intro security concepts

8/10/2019 Intro Security Concepts

1/35

Network Security

Part I: Introduction

Introductory SecurityConcepts


2/35

SECURITY INNOVATION 2003

2

Outline

1. Introduction

2. Security domains and policies

3. Security threats

4. Security services

5. Security mechanisms


3/35


3

1 Introduction

ISO 7498-2: provides standard definitions of security

terminology,

provides standard descriptions for securityservices and mechanisms,

defines where in OSI reference model securityservices may be provided,

introduces security management concepts.


4/35


4

Security Life-Cycle

Model is as follows: define security policy,

analyze security threats (according to policy),

define security services to meet threats, define security mechanisms to provide services,

provide on-going management of security.


5/35


5

Threats, Services andMechanisms

A security threat is a possible means by which asecurity policy may be breached (e.g. loss of integrityor confidentiality).

A security service is a measure which can be put inplace to address a threat (e.g. provision ofconfidentiality).

A security mechanism is a means to provide a service(e.g. encryption, digital signature).


6/35


6

2 Security Domains and Policies

In a secure system, the rules governingsecurity behavior should be made explicit inthe form of a Security policy.

Security policy: the set of criteria for theprovision of security services.

Security domain: the scope of a single security

policy.


7/35SECURITY INNOVATION 2003

7

Generic Security Policy

ISO 7498-2 generic authorization policy: Information may not be given to, accessed by, nor

permitted to be inferred by, nor may any resource

be used by, those not appropriately authorized. Possible basis for more detailed policy.

It does not cover availability (e.g. denial ofservice) issues.



8

Policy Types

ISO 7498-2 distinguishes between 2 types ofsecurity policy: identity-based: where access to and use of

resources are determined on the basis of theidentities of users and resources,

rule-based: where resource access is controlled byglobal rules imposed on all users, e.g. using

security labels.



9

3 Security Threats

A threat is: a person, thing, event or idea which poses some danger to an

asset (in terms of confidentiality, integrity, availability orlegitimate use).

An attack is a realization of a threat.

Safeguards = measures (e.g. controls, procedures) toprotect against threats.

Vulnerabilities = weaknesses in safeguards.



10

Risk

Risk is a measure of the cost of a vulnerability(taking into account probability of a successfulattack).

Risk analysis determines whether expenditureon (new/better) safeguards is warranted.


11/35



12

Fundamental Threat Examples

Integrity violation USA Today, falsified reports of missile attacks on

Israel, 7/2002

Denial of service Yahoo, 2/2000, 1Gbps

Information Leakage

Prince Charles mobile phone calls, 1993 Illegitimate use

Vladimir Levin, Citibank, $3.7M, 1995



13

Primary Enabling Methods

Realization of any of these threats can leaddirectly to a realization of a fundamentalthreat:

Masquerade, Bypassing controls,

Authorization violation,

Trojan horse,

Trapdoor.



14

Primary Enabling Methods:Examples

Masquerade Royal Opera House web site, 8/2002 Information Leakage Bypassing controls

ADSL modem passwords Illegitimate Use

Authorization violation Cross site scripting Information Leakage

Trojan horse PWSteal.Trojan, 1999 Information Leakage

Trapdoor

Ken Thompson, Unix login Reflections on Trusting Trust,1975 - Illegitimate Use


15/35


16/35


16

Security Service Classification

ISO 7498-2 defines 5 main categories ofsecurity service: Authentication (including entity authentication

and origin authentication), Access control,

Data confidentiality,

Data integrity,

Non-repudiation.


17/35


17

Authentication

Entity authentication provides checking of aclaimed identity at a point in time.

Typically used at start of a connection.

Addresses masquerade and replay threats.

Origin authentication provides verification ofsource of data.

Does not protect against duplication ormodification of data.

GSM, web servers


18/35


18

Access Control

Provides protection against unauthorized useof resource, including: use of a communications resource,

reading, writing or deletion of an informationresource,

execution of a processing resource.

Remote users


19/35


19

Data Confidentiality

Protection against unauthorized disclosure ofinformation.

Four types:

Connection confidentiality, Connectionless confidentiality,

Selective field confidentiality,

Traffic flow confidentiality.

Internet banking session Encrypting routers as part of Swift funds transfer

network


20/35


20

Data Integrity

Provides protection against active threats tothe validity of data.

Five types:

Connection integrity with recovery, Connection integrity without recovery,

Selective field connection integrity,

Connectionless integrity,

Selective field connectionless integrity. MD5 hashes

http://www.apache.org/dist/httpd/binaries/linux/
http://www.apache.org/dist/httpd/binaries/linux/http://www.apache.org/dist/httpd/binaries/linux/


21/35


21

Non-repudiation

Protects against a sender of data denying thatdata was sent (non-repudiation of origin).

Protects against a receiver of data denying

that data was received (non-repudiation ofdelivery).

Analogous to signing a letter and sending recorded

delivery


22/35


22

5 Security mechanisms

Exist to provide and support security services.

Can be divided into two classes: Specific security mechanisms, used to provide

specific security services, and Pervasive security mechanisms, not specific to

particular services.


23/35


23

Specific Security Mechanisms

Eight types: encryption,

digital signature,

access control mechanisms, data integrity mechanisms,

authentication exchanges,

traffic padding,

routing control,

notarization.


24/35


24

Specific Mechanisms I

Encryption mechanisms = encryption orcipher algorithms. Can provide data and traffic flow confidentiality.

Digital signature mechanisms signing procedure (private),

verification procedure (public).

Can provide non-repudiation, originauthentication and data integrity services.

Both can be basis of some authenticationexchange mechanisms.


25/35


25

Specific Mechanisms II

Access Control mechanisms A server using client information to decide

whether to grant access to resources E.g. access control lists, capabilities, security labels.

Data integrity mechanisms Protection against modification of data. Provide data integrity and origin authentication services.

Also basis of some authentication exchange mechanisms.

Authentication exchange mechanisms Provide entity authentication service.


26/35


26

Specific Mechanisms III Traffic padding mechanisms

The addition of pretend data to conceal real volumes of datatraffic.

Provides traffic flow confidentiality.

Routing control mechanisms Used to prevent sensitive data using insecure channels.

E.g. route might be chosen to use only physically securenetwork components.

Notarization mechanisms Integrity, origin and/or destination of data can be

guaranteed by using a 3rd party trusted notary.

Notary typically applies a cryptographic transformation to thedata.


27/35


27

Pervasive Security Mechanisms

Five types identified: trusted functionality,

security labels,

event detection, security audit trail,

security recovery.


28/35


Pervasive Mechanisms I Trusted functionality

Any functionality providing or accessing securitymechanisms should be trustworthy.

May involve combination of software and hardware.

Security labels

Any resource (e.g. stored data, processing power,communications bandwidth) may have security labelassociated with it to indicate security sensitivity.

Similarly labels may be associated with users. Labels mayneed to be securely bound to transferred data.


29/35


Pervasive Mechanisms II Event detection

Includes detection of attempted security violations,

legitimate security-related activity.

Can be used to trigger event reporting (alarms), eventlogging, automated recovery.

Security audit trail Log of past security-related events.

Permits detection and investigation of past security breaches.


30/35


Pervasive Mechanisms II

Security recovery Includes mechanisms to handle requests to recover from

security failures.

May include immediate abort of operations, temporary

invalidation of an entity, addition of entity to a blacklist.


31/35


Services Versus Mechanisms

ISO 7498-2 indicates which mechanisms canbe used to provide which services.

Illustrative NOT definitive.

Omissions include: use of integrity mechanisms to help provide

authentication services,

use of encryption to help provide non-repudiationservice (as part of notarization).


32/35


Service/Mechanism Table I

SSeerrvviiccee//MMeecchhaanniissmm EEnnccrryyppttiioonn DDiiggiittaallSSiiggnnaattuurree

AAcccceessssCCoonnttrrooll

DDaattaaIInntteeggrriittyy

Entity authentication Y YOrigin authentication Y YAccess control YConnection confidentiality YConnectionless confidentiality YSelective field confidentiality YTraffic flow confidentiality YConnection integrity with recovery Y YConnection integrity without recovery Y YSelective field connection integrity Y YConnectionless integrity Y Y Y

Selective field connectionless integrity Y Y YNon-repudiation of origin Y YNon-repudiation of delivery Y Y


33/35


Service/Mechanism Table II

SSeerrvviicceeMMeecchhaanniissmm AAuutthhoorriizzaattiioonneexxcchhaannggee

TTrraaffffiiccppaaddddiinngg

RRoouuttiinnggCCoonnttrrooll

NNoottaarriissaattiioonn

Entity authentication YOrigin authentication

Access control

Connection confidentiality YConnectionless confidentiality YSelective field confidentiality

Traffic flow confidentiality Y YConnection integrity with recovery

Connection integrity without recovery

Selective field connection integrity

Connectionless integrity

Selective field connectionless integrity

Non-repudiation of origin YNon-repudiation of delivery Y


34/35


Services Versus Layers

ISO 7498-2 lays down which security servicescan be provided in which of the 7 layers.

Layers 1 and 2 may only provide

confidentiality services. Layers 3/4 may provide many services.

Layer 7 may provide all services.


35/35

35

Service/Layer Table

SSeerrvviiccee//LLaayyeerr LLaayyeerr11 LLaayyeerr22 LLaayyeerr33 LLaayyeerr44 LLaayyeerr55//66 LLaayyeerr77Entity authentication Y Y YOrigin authentication Y Y YAccess control Y Y YConnection confidentiality Y Y Y Y YConnectionless confidentiality Y Y Y Y

Selective field confidentiality YTraffic flow confidentiality Y Y YConnection integrity with recovery Y YConnection integrity without recovery Y Y YSelective field connection integrity YConnectionless integrity Y Y YSelective field connectionless integrity YNon-repudiation of origin YNon-repudiation of delivery Y
http://localhost/var/www/apps/conversion/Software%20Protection%20Initiative%20TOC.ppt

intro security concepts

Documents