Introduction and Basics

Network Security SS19 Page 1

Contents - Introduction and Basics
• Basic Terms
• Security Objectives
• Threats and Attacks
• Security Services and Mechanisms
• Security Standardization - ITU-T X.805, X.800, X.509

Network Security SS19 Page 2

Basic Terms

• Security Objectives
• Security objectives differ from technology and the usage purpose of a
certain resource or service. They aim for a smooth and proper usage or
operation (Availability) of the ICT system
• Security Threats
• Threats describe any possible circumstances, actions or events, which
actively or passively lead to a breach of one or more security objectives
• Security Attacks
• Attacks describe the occurrence of such events or the respective malicious
exploit
• Security Mechanism
• A mechanism that is designed to detect, prevent or recover from a security
attack
• Security Service
• A service that enhances the security of ICT systems. A security service
makes use of one or more security mechanisms

Network Security SS19 Page 3

Basic Terms

• Computer Security
• generic name for the collection of tools to protect data

• Network Security
• protect data during their transmission

Note: there are no clear boundaries between these two forms of security

Network Security SS19 Page 4

Security Objectives

• Confidentiality
• Ensuring that information is accessible only to those authorized to have access (ISO-17799)
• Cryptography is usually the technology to fulfil this objective
• Integrity
• Message (or generally Data) Integrity ensures the unmodified transmission or storage of a message
• Modification Detection Code (MDC) hash functions are usually the technology to fulfil this objective
• Access Control  see AAA (Triple A)
• Accountability / Non-repudiation
• Tracking of security relevant actions in order to identify the responsible entity
• Log files, recording network probes, versioning databases and Message Authentication Codes
(MAC) are usually the technology to fulfil this objective
• Privacy
• As opposed to confidentiality, where information within a communication should not be accessible,
privacy is concerned about related information / statistics, that one might be able to deduce from
possibly confidential communication events
• Communication end point addresses, time and duration logging, geo information (access network
used etc.), inter-packet delay (for type speed analysis) etc. can be used to profile users and make
“informed” guesses about locations, service usages and possibly typed words

Network Security SS19 Page 5

Security Objectives

Triple A – AAA:
• Authentication
• making sure, that the entity's identity is actually the one it claims to be using
credentials (a password, certificate, location, way of access, biometrical
characteristics or even relayed authentication) as digital proof
• Authorization
• making sure (by means of some determining function – such as profile
lookup, filtering, usage statistics, time restrictions), that the entity is entitled
to use a certain service (access/modify data etc.)
• Accounting
• usage tracking of services (network and application resources) over time or
volume for billing and management purposes (usage statistics, forecasts
and service ressource planning)

Network Security SS19 Page 6

Threats - Examples

• Eavesdropping
• unauthorized copying / snatching of information during transit or elsewhere
• usually performed by wire tapping, route manipulation, glimpsing on screens or paper prints etc.
• Access Violation
• unauthorized usage of services/resources
• usually performed by stolen/faked access credentials or the malicious exploit of overload situations
• Identity Theft (Identity Masquerading)
• misguidance of authorities or communication partners by hiding the original identity with a stolen one
• typically performed by means of faked sender email addresses, sender IP and MAC addresses,
digital signatures and stolen encryption keys
• Message Manipulation  Integrity violation
• delay, deletion, modification, replay or insertion of communication messages
• often used to perform access violations or identity thefts
• Denial of Service (DoS)
• sabotage of service or resource availability through excessive - supposedly proper - usage
• usually performed by synchronously submitted service requests overloading the installed resource
base
• Destributed Denial of Service (DDoS)
• sabotage of service or resource availability through excessive - supposedly proper - usage through a
widespread (distributed) load of requests to obfuscate detection and combat activities
Network Security SS19 Page 7
Threats - Classification

Network Security SS19 Page 8

Threats vs. Security Objectives

Network Security SS19 Page 9

Attacks
Point of attacks in the course of an end-to-end data flow:

8
7
8
6 5
4 3 2
8 1
8

1 End systems (client & server) 4 Interconnection links 7 Homing selection

(leased lines, radio links)
2 Access links (in-house cabling, 8 Transit chain of
wireless access) 5 L3 devices (manipulated trusted ISPs)
metrics etc.)
3 L2 devices (copy ports etc.)
6 Entry/Exit devices
Network Security SS19 Page 10
Attacks
Attacks on different protocol layers:
End system A End system B

7 Anwendung Application 7
Application protocol
Application
6 Darstellung Presentation 6 oriented

5 Komm.Steuerung Session 5 Network

independent
Transport protocol
4 Transport Transport 4
Transit system Transport
oriented
3 Vermittlung 3 Network 3

Network
2 Sicherung 2 2 Data link 2 dependent
1 1
1 Bitübertragung Physical 1

Physical
Übertragungsmedium 1 Transmission media 1
transmission
media
Network Security SS19 Page 11
Attacks - L1 (PHY Layer) Attacks

Threats and Attacks on the Physical Layer: Wiretapping and Tuning-in

Echelon - Bad Aibling + Menwith Hill + …

http://www.youtube.com/watch?v=42g_E8bEZCw
http://www.youtube.com/watch?v=JapLyoA5SVk
http://en.wikipedia.org/wiki/Echelon_%28signals_intelligence%29

Network Security SS19 Page 12

Attacks - L2/L3/L4 Attacks

Threats and Attacks on the Data Link / Networking / Transport Layer

• PDU manipulation
• typically performed in “men in the middle” scenarios

Classification of L2/L3/L4 Attacks:

• Passive attacks
• Eavesdropping of PDUs (frames / packets / segments)
• Active attacks
• Delay of PDUs to cause service degradation or to conceal detour routes,
• Deletion of PDUs to cause severe service degradation or to trigger retransmissions,
• Modification of PDUs to manipulate same or upper layer information exchange (
typical example: raise your own salary),
• Replay of PDUs to masquerade or to trigger retransmissions and
• Insertion of PDUs in order to disrupt communication or to manipulate state on either
end

Network Security SS19 Page 13

Attack - L2/L3/L4 Attack Examples

• Release of message content:

Network Security SS19 Page 14

Attack - L2/L3/L4 Attack Examples

• Traffic analysis:

Network Security SS19 Page 15

Attack - L2/L3/L4 Attack Examples

• Masquerade:

Network Security SS19 Page 16

Attack - L2/L3/L4 Attack Examples

• Replay:

Network Security SS19 Page 17

Attack - L2/L3/L4 Attack Examples

• Message modification:

Network Security SS19 Page 18

Attack - L2/L3/L4 Attack Examples

• Denial of Service:

Network Security SS19 Page 19

Attacks - L5-L7 Attacks

Threats and Attacks on the Session / Presentation / Application Layer

• in general: application security issues
• application specific complexity, threat structures and respective countermeasures
• careful planning and implementation as well as stringent programming and
documentation policies mitigate the harm potential

Network Security SS19 Page 20

Security Services

• Authentication
• Ensuring, that an entity has the identity it claims to have
• Integrity
• Ensuring, that data created by specific entities may not be modified without
detection
• Confidentiality
• Ensuring the secrecy of protected data
• Access Control
• Controls that each identity accesses only those services / information it is
entitled to
• Non Repudiation
• Protects against that entities participating in a communication exchange
can later falsely deny that the exchange occurred

Network Security SS19 Page 21

Security Mechanisms

• General mechanisms:
• Key management
• All aspects of the lifecycle of cryptographic keys
• Random number generation
• Generation of cryptographically secure random numbers
• Event detection / security audit trail
• Detection and recording of events that might be used in order to detect attacks or
conditions that might be exploited by attacks
• Intrusion detection
• Analysis of recorded security data in order to detect successful intrusions or
attacks
• Communication specific mechanisms:
• Traffic Padding
• Creation of bogus traffic in order to prevent traffic flow analysis
• Routing Control
• Influencing the routing of packets in a network

Network Security SS19 Page 22

Security Standardization - Overview

• ITU-T X.805 (2003)

• "Security architecture for systems providing end-to-end communications"
• http://www.itu.int/rec/T-REC-X/recommendation.asp?lang=en&parent=T-REC-X.805

• CCITT X.800 (1991)

• "Security architecture for Open Systems Interconnection for CCITT
applications“
• http://www.itu.int/rec/T-REC-X/recommendation.asp?lang=en&parent=T-REC-X.800

• CCITT X.800 amendment 1 (1996)

• “Layer Two Security Service and Mechanisms for LANs ”

• ITU-T X.509 (2005)

• “Information technology - Open Systems Interconnection - The Directory:
Public-key and attribute certificate frameworks”
• http://www.itu.int/rec/T-REC-X/recommendation.asp?lang=en&parent=T-REC-X.509

Network Security SS19 Page 23

Security Standardization - ITU-T X.805

ITU-T X.805 definition:

• The security architecture provides a comprehensive, top down, end-to-
end perspective of network security and can be applied to network
elements, services, and applications in order to detect, predict, and
correct security vulnerabilities

• What kind of protection is needed and against which threats?

 8 Security Dimensions
• What are the distinct types of network equipment and facility groupings
that need to be protected?
 3 Security Layers
• What are the distinct types of network activities that need to be protected?
 3 Security Planes

Network Security SS19 Page 24

Security Standardization - ITU-T X.805

Security Layers
Applications Security

Communication Security
THREATS

Access Management

Data Confidentiality

Integrity
Non-repudiation
Destruction

Authentication
Authentication

Availability
Control
Corruption

Integrity

Privacy
VULNERABILITIES
Services Security
Removal

Data
Vulnerabilities Disclosure
Can Exist
In Each Interruption
Layer, Infrastructure Security
Plane ATTACKS

End User Security

Security Planes Control/Signaling Security 8 Security Dimensions

Management Security

Network Security SS19 Page 25

Security Standardization - ITU-T X.805

ITU-T X.805 applicability:

• The security architecture can guide the development of
comprehensive security policy definitions, incident response and
recovery plans, and technology architectures by taking into account
each security dimension at each security layer and plane during the
definition and planning phase. The security architecture can also be
used as the basis of a security assessment that would examine how
the implementation of the security program addresses the security
dimensions, layers and planes as policies and procedures are rolled out
and technology is deployed. Once a security program has been
deployed, it must be maintained in order to keep current in the ever-
changing security environment. The security architecture can assist in
the management of security policies and procedures, incident
response and recovery plans, and technology architectures by
ensuring that modifications to the security program address each security
dimension at each security layer and plane.

Network Security SS19 Page 26