lecture ii : security analysis and planning internet security: principles & practices john k....
TRANSCRIPT
Lecture II : Lecture II : Security Analysis and PlanningSecurity Analysis and Planning
Internet Security: Principles & Practices
John K. Zao, PhD SMIEEENational Chiao-Tung University
Fall 2005
2Internet Security - System Analysis & Planning
ThemeThemeObjectivesObjectives Highlight objectives of security system design &
implementation
Introduce procedure of security system planning & operation
MottoMotto Security/Safety is a relative measure
NO system is absolutely secure !
Users’ sense of security is usually a fuzzy warm feeling
Security specialists must specify & quantify security measures
Security systems only offer measured protection (safeguards) over selected resources (assets) against identified dangers (threats)
Security protection is a perpetual practice consisting of planning, deployment, monitoring & improvement
3Internet Security - System Analysis & Planning
Security System, Planning & OperationSecurity System, Planning & Operation
ASSET IDENTIFICATION
CONFIG
PLANNI NG OPERATI ON
ASSET EVALUATION
THREAT IDENTIFICATION
THREAT
EVALUATION
POLICY/ MEASURE
FORMULATION
HARDEN
DETECT
RESPONSE
IMPROVE
Vulnerability Analysis
GoalEstablishment
Preventive
Reactive
CorrectiveStrategyDevelopment
Vulnerability Analysis
Service Selection
Mechanism Implementation
4Internet Security - System Analysis & Planning
Security System, ConceptsSecurity System, Concepts Assets – system resources to be valued & protected Vulnerability – system weakness exposes assets to
threats Threats – persons/things/events pose dangers to assets Attacks – actual realizations of security threats Risks – cost measures of realized vulnerability
(considering probability of successful attacks Countermeasures/Safeguards –
structures/policies/mechanisms protect assets from threats
5Internet Security - System Analysis & Planning
Threats, CategorizationThreats, Categorization
Fundamental ThreatsFundamental Threats Confidentiality Violation – leakage of information Integrity Violation – compromise of information consistency Denial of Services – service unavailability to legitimate users Illegitimate Use – service availability to illegitimate users
Enabling ThreatsEnabling Threats Penetration Threats
Masquerade – identity falsification Control/Protection Bypass – system flaw exploitation Authorization Violation – insider violation of usage authorization
Planting Threats Trojan Horse Trapdoor/Backdoor
6Internet Security - System Analysis & Planning
Threats, Categorization [Cont’d]Threats, Categorization [Cont’d]
Underlying ThreatsUnderlying Threats Eavesdropping Traffic Analysis Personnel Indiscretion/Misconducts Media Scavenging …
They are application & environment specific
7Internet Security - System Analysis & Planning
Countermeasures/SafeguardsCountermeasures/Safeguards
Physical SecurityPhysical Security Physical Security
Operational SecurityOperational Security Personnel Security Administrative Security Information Lifecycle Control
Technical SecurityTechnical Security Communication Security Computation Security Media Security Emanation Security
Example: Example: Use of IPsec & IKE in Use of IPsec & IKE in Universal Mobile Telecommunication Universal Mobile Telecommunication SystemSystem
Dr. John K. ZaoSr. Scientist, Information Security
Verizon Communications / BBN Technologies
BBN TechnologiesAn Operating Unit of
IPSEC 2000Paris La Defense - France 10/26/2000
9Internet Security - System Analysis & Planning
OutlineOutline Overview: UMTS 3G Wireless Data Networks
Architecture Domains Strata
Analysis: UMTS Vulnerability & Threats
Countermeasures: UMTS Security Architecture & Mechanisms
Proposal: Possible Use of IPsec & IKE in UMTS Security <ignored >
10Internet Security - System Analysis & Planning
GPRS / UMTS System ArchitectureGPRS / UMTS System Architecture
MSC
EIR
MESIM
AuC
HLR VLR
BSC
BSC
BTS
BTS
BTS
BTS
PSTN / ISDNPSPDN / CSPDN
MESIM
MESIM
MESIM
MSC
Access Netw orkDomain
Core Netw orkDomain
Serving Netw orkDomain
Transit Netw orkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
DomainUSIM
Domain
Home Netw orkDomain
11Internet Security - System Analysis & Planning
UMTS Domain HierarchyUMTS Domain Hierarchy
Access Netw orkDomain
Serving Netw orkDomain
Transit Netw orkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote Netw orkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Domain – a high-level group of UMTS entities; reference points (interfaces) are defined between domains
12Internet Security - System Analysis & Planning
UMTS MT-HN StrataUMTS MT-HN Strata
Home StratumService Stratum
Transport StratumAccess Stratum
Access Netw orkDomain
Serving Netw orkDomain
Transit Netw orkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote Netw orkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Stratum – a group of UMTS protocols that are relevant to one aspect of the services provided by one or more domains
13Internet Security - System Analysis & Planning
UMTS MT-RN StrataUMTS MT-RN Strata
Service Stratum
Transport StratumAccess Stratum
Application Stratum
Access Netw orkDomain
Serving Netw orkDomain
Transit Netw orkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote Netw orkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Stratum – a group of UMTS protocols that are relevant to one aspect of the services provided by one or more domains
14Internet Security - System Analysis & Planning
OutlineOutline Overview: 3G Wireless Data Networks
Analysis: UMTS Security Security Threats Security Architecture Security Features/Services
Network Access Security Network Domain Security User Domain Security Application Domain Security
Security Mechanisms Mobile User Identity Allocation Entity Authentication & Key Agreement User Traffic Confidentiality Network Domain Security
Proposal: Possible Use of IPsec & IKE in UMTS Security
15Internet Security - System Analysis & Planning
3G Security: Threats 3G Security: Threats BasicThreats
Confidentiality Violation
Integrity Violation
Denial of Services
Illegitimate Uses
Repudiation
EnablingThreats
Eavesdropping, User Traffic
Alteration,User Traffic
Intervention,Physical
Masquerading,User
Repudiation,Charge
Eavesdropping, Signal & Control
Alteration,Signal & Control
Intervention,Protocols
Masquerading,Service Net
Repudiation,Traffic Origin
Masquerading,User
Alteration,ME Download
Masquerading,Net Elements
Masquerading,Home Environment
Repudiation,Traffic Delivery
Masquerading,Net Elements
Alteration,USIM Download
Privilege Misuse Privilege Misuse,User
Traffic Analysis, Passive
Alteration,System Data
Service Abuse Privilege Misuse,Service Net
Traffic Analysis, Active
Masquerading,Net Elements
Stealing,Terminals
Unauthorized Access, System Data
Masquerading, Download Origins
Information Leakage User Location
Source: 3G Security; Security Threats & Requirements [3G TS 21.133]
16Internet Security - System Analysis & Planning3G Security : Threats, Radio 3G Security : Threats, Radio InterfaceInterface
BasicThreats
Confidentiality Violation
Integrity Violation
Denial of Services
Illegitimate Uses
Repudiation
EnablingThreats
Eavesdropping, User Traffic
Alteration,User Traffic
Intervention,Physical
Masquerading,User
Repudiation,Charge
Eavesdropping, Signal & Control
Alteration,Signal & Control
Intervention,Protocols
Masquerading,Service Net
Repudiation,Traffic Origin
Masquerading,User
Alteration,ME Download
Masquerading,Net Elements
Masquerading,Home Environment
Repudiation,Traffic Delivery
Masquerading,Net Elements
Alteration,USIM Download
Privilege Misuse Privilege Misuse,User
Traffic Analysis, Passive
Alteration,System Data
Service Abuse Privilege Misuse,Service Net
Traffic Analysis, Active
Masquerading,Net Elements
Stealing,Terminals
Unauthorized Access, System Data
Masquerading, Download Origins
Information Leakage User Location
Relevant Threads Significant Threads
Major Threads Radio Eavesdropping & Traffic Analysis
User & Net Element Masquerading
17Internet Security - System Analysis & Planning3G Security : Threats, ME-USIM 3G Security : Threats, ME-USIM InterfaceInterfaceBasicThreats
Confidentiality Violation
Integrity Violation
Denial of Services
Illegitimate Uses
Repudiation
EnablingThreats
Eavesdropping, (USIM) User Traffic
Alteration, (USIM) User Traffic
Intervention,Physical
Masquerading, User (Stolen ME & USIM)
Repudiation,Charge
Eavesdropping, (USIM) Signal & Control
Alteration, (USIM) Signal & Control
Intervention,Protocols
Masquerading,Service Net
Repudiation,Traffic Origin
Masquerading,User (ME/USIM)
Alteration,ME Download
Masquerading,Net Elements
Masquerading,Home Environment
Repudiation,Traffic Delivery
Masquerading,Net Elements
Alteration,USIM Download
Privilege Misuse Privilege Misuse, (Borrowed USIM)
Traffic Analysis, Passive
Alteration,System Data (ME)
Service Abuse Privilege Misuse, Service Net
Traffic Analysis, Active
Masquerading,Net Elements
Stealing,Terminals (ME)
Unauthorized Access, System Data (USIM)
Masquerading, Download Origins
Information Leakage, User Location
Relevant Threads Significant Threads
Major Threads ME/USIM Masquerading ME/USIM Data Alteration & Access ME/USIM Download Alteration &
Eavesdropping
18Internet Security - System Analysis & Planning3G Security : Threats, General 3G Security : Threats, General SystemSystem
BasicThreats
Confidentiality Violation
Integrity Violation
Denial of Services
Illegitimate Uses
Repudiation
EnablingThreats
Eavesdropping, User Traffic
Alteration,User Traffic
Intervention,Physical
Masquerading,User
Repudiation,Charge
Eavesdropping, Signal & Control
Alteration,Signal & Control
Intervention,Protocols
Masquerading,Service Net
Repudiation,Traffic Origin
Masquerading,User
Alteration,ME Download
Masquerading,Net Elements
Masquerading,Home Environment
Repudiation,Traffic Delivery
Masquerading,Net Elements
Alteration,USIM Download
Privilege Misuse Privilege Misuse,User
Traffic Analysis, Passive
Alteration,System Data
Service Abuse,Emergency Service
Privilege Misuse,Service Net
Traffic Analysis, Active
Masquerading,Net Elements
Stealing,Terminals
Unauthorized Access, System Data
Masquerading, Download Origins
Information Leakage User Location Relevant Threads Significant
ThreadsMajor Threads Privilege Misuse
Network Element Masquerading Wired Link Eavesdropping
19Internet Security - System Analysis & Planning
UMTS Security ArchitectureUMTS Security Architecture
Service Stratum
Transport StratumAccess Stratum
Application Stratum
Access Netw orkDomain
Serving Netw orkDomain
Transit Netw orkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote Netw orkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Network Access Security
Network Domain Security
User Domain Security
Application Domain Security
User Domain Security – protection against attacks on ME - USIM/USIM interfaces
Network Access Security – protection against attacks on radio (access) links Network Domain Security – protection against attacks on wired network
infrastructure Application Domain Security – protection on user &
provider application exchanges Security Management – monitoring & managing user - provider security
features
20Internet Security - System Analysis & PlanningNetwork Access Security, Network Access Security, SafeguardsSafeguardsUser Identity ConfidentialityServicesServices Identity Confidentiality Location Confidentiality Intractability
MechanismsMechanisms Temporary Visiting Identity Encrypted Permanent Identity Encrypted Signal / Control Data
Entity AuthenticationServicesServices
Authentication Mechanism Agreement
User Authentication Network Element Authentication
MechanismsMechanisms HE-SN Authentication & Key
Agreement Local Authentication
Data ConfidentialityServicesServices
Cipher Algorithm Agreement Cipher Key Agreement User Data Confidentiality Signal / Control Data Confidentiality
Data IntegrityServicesServices
Integrity Algorithm Agreement Integrity Key Agreement Signal / Control Data Integrity Signal / Control Data Origin
Authentication
21Internet Security - System Analysis & PlanningNetwork Domain Security, Network Domain Security, SafeguardsSafeguards
Entity AuthenticationServicesServices
Mechanism Agreement Network Element Authentication
MechanismMechanism Explicit Symmetric Key
Authentication
Data ConfidentialityServicesServices
Cipher Algorithm Agreement Cipher Key Agreement Signal / Control Data Confidentiality
Data IntegrityServicesServices
Integrity Algorithm Agreement Integrity Key Agreement Signal / Control Data Integrity Signal / Control Data Origin
Authentication
22Internet Security - System Analysis & Planning
User Domain Security, SafeguardsUser Domain Security, SafeguardsUser - USIM AuthenticationServicesServicesPIN-based Authentication
USIM - ME AuthenticationServicesServices
Shared Secret Authentication
23Internet Security - System Analysis & PlanningApplication Domain Security, Application Domain Security, SafeguardsSafeguards
Secure USIM Download & MessagingServicesServices Application Identity Authentication Application Data Confidentiality Application Data Origin Authentication Application Data Integrity Application Exchange Sequence Integrity Application Exchange Replay Protection Application Data Non-repudiation
IP Security[TBD][TBD]
User Traffic ConfidentialityServiceService
End-to-End Data Confidentiality
User Profile Confidentiality[TBD][TBD]
24Internet Security - System Analysis & Planning* * Mobile User Identity (MUI) Mobile User Identity (MUI) ExchangesExchanges
Temporary MUI (TMUI) Allocation
Permanent MUI (IMUI) Identification
Similar to Mobile IP Registration
Source: UMTS Security Architecture [3G TS 33.102]
25Internet Security - System Analysis & PlanningEntity Authentication & Key Entity Authentication & Key AgreementAgreement
ParametersAuthentication Vector
AV(i) := RAND(i)||XRES(i)||CK(i)||IK(i)||AUTN(i)
AUTN,CK,IK,XRES derived from RAND,SQN,AMF
Authentication Data RequestAuthen_Req := IMUI || HLR_MSG
Authentication Data RequestAuthen_Res := [IMUI] || AV(1..n)
CommentsAuthentication is conducted between
HE/AuC & MS/USIMHE is authentication & key distribution
centerSN/VLR is trusted mediator If HE is off-line then MS-SN
authenticate using shared integrity key & protect their traffic using old (CK,IK)
26Internet Security - System Analysis & Planning
User Traffic ConfidentialityUser Traffic ConfidentialityKey Management
Cipher Key (Ks) Initialization Vector (IV)
Cipher Algorithms Synchronous Stream Cipher
Data stream XOR with key stream
Synchronization controlled by IV
Issues Encryption synchronization
mechanism TFO voice protection
adaptation Data traffic protection
adaptation Encryption termination at net
gateways Encryption management
27Internet Security - System Analysis & Planning
Network Domain SecurityNetwork Domain SecuritySimilar to Multi-Realm Kerberos
Layer I Symmetric Session Key
Negotiation using PK technology
Layer II Session Key Distribution
within each Operator
Layer III Secure communication
between Elements of different Operators
28Internet Security - System Analysis & Planning
BibliographyBibliography3rd Generation Partnership Project, Technical Specification Group (TSG) SA
3G TS 21.133 - 3G Security; Security Threats & Requirements
3G TS 21.120 - 3G Security; Security Principles & Objectives
3G TS 33.105 - 3G Security; Cryptographic Algorithm Requirements
3G TS 33.102 - UMTS; 3G Security; Security Architecture
3G TS 23.101 - UMTS; General UMTS Architecture
GSM Documents GS 02.60 – GPRS; Service Description; Stage 1
GS 03.60 – GPRS; Service Description; Stage 2
GS 02.09 – Security Aspects
GS 03.20 – Security Related Network Functions
Source: http://www.etsi.org/
Assignment I :Assignment I :Security System Analysis & PlanningSecurity System Analysis & Planning
Internet Security: Principles & Practices
John K. Zao, PhD SMIEEENational Chiao-Tung University
Fall 2005
30Internet Security - System Analysis & Planning
System: Campus NetworkSystem: Campus Network
Adm
inis
trato
r Subnet
ServerHost
Host
Host
Host
Router
Switch
Off
icer
Subnet
Server
Host
Host
Host
Host
Student SubnetServer
Host HostHost HostModem Bank
Switch
Dial-in Subnet
Teaching Subnet
Server
Host HostHost Host
Server
HostHost HostHost
Research Subnet
Router
Router
Router
To Public Internet
31Internet Security - System Analysis & Planning
Asset EvaluationAsset EvaluationImportant Users Officers Students
Important Assets Management
Records Research
Records Teaching
Records
Adm
inis
trato
r Subnet
ServerHost
Host
Host
Host
Router
Switch
Off
icer
Subnet
Server
Host
Host
Host
Host
Student SubnetServer
Host HostHost HostModem Bank
Switch
Dial-in Subnet
Teaching Subnet
Server
Host HostHost Host
Server
HostHost HostHost
Research Subnet
Router
Router
Router
To Public Internet
32Internet Security - System Analysis & Planning
Threat AnalysisThreat Analysis
For every subnet: Identify nature of specific threats towards each networking resource & application Evaluate severity of threats towards individual resource & application
Officer SubnetOfficer Subnet
33Internet Security - System Analysis & Planning
Service PlanningService Planning
Perimeter Defense Firewalls Site-to-Site VPN Remote Access VPN IRS Gateway
Host/Server Defense
Configuration Manager
Security Patches Anti-Virus Scanner Anti-Spam Program Spyware Blockers
Adm
inis
trato
r Subnet
ServerHost
Host
Host
Host
Router
Switch
Off
icer
Subnet
Server
Host
Host
Host
Host
Student SubnetServer
Host HostHost HostModem Bank
Switch
Dial-in Subnet
Teaching Subnet
Server
Host HostHost Host
Server
HostHost HostHost
Research Subnet
Router
Router
Router
To Public Internet
34Internet Security - System Analysis & Planning
Assignment WorkAssignment Work
Vulnerability Analysis [50%] Service Planning [50%] Architecture Recommendation [20%, optional]