Network Security

Part I: Introduction

Introductory Security
Concepts

Outline
1.
2.
3.
4.
5.

Introduction
Security domains and policies
Security threats
Security services
Security mechanisms

SECURITY INNOVATION 2003

1 Introduction
ISO 7498-2:
provides standard definitions of security
terminology,
provides standard descriptions for security
services and mechanisms,
defines where in OSI reference model security
services may be provided,
introduces security management concepts.

SECURITY INNOVATION 2003

Security Life-Cycle
Model is as follows:

define security policy,

analyze security threats (according to policy),
define security services to meet threats,
define security mechanisms to provide services,
provide on-going management of security.

SECURITY INNOVATION 2003

Threats, Services and

Mechanisms
A security threat is a possible means by which a
security policy may be breached (e.g. loss of integrity
or confidentiality).
A security service is a measure which can be put in
place to address a threat (e.g. provision of
confidentiality).
A security mechanism is a means to provide a service
(e.g. encryption, digital signature).

SECURITY INNOVATION 2003

2 Security Domains and Policies

In a secure system, the rules governing
security behavior should be made explicit in
the form of a Security policy.
Security policy: the set of criteria for the
provision of security services.
Security domain: the scope of a single security
policy.

SECURITY INNOVATION 2003

Generic Security Policy

ISO 7498-2 generic authorization policy:
Information may not be given to, accessed by, nor
permitted to be inferred by, nor may any resource
be used by, those not appropriately authorized.

Possible basis for more detailed policy.

It does not cover availability (e.g. denial of
service) issues.

SECURITY INNOVATION 2003

Policy Types
ISO 7498-2 distinguishes between 2 types of
security policy:
identity-based: where access to and use of
resources are determined on the basis of the
identities of users and resources,
rule-based: where resource access is controlled by
global rules imposed on all users, e.g. using
security labels.

SECURITY INNOVATION 2003

3 Security Threats
A threat is:
a person, thing, event or idea which poses some danger to an
asset (in terms of confidentiality, integrity, availability or
legitimate use).

An attack is a realization of a threat.

Safeguards = measures (e.g. controls, procedures) to
protect against threats.
Vulnerabilities = weaknesses in safeguards.

SECURITY INNOVATION 2003

Risk
Risk is a measure of the cost of a vulnerability
(taking into account probability of a successful
attack).
Risk analysis determines whether expenditure
on (new/better) safeguards is warranted.

10

SECURITY INNOVATION 2003

Fundamental Threats
Four fundamental threats (matching
Confidentiality, Integrity, Availability
legitimate use):

11

Information leakage,
Integrity violation,
Denial of service,
Illegitimate use.

SECURITY INNOVATION 2003

Fundamental Threat Examples

Integrity violation
USA Today, falsified reports of missile attacks on
Israel, 7/2002

Denial of service
Yahoo, 2/2000, 1Gbps

Information Leakage
Prince Charles mobile phone calls, 1993

Illegitimate use
Vladimir Levin, Citibank, $3.7M, 1995
12

SECURITY INNOVATION 2003

Primary Enabling Methods

Realization of any of these threats can lead
directly to a realization of a fundamental
threat:

13

Masquerade,
Bypassing controls,
Authorization violation,
Trojan horse,
Trapdoor.

SECURITY INNOVATION 2003

Primary Enabling Methods:

Examples

Masquerade

Royal Opera House web site, 8/2002 Information Leakage

Bypassing controls
ADSL modem passwords Illegitimate Use

Authorization violation
Cross site scripting Information Leakage

Trojan horse
PWSteal.Trojan, 1999 Information Leakage

Trapdoor
Ken Thompson, Unix login Reflections on Trusting Trust,
1975 - Illegitimate Use

14

SECURITY INNOVATION 2003

4 Security Services
Security services in ISO 7498-2 are a special
class of safeguard applying to a
communications environment.
Hence they are the prime focus of IC3.
Computer security safeguards are covered in
IC4.

15

SECURITY INNOVATION 2003

Security Service Classification

ISO 7498-2 defines 5 main categories of
security service:
Authentication (including entity authentication
and origin authentication),
Access control,
Data confidentiality,
Data integrity,
Non-repudiation.

16

SECURITY INNOVATION 2003

Authentication
Entity authentication provides checking of a
claimed identity at a point in time.
Typically used at start of a connection.
Addresses masquerade and replay threats.
Origin authentication provides verification of
source of data.
Does not protect against duplication or
modification of data.
GSM, web servers
17

SECURITY INNOVATION 2003

Access Control
Provides protection against unauthorized use
of resource, including:
use of a communications resource,
reading, writing or deletion of an information
resource,
execution of a processing resource.

Remote users

18

SECURITY INNOVATION 2003

Data Confidentiality
Protection against unauthorized disclosure of
information.
Four types:

Connection confidentiality,
Connectionless confidentiality,
Selective field confidentiality,
Traffic flow confidentiality.

Internet banking session

Encrypting routers as part of Swift funds transfer
network
19

SECURITY INNOVATION 2003

Data Integrity
Provides protection against active threats to
the validity of data.
Five types:

Connection integrity with recovery,

Connection integrity without recovery,
Selective field connection integrity,
Connectionless integrity,
Selective field connectionless integrity.

MD5 hashes
http://www.apache.org/dist/httpd/binaries/linux/
20

SECURITY INNOVATION 2003

Non-repudiation
Protects against a sender of data denying that
data was sent (non-repudiation of origin).
Protects against a receiver of data denying
that data was received (non-repudiation of
delivery).
Analogous to signing a letter and sending recorded
delivery

21

SECURITY INNOVATION 2003

5 Security mechanisms
Exist to provide and support security services.
Can be divided into two classes:
Specific security mechanisms, used to provide
specific security services, and
Pervasive security mechanisms, not specific to
particular services.

22

SECURITY INNOVATION 2003

Specific Security Mechanisms

Eight types:

23

encryption,
digital signature,
access control mechanisms,
data integrity mechanisms,
authentication exchanges,
traffic padding,
routing control,
notarization.

SECURITY INNOVATION 2003

Specific Mechanisms I
Encryption mechanisms = encryption or
cipher algorithms.
Can provide data and traffic flow confidentiality.

Digital signature mechanisms

signing procedure (private),
verification procedure (public).
Can provide non-repudiation, origin
authentication and data integrity services.

Both can be basis of some authentication

exchange mechanisms.
24

SECURITY INNOVATION 2003

Specific Mechanisms II
Access Control mechanisms
A server using client information to decide
whether to grant access to resources
E.g. access control lists, capabilities, security labels.

Data integrity mechanisms

Protection against modification of data.
Provide data integrity and origin authentication services.
Also basis of some authentication exchange mechanisms.

Authentication exchange mechanisms

Provide entity authentication service.

25

SECURITY INNOVATION 2003

Specific Mechanisms III

Traffic padding mechanisms
The addition of pretend data to conceal real volumes of data
traffic.
Provides traffic flow confidentiality.

Routing control mechanisms

Used to prevent sensitive data using insecure channels.
E.g. route might be chosen to use only physically secure
network components.

Notarization mechanisms
Integrity, origin and/or destination of data can be
guaranteed by using a 3rd party trusted notary.
Notary typically applies a cryptographic transformation to the
data.

26

SECURITY INNOVATION 2003

Pervasive Security Mechanisms

Five types identified:

27

trusted functionality,
security labels,
event detection,
security audit trail,
security recovery.

SECURITY INNOVATION 2003

Pervasive Mechanisms I
Trusted functionality
Any functionality providing or accessing security
mechanisms should be trustworthy.
May involve combination of software and hardware.

Security labels
Any resource (e.g. stored data, processing power,
communications bandwidth) may have security label
associated with it to indicate security sensitivity.
Similarly labels may be associated with users. Labels may
need to be securely bound to transferred data.

28

SECURITY INNOVATION 2003

Pervasive Mechanisms II
Event detection
Includes detection of
attempted security violations,
legitimate security-related activity.

Can be used to trigger event reporting (alarms), event

logging, automated recovery.

Security audit trail

Log of past security-related events.
Permits detection and investigation of past security breaches.

29

SECURITY INNOVATION 2003

Pervasive Mechanisms II
Security recovery
Includes mechanisms to handle requests to recover from
security failures.
May include immediate abort of operations, temporary
invalidation of an entity, addition of entity to a blacklist.

30

SECURITY INNOVATION 2003

Services Versus Mechanisms

ISO 7498-2 indicates which mechanisms can
be used to provide which services.
Illustrative NOT definitive.
Omissions include:
use of integrity mechanisms to help provide
authentication services,
use of encryption to help provide non-repudiation
service (as part of notarization).

31

SECURITY INNOVATION 2003

Service/Mechanism Table I
Service/ Mechanism

Encryption

Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery

32

Y
Y

Digital
Signature
Y
Y

Access
Control

Data
Integrity

Y
Y
Y
Y
Y
Y
Y
Y
Y
Y

SECURITY INNOVATION 2003

Y
Y
Y
Y

Y
Y
Y
Y
Y
Y
Y

Service/Mechanism Table II
Service Mechanism
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery

33

Authorization
exchange
Y

Traffic Routing Notarisation

padding Control

SECURITY INNOVATION 2003

Y
Y
Y

Y
Y

Services Versus Layers

ISO 7498-2 lays down which security services
can be provided in which of the 7 layers.
Layers 1 and 2 may only provide
confidentiality services.
Layers 3/4 may provide many services.
Layer 7 may provide all services.

34

SECURITY INNOVATION 2003

Service/Layer Table
Service / Layer
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery

35

Layer 1 Layer 2 Layer 3

Y
Y
Y
Y
Y
Y
Y
Y
Y

SECURITY INNOVATION 2003

Layer 4
Y
Y
Y
Y
Y

Y
Y

Y
Y

Layer 5/6 Layer 7

Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y