1
Layer 1
Physical communications medium
19
Layer/interface design

• Important objective is clean interfaces, having
  minimal set of well-defined services.
• Clean-cut interfaces enable
• minimisation of inter-layer communications
• easy replacement of individual layers
• Set of layers and protocols is the Network
  Architecture.

20
Virtual actual comms.

• Vital to understand difference between
• virtual and actual communications,
• protocols and interfaces.
• Peer processes think of communications as being
  horizontal using protocol.
• Actual communications is via interfaces.
• Peer process idea is key to network design.

21
Design issues

• Some issues affect many layers, e.g
• need to address data (say who its for),
• possible need for setting up connections,
• data transfer rules (simplex, half-duplex, ...),
• error management,
• deal with message component re-ordering,
• flow control,
• routing.

22
3 The OSI Reference model

• OSI Reference Model - internationally
  standardised network architecture.
• An abstract representation of an ideal network
  protocol stack
• OSI Open Systems Interconnection
• Specified in ISO 7498-1.
• Model has 7 layers.

23
Internet Protocols vs OSI
Application
Application
7
Presentation
6
5
Session
5
Transport
TCP
4
4
Network
IP
3
3
Network Interface
Data Link
2
2
Physical
Hardware
1
1
24
The OSI model
Layer 7
Application Layer
Layer 6
Presentation Layer
Layer 5
Session Layer
Layer 4
Transport Layer
Layer 3
Network Layer
Communications subnet boundary
Layer 2
Data Link Layer
Layer 1
Physical Layer
25
Lower/Upper Layers

• Layers 1-4 often referred to as lower layers
• Layers 5-7 are the upper layers.
• Lower layers relate more closely to the
  communications technology.
• Upper layers relate to application.

26
Layer 7 Application Layer

• Home to wide variety of protocols for specific
  user needs, e.g.
• virtual terminal service,
• file transfer,
• electronic mail,
• directory services.

27
Layer 6 Presentation Layer

• Concerned with representation of transmitted
  data.
• Deals with different data representations, e.g.
  of numbers, characters.
• Also deals with data compression and encryption.
• Layer for source coding.

28
Layer 5 Session Layer

• Allows establishment of sessions between
  machines, e.g. to
• allow remote logins
• provide file transfer service.
• Responsible for dialogue control.
• Also performs token management and
  synchronisation.

29
Layer 4 Transport Layer

• Basic function is to take data from Session
  Layer, split it up into smaller units, and ensure
  that the units arrive correctly.
• Concerned with efficient provision of service.
• The Transport Layer also determines the type of
  service to provide to the Session Layer.

30
Layer 3 Network Layer

• Controls the subnet.
• Key issue is routing in the subnet can be based
  on
• static tables,
• determined at start of session,
• highly dynamic (varying for each packet).
• Also responsible for congestion control.

31
Layer 2 Data Link Layer

• Provides reliable, error-free service on top of
  raw Level 1 service.
• Breaks data into frames. Requires creation of
  frame boundaries.
• Frames used to manage errors via acknowledgements
  and selective frame retransmission.

32
Layer 1 Physical Layer

• Concerned with bit transmission over physical
  channel.
• Issues include
• definition of 0/1,
• whether channel simplex/duplex,
• connector design.
• Mechanical, electrical, procedural matters.

33
4 Services in the OSI model

• In OSI model, each layer provide services to
  layer above, and consumes services provided by
  layer below.
• Active elements in a layer called entities.
• Entities in same layer in different machines
  called peer entities.

34
Layering Principles
N1 PDU
(N1) Entity Service User
(N1) Entity Service User
Layer N1 protocol
Layer N Service Access Point (SAP)
SDU
(N) Entity Service Provider
(N) Entity Service Provider
Layer N protocol
N PDU
N PDU
PDU - Protocol Data Unit SDU - Service Data Unit
35
Connections

• Layers can offer connection-oriented or
  connectionless services.
• Connection-oriented like telephone system.
• Connectionless like postal system.
• Each service has an associated Quality-of-service
  (e.g. reliable or unreliable).

36
Reliability issues

• Reliable services never lose/corrupt data.
• Reliable service costs more.
• Typical application for reliable service is file
  transfer.
• Typical application not needing reliable service
  is voice traffic.
• Not all applications need connections.

37
Services and protocols

• Service set of primitives provided by one layer
  to layer above.
• Service defines what layer can do (but not how it
  does it).
• Protocol set of rules governing data
  communication between peer entities, i.e. format
  and meaning of frames/packets.
• Service/protocol decoupling very important.

38
5 Example networks

• Local area networks (IEEE 802)
• Internet (TCP/IP)
• ISDN
• GSM, 3G

39
Local Area Networks

• The IEEE 802 standards have come to dominate
  LANs. They specify protocols for use at Layers 1
  and 2.
• LANs (Local Area Networks) used within limited
  areas (e.g. buildings/campuses) as opposed to
  WANs (Wide Area Networks).
• ISO/IEC 8802-n IEEE 802.n

40
IEEE 802

• IEEE 802.2 Layer 2 (most of).
• IEEE 802.3, 802.4 and 802.5 are three options for
  Layer 1 (and a bit of Layer 2).
• IEEE 802.3 Ethernet.

41
ISDN

• ISDNIntegrated Services Digital Network.
• ISDN enables public-switched telephone network to
  carry data as well as voice.
• Current (N-ISDN) offers 64 kbit/sec channels -
  via modern telephone exchanges.
• Can be used to support variety of applications -
  e.g. video-conference.

42
GSM 3G

• Global System for Mobile Communications
• Digital technology and time division multiple
  access transmission methods.
• Voice is digitally encoded, allowing very
  efficient data rate/information content ratio.
• Open, non-proprietary standard
• 3G is 3rd generation GSM
• High end services including substantially
  enhanced capacity, quality and data rates than
  currently available.
• Makes video on demand, high speed multimedia and
  internet access possible.

43
The Internet

• Internet - evolved out of a US Government funded
  network (ARPANET).
• Developed in parallel with OSI so it does not
  conform.
• Has its own protocols at layers 3/4 called TCP
  (layer 4) and IP (layer 3).
• Has pushed OSI out (de facto beats de jure)
• Now 5 million web sites, 200 million users.

44
IC3-1 Network security

• Part 2 - Introductory security concepts

45
Outline

• Introduction
• Security domains and policies
• Security threats
• Security services
• Security mechanisms

46
1 Introduction

• ISO 7498-2
• provides standard definitions of security
  terminology,
• provides standard descriptions for security
  services and mechanisms,
• defines where in OSI reference model security
  services may be provided,
• introduces security management concepts.

47
Security life-cycle

• Model is as follows
• define security policy,
• analyse security threats (according to policy),
• define security services to meet threats,
• define security mechanisms to provide services,
• provide on-going management of security.

48
Threats, services and mechanisms

• A security threat is a possible means by which a
  security policy may be breached (e.g. loss of
  integrity or confidentiality).
• A security service is a measure which can be put
  in place to address a threat (e.g. provision of
  confidentiality).
• A security mechanism is a means to provide a
  service (e.g. encryption, digital signature).

49
2 Security domains and policies

• In a secure system, the rules governing security
  behaviour should be made explicit in the form of
  a Security policy.
• Security policy the set of criteria for the
  provision of security services.
• Security domain the scope of a single security
  policy.

50
Generic security policy

• ISO 7498-2 generic authorisation policy
• Information may not be given to, accessed by,
  nor permitted to be inferred by, nor may any
  resource be used by, those not appropriately
  authorised.
• Possible basis for more detailed policy.
• N.b. does not cover availability (e.g. denial of
  service) issues.

51
Policy Types

• ISO 7498-2 distinguishes between 2 types of
  security policy
• identity-based where access to and use of
  resources are determined on the basis of the
  identities of users and resources,
• rule-based where resource access is controlled
  by global rules imposed on all users, e.g. using
  security labels.

52
3 Security threats

• A threat is
• a person, thing, event or idea which poses some
  danger to an asset (in terms of confidentiality,
  integrity, availability or legitimate use).
• An attack is a realisation of a threat.
• Safeguards measures (e.g. controls, procedures)
  to protect against threats.
• Vulnerabilities weaknesses in safeguards.

53
Risk

• Risk is a measure of the cost of a vulnerability
  (taking into account probability of a successful
  attack).
• Risk analysis determines whether expenditure on
  (new/better) safeguards is warranted.

54
Fundamental threats

• Four fundamental threats (matching CIA
  legitimate use)
• Information leakage,
• Integrity violation,
• Denial of service,
• Illegitimate use.

55
Fundamental Threat Examples

• Integrity violation
• USA Today, falsified reports of missile attacks
  on Israel, 7/2002
• Denial of service
• Yahoo, 2/2000, 1Gbps
• Information Leakage
• Prince Charles mobile phone calls, 1993
• Illegitimate use
• Vladimir Levin, Citibank, 3.7M, 1995

56
Primary enabling threats

• Realisation of any of these threats can lead
  directly to a realisation of a fundamental
  threat
• Masquerade,
• Bypassing controls,
• Authorisation violation,
• Trojan horse,
• Trapdoor.

57
Primary Enabling Threat Examples

• Masquerade
• Royal Opera House web site, 8/2002 Information
  Leakage
• Bypassing controls
• ADSL modem passwords Illegitimate Use
• Authorisation violation
• Cross site scripting Information Leakage
• Trojan horse
• PWSteal.Trojan, 1999 Information Leakage
• Trapdoor
• Ken Thompson, Unix login Reflections on
  Trusting Trust, 1975 - Illegitimate Use

58
4 Security services

• Security services in ISO 7498-2 are a special
  class of safeguard applying to a communications
  environment.
• Hence they are the prime focus of IC3.
• Computer security safeguards are covered in IC4.

59
Security service classification

• ISO 7498-2 defines 5 main categories of security
  service
• Authentication (including entity authentication
  and origin authentication),
• Access control,
• Data confidentiality,
• Data integrity,
• Non-repudiation.

60
Authentication

• Entity authentication provides checking of a
  claimed identity at a point in time.
• Typically used at start of a connection.
• Addresses masquerade and replay threats.
• Origin authentication provides verification of
  source of data.
• Does not protect against replay or delay.
• GSM, webservers

61
Access control

• Provides protection against unauthorised use of
  resource, including
• use of a communications resource,
• reading, writing or deletion of an information
  resource,
• execution of a processing resource.
• Remote users

62
Data confidentiality

• Protection against unauthorised disclosure of
  information.
• Four types
• Connection confidentiality,
• Connectionless confidentiality,
• Selective field confidentiality,
• Traffic flow confidentiality.
• Internet banking session
• Encrypting routers as part of Swift funds
  transfer network

63
Data integrity

• Provides protection against active threats to the
  validity of data.
• Five types
• Connection integrity with recovery,
• Connection integrity without recovery,
• Selective field connection integrity,
• Connectionless integrity,
• Selective field connectionless integrity.
• MD5 hashes http//www.apache.org/dist/httpd/binari
  es/linux/

64
Non-repudiation

• Protects against a sender of data denying that
  data was sent (non-repudiation of origin).
• Protects against a receiver of data denying that
  data was received (non-repudiation of delivery).
• Analagous to signing a letter and sending
  recorded delivery

65
5 Security mechanisms

• Exist to provide and support security services.
• Can be divided into two classes
• Specific security mechanisms, used to provide
  specific security services, and
• Pervasive security mechanisms, not specific to
  particular services.

66
Specific security mechanisms

• Eight types
• encipherment,
• digital signature,
• access control mechanisms,
• data integrity mechanisms,
• authentication exchanges,
• traffic padding,
• routing control,
• notarisation.

67
Specific Mechanisms 1

• Encipherment mechanisms encryption or cipher
  algorithms.
• Can provide data and traffic flow
  confidentiality.
• Digital signature mechanisms
• signing procedure (private),
• verification procedure (public).
• Can provide non-repudiation, origin
  authentication and data integrity services.
• Both can be basis of some authentication exchange
  mechanisms.
• More in IC2, IC3

68
Specific Mechanisms 2

• Access Control mechanisms
• A server using client information to decide
  whether to grant access to resources
• E.g. access control lists, capabilities, security
  labels.
• Data integrity mechanisms
• Protection against modification of data.
• Provide data integrity and origin authentication
  services. Also basis of some authentication
  exchange mechanisms.
• Authentication exchange mechanisms
• Provide entity authentication service.
• More later in IC4

69
Specific Mechanisms 3

• Traffic padding mechanisms
• The addition of pretend data to conceal real
  volumes of data traffic.
• Provides traffic flow confidentiality.
• Routing control mechanisms
• Used to prevent sensitive data using insecure
  channels.
• E.g. route might be chosen to use only physically
  secure network components.
• Notarisation mechanisms
• Integrity, origin and/or destination of data can
  be guaranteed by using a 3rd party trusted
  notary.
• Notary typically applies a cryptographic
  transformation to the data.

70
Pervasive security mechanisms

• Five types identified
• trusted functionality,
• security labels,
• event detection,
• security audit trail,
• security recovery.

71
Pervasive Mechanisms 1

• Trusted functionality
• Any functionality providing or accessing security
  mechanisms should be trustworthy.
• May involve combination of software and hardware.
• Security labels
• Any resource (e.g. stored data, processing power,
  communications bandwidth) may have security label
  associated with it to indicate security
  sensitivity.
• Similarly labels may be associated with users.
  Labels may need to be securely bound to
  transferred data.

72
Pervasive Mechanisms 2

• Event detection
• Includes detection of
• attempted security violations,
• legitimate security-related activity.
• Can be used to trigger event reporting (alarms),
  event logging, automated recovery.
• Security audit trail
• Log of past security-related events.
• Permits detection and investigation of past
  security breaches.
• Security recovery
• Includes mechanisms to handle requests to recover
  from security failures.
• May include immediate abort of operations,
  temporary invalidation of an entity, addition of
  entity to a blacklist.

73
Services versus mechanisms

• ISO 7498-2 indicates which mechanisms can be used
  to provide which services.
• Illustrative NOT definitive.
• Omissions include
• use of integrity mechanisms to help provide
  authentication services,
• use of encipherment to help provide
  non-repudiation service (as part of notarisation).

74
Service/mechanism table I
75
Service/mechanism table II
76
Services versus layers

• ISO 7498-2 lays down which security services can
  be provided in which of the 7 layers.
• Layers 1 and 2 may only provide confidentiality
  services.
• Layers 3/4 may provide many services.
• Layer 7 may provide all services.

77
Service/layer table