Network Security

1
Network Security

• Lecture 1, Part 1
• Introduction to Networking

2
Objectives of Lecture

• Show how networks can be understood using a
  layered approach.
• Introduce the OSI seven layer reference model.
• Introduce the concepts of internetworking and
  routing.
• Understand the difference between network
  protocols and services.

CINS/F1-01
3
Contents

• 1.1 Extended example how the Internet
  protocols fetch a web page
• 1.2 The concept of protocol layering
• 1.3 Internetworking and routing
• 1.4 The OSI seven layer model

4
1.1 Internet Protocols
How does a web browser application retrieve data
from a web server?
Network
Web Server
Web Browser
5
Application Layer

• Users invoke applications which speak using
  application protocol.
• Applications interact with a transport protocol
  to send or receive data.
• Application protocol in our example Hypertext
  Transfer Protocol (HTTP).
• Other application protocols FTP, SMTP, DNS, SMB,
  

6
Application Layer Example

• HTTP outline
• GET /directory/dirsearch.html HTTP/1.1
• Host news.bbc.co.uk
• Other fields also included (e.g. client
  application identifier, encoding methods,)

HTTP Message
GET /directory/dirsearch.html HTTP/1.1 Host
news.bbc.co.uk
7
Transport Layer

• Provides end-to-end communication between
  applications.
• Transport Protocol Transport Control Protocol
  (TCP)
• a reliable, connection-oriented transport
  protocol.
• Divides stream of application messages into
  packets.
• Interacts with Internet Layer to send or receive
  data.
• In general, a transport protocol may be
• reliable or unreliable,
• connection-oriented or connectionless,
• and flow may or may not be regulated.
• Others UDP, ICMP.

8
Transport Layer Example

• TCP outline
• Source Port 1081
• Destination Port 80
• Checksum 0xa858
• Other header fields and payload

TCP payload
TCP header
GET /directory/dirsearch.html HTTP/1.1 Host
news.bbc.co.uk
Src 1081 Dst 80 Chksum 0xa858
HTTP Message
9
Internet Layer

• Responsible for routing communications between
  one machine and another.
• Accepts requests to send packets to destination
  address.
• Internet Protocol (IP) encapsulates packets in IP
  datagram with IP header and uses routing
  algorithm to decide whether to send directly or
  indirectly.

10
Internet Layer Example

• IP outline
• Time to live 128
• Header checksum 0x57d1
• Source pelican (192.168.0.40)
• Destination news.bbc.co.uk (192.168.0.50)
• Other header fields and payload

IP payload
IP datagram header
GET /directory/dirsearch.html HTTP/1.1 Host
news.bbc.co.uk
Src 1081 Dst 80 Chksum 0xa858
Src 192.168.0.40 Dst 192.168.0.50 TTL 128
HTTP Message
TCP header
11
Network Interface Layer

• Accepts IP datagrams and prepares for
  transmission over specific physical network.
• Maybe a simple device driver (e.g. an Ethernet
  driver) or a complex subsystem with further data
  link protocols (e.g. in an ATM network).
• Output of network interface layer is a signal
  suitable for transmission on a particular
  physical medium.

12
Network Interface Layer Example

• Ethernet outline
• Destination 00a0cc541d4e
• Source 00e0811019fc
• Type IP
• Other header fields and payload

Ethernet Frame
Src 00e0811019fc Dst 00a0cc541d4e
Type IP
GET /directory/dirsearch.html HTTP/1.1 Host
news.bbc.co.uk
Src 1081 Dst 80 Chksum 0xa858
Src 192.168.0.40 Dst 192.168.0.50 TTL 128
13
Physical Layer

• A layer representing the actual communications
  medium.
• Could be an ethernet cable, optical fibre,
  wireless link, telephone wire or even a carrier
  pigeon (http//www.ietf.org/rfc/rfc1149.txt)
• Sometimes not considered as a separate layer in
  TCP/IP networking sometimes not considered part
  of TCP/IP at all.
• Thus creating confusion over whether there are
  really 4 or 5 layers in TCP/IP.

14
At The Server

• The server contains a set of layers matching
  those at the client
• The physical signal is presented to the servers
  network interface layer which reconstructs the
  ethernet frame.
• The network interface layer extracts an IP
  datagram and passes it up to the Internet layer.
• The Internet layer checks the datagram, extracts
  a TCP segment and passes it up to the transport
  layer.
• The transport layer checks for errors and passes
  the TCP payload (an http message) onto the
  application layer.
• The web server at the application layer receives
  the http message and processes it.
• Return messages from web server to web browser
  are handled in the same way.

15
1.2 Protocol Layering
Host A
Host B
Application Layer
Application Layer
Message
Transport Layer
Transport Layer
Packet
Internet Layer
Internet Layer
Datagram
Network Interface Layer
Network Interface Layer
Frame
Physical Network
16
Protocol Layering
Web Browser
Web Server
Application Layer
Application Layer
HTTP Message
Transport Layer
Transport Layer
TCP Packet
Internet Layer
Internet Layer
IP Datagram
Network Interface Layer
Network Interface Layer
Ethernet Frame
Physical Network
17
Protocol Hierarchies

• Protocols are stacked vertically as series of
  layers.
• Each layer offers services to layer above through
  an interface, shielding implementation details.
• Layer n on one machine communicates with layer n
  on another machine (they are peer
  processes/entities) using Layer n Protocol.
• The entire hierarchy is called a protocol stack
• e.g. the TCP/IP protocol stack

18
Layers, Protocols Interfaces
Layer n/n1 interface
Layer n/n1 interface
Layer n protocol
Layer n
Layer n
Layer n-1/n interface
Layer n-1/n interface
Layer 2/3 interface
Layer 2/3 interface
Layer 2 protocol
Layer 2
Layer 2
Layer 1/2 interface
Layer 1/2 interface
Layer 1 protocol
Layer 1
Layer 1
Physical communications medium
19
Layer and Interface Design

• An important design objective is clean
  interfaces, having minimal set of well-defined
  services.
• Use of protocol layering and clean-cut interfaces
  enables
• easy replacement of individual layers
• designers and implementers to focus on solving
  one sub-problem at a time
• independent implementations of the same layer to
  inter-operate
• minimisation of inter-layer communications
• diagnosis of faults, errors, congestion,

20
Virtual Actual Communications

• Important to understand difference between
• virtual and actual communications,
• protocols and interfaces.
• Peer processes think of communications as being
  horizontal using protocol.
• Actual communications is via interfaces (and the
  physical communications medium).
• Peer process idea is key to network design.

21
Protocol Layering The Downside

• Protocol layering does not solve all networking
  problems!
• Some issues need to be addressed at many layers,
  e.g
• need to address data (say who its for),
• possible need for setting up connections,
• data transfer rules (simplex, half-duplex, ...),
• error management,
• deal with message component re-ordering,
• flow control,
• routing.
• Layering can introduce inefficiencies.

22
1.3 Internetworking and Routing

• No single networking technology can satisfy all
  requirements.
• Universal interconnection is desired.
• Protocols allow communication between nodes
  without understanding underlying mechanisms.
• Internetworking is the process by which a group
  of disparate, heterogenous networks can be linked
  to form a single logical network.
• The Internet is just such a collection
• universal interconnection is achieved through use
  of coordination of IP addressing and use of IP
  protocol.

23
Routing
Routing is the mechanism used to transfer data
between networks to reach the correct destination.
Network B
Router
Web Server
Network A
In TCP/IP, routing takes place at the IP layer
routers are not aware of transport and
application layers.
Web Browser
24
Protocol Layering and Routing
Host B
Host A
Application Layer
Application Layer
HTTP Message
Transport Layer
Transport Layer
TCP Packet
Router
Internet Layer
Internet Layer
Internet Layer
IP Datagram
IP Datagram
NetworkInterface
Network Interface
Network Layer
Ethernet Frame
Ethernet Frame
Physical Network
Physical Network
25
1.4 The OSI Reference Model

• OSI Reference Model an internationally
  standardised network architecture.
• An abstract representation of an ideal network
  protocol stack not used in real networks.
• OSI Open Systems Interconnection.
• Specified in ISO 7498-1.
• Model has 7 layers.

26
The OSI Model
Layer 7
Application Layer
Layer 6
Presentation Layer
Layer 5
Session Layer
Layer 4
Transport Layer
Layer 3
Network Layer
Layer 2
Data Link Layer
Layer 1
Physical Layer
27
Lower/Upper Layers

• Layers 1-4 often referred to as lower layers.
• Layers 5-7 are the upper layers.
• Lower layers relate more closely to the
  communications technology.
• Layers 1 3 manage the communications subnet.
• the entire set of communications nodes required
  to manage comms. between a pair of machines.
• Layers 4 7 are true end-to-end protocols.
• Upper layers relate to application.

28
Layer 7 Application Layer

• Home to wide variety of protocols for specific
  user needs, e.g.
• virtual terminal service,
• file transfer,
• electronic mail,
• directory services.

29
Layer 6 Presentation Layer

• Concerned with representation of transmitted
  data.
• Deals with different data representations.
• ASCII or EBCDIC,
• ones complement or twos complement,
• byte ordering conventions,
• floating point conventions (IEEE or proprietary).
• Also deals with data compression.

30
Layer 5 Session Layer

• Allows establishment of sessions between
  machines, e.g. to
• allow remote logins
• provide file transfer service.
• Responsible for
• dialogue control
• which entity sends when with half-duplex
  communications.
• token management
• E.g. control which entity can perform an
  operation on shared data.
• synchronisation
• E.g. insertion of checkpoints in large data
  transfers.

31
Layer 4 Transport Layer

• Basic function is to take data from Session
  Layer, split it up into smaller units, and ensure
  that the units arrive correctly.
• Concerned with efficient provision of service.
• maybe multiple connections per session or
  multiple sessions per connection.
• The Transport Layer also determines the type of
  service to provide to the Session Layer.
• most commonly, error-free, point-to-point, with
  guarantee of correct ordering of data.
• could be transport of isolated messages only (no
  ordering guarantees) or broadcast.

32
Layer 3 Network Layer

• Provides uniform addressing scheme for network
  addresses.
• Shields upper layers from details of lower
  layers.
• A key responsibility is control of routing.
• Routing can be based on
• static tables,
• determined at start of session,
• highly dynamic (varying for each packet depending
  on network load).
• Also responsible for congestion control and usage
  monitoring.

33
Layer 2 Data Link Layer

• Provides reliable, error-free service on top of
  raw Layer 1 service.
• corrects errors at the bit level.
• Breaks data into frames.
• requires creation of frame boundaries using
  special bit sequences.
• Frames used to manage errors via acknowledgements
  and selective frame retransmission.

34
Layer 1 Physical Layer

• Concerned with bit transmission over physical
  channel.
• Issues include
• definition of 0/1,
• whether channel simplex/duplex,
• connector design.
• Mechanical, electrical, procedural matters.

35
Internet Protocols vs OSI
Application
Application
7
Presentation
6
5
Session
5
Transport
TCP
4
4
Network
IP
3
3
Network Interface
Data Link
2
2
Physical
Hardware
1
1
36
Services in the OSI Model

• In OSI model, each layer provide services to
  layer above, and consumes services provided by
  layer below.
• Active elements in a layer are called entities.
• Entities in same layer in different machines are
  called peer entities.

37
Services and Protocols

• Service set of primitives provided by one layer
  to layer above.
• Service defines what layer can do (but not how it
  does it).
• Protocol set of rules governing data
  communication between peer entities, i.e. format
  and meaning of frames/packets.
• Service/protocol decoupling very important.

38
Layering Principles
n1 PDU
(n1) Entity Service User
(n1) Entity Service User
Layer n1 protocol
Layer n Service Access Point (SAP)
SDU
(n) Entity Service Provider
(n) Entity Service Provider
Layer n protocol
n PDU
PDU - Protocol Data Unit SDU - Service Data Unit
39
Connections

• Layers can offer connection-oriented or
  connectionless services.
• Connection-oriented like telephone system.
• Connectionless like postal system.
• not all applications need connections.
• Each service has an associated Quality-of-service
  (e.g. reliable or unreliable).

40
Reliability Issues

• Reliable services never lose/corrupt data.
• Reliable service costs more.
• Typical application for reliable service is file
  transfer.
• Typical application not needing reliable service
  is voice traffic.

41
IC3 - Network Security

• Lecture 1, Part 2
• Introduction to Network Security

42
Objectives of Lecture

• Understand why security should be a fundamental
  consideration when designing and operating
  networks.
• Examine the primary enabling threats and
  fundamental threats to security for networks.
• Introduce security services and mechanisms, and
  show how they can be used to counter threats.
• Study the provision of security services at
  different network layers in ISO7498-2.

CINS/F1-01
43
Contents

• 1.5 Why network security?
• 1.6 Security policies for networks
• 1.7 Security threats for networks
• 1.8 Security services and mechanisms
• 1.9 Security services and layers

44
1.5 Why Network Security?

• Organisations and individuals are increasingly
  reliant on networks of all kinds for day-to-day
  operations
• e-mail used in preference to letter, fax,
  telephone for many routine communications.
• B2B and C2B e-commerce still growing rapidly.
• the Internet is a vast repository of information
  of all kinds competitors and their prices, stock
  markets, cheap flights,.
• increased reliance on networks for supply chains
  of all kinds from supermarkets to aircraft
  components.
• utility companies control plant, banks move
  money, governments talk to citizens over
  networks.
• growth of mobile telephony for voice and data.

45
Why Network Security?

• Networks are becoming increasingly
  inter-connected and their security consequently
  more complex
• if I send sensitive data over my internal
  network, then who else can see it or even alter
  it? My employees? My competitors?
• can a hacker who gets into my internal network
  then get access to other resources (computer
  accounts, stored data)? Can he use my network as
  a stepping-off point for further attacks? I am
  then liable?
• a compelling Internet presence is essential for
  my company, but if someone can see my website,
  can they alter it too?
• how can consumers trust that a given website is
  that of a reputable company and not one who will
  mis-use their credit card details?

46
Why Network Security?

• Safeguarding the confidentiality, integrity and
  availability of data carried on these various
  networks is therefore essential.
• Authenticity and accountability are often also
  important who did what and when?
• Its not only about security of
  Internet-connected systems.
• Insider threats are often more potent than
  threats originating on the Internet.
• Its not only about TCP/IP networks.
• Many networks use special-purpose protocols and
  architectures.
• However TCP/IP dominates in LANs and the Internet.

47
1.6 Security Policies for Networks

• In this and the following sections, we follow the
  approach of ISO7498-2
• a companion document to ISO7498-1 (the seven
  layer model),
• provides a useful overview of the security issues
  pertinent to networks,
• equips us with a handy set of definitions to fix
  our terminology.

48
Security Policies for Networks

• In a secure system, the rules governing security
  behaviour should be made explicit in the form of
  an Information Security Policy.
• Security policy the set of criteria for the
  provision of security services
• essentially, a set of rules
• may be very high level or quite detailed.
• Security domain the scope of application of a
  security policy.
• where, to what information and to whom the policy
  applies.

49
Security Policies for Networks

• A network security policy should interpret the
  overall Information Security Policy in the
  context of the networked environment
• Defines what is the responsibility of the network
  and what is not.
• Describes what security is to be available from
  the network.
• Describes rules for using the network.
• Describes who is responsible for the management
  and security of the network.

50
Generic Security Policy

• A generic authorisation policy (from ISO 7498-2)
• Information may not be given to, accessed by,
  nor permitted to be inferred by, nor may any
  resource be used by, those not appropriately
  authorised.
• Possible basis for more detailed policy needs
  lots of refinement to produce final document
• What information?
• What resources?
• Who is authorised and for what?
• What about availability?

51
The Security Life-Cycle

• A generic model for the security life-cycle,
  including network security issues, is as follows
• define security policy,
• analyse security threats (according to policy)
  and associated risks, given existing safeguards,
• define security services to meet/reduce threats,
  in order to bring risks down to acceptable
  levels,
• define security mechanisms to provide services,
• provide on-going management of security.
• Security policy in general will be covered in
  more detail in IC1.

52
1.7 Security Threats for Networks

• A threat is
• a person, thing, event or idea which poses some
  danger to an asset (in terms of confidentiality,
  integrity, availability or legitimate use).
• a possible means by which a security policy may
  be breached.
• An attack is a realisation of a threat.
• Safeguards are measures (e.g. controls,
  procedures) to protect against threats.
• Vulnerabilities are weaknesses in safeguards.

53
Risk

• Risk is a measure of the cost of a vulnerability
  (taking into account probability of a successful
  attack).
• Risk analysis determines whether expenditure on
  new or better safeguards is warranted.
• Risk analysis can be quantitative or qualitative.
• Risk analysis will be covered in more detail in
  IC1.

54
Threats

• Threats can be classified as
• deliberate (e.g. hacker penetration)
• accidental (e.g. a sensitive file being sent to
  the wrong address).
• Deliberate threats can be further sub-divided
• passive (e.g. monitoring, wire-tapping)
• active (e.g. changing the value of a financial
  transaction).
• In general passive threats are easier to realise
  than active ones.

55
Fundamental Threats

• Four fundamental threats (matching four
  standard security goals confidentiality,
  integrity, availability, legitimate use)
• Information leakage,
• Integrity violation,
• Denial of service,
• Illegitimate use.
• (There are other ways to classify threats)

56
Fundamental Threat Examples

• Information Leakage
• Prince Charles mobile phone calls, 1993.
• Integrity violation
• USA Today, falsified reports of missile attacks
  on Israel, 7/2002.
• Denial of service
• Yahoo, 2/2000, 1Gbps.
• http//grc.com/dos/grcdos.htm
• Illegitimate use
• Cloning of first generation mobile phone
  identities.
• Phone phreaking.

57
Primary Enabling Threats

• Realisation of any of these primary enabling
  threats can lead directly to a realisation of a
  fundamental threat
• Masquerade,
• Bypassing controls,
• Authorisation violation,
• Trojan horse,
• Trapdoor.
• First three are penetration threats, last two are
  planting threats.

58
Primary Enabling Threat Examples

• Masquerade
• Royal Opera House web site, 8/2002 Information
  Leakage
• Phishing attacks on on-line bank accounts
  Illegitimate Use
• Bypassing controls
• ADSL modem passwords Illegitimate Use
• Authorisation violation
• Students running mp3 download site from
  University computers Illegitimate Use
• Trojan horse
• PWSteal.Trojan, 1999 Information Leakage
• Trapdoor
• Ken Thompson, Unix login Reflections on
  Trusting Trust, 1975 - Illegitimate Use

59
1.8 Security Services and Mechanisms

• A security threat is a possible means by which a
  security policy may be breached (e.g. loss of
  integrity or confidentiality).
• A security service is a measure which can be put
  in place to address a threat (e.g. provision of
  confidentiality).
• A security mechanism is a means to provide a
  service (e.g. encryption, digital signature).

60
Security Service Classification

• Security services in ISO 7498-2 are a special
  class of safeguard applying to a communications
  environment.
• Five main categories of security service
• Authentication (including entity authentication
  and origin authentication),
• Access control,
• Data confidentiality,
• Data integrity,
• Non-repudiation.
• Sixth category other includes physical
  security, personnel security, computer security,
  life-cycle controls,

61
Authentication

• Entity authentication provides checking of a
  claimed identity at a point in time.
• Typically used at start of a connection.
• Addresses masquerade and replay threats.
• Origin authentication provides verification of
  source of data.
• Does not protect against replay or delay.
• Lots of examples in Lectures 4, 5 and 6 on secure
  protocols.

62
Access Control

• Provides protection against unauthorised use of
  resource, including
• use of a communications resource,
• reading, writing or deletion of an information
  resource,
• execution of a processing resource.
• Example file permissions in Unix/NT file systems.

63
Data Confidentiality

• Protection against unauthorised disclosure of
  information.
• Four types
• Connection confidentiality,
• Connectionless confidentiality,
• Selective field confidentiality,
• Traffic flow confidentiality.
• Example encrypting routers as part of Swift
  funds transfer network.
• Example winnowing and chaffing
  (http//theory.lcs.mit.edu/rivest/chaffing.txt).

64
Data Integrity

• Provides protection against active threats to the
  validity of data.
• Five types
• Connection integrity with recovery,
• Connection integrity without recovery,
• Selective field connection integrity,
• Connectionless integrity,
• Selective field connectionless integrity.
• Example MD5 hashes on software at
  http//www.apache.org/dist/httpd/binaries/linux/
• Example AH protocol in IPSec (Lecture 5).

65
Non-repudiation

• Protects against a sender of data denying that
  data was sent (non-repudiation of origin).
• Protects against a receiver of data denying that
  data was received (non-repudiation of delivery).
• Example analagous to signing a letter and
  sending via recorded delivery.
• Example signatures in S/MIME secure e-mail
  system (Lecture 9).

66
Security Mechanisms

• Exist to provide and support security services.
• Can be divided into two classes
• Specific security mechanisms, used to provide
  specific security services, and
• Pervasive security mechanisms, not specific to
  particular services.

67
Specific Security Mechanisms

• Eight types
• encipherment,
• digital signature,
• access control mechanisms,
• data integrity mechanisms,
• authentication exchanges,
• traffic padding,
• routing control,
• notarisation.

68
Specific Mechanisms 1

• Encipherment mechanisms encryption algorithms.
• Can provide data and traffic flow
  confidentiality.
• Covered in detail in IC2
• Digital signature mechanisms
• signing procedure (private),
• verification procedure (public).
• Can provide non-repudiation, origin
  authentication and data integrity services.
• Also addressed in detail in IC2
• Both can be basis of some authentication exchange
  mechanisms.

69
Specific Mechanisms 2

• Access Control mechanisms
• A server using client information to decide
  whether to grant access to resources
• E.g. access control lists, capabilities, security
  labels.
• A major topic in IC4
• Data integrity mechanisms
• Protection against modification of data.
• Provide data integrity and origin authentication
  services. Also basis of some authentication
  exchange mechanisms.
• Discussed further in IC2
• Authentication exchange mechanisms
• Provide entity authentication service.
• Covered in detail in IC3 Lecture 4.

70
Specific Mechanisms 3

• Traffic padding mechanisms
• The addition of pretend data to conceal real
  volumes of data traffic.
• Provides traffic flow confidentiality.
• Routing control mechanisms
• Used to prevent sensitive data using insecure
  channels.
• E.g. route might be chosen to use only physically
  secure network components.
• Notarisation mechanisms
• Integrity, origin and/or destination of data can
  be guaranteed by using a 3rd party trusted
  notary.
• Notary typically applies a cryptographic
  transformation to the data.

71
Pervasive Security Mechanisms

• Five types identified
• trusted functionality,
• security labels,
• event detection,
• security audit trail,
• security recovery.

72
Pervasive Mechanisms 1

• Trusted functionality
• Any functionality providing or accessing security
  mechanisms should be trustworthy.
• May involve combination of software and hardware.
• Security labels
• Any resource (e.g. stored data, processing power,
  communications bandwidth) may have security label
  associated with it to indicate security
  sensitivity.
• Similarly labels may be associated with users.
  Labels may need to be securely bound to
  transferred data.

73
Pervasive Mechanisms 2

• Event detection
• Includes detection of
• attempted security violations,
• legitimate security-related activity.
• Can be used to trigger event reporting (alarms),
  event logging, automated recovery.
• Security audit trail
• Log of past security-related events.
• Permits detection and investigation of past
  security breaches.
• Security recovery
• Includes mechanisms to handle requests to recover
  from security failures.
• May include immediate abort of operations,
  temporary invalidation of an entity, addition of
  entity to a blacklist.

74
Services Versus Mechanisms

• ISO 7498-2 indicates which mechanisms can be used
  to provide which services.
• Illustrative NOT definitive.
• Omissions include
• use of integrity mechanisms to help provide
  authentication services,
• use of encipherment to help provide
  non-repudiation service (as part of notarisation).

75
Service/Mechanism Table 1
76
Service/Mechanism Table 2
77
1.9 Security Services And Layers

• ISO 7498-2 lays down which security services can
  be provided in which of the 7 layers.
• Layers 1 and 2 may only provide confidentiality
  services.
• Layers 3/4 may provide many services.
• Layer 7 may provide all services.
• A set of principles dictate which services
  can/should be provided at which layers.
• Well return to this issue in Lectures 5 and 6.

78
Service/Layer Table