network security part i: introduction introductory security concepts

35
Network Security Network Security Part I: Introduction Part I: Introduction Introductory Introductory Security Concepts Security Concepts

Post on 19-Dec-2015

238 views

Category:

Documents


2 download

TRANSCRIPT

Network SecurityNetwork SecurityPart I: IntroductionPart I: Introduction

Introductory Security Introductory Security ConceptsConcepts

SECURITY INNOVATION ©20032

OutlineOutline

1.1. IntroductionIntroduction

2.2. Security domains and policiesSecurity domains and policies

3.3. Security threatsSecurity threats

4.4. Security servicesSecurity services

5.5. Security mechanismsSecurity mechanisms

SECURITY INNOVATION ©20033

1 Introduction1 Introduction

• ISO 7498-2:ISO 7498-2:– provides standard definitions of security provides standard definitions of security

terminology,terminology,– provides standard descriptions for security provides standard descriptions for security

services and mechanisms,services and mechanisms,– defines where in OSI reference model defines where in OSI reference model

security services may be provided,security services may be provided,– introduces security management concepts.introduces security management concepts.

SECURITY INNOVATION ©20034

Security Life-CycleSecurity Life-Cycle

• Model is as follows:Model is as follows:– define security policy,define security policy,– analyze security threats (according to analyze security threats (according to

policy),policy),– define security services to meet threats,define security services to meet threats,– define security mechanisms to provide define security mechanisms to provide

services,services,– provide on-going management of security.provide on-going management of security.

SECURITY INNOVATION ©20035

Threats, Services and Threats, Services and MechanismsMechanisms

• A security threat is a possible means by which A security threat is a possible means by which a security policy may be breached (e.g. loss of a security policy may be breached (e.g. loss of integrity or confidentiality).integrity or confidentiality).

• A security service is a measure which can be A security service is a measure which can be put in place to address a threat (e.g. provision put in place to address a threat (e.g. provision of confidentiality).of confidentiality).

• A security mechanism is a means to provide a A security mechanism is a means to provide a service (e.g. encryption, digital signature).service (e.g. encryption, digital signature).

SECURITY INNOVATION ©20036

2 Security Domains and 2 Security Domains and PoliciesPolicies

• In a secure system, the rules governing In a secure system, the rules governing security behavior should be made security behavior should be made explicit in the form of a Security policy.explicit in the form of a Security policy.

• Security policy: ‘the set of criteria for Security policy: ‘the set of criteria for the provision of security services’.the provision of security services’.

• Security domain: the scope of a single Security domain: the scope of a single security policy.security policy.

SECURITY INNOVATION ©20037

Generic Security PolicyGeneric Security Policy

• ISO 7498-2 generic authorization policy:ISO 7498-2 generic authorization policy:– ‘‘Information may not be given to, accessed Information may not be given to, accessed

by, nor permitted to be inferred by, nor may by, nor permitted to be inferred by, nor may any resource be used by, those not any resource be used by, those not appropriately authorized.’appropriately authorized.’

• Possible basis for more detailed policy.Possible basis for more detailed policy.• It does not cover availability (e.g. denial It does not cover availability (e.g. denial

of service) issues.of service) issues.

SECURITY INNOVATION ©20038

Policy TypesPolicy Types

• ISO 7498-2 distinguishes between 2 ISO 7498-2 distinguishes between 2 types of security policy:types of security policy:– identity-based: where access to and use of identity-based: where access to and use of

resources are determined on the basis of the resources are determined on the basis of the identities of users and resources,identities of users and resources,

– rule-based: where resource access is rule-based: where resource access is controlled by global rules imposed on all controlled by global rules imposed on all users, e.g. using security labels.users, e.g. using security labels.

SECURITY INNOVATION ©20039

3 Security Threats3 Security Threats

• A threat is:A threat is:– a person, thing, event or idea which poses some a person, thing, event or idea which poses some

danger to an asset (in terms of confidentiality, danger to an asset (in terms of confidentiality, integrity, availability or legitimate use).integrity, availability or legitimate use).

• An attack is a realization of a threat.An attack is a realization of a threat.• Safeguards = measures (e.g. controls, Safeguards = measures (e.g. controls,

procedures) to protect against threats.procedures) to protect against threats.• Vulnerabilities = weaknesses in safeguards.Vulnerabilities = weaknesses in safeguards.

SECURITY INNOVATION ©200310

RiskRisk

• Risk is a measure of the cost of a Risk is a measure of the cost of a vulnerability (taking into account vulnerability (taking into account probability of a successful attack).probability of a successful attack).

• Risk analysis determines whether Risk analysis determines whether expenditure on (new/better) safeguards expenditure on (new/better) safeguards is warranted.is warranted.

SECURITY INNOVATION ©200311

Fundamental ThreatsFundamental Threats

• Four fundamental threats (matching Four fundamental threats (matching Confidentiality, Integrity, Availability Confidentiality, Integrity, Availability legitimate use):legitimate use):– Information leakage, Information leakage, – Integrity violation,Integrity violation,– Denial of service,Denial of service,– Illegitimate use.Illegitimate use.

SECURITY INNOVATION ©200312

Fundamental Threat Fundamental Threat ExamplesExamples

• Integrity violationIntegrity violation– USA Today, falsified reports of missile USA Today, falsified reports of missile

attacks on Israel, 7/2002attacks on Israel, 7/2002

• Denial of serviceDenial of service– Yahoo, 2/2000, 1GbpsYahoo, 2/2000, 1Gbps

• Information LeakageInformation Leakage– Prince Charles mobile phone calls, 1993Prince Charles mobile phone calls, 1993

• Illegitimate useIllegitimate use– Vladimir Levin, Citibank, $3.7M, 1995Vladimir Levin, Citibank, $3.7M, 1995

SECURITY INNOVATION ©200313

Primary Enabling Primary Enabling MethodsMethods

• Realization of any of these threats can Realization of any of these threats can lead directly to a realization of a lead directly to a realization of a fundamental threat:fundamental threat:– Masquerade,Masquerade,– Bypassing controls,Bypassing controls,– Authorization violation,Authorization violation,– Trojan horse,Trojan horse,– Trapdoor.Trapdoor.

SECURITY INNOVATION ©200314

Primary Enabling Primary Enabling Methods: ExamplesMethods: Examples

• MasqueradeMasquerade– Royal Opera House web site, 8/2002 – Information Royal Opera House web site, 8/2002 – Information

LeakageLeakage

• Bypassing controlsBypassing controls– ADSL modem passwords – Illegitimate UseADSL modem passwords – Illegitimate Use

• Authorization violationAuthorization violation– Cross site scripting – Information LeakageCross site scripting – Information Leakage

• Trojan horseTrojan horse– PWSteal.Trojan, 1999 – Information LeakagePWSteal.Trojan, 1999 – Information Leakage

• TrapdoorTrapdoor– Ken Thompson, Unix login – Reflections on Trusting Ken Thompson, Unix login – Reflections on Trusting

Trust, 1975 - Illegitimate UseTrust, 1975 - Illegitimate Use

SECURITY INNOVATION ©200315

4 Security Services4 Security Services

• Security services in ISO 7498-2 are a Security services in ISO 7498-2 are a special class of safeguard applying to a special class of safeguard applying to a communications environment.communications environment.

• Hence they are the prime focus of IC3.Hence they are the prime focus of IC3.• Computer security safeguards are Computer security safeguards are

covered in IC4.covered in IC4.

SECURITY INNOVATION ©200316

Security Service Security Service ClassificationClassification

• ISO 7498-2 defines 5 main categories of ISO 7498-2 defines 5 main categories of security service:security service:– Authentication (including entity Authentication (including entity

authentication and origin authentication),authentication and origin authentication),– Access control,Access control,– Data confidentiality,Data confidentiality,– Data integrity,Data integrity,– Non-repudiation.Non-repudiation.

SECURITY INNOVATION ©200317

AuthenticationAuthentication

• Entity authentication provides checking of Entity authentication provides checking of a claimed identity at a point in time.a claimed identity at a point in time.

• Typically used at start of a connection.Typically used at start of a connection.• Addresses masquerade and replay Addresses masquerade and replay

threats.threats.• Origin authentication provides verification Origin authentication provides verification

of source of data.of source of data.• Does not protect against duplication or Does not protect against duplication or

modification of data.modification of data.• GSM, web serversGSM, web servers

SECURITY INNOVATION ©200318

Access ControlAccess Control

• Provides protection against Provides protection against unauthorized use of resource, including:unauthorized use of resource, including:– use of a communications resource,use of a communications resource,– reading, writing or deletion of an information reading, writing or deletion of an information

resource,resource,– execution of a processing resource.execution of a processing resource.

• Remote usersRemote users

SECURITY INNOVATION ©200319

Data ConfidentialityData Confidentiality

• Protection against unauthorized Protection against unauthorized disclosure of information.disclosure of information.

• Four types:Four types:– Connection confidentiality,Connection confidentiality,– Connectionless confidentiality,Connectionless confidentiality,– Selective field confidentiality,Selective field confidentiality,– Traffic flow confidentiality.Traffic flow confidentiality.

• Internet banking sessionInternet banking session• Encrypting routers as part of Swift funds Encrypting routers as part of Swift funds

transfer networktransfer network

SECURITY INNOVATION ©200320

Data IntegrityData Integrity

• Provides protection against active Provides protection against active threats to the validity of data.threats to the validity of data.

• Five types:Five types:– Connection integrity with recovery,Connection integrity with recovery,– Connection integrity without recovery,Connection integrity without recovery,– Selective field connection integrity,Selective field connection integrity,– Connectionless integrity,Connectionless integrity,– Selective field connectionless integrity.Selective field connectionless integrity.

• MD5 hashes MD5 hashes http://www.apache.org/dist/httpd/binariehttp://www.apache.org/dist/httpd/binaries/linux/s/linux/

SECURITY INNOVATION ©200321

Non-repudiationNon-repudiation

• Protects against a sender of data Protects against a sender of data denying that data was sent (non-denying that data was sent (non-repudiation of origin).repudiation of origin).

• Protects against a receiver of data Protects against a receiver of data denying that data was received (non-denying that data was received (non-repudiation of delivery).repudiation of delivery).

• Analogous to signing a letter and Analogous to signing a letter and sending recorded deliverysending recorded delivery

SECURITY INNOVATION ©200322

5 Security mechanisms5 Security mechanisms

• Exist to provide and support security Exist to provide and support security services.services.

• Can be divided into two classes:Can be divided into two classes:– Specific security mechanisms, used to Specific security mechanisms, used to

provide specific security services, andprovide specific security services, and– Pervasive security mechanisms, not specific Pervasive security mechanisms, not specific

to particular services.to particular services.

SECURITY INNOVATION ©200323

Specific Security Specific Security MechanismsMechanisms

• Eight types:Eight types:– encryption,encryption,– digital signature,digital signature,– access control mechanisms,access control mechanisms,– data integrity mechanisms,data integrity mechanisms,– authentication exchanges,authentication exchanges,– traffic padding,traffic padding,– routing control,routing control,– notarization.notarization.

SECURITY INNOVATION ©200324

Specific Mechanisms ISpecific Mechanisms I

• Encryption mechanisms = encryption or Encryption mechanisms = encryption or cipher algorithms.cipher algorithms.– Can provide data and traffic flow Can provide data and traffic flow

confidentiality.confidentiality.

• Digital signature mechanismsDigital signature mechanisms– signing procedure (private),signing procedure (private),– verification procedure (public).verification procedure (public).– Can provide non-repudiation, origin Can provide non-repudiation, origin

authentication and data integrity services.authentication and data integrity services.

• Both can be basis of some authentication Both can be basis of some authentication exchange mechanisms.exchange mechanisms.

SECURITY INNOVATION ©200325

Specific Mechanisms IISpecific Mechanisms II• Access Control mechanismsAccess Control mechanisms

– A server using client information to decide A server using client information to decide whether to grant access to resourceswhether to grant access to resources• E.g. access control lists, capabilities, security labels. E.g. access control lists, capabilities, security labels.

• Data integrity mechanismsData integrity mechanisms– Protection against modification of data.Protection against modification of data.

• Provide data integrity and origin authentication Provide data integrity and origin authentication services. Also basis of some authentication services. Also basis of some authentication exchange mechanisms.exchange mechanisms.

• Authentication exchange mechanismsAuthentication exchange mechanisms– Provide entity authentication service.Provide entity authentication service.

SECURITY INNOVATION ©200326

Specific Mechanisms IIISpecific Mechanisms III• Traffic padding mechanismsTraffic padding mechanisms

– The addition of ‘pretend’ data to conceal real The addition of ‘pretend’ data to conceal real volumes of data traffic.volumes of data traffic.

– Provides traffic flow confidentiality.Provides traffic flow confidentiality.

• Routing control mechanismsRouting control mechanisms– Used to prevent sensitive data using insecure Used to prevent sensitive data using insecure

channels.channels.– E.g. route might be chosen to use only physically E.g. route might be chosen to use only physically

secure network components.secure network components.

• Notarization mechanismsNotarization mechanisms– Integrity, origin and/or destination of data can be Integrity, origin and/or destination of data can be

guaranteed by using a 3rd party trusted notary.guaranteed by using a 3rd party trusted notary.• Notary typically applies a cryptographic transformation Notary typically applies a cryptographic transformation

to the data.to the data.

SECURITY INNOVATION ©200327

Pervasive Security Pervasive Security MechanismsMechanisms

• Five types identified:Five types identified:– trusted functionality,trusted functionality,– security labels,security labels,– event detection,event detection,– security audit trail,security audit trail,– security recovery.security recovery.

SECURITY INNOVATION ©200328

Pervasive Mechanisms IPervasive Mechanisms I• Trusted functionalityTrusted functionality

– Any functionality providing or accessing security Any functionality providing or accessing security mechanisms should be trustworthy.mechanisms should be trustworthy.

– May involve combination of software and hardware.May involve combination of software and hardware.

• Security labelsSecurity labels– Any resource (e.g. stored data, processing power, Any resource (e.g. stored data, processing power,

communications bandwidth) may have security label communications bandwidth) may have security label associated with it to indicate security sensitivity.associated with it to indicate security sensitivity.

– Similarly labels may be associated with users. Labels Similarly labels may be associated with users. Labels may need to be securely bound to transferred data.may need to be securely bound to transferred data.

SECURITY INNOVATION ©200329

Pervasive Mechanisms IIPervasive Mechanisms II• Event detectionEvent detection

– Includes detection ofIncludes detection of• attempted security violations,attempted security violations,• legitimate security-related activity.legitimate security-related activity.

– Can be used to trigger event reporting (alarms), Can be used to trigger event reporting (alarms), event logging, automated recovery.event logging, automated recovery.

• Security audit trailSecurity audit trail– Log of past security-related events.Log of past security-related events.– Permits detection and investigation of past security Permits detection and investigation of past security

breaches.breaches.

SECURITY INNOVATION ©200330

Pervasive Mechanisms IIPervasive Mechanisms II

• Security recoverySecurity recovery– Includes mechanisms to handle requests to recover Includes mechanisms to handle requests to recover

from security failures.from security failures.– May include immediate abort of operations, May include immediate abort of operations,

temporary invalidation of an entity, addition of entity temporary invalidation of an entity, addition of entity to a blacklist.to a blacklist.

SECURITY INNOVATION ©200331

Services Versus Services Versus MechanismsMechanisms

• ISO 7498-2 indicates which mechanisms ISO 7498-2 indicates which mechanisms can be used to provide which services.can be used to provide which services.

• Illustrative NOT definitive.Illustrative NOT definitive.• Omissions include:Omissions include:

– use of integrity mechanisms to help provide use of integrity mechanisms to help provide authentication services,authentication services,

– use of encryption to help provide non-use of encryption to help provide non-repudiation service (as part of notarization).repudiation service (as part of notarization).

SECURITY INNOVATION ©200332

Service/Mechanism Table Service/Mechanism Table I I

SSeerrvviiccee// MMeecchhaanniissmm

EEnnccrryyppttiioonn DDiiggiittaall SSiiggnnaattuurree

AAcccceessss CCoonnttrrooll

DDaattaa IInntteeggrriittyy

Entity authentication Y Y Origin authentication Y Y Access control Y Connection confidentiality Y Connectionless confidentiality Y Selective field confidentiality Y Traffic flow confidentiality Y Connection integrity with recovery Y Y Connection integrity without recovery Y Y Selective field connection integrity Y Y Connectionless integrity Y Y Y Selective field connectionless integrity Y Y Y Non-repudiation of origin Y Y Non-repudiation of delivery Y Y

SECURITY INNOVATION ©200333

Service/Mechanism Table Service/Mechanism Table II II

SSeerrvviiccee MMeecchhaanniissmm

AAuutthhoorriizzaattiioonn eexxcchhaannggee

TTrraaffffiicc ppaaddddiinngg

RRoouuttiinngg CCoonnttrrooll

NNoottaarriissaattiioonn

Entity authentication Y Origin authentication Access control Connection confidentiality Y Connectionless confidentiality Y Selective field confidentiality Traffic flow confidentiality Y Y Connection integrity with recovery Connection integrity without recovery Selective field connection integrity Connectionless integrity Selective field connectionless integrity Non-repudiation of origin Y Non-repudiation of delivery Y

SECURITY INNOVATION ©200334

Services Versus LayersServices Versus Layers

• ISO 7498-2 lays down which security ISO 7498-2 lays down which security services can be provided in which of the services can be provided in which of the 7 layers.7 layers.

• Layers 1 and 2 may only provide Layers 1 and 2 may only provide confidentiality services.confidentiality services.

• Layers 3/4 may provide many services.Layers 3/4 may provide many services.• Layer 7 may provide all services.Layer 7 may provide all services.

SECURITY INNOVATION ©200335

Service/Layer TableService/Layer Table

SSeerrvviiccee // LLaayyeerr LLaayyeerr 11 LLaayyeerr 22 LLaayyeerr 33 LLaayyeerr 44 LLaayyeerr 55//66 LLaayyeerr 77 Entity authentication Y Y Y Origin authentication Y Y Y Access control Y Y Y Connection confidentiality Y Y Y Y Y Connectionless confidentiality Y Y Y Y Selective field confidentiality Y Traffic flow confidentiality Y Y Y Connection integrity with recovery Y Y Connection integrity without recovery Y Y Y Selective field connection integrity Y Connectionless integrity Y Y Y Selective field connectionless integrity Y Non-repudiation of origin Y Non-repudiation of delivery Y