lecture 2.pdf

Full Transcript

University of Science and Technology
Faculty of Computer Science and Information Technology
Department of Information and Communication Technology
Lecture (2)
Instructor: Prof. Noureldien A. Noureldien

1. The OSI Security Architecture
To assess effectively the security needs of an organization and to evaluate
andchoose various security products and policies, the manager responsible for
computerand network security needs some systematic way of defining the
requirementsfor security and characterizing the approaches to satisfying those
requirements.
The OSI security architecture is useful to managers as a wayof organizing the
task of providing security. Furthermore, because this architecturewas developed
as an international standard, computer and communications vendorshave
developed security features for their products and services that relate to
thisstructured definition of services and mechanisms.
The OSI security architecturefocuses on security attacks, mechanisms, and
services. These can be defined briefly as
■■ Security attack: Any action that compromises the security of
informationowned by an organization.
■■ Security mechanism: A process (or a device incorporating such a process)
thatis designed to detect, prevent, or recover from a security attack.
■■ Security service: A processing or communication service that enhances
thesecurity of the data processing systems and the information transfers of
anorganization.The services are intended to counter security attacks, and
theymake use of one or more security mechanisms to provide the service.
In the literature, the terms threat and attack are commonly used to mean moreor
less the same thing. Table 1.1 provides definitions taken from RFC 4949,
InternetSecurity Glossary.

1

1.1 Security Attacks
A useful means of classifying security attacks isin terms of passive attacks and
active attacks. A passive attack attempts to learn ormake use of information from
the system but does not affect system resources. Anactive attack attempts to alter
system resources or affect their operation.
1.1.1. Passive Attacks
Passive attacks (Figure 1.2a) are in the nature of eavesdropping on, or
monitoringof, transmissions. The goal of the opponent is to obtain information
that is beingtransmitted.
Two types of passive attacks are: the release of message contents andtraffic
analysis.
The first type of passive attack is therelease of message content thatis easily
understood. A telephone conversation,an electronic mail message, and a
transferred file may contain sensitive orconfidential information. We would like to
prevent an opponent from learning thecontents of these transmissions.
The second type of passive attack, traffic analysis. Suppose that wehad a way of
masking the contents of messages or other information traffic so thatopponents,
even if they captured the message, could not extract the informationfrom the
message. The common technique for masking contents is encryption. If wehad
encryption protection in place, an opponent still might be able to observe
thepattern of these messages. The opponent could determine the location and
identityof communicating hosts and could observe the frequency and length of
messagesbeing exchanged. This information might be useful in guessing the nature
of thecommunication that was taking place.
2

Passive attacks are very difficult to detect because they do not involve
anyalteration of the data. Typically, the message traffic is sent and received in
anapparently normal fashion and neither the sender nor the receiver is aware that a
third party has read the messages or observed the traffic pattern.

3

1.1.2 Active Attacks
Active attacks (Figure 1.2b) involve some modification of the data stream or
thecreation of a false stream and can be subdivided into four categories:
masquerade,replay, modification of messages, and denial of service.
1- A masquerade takes place when one entity pretends to be a different
entity(path 2 of Figure 1.2b is active). A masquerade attack usually includes
one of theother forms of active attack. For example, authentication
sequences can be capturedand replayed after a valid authentication sequence
has taken place, thus enabling anauthorized entity with few privileges to
obtain extra privileges by impersonating anentity that has those privileges.
2- Replay involves the passive capture of a data unit and its subsequent
retransmissionto produce an unauthorized effect (paths 1, 2, and 3 active).
3- Modification of messages simply means that some portion of a legitimate
messageis altered, or that messages are delayed or reordered, to produce an
unauthorizedeffect (paths 1 and 2 active). For example, a message meaning
“Allow JohnSmith to read confidential file accounts” is modified to mean
“Allow Fred Brownto read confidential file accounts.”
4- The denial of service prevents or inhibits the normal use or management
ofcommunications facilities (path 3 active). This attack may have a specific
target; forexample, an entity may suppress all messages directed to a
particular destination.
Active attacks present the opposite characteristics of passive attacks.
Whereaspassive attacks are difficult to detect, measures are available to prevent
their success.
On the other hand, it is quite difficult to prevent active attacks absolutely
becauseof the wide variety of potential physical, software, and network
vulnerabilities.

1.2 Security Mechanisms
Table 1.3 lists the security mechanisms. The mechanisms are dividedinto those that
are implemented in a specific protocol layer, such as TCPor an application-layer
4

protocol, and those that are not specific to any particular protocol layer or security
service.
Table 2.1: Security Mechanisms

5

1.3 Security Services
6

A security service is defined as a service that is provided by a protocol layer of
communicating open systems and that ensures adequate security of the systems
orof data transfers.
Perhaps a clearer definition is found in RFC 4949, which providesthe
followingdefinition: A processing or communication service that is provided
bya system to give a specific kind of protection to system resources; security
servicesimplement security policies and are implemented by security mechanisms.
1. Authentication
The authentication service is concerned with assuring that a communication
isauthentic.In the case of a single message, thefunction of the authentication
service is to assure the recipient that the messageis from the source that it claims to
be from.
In the case of an ongoing interaction,such as the connection of a terminal to a host,
two aspects are involved. First, at thetime of connection initiation, the service
assures that the two entities are authentic(i.e., that each is the entity that it claims to
be). Second, the service must assure thatthe connection is not interfered with in
such a way that a third party can masqueradeas one of the two legitimate parties for
the purposes of unauthorized transmissionor reception.
2. Access Control
In the context of network security, access control is the ability to limit and
controlaccess to host systems and applications via communications links. To
achievethis,each entity trying to gain access must first be identified or
authenticated, sothat access rights can be tailored to the individual.
3. Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With
respectto the content of data transmission, several levels of protection can be
identified.
The broadest service protects all user data transmitted between two usersover a
period of time. For example, when a TCP connection is set up between
twosystems, this broad protection prevents the release of any user data transmitted
overthe TCP connection.

7

The other aspect of confidentiality is the protection of traffic flow
fromanalysis.This requires that an attacker not be able to observe the source and
destination,frequency, length, or other characteristics of the traffic on a
communicationsfacility.
4. Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a
singlemessage,or selected fields within a message. Again, the most useful and
straightforwardapproach is total stream protection.
A connection-oriented integrity service deals with a stream of messagesand assures
that messages are received as sent with no duplication, insertion,modification,
reordering, or replays. The destruction of data is also coveredunder this service.
Thus, the connection-oriented integrity service addressesboth message stream
modification and denial of service. On the other hand, aconnectionless integrity
service deals with individual messages without regard toany larger context and
generally provides protection against message modificationonly.
5. Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted
message.Thus, when a message is sent, the receiver can prove that the alleged
sender infact sent the message. Similarly, when a message is received, the sender
can provethat the alleged receiver in fact received the message.
6. Availability Service
RFC 4949 define availability to be the property of a system or asystem resource
being accessible and usable upon demand by an authorized systementity, according
to performance specifications for the system (i.e., a systemis available if it provides
services according to the system design whenever users request them).
A variety of attacks can result in the loss of or reduction in availability (attacks
against availability).Some of these attacks can be prevented using automated
countermeasures, suchas authentication and encryption, whereas others require
some sort of physicalactivity to prevent or recover from the loss of availability of
elements of a distributedsystem.
8

Table 2.2, indicates the relationship between securityservices and security
mechanisms.
Table 2.2. Relationship between security services and security mechanisms.

9