Professional Documents
Culture Documents
EE5723/EE4723
Spring 2012
Outline
Security Architecture of OSI Reference Model Security Placement w/in Multiple Protocol Layers
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
Internetworking
Router
Network B
TCP Packet
Transport Layer
Network A
Internet Layer
Ethernet Frame
Network Layer
Ethernet Frame
Network Layer
Physical Network
Physical Network
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
Lower/Upper Layers
Layers y 1-4 often referred to as lower layers. y Layers 5-7 are the upper layers. Lower layers relate more closely to the communications technology. Upper layers relate to applications.
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
Concerned with representation p of transmitted data. Deals with different data representations, e.g. of numbers, characters. Also deals with data compression and encryption. Layer for source coding.
Spring 2012
Responsible for dialogue control. Also performs token management and synchronization.
EE5723/EE4723
EE5723/EE4723
Spring 2012
Basic function is to take data from Session Layer, y split p it up p into smaller units, and ensure that the units arrive correctly. Concerned with efficient provision of service. The Transport Layer also determines the type type of service service to provide to the Session Layer. Also responsible for congestion control.
EE5723/EE4723 Spring 2012
Controls the subnet. Key issue is routing in the subnet; can be based on:
static
tables, determined at start of session, highly dynamic (varying for each packet).
EE5723/EE4723
Spring 2012
Breaks data into frames. Requires creation of frame boundaries. Frames used to manage errors via acknowledgements and selective frame retransmission.
Spring 2012
EE5723/EE4723
EE5723/EE4723
Layering Principles
N+1 PDU
Layer N+1 protocol Layer N Service Access Point (SAP) Layer N protocol
defines what each layer can do (but not how it does it).
N PDU
N PDU
Protocol = set of rules g governing g data communication between peer entities, i.e. format and meaning of frames/packets.
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
Provides standard definitions of security terminology Provides standard descriptions for security services and mechanisms Defines where in OSI reference model security services may be provided Introduces security management concepts
Spring 2012
In a secure system, the rules governing security behavior should be made explicit in the form of a security policy.
Security
A security threat is a possible means by which a security policy may be breached (e.g. loss of integrity or confidentiality). A security service is a measure which can be put in place to address a threat (e.g. provision of confidentiality). A security mechanism is a means to provide a service (e.g. encryption, digital signature).
EE5723/EE4723 Spring 2012
EE5723/EE4723
Analyze Define
may not be given to, accessed by, nor permitted to be inferred by, nor may any resource be used by, those not appropriately authorized.
Possible basis for more detailed policy. Does not cover availability (e.g. DoS attack) issues (for legitimate user).
Spring 2012
EE5723/EE4723
Policy Types
A threat is:
a person, thing, event or idea which poses some danger to an asset (in terms of confidentiality, integrity, availability or l iti t use). legitimate )
where access to and use of resources are determined on the basis of the identities of users and resources
where resource access is controlled by global rules imposed on all users, e.g. using security labels.
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
Security services in ISO 7498-2 are a special class of safeguards applying to a communication environment. ISO 7498-2 defines 5 main categories of security service:
Authentication
To p provide and support pp security y services Can be divided into two classes:
Specific
(including entity authentication and origin authentication) Access control Data confidentiality Data integrity Non-repudiation
EE5723/EE4723 Spring 2012
security mechanisms, used to provide specific security services, and Pervasive security mechanisms (e.g., trust functionality, intrusion/event detection, security recovery), not specific to particular services.
Often expensive
Spring 2012
EE5723/EE4723
Eight types:
encipherment digital
signature access control mechanisms data integrity mechanisms authentication exchanges traffic padding routing control notarization
EE5723/EE4723 Spring 2012
procedure (private) verification procedure (public). Can provide non-repudiation, non repudiation origin authentication and data integrity services.
EE5723/EE4723
addition of pretend data to conceal real volumes of data traffic. traffic Provides traffic flow confidentiality.
Provide data integrity and origin authentication services. Also b i of basis f some authentication th ti ti exchange h mechanisms. h i
sensitive data using insecure channels. be chosen to use only physically secure network components. origin and/or destination of data can be guaranteed by using a 3rd party trusted notary.
N t i ti mechanisms Notarization h i
Integrity,
EE5723/EE4723
EE5723/EE4723
Service/mechanism table
ISO 7498-2 indicates which mechanisms can be used to provide which services Illustrative NOT definitive.
Mechanism Service S i Entity authentication Origin authentication Access control Connection confidentiality Connectionless confidentiality Selective field confidentiality Traffic flow confidentiality Connection integrity with recovery Connection integrity without recovery Selective field connection integrity Connectionless integrity Selective field connectionless integrity Non -repudiation of origin Non -repudiation of delivery Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Enciph erment t Y Y Digital sign. i Y Y Y Access C t l Control Data i t integrity it
Y Y Y Y
Y Y
EE5723/EE4723
Spring 2012
EE5723/EE4723
Spring 2012
Pervasive Mechanisms
Trusted functionality
Any
functionality, security labels, event detection, security audit trail, security recovery.
functionality providing or accessing security mechanisms should be trustworthy. May involve combination of software and hardware.
Security labels
Any
resource (e.g. stored data, processing power, communications bandwidth) may have security label associated with it to indicate security sensitivity. Similarly labels may be associated with users. Labels may need to be securely bound to transferred data.
EE5723/EE4723 Spring 2012
EE5723/EE4723
Spring 2012
Event detection
Includes detection of
Can be used to trigger event reporting (alarms), event logging, automated recovery.
Log of past security-related events. Permits detection and investigation of past security breaches
Security recovery
Includes mechanisms to handle requests to recover from security failures (security tolerant). May include immediate abort of operations, temporary invalidation of an entity, addition of entity to a blacklist.
EE5723/EE4723 Spring 2012
Intermediate Host
Receiver Message Transport Header Network Header Data Link Header Data Link Trailer
If all hosts on a network are reasonably trustworthy, but the communications medium is shared w/ other users or is not secure, link encryption is an easy control to use
Spring 2012
EE5723/EE4723
I t Intermediate di t Host H t
R i Receiver
Message Transport Header Network Header Data Link Header Data Link Trailer
10
Link-to-link encryption Message is plaintext inside of hosts (trustworthy?): node authentication needed Faster F t (mostly ( tl hardware); h d ) Easier/invisible E i /i i ibl f for user one key per node/interface pair End-to-end encryption Flexible (hardware or software) Application & user aware No trust in intermediate nodes required: need end user authentication One key per host pair Unavoidable multilayer security provisioning
EE5723/EE4723 Spring 2012
11