Network Security Lecture 1, Part Introduction to Networking Objectives of Lecture CINS/F1-01 • Show how networks can be understood using a layered approach • Introduce the OSI seven layer reference model • Introduce the concepts of internetworking and routing • Understand the difference between network protocols and services Contents 1.1 Extended example: how the Internet protocols fetch a web page 1.2 The concept of protocol layering 1.3 Internetworking and routing 1.4 The OSI seven layer model 1.1 Internet Protocols How does a web browser application retrieve data from a web server? Web Server Network Web Browser Application Layer • Users invoke applications which “speak” using application protocol • Applications interact with a transport protocol to send or receive data • Application protocol in our example: Hypertext Transfer Protocol (HTTP) • Other application protocols: FTP, SMTP, DNS, SMB, … Application Layer Example • HTTP outline: – GET /directory/dirsearch.html HTTP/1.1 – Host: news.bbc.co.uk – Other fields also included (e.g client application identifier, encoding methods,…) HTTP Message GET /directory/dirsearch.html HTTP/1.1 Host: news.bbc.co.uk Transport Layer • Provides end-to-end communication between applications • Transport Protocol: Transport Control Protocol (TCP) – a reliable, connection-oriented transport protocol • Divides stream of application messages into packets • Interacts with Internet Layer to send or receive data • In general, a transport protocol may be – reliable or unreliable, – connection-oriented or connectionless, – and flow may or may not be regulated • Others: UDP, ICMP Transport Layer Example • TCP outline: – – – – Source Port: 1081 Destination Port: 80 Checksum: 0xa858 Other header fields and payload TCP header Src: 1081 Dst: 80 Chksum: 0xa858 TCP payload GET /directory/dirsearch.html HTTP/1.1 Host: news.bbc.co.uk HTTP Message Internet Layer • Responsible for routing communications between one machine and another • Accepts requests to send packets to destination address • Internet Protocol (IP) encapsulates packets in IP datagram with IP header and uses routing algorithm to decide whether to send directly or indirectly Internet Layer Example • IP outline: – – – – – Time to live: 128 Header checksum: 0x57d1 Source: pelican (192.168.0.40) Destination: news.bbc.co.uk (192.168.0.50) Other header fields and payload IP payload IP datagram header Src: 192.168.0.40 Dst: 192.168.0.50 TTL: 128 Src: 1081 Dst: 80 Chksum: 0xa858 TCP header GET /directory/dirsearch.html HTTP/1.1 Host: news.bbc.co.uk HTTP Message 10 Data Integrity • Provides protection against active threats to the validity of data • Five types: – – – – – Connection integrity with recovery, Connection integrity without recovery, Selective field connection integrity, Connectionless integrity, Selective field connectionless integrity • Example: MD5 hashes on software at http://www.apache.org/dist/httpd/binaries/linux/ • Example: AH protocol in IPSec (Lecture 5) 64 Non-repudiation • Protects against a sender of data denying that data was sent (non-repudiation of origin) • Protects against a receiver of data denying that data was received (non-repudiation of delivery) • Example: analagous to signing a letter and sending via recorded delivery • Example: signatures in S/MIME secure e-mail system (Lecture 9) 65 Security Mechanisms • Exist to provide and support security services • Can be divided into two classes: – Specific security mechanisms, used to provide specific security services, and – Pervasive security mechanisms, not specific to particular services 66 Specific Security Mechanisms • Eight types: – – – – – – – – encipherment, digital signature, access control mechanisms, data integrity mechanisms, authentication exchanges, traffic padding, routing control, notarisation 67 Specific Mechanisms • Encipherment mechanisms = encryption algorithms – Can provide data and traffic flow confidentiality – Covered in detail in IC2 • Digital signature mechanisms – signing procedure (private), – verification procedure (public) – Can provide non-repudiation, origin authentication and data integrity services – Also addressed in detail in IC2 • Both can be basis of some authentication exchange mechanisms 68 Specific Mechanisms • Access Control mechanisms – A server using client information to decide whether to grant access to resources • E.g access control lists, capabilities, security labels – A major topic in IC4 • Data integrity mechanisms – Protection against modification of data • Provide data integrity and origin authentication services Also basis of some authentication exchange mechanisms – Discussed further in IC2 • Authentication exchange mechanisms – Provide entity authentication service – Covered in detail in IC3 Lecture 69 Specific Mechanisms • Traffic padding mechanisms – The addition of ‘pretend’ data to conceal real volumes of data traffic – Provides traffic flow confidentiality • Routing control mechanisms – Used to prevent sensitive data using insecure channels – E.g route might be chosen to use only physically secure network components • Notarisation mechanisms – Integrity, origin and/or destination of data can be guaranteed by using a 3rd party trusted notary • Notary typically applies a cryptographic transformation to the data 70 Pervasive Security Mechanisms • Five types identified: – – – – – trusted functionality, security labels, event detection, security audit trail, security recovery 71 Pervasive Mechanisms • Trusted functionality – Any functionality providing or accessing security mechanisms should be trustworthy – May involve combination of software and hardware • Security labels – Any resource (e.g stored data, processing power, communications bandwidth) may have security label associated with it to indicate security sensitivity – Similarly labels may be associated with users Labels may need to be securely bound to transferred data 72 Pervasive Mechanisms • Event detection – Includes detection of • attempted security violations, • legitimate security-related activity – Can be used to trigger event reporting (alarms), event logging, automated recovery • Security audit trail – Log of past security-related events – Permits detection and investigation of past security breaches • Security recovery – Includes mechanisms to handle requests to recover from security failures – May include immediate abort of operations, temporary invalidation of an entity, addition of entity to a blacklist 73 Services Versus Mechanisms • ISO 7498-2 indicates which mechanisms can be used to provide which services • Illustrative NOT definitive • Omissions include: – use of integrity mechanisms to help provide authentication services, – use of encipherment to help provide non-repudiation service (as part of notarisation) 74 Service/Mechanism Table Mechanism Encipherment Y Y Service Entity authentication Origin authentication Access control Connection confidentiality Connectionless confidentiality Selective field confidentiality Traffic flow confidentiality Connection integrity with recovery Connection integrity without recovery Selective field connection integrity Connectionless integrity Selective field connectionless integrity Non-repudiation of origin Non-repudiation of delivery Digital sign Y Y Access Control Data integrity Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y 75 Service/Mechanism Table Mechanism Auth exchange Y Service Entity authentication Origin authentication Access control Connection confidentiality Connectionless confidentiality Selective field confidentiality Traffic flow confidentiality Connection integrity with recovery Connection integrity without recovery Selective field connection integrity Connectionless integrity Selective field connectionless integrity Non-repudiation of origin Non-repudiation of delivery Traffic padding Routing Control Notarisation Y Y Y Y Y Y 76 1.9 Security Services And Layers • ISO 7498-2 lays down which security services can be provided in which of the layers • Layers and may only provide confidentiality services • Layers 3/4 may provide many services • Layer may provide all services • A set of principles dictate which services can/should be provided at which layers • We’ll return to this issue in Lectures and 77 Service/Layer Table Layer Service Entity authentication Origin authentication Access control Connection confidentiality Connectionless confidentiality Selective field confidentiality Traffic flow confidentiality Connection integrity with recovery Connection integrity without recovery Selective field connection integrity Connectionless integrity Selective field connectionless integrity Non-repudiation of origin Non-repudiation of delivery Layer Layer Y Y Y Y Layer Y Y Y Y Y Layer Y Y Y Y Y Layer 5/6 Y Y Y Y Y Y 78 Layer Y Y Y Y Y Y Y Y Y Y Y Y Y Y ... Layer Internet Layer IP Datagram NetworkInterface Ethernet Frame Internet Layer IP Datagram Network Layer Physical Network Ethernet Frame Network Interface Physical Network 24 1.4 The OSI Reference... Layer Transport Layer Packet Internet Layer Internet Layer Datagram Network Interface Layer Frame Network Interface Layer Physical Network 15 Protocol Layering Web Browser Web Server Application... Layer TCP Packet Internet Layer Internet Layer IP Datagram Network Interface Layer Ethernet Frame Network Interface Layer Physical Network 16 Protocol Hierarchies • Protocols are stacked vertically