Security in Asynchronous Transfer Mode(ATM)

Download Report

Transcript Security in Asynchronous Transfer Mode(ATM)

CS 689 (Research Methods)
Security in Asynchronous
Transfer Mode(ATM)
By
SOBHA SIRIPURAPU
Introduction
ATM – Asynchronous Transfer Mode
Originally designed to implement B-ISDN
(Broadband Integrated Services Digital
Network) technology so that all forms of
data traffic ( voice , video, data etc.) can be
transferred over telecommunication
networks.
Introduction (contd…)
ATM’s flexibility to deliver different classes
of traffic at high or low speeds has made it
a popular choice for many networks.
Therefore security is an emerging concern
in the ATM networks.
Problem Description
Security is becoming more and more significant in
network environment with the emergence of the
internetworking technology.
Security in ATM networks is developing into a
major concern because it was not a part of the
original design.
This research describes why security in ATM
networks is a potential issue and details the
security measures needed to protect the network.
Motivation
ATM networks require adequate security
features to protect the involved systems, their
interfaces and the information they process.
The security requirements for ATM networks
originate from the following sources : ----- Customers / subscribers who use the
ATM network
Motivation (contd…)
---- the public communities / authorities who
demand security using directives to ensure
availability of services, fair competition and
privacy protection.
---- network operators / service providers who
require security to safeguard their interests.
Objective
The primal objectives in ATM security are:
Confidentiality : Confidentiality of stored
and transferred data
Data Integrity : Protection of stored and
transferred information.
Accountability : Accountability for all ATM
networks and transactions.
Objective (contd…)
Availability : All legitimate requests should
be allowed to pass.
In this research, we first examine the threats
to ATM networks, the requirements of ATM
security and its implementation issues.
Threats to ATM networks
The following intentional threats should be
considered in a threat analysis of an ATM
network:
Masquerade(“spoofing”):
The pretence by an entity to be a different entity.
Eavesdropping:
A breach of confidentiality by monitoring
communication.
Unauthorized access:
An entity attempts to access data in violation to
the security policy in force.
Threats to ATM networks
(contd…)
Loss or corruption of information
Repudiation:
An entity involved in a communication exchange
subsequently denies the fact.
Forgery
Denial of Service:
This occurs when an entity fails to perform its
function or prevents other entities from
performing their functions.
Requirements of a Secured
Network
Verification of Identities :
Establish and verify the identity of the user.
Controlled access and authorization :
No access to unauthorized information.
Protection of Confidentiality :
Stored and communicated data should be
confidential.
Protection of Data Integrity :
Guaranteed integrity of communicated data.
Requirements of a Secured
Network (contd…)
Strong Accountability :
An entity can’t deny the responsibility of its
performed actions as with their effects.
Activity Logging :
Should support the capability to retrieve
information about security activities.
Alarm reporting :
Should be able to generate alarm notification
about selective security related events.
Requirements of a Secured
Network (contd…)
Audit :
During security violations, the system should be
able to analyze the logged data relevant to
security.
Security recovery :
Should be able to recover from successful or
services derived from the above.
Security Management :
The security system should be able to manage the
security services derived from the above
requirements.
Generic Threats
Main
Security
Objectives
Masque- Eaves
rade
Dropping
Unauthoriz
-ed
Access
Confide
ntiality
x
Data
Integrity
x
x
Account
ability
x
x
Availabi
lity
x
x
x
Loss or Repudia
Corrupti tion
on of
(transfer
red)infor
mation
Forger y Denial
of
service
x
x
x
x
x
Mapping of Objectives and Threats
x
x
ATM Security Scope
ATM architecture includes three planes :
User Plane : this is responsible for transfer
of user data.
Control Plane : is responsible for
connection establishment, release etc.
Management Plane : is responsible for
proper functioning of various entities in the
above two planes.
Figure 1 : ATM Architecture
User Plane Security
The user plane entities interact directly
with user and have to be flexible to meet the
requirements.
It provides security services like access
control,authentication, data confidentiality
and integrity
Depending on customer requirements
services like key exchange, certification
infrastructure and negotiation of security
options, might be useful.
Control Plane Security
This configures the network to provide
communication channel for a user; it
interacts with the switching table or
manages the virtual channel.
Most of the threats to security are relative to
control plane. Therefore it is very important
to secure the control plane.
This plane may be secured by providing
authentication and confidentiality of the
signal.
If the message recipient can verify the
source of this message, then denial of
service attack cannot happen.
Control plane authentication can also be
used to provide the auditing information for
accurate billing which should be immune to
repudiation.
Management Plane Security
This plane considers bootstrapping security,
authenticated neighbor discovery, the
Interim Local Management Interface
security and permanent virtual circuit
security.
Security recovery and security management
have to be provided in security framework.
Figure 2
Security of the ATM layer
ATM layer entities perform ATM data
transfer on behalf of the other entities in the
three planes as shown in figure 2.
Since all data have to be transferred through
ATM layer, the security of ATM layer is
extremely important.
Draft of Phase I Security
Specification
To solve the security problem for ATM security,
ATM Forum Security Working Group is working
on an ATM security infrastructure and have come
up with Phase I Security Specification.
This deals mainly with security mechanisms in
user plane and a part of control plane.
It includes mechanisms for authentication,
confidentiality, data integrity and access control
for the user plane.
ATM Firewalls
Firewalls are widely used security mechanisms in
the internet as of today.
Traditional firewalls are not sufficient for ATM
networks because of two main reasons :
--- A Packet filtering router needs to terminate
end-to-end ATM connections in order to extract IP
packets for inspection.
--- The filtering bandwidth of a traditional firewall
is far less than the typical ATM rate of data
transfer.
Two approaches to solve the problem of
incorporating firewalls in ATM networks are as
follows :
a) Parallel Firewalls:In this, distribution of load is
done in two ways.
i) Static Distribution of connections: One way
is to provide a separate proxy server for reach
service that has to be supported.By distributing the
proxy servers among different hosts, the security
can also be improved.
ii) Dynamic Distribution of Connections : A
proxy server may be replicated on multiple
processors.Connections can then be dynamically
mapped to replicated proxy servers.
The advantage of this solution is that meta
proxy may gather status and load statistics
from the proxy servers that enables a fair
and balanced distribution of incoming
connections.
ATM Firewalls with FQoS :
The concept of Firewall Quality of Service
(FQoS) is to optimize the effort to make the
connections secure.
Conclusions
ATM has been predicted to be the most
popular network technology in coming
years. Therefore making ATM secure in
terms of data transmission is a prime
concern in network research and
development.
Though
the
Security
Framework (Phase I) published by the ATM
forum gives us a general overall view of the
requirement, solutions meeting these are
very few in number today.
References
http://www.3com.com- 3 Com Corporation
http://www.gdc.com-General Datacomm,Inc.
http://www.cisco.com -Cisco systems, Inc.
http://www.newbridge.com -Newbridge Networks
Corporation.
ATM Forum Security Framework (Phase 1)
http://www.atmforum.com
http://www.computerworld.com
http://www.network.com
http://www.nortel.com
QUESTIONS?