Transcript ppt

IC3-1 Network security
Part 1 - Introductory network
concepts
Matthew Joyce
Dresdner Kleinwort Wasserstein
Outline
1.
2.
3.
4.
5.
Internet Protocols
Protocol hierarchies
The OSI reference model
Services in the OSI model
Example networks
IC3-1
2
1. Internet Protocols
Web Browser
Network
Web Server
IC3-1
3
Application Layer
> How does web browser retrieve data from
web server?
> Application Protocol: Hypertext Transfer
Protocol (HTTP).
> Users invoke applications which “speak”
using application protocol.
> Applications interact with a transport
protocol to send or receive data.
> Others: FTP, SMTP, DNS, SMB, …
IC3-1
4
Application Layer Example
> HTTP outline:
> GET /directory/dirsearch.html HTTP/1.1
> Host: www.phoenix.co.uk
GET /directory/dirsearch.html HTTP/1.1
Host: www.phoenix.co.uk
HTTP Message
IC3-1
5
Transport Layer
> Provides end-to-end communication between
applications.
> Transport Protocol: Transport Control Protocol
(TCP)
> A transport protocol may be reliable, flow may be
regulated.
> Divides stream of application messages into
packets.
> Interacts with Internet Layer to send or receive
data.
> Others: UDP, ICMP
IC3-1
6
Transport Layer Example
> TCP outline:
> Source Port: 1081
> Destination Port: 80
> Checksum: 0xa858
Src: 1081 Dst: 80
Chksum: 0xa858
TCP header
GET /directory/dirsearch.html HTTP/1.1
Host: www.phoenix.co.uk
HTTP Message
IC3-1
7
Internet Layer
> Communication between one machine and
another.
> Accepts requests to send packets to destination
address.
> Encapsulates packets in IP datagram with IP
header and uses routing algorithm to decide if to
send directly or indirectly.
> Also handles incoming IP datagrams.
> If addressed to local machine, remove the IP
datagram header and pass up to transport layer.
IC3-1
8
Internet Layer Example
> IP outline:
> Time to live: 128
> Header checksum: 0x57d1
> Source: pelican (192.168.0.40)
> Destination: www.phoenix.co.uk (192.168.0.50)
IP datagram header
Src: 192.168.0.40
Dst: 192.168.0.50 TTL: 128
TCP header
Src: 1081 Dst: 80
Chksum: 0xa858
IC3-1
HTTP Message
GET /directory/dirsearch.html HTTP/1.1
Host: www.phoenix.co.uk
9
Network Interface Layer
> Accepts IP datagrams and transmits over
specific networks.
> Maybe a simple device driver (e.g. an
Ethernet driver) or a complex subsystem
with further data link protocols.
IC3-1
10
Network Interface Layer Example
> Ethernet outline:
> Destination: 00:a0:cc:54:1d:4e
> Source: 00:e0:81:10:19:fc
> Type: IP
Ethernet Frame
Src: 00:e0:81:10:19:fc Dst: 00:a0:cc:54:1d:4e Type: IP
Src: 192.168.0.40
Dst: 192.168.0.50 TTL: 128
Src: 1081 Dst: 80
Chksum: 0xa858
IC3-1
GET /directory/dirsearch.html HTTP/1.1
Host: www.phoenix.co.uk
11
Protocol Layering
Host A
Host B
Application Layer
Application Layer
Message
Transport Layer
Transport Layer
Packet
Internet Layer
Internet Layer
Datagram
Network Layer
Network Layer
Frame
Physical Network
IC3-1
12
Protocol Layering
Web Browser
Web Server
Application Layer
Application Layer
HTTP Message
Transport Layer
Transport Layer
TCP Packet
Internet Layer
Internet Layer
IP Datagram
Network Layer
Network Layer
Ethernet Frame
Physical Network
IC3-1
13
Internetworking
> No single networking technology can satisfy
all requirements.
> Universal interconnection is desired.
> Protocols allow communication between
nodes without understanding underlying
mechanisms.
IC3-1
14
Routing
Router
Network
B
Web Browser
Network
A
Web Server
IC3-1
15
Protocol Layering
Host A
Host B
Application Layer
Application Layer
HTTP Message
Transport Layer
Router
Internet Layer
Internet Layer
IP Datagram
Network Layer
Transport Layer
TCP Packet
Ethernet
Frame
Internet Layer
IP Datagram
Network Layer
Physical Network
Ethernet
Frame
Network Layer
Physical Network
IC3-1
16
2 Protocol hierarchies
> Protocols are stacked vertically as series of
‘layers’.
> Each layer offers Services to layer above,
shielding implementation details.
> Layer n on one machine communicates with
layer n on another machine (they are peer
processes/entities) using Layer n Protocol.
IC3-1
17
Layers, protocols & interfaces
Layer n/n+1
interface
Layer n
Layer n protocol
Layer n-1/n
interface
Layer 2/3
interface
Layer 2
Layer 1/2
interface
Layer 1
Layer n/n+1
interface
Layer n
Layer n-1/n
interface
Layer 2 protocol
Layer 1 protocol
Layer 2/3
interface
Layer 2
Layer 1/2
interface
Layer 1
Physical communications medium
IC3-1
18
Layer/interface design
> Important objective is ‘clean’ interfaces,
having minimal set of well-defined services.
> Clean-cut interfaces enable:
> minimisation of inter-layer communications
> easy replacement of individual layers
> Set of layers and protocols is the Network
Architecture.
IC3-1
19
Virtual & actual comms.
> Vital to understand difference between:
> virtual and actual communications,
> protocols and interfaces.
> Peer processes ‘think’ of communications
as being ‘horizontal’ using protocol.
> Actual communications is via interfaces.
> Peer process idea is key to network design.
IC3-1
20
Design issues
> Some issues affect many layers, e.g:
> need to address data (say who it’s for),
> possible need for setting up connections,
> data transfer rules (simplex, half-duplex, ...),
> error management,
> deal with message component re-ordering,
> flow control,
> routing.
IC3-1
21
3 The OSI Reference model
> OSI Reference Model - internationally
standardised network architecture.
> An abstract representation of an ideal
network protocol stack
> OSI = Open Systems Interconnection
> Specified in ISO 7498-1.
> Model has 7 layers.
IC3-1
22
Internet Protocols vs OSI
5
Application
Application
7
Presentation
6
Session
5
4
3
TCP
Transport
4
IP
Network
3
2
Network Interface
Data Link
2
1
Hardware
Physical
1
IC3-1
23
The OSI model
Layer 7
Application Layer
Layer 6
Presentation Layer
Layer 5
Session Layer
Layer 4
Transport Layer
Layer 3
Network Layer
Layer 2
Data Link Layer
Layer 1
Physical Layer
IC3-1
Communications
subnet boundary
24
Lower/Upper Layers
> Layers 1-4 often referred to as ‘lower
layers’
> Layers 5-7 are the upper layers.
> Lower layers relate more closely to the
communications technology.
> Upper layers relate to application.
IC3-1
25
Layer 7: Application Layer
> Home to wide variety of protocols for
specific user needs, e.g.:
> virtual terminal service,
> file transfer,
> electronic mail,
> directory services.
IC3-1
26
Layer 6: Presentation Layer
> Concerned with representation of
transmitted data.
> Deals with different data representations,
e.g. of numbers, characters.
> Also deals with data compression and
encryption.
> Layer for source coding.
IC3-1
27
Layer 5: Session Layer
> Allows establishment of sessions between
machines, e.g. to
> allow remote logins
> provide file transfer service.
> Responsible for dialogue control.
> Also performs token management and
synchronisation.
IC3-1
28
Layer 4: Transport Layer
> Basic function is to take data from Session
Layer, split it up into smaller units, and
ensure that the units arrive correctly.
> Concerned with efficient provision of
service.
> The Transport Layer also determines the
‘type of service’ to provide to the Session
Layer.
IC3-1
29
Layer 3: Network Layer
> Controls the subnet.
> Key issue is routing in the subnet; can be
based on:
> static tables,
> determined at start of session,
> highly dynamic (varying for each packet).
> Also responsible for congestion control.
IC3-1
30
Layer 2: Data Link Layer
> Provides reliable, error-free service on top
of raw Level 1 service.
> Breaks data into frames. Requires creation
of frame boundaries.
> Frames used to manage errors via
acknowledgements and selective frame
retransmission.
IC3-1
31
Layer 1: Physical Layer
> Concerned with bit transmission over
physical channel.
> Issues include:
> definition of 0/1,
> whether channel simplex/duplex,
> connector design.
> Mechanical, electrical, procedural matters.
IC3-1
32
4 Services in the OSI model
> In OSI model, each layer provide services
to layer above, and ‘consumes’ services
provided by layer below.
> Active elements in a layer called entities.
> Entities in same layer in different machines
called peer entities.
IC3-1
33
Layering Principles
N+1
PDU
(N+1) Entity
Service User
SDU
(N) Entity
Service Provider
Layer N+1 protocol
(N+1) Entity
Service User
Layer N Service
Access Point (SAP)
Layer N protocol
N
PDU
(N) Entity
Service Provider
N
PDU
PDU - Protocol Data Unit
SDU - Service Data Unit
IC3-1
34
Connections
> Layers can offer connection-oriented or
connectionless services.
> Connection-oriented like telephone system.
> Connectionless like postal system.
> Each service has an associated Quality-ofservice (e.g. reliable or unreliable).
IC3-1
35
Reliability issues
> Reliable services never lose/corrupt data.
> Reliable service costs more.
> Typical application for reliable service is file
transfer.
> Typical application not needing reliable
service is voice traffic.
> Not all applications need connections.
IC3-1
36
Services and protocols
> Service = set of primitives provided by one
layer to layer above.
> Service defines what layer can do (but not
how it does it).
> Protocol = set of rules governing data
communication between peer entities, i.e.
format and meaning of frames/packets.
> Service/protocol decoupling very important.
IC3-1
37
5 Example networks
> Local area networks (IEEE 802)
> Internet (TCP/IP)
> ISDN
> GSM, 3G
IC3-1
38
Local Area Networks
> The IEEE 802 standards have come to
dominate LANs. They specify protocols for
use at Layers 1 and 2.
> LANs (Local Area Networks) used within
limited areas (e.g. buildings/campuses) as
opposed to WANs (Wide Area Networks).
> ISO/IEC 8802-n = IEEE 802.n
IC3-1
39
IEEE 802
> IEEE 802.2 = Layer 2 (most of).
> IEEE 802.3, 802.4 and 802.5 are three
options for Layer 1 (and a bit of Layer 2).
> IEEE 802.3 = Ethernet.
IC3-1
40
ISDN
> ISDN=Integrated Services Digital Network.
> ISDN enables public-switched telephone
network to carry data as well as voice.
> Current (N-ISDN) offers 64 kbit/sec
channels - via modern telephone
exchanges.
> Can be used to support variety of
applications - e.g. video-conference.
IC3-1
41
GSM & 3G
> Global System for Mobile Communications
> Digital technology and time division multiple access
transmission methods.
> Voice is digitally encoded, allowing very efficient data
rate/information content ratio.
> Open, non-proprietary standard
> 3G is 3rd generation GSM
> High end services including substantially enhanced
capacity, quality and data rates than currently available.
> Makes video on demand, high speed multimedia and
internet access possible.
IC3-1
42
The Internet
> Internet - evolved out of a US Government
funded network (ARPANET).
> Developed in parallel with OSI so it does
not conform.
> Has its own protocols at layers 3/4 called
TCP (layer 4) and IP (layer 3).
> Has pushed OSI out (de facto beats de
jure)
> Now 5 million web sites, 200 million users.
IC3-1
43
IC3-1 Network security
Part 2 - Introductory security
concepts
Outline
1.
2.
3.
4.
5.
Introduction
Security domains and policies
Security threats
Security services
Security mechanisms
IC3-1
45
1 Introduction
> ISO 7498-2:
> provides standard definitions of security
terminology,
> provides standard descriptions for security
services and mechanisms,
> defines where in OSI reference model security
services may be provided,
> introduces security management concepts.
IC3-1
46
Security life-cycle
> Model is as follows:
> define security policy,
> analyse security threats (according to policy),
> define security services to meet threats,
> define security mechanisms to provide services,
> provide on-going management of security.
IC3-1
47
Threats, services and mechanisms
> A security threat is a possible means by
which a security policy may be breached
(e.g. loss of integrity or confidentiality).
> A security service is a measure which can
be put in place to address a threat (e.g.
provision of confidentiality).
> A security mechanism is a means to
provide a service (e.g. encryption, digital
signature).
IC3-1
48
2 Security domains and policies
> In a secure system, the rules governing
security behaviour should be made explicit
in the form of a Security policy.
> Security policy: ‘the set of criteria for the
provision of security services’.
> Security domain: the scope of a single
security policy.
IC3-1
49
Generic security policy
> ISO 7498-2 generic authorisation policy:
> ‘Information may not be given to, accessed by,
nor permitted to be inferred by, nor may any
resource be used by, those not appropriately
authorised.’
> Possible basis for more detailed policy.
> N.b. does not cover availability (e.g. denial
of service) issues.
IC3-1
50
Policy Types
> ISO 7498-2 distinguishes between 2 types
of security policy:
> identity-based: where access to and use of
resources are determined on the basis of the
identities of users and resources,
> rule-based: where resource access is controlled
by global rules imposed on all users, e.g. using
security labels.
IC3-1
51
3 Security threats
> A threat is:
> a person, thing, event or idea which poses some
danger to an asset (in terms of confidentiality,
integrity, availability or legitimate use).
> An attack is a realisation of a threat.
> Safeguards = measures (e.g. controls,
procedures) to protect against threats.
> Vulnerabilities = weaknesses in safeguards.
IC3-1
52
Risk
> Risk is a measure of the cost of a
vulnerability (taking into account
probability of a successful attack).
> Risk analysis determines whether
expenditure on (new/better) safeguards is
warranted.
IC3-1
53
Fundamental threats
> Four fundamental threats (matching CIA+
legitimate use):
> Information leakage,
> Integrity violation,
> Denial of service,
> Illegitimate use.
IC3-1
54
Fundamental Threat Examples
> Integrity violation
> USA Today, falsified reports of missile attacks on
Israel, 7/2002
> Denial of service
> Yahoo, 2/2000, 1Gbps
> Information Leakage
> Prince Charles mobile phone calls, 1993
> Illegitimate use
> Vladimir Levin, Citibank, $3.7M, 1995
IC3-1
55
Primary enabling threats
> Realisation of any of these threats can lead
directly to a realisation of a fundamental
threat:
> Masquerade,
> Bypassing controls,
> Authorisation violation,
> Trojan horse,
> Trapdoor.
IC3-1
56
Primary Enabling Threat Examples
> Masquerade
> Royal Opera House web site, 8/2002 – Information
Leakage
> Bypassing controls
> ADSL modem passwords – Illegitimate Use
> Authorisation violation
> Cross site scripting – Information Leakage
> Trojan horse
> PWSteal.Trojan, 1999 – Information Leakage
> Trapdoor
> Ken Thompson, Unix login – Reflections on Trusting Trust,
1975 - Illegitimate Use
IC3-1
57
4 Security services
> Security services in ISO 7498-2 are a
special class of safeguard applying to a
communications environment.
> Hence they are the prime focus of IC3.
> Computer security safeguards are covered
in IC4.
IC3-1
58
Security service classification
> ISO 7498-2 defines 5 main categories of
security service:
> Authentication (including entity authentication
and origin authentication),
> Access control,
> Data confidentiality,
> Data integrity,
> Non-repudiation.
IC3-1
59
Authentication
> Entity authentication provides checking of a
claimed identity at a point in time.
> Typically used at start of a connection.
> Addresses masquerade and replay threats.
> Origin authentication provides verification
of source of data.
> Does not protect against replay or delay.
> GSM, webservers
IC3-1
60
Access control
> Provides protection against unauthorised
use of resource, including:
> use of a communications resource,
> reading, writing or deletion of an information
resource,
> execution of a processing resource.
> Remote users
IC3-1
61
Data confidentiality
> Protection against unauthorised disclosure
of information.
> Four types:
> Connection confidentiality,
> Connectionless confidentiality,
> Selective field confidentiality,
> Traffic flow confidentiality.
> Internet banking session
> Encrypting routers as part of Swift funds
transfer network
IC3-1
62
Data integrity
> Provides protection against active threats to the
validity of data.
> Five types:
>
>
>
>
>
Connection integrity with recovery,
Connection integrity without recovery,
Selective field connection integrity,
Connectionless integrity,
Selective field connectionless integrity.
> MD5 hashes
http://www.apache.org/dist/httpd/binaries/linux/
IC3-1
63
Non-repudiation
> Protects against a sender of data denying
that data was sent (non-repudiation of
origin).
> Protects against a receiver of data denying
that data was received (non-repudiation of
delivery).
> Analagous to signing a letter and sending
recorded delivery
IC3-1
64
5 Security mechanisms
> Exist to provide and support security
services.
> Can be divided into two classes:
> Specific security mechanisms, used to provide
specific security services, and
> Pervasive security mechanisms, not specific to
particular services.
IC3-1
65
Specific security mechanisms
> Eight types:
> encipherment,
> digital signature,
> access control mechanisms,
> data integrity mechanisms,
> authentication exchanges,
> traffic padding,
> routing control,
> notarisation.
IC3-1
66
Specific Mechanisms 1
> Encipherment mechanisms = encryption or cipher
algorithms.
> Can provide data and traffic flow confidentiality.
> Digital signature mechanisms
> signing procedure (private),
> verification procedure (public).
> Can provide non-repudiation, origin authentication and
data integrity services.
> Both can be basis of some authentication
exchange mechanisms.
> More in IC2, IC3
IC3-1
67
Specific Mechanisms 2
> Access Control mechanisms
> A server using client information to decide whether to
grant access to resources
> E.g. access control lists, capabilities, security labels.
> Data integrity mechanisms
> Protection against modification of data.
> Provide data integrity and origin authentication services.
Also basis of some authentication exchange mechanisms.
> Authentication exchange mechanisms
> Provide entity authentication service.
> More later in IC4
IC3-1
68
Specific Mechanisms 3
> Traffic padding mechanisms
> The addition of ‘pretend’ data to conceal real volumes of
data traffic.
> Provides traffic flow confidentiality.
> Routing control mechanisms
> Used to prevent sensitive data using insecure channels.
> E.g. route might be chosen to use only physically secure
network components.
> Notarisation mechanisms
> Integrity, origin and/or destination of data can be
guaranteed by using a 3rd party trusted notary.
> Notary typically applies a cryptographic transformation to the
data.
IC3-1
69
Pervasive security mechanisms
> Five types identified:
> trusted functionality,
> security labels,
> event detection,
> security audit trail,
> security recovery.
IC3-1
70
Pervasive Mechanisms 1
> Trusted functionality
> Any functionality providing or accessing security
mechanisms should be trustworthy.
> May involve combination of software and hardware.
> Security labels
> Any resource (e.g. stored data, processing power,
communications bandwidth) may have security label
associated with it to indicate security sensitivity.
> Similarly labels may be associated with users. Labels may
need to be securely bound to transferred data.
IC3-1
71
Pervasive Mechanisms 2
> Event detection
> Includes detection of
> attempted security violations,
> legitimate security-related activity.
> Can be used to trigger event reporting (alarms), event
logging, automated recovery.
> Security audit trail
> Log of past security-related events.
> Permits detection and investigation of past security
breaches.
> Security recovery
> Includes mechanisms to handle requests to recover from
security failures.
> May include immediate abort of operations, temporary
invalidation of an entity, addition of entity to a blacklist.
IC3-1
72
Services versus mechanisms
> ISO 7498-2 indicates which mechanisms
can be used to provide which services.
> Illustrative NOT definitive.
> Omissions include:
> use of integrity mechanisms to help provide
authentication services,
> use of encipherment to help provide nonrepudiation service (as part of notarisation).
IC3-1
73
Service/mechanism table I
Mechanism Encipherment
Y
Y
Service
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
Digital
sign.
Y
Y
Access
Control
Data
integrity
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
IC3-1
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
74
Service/mechanism table II
Mechanism Auth.
exchange
Y
Service
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
Traffic
padding
Routing
Control
Notarisation
Y
Y
Y
Y
Y
Y
IC3-1
75
Services versus layers
> ISO 7498-2 lays down which security
services can be provided in which of the 7
layers.
> Layers 1 and 2 may only provide
confidentiality services.
> Layers 3/4 may provide many services.
> Layer 7 may provide all services.
IC3-1
76
Service/layer table
Layer
Service
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
Layer
1
Layer
2
Y
Y
Y
Y
Layer
3
Y
Y
Y
Y
Y
Layer
4
Y
Y
Y
Y
Y
Y
IC3-1
Y
Y
Y
Y
Y
Layer
5/6
Layer
7
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
77