350 likes | 504 Views
Lecture II : Security Analysis and Planning. Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University Fall 2005. Theme. Objectives Highlight objectives of security system design & implementation
E N D
Lecture II : Security Analysis and Planning Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University Fall 2005
Internet Security - System Analysis & Planning Theme • Objectives • Highlight objectives of security system design & implementation • Introduce procedure of security system planning & operation • Motto • Security/Safety is a relative measure • NO system is absolutely secure ! • Users’ sense of security is usually a fuzzy warm feeling • Security specialists must specify & quantify security measures • Security systems only offer measured protection (safeguards) over selected resources (assets) against identified dangers (threats) • Security protection is a perpetual practice consisting of planning, deployment, monitoring & improvement
Internet Security - System Analysis & Planning Security System, Planning & Operation • Vulnerability Analysis • Service Selection • Mechanism Implementation
Internet Security - System Analysis & Planning Security System, Concepts • Assets – system resources to be valued & protected • Vulnerability – system weakness exposes assets to threats • Threats – persons/things/events pose dangers to assets • Attacks – actual realizations of security threats • Risks – cost measures of realized vulnerability (considering probability of successful attacks • Countermeasures/Safeguards – structures/policies/mechanisms protect assets from threats
Internet Security - System Analysis & Planning Threats, Categorization • Fundamental Threats • Confidentiality Violation – leakage of information • Integrity Violation – compromise of information consistency • Denial of Services – service unavailability to legitimate users • Illegitimate Use – service availability to illegitimate users • Enabling Threats • Penetration Threats • Masquerade – identity falsification • Control/Protection Bypass – system flaw exploitation • Authorization Violation – insider violation of usage authorization • Planting Threats • Trojan Horse • Trapdoor/Backdoor
Internet Security - System Analysis & Planning Threats, Categorization [Cont’d] • Underlying Threats • Eavesdropping • Traffic Analysis • Personnel Indiscretion/Misconducts • Media Scavenging • … • They are application & environment specific
Internet Security - System Analysis & Planning Countermeasures/Safeguards • Physical Security • Physical Security • Operational Security • Personnel Security • Administrative Security • Information Lifecycle Control • Technical Security • Communication Security • Computation Security • Media Security • Emanation Security
BBN Technologies An Operating Unit of Example: Use of IPsec & IKE in Universal Mobile Telecommunication System Dr. John K. Zao Sr. Scientist, Information Security Verizon Communications / BBN Technologies IPSEC 2000 Paris La Defense - France 10/26/2000
Internet Security - System Analysis & Planning Outline • Overview: UMTS 3G Wireless Data Networks • Architecture • Domains • Strata • Analysis: UMTS Vulnerability & Threats • Countermeasures: UMTS Security Architecture & Mechanisms • Proposal: Possible Use of IPsec & IKE in UMTS Security <ignored >
Internet Security - System Analysis & Planning GPRS / UMTS System Architecture
Internet Security - System Analysis & Planning UMTS Domain Hierarchy Domain – a high-level group of UMTS entities; reference points (interfaces) are defined between domains
Internet Security - System Analysis & Planning UMTS MT-HN Strata Stratum – a group of UMTS protocols that are relevant to one aspect of the services provided by one or more domains
Internet Security - System Analysis & Planning UMTS MT-RN Strata Stratum – a group of UMTS protocols that are relevant to one aspect of the services provided by one or more domains
Internet Security - System Analysis & Planning Outline • Overview: 3G Wireless Data Networks • Analysis: UMTS Security • Security Threats • Security Architecture • Security Features/Services • Network Access Security • Network Domain Security • User Domain Security • Application Domain Security • Security Mechanisms • Mobile User Identity Allocation • Entity Authentication & Key Agreement • User Traffic Confidentiality • Network Domain Security • Proposal: Possible Use of IPsec & IKE in UMTS Security
Internet Security - System Analysis & Planning 3G Security: Threats Source: 3G Security; Security Threats & Requirements [3G TS 21.133]
Relevant Threads Significant Threads Major Threads Internet Security - System Analysis & Planning 3G Security : Threats, Radio Interface • Radio Eavesdropping & Traffic Analysis • User & Net Element Masquerading
Relevant Threads Significant Threads Major Threads Internet Security - System Analysis & Planning 3G Security : Threats, ME-USIM Interface • ME/USIM Masquerading • ME/USIM Data Alteration & Access • ME/USIM Download Alteration & Eavesdropping
Relevant Threads Significant Threads Major Threads Internet Security - System Analysis & Planning 3G Security : Threats, General System • Privilege Misuse • Network Element Masquerading • Wired Link Eavesdropping
Application Domain Security Network Access Security Network Domain Security User Domain Security Internet Security - System Analysis & Planning UMTS Security Architecture • User Domain Security – protection against attacks on ME - USIM/USIM interfaces • Network Access Security – protection against attacks on radio (access) links • Network Domain Security – protection against attacks on wired network infrastructure • ApplicationDomain Security – protection on user & provider application exchanges • Security Management – monitoring & managing user - provider security features
User Identity Confidentiality Services Identity Confidentiality Location Confidentiality Intractability Mechanisms Temporary Visiting Identity Encrypted Permanent Identity Encrypted Signal / Control Data Entity Authentication Services Authentication Mechanism Agreement User Authentication Network Element Authentication Mechanisms HE-SN Authentication & Key Agreement Local Authentication Internet Security - System Analysis & Planning Network Access Security, Safeguards Data Confidentiality Services • Cipher Algorithm Agreement • Cipher Key Agreement • User Data Confidentiality • Signal / Control Data Confidentiality Data Integrity Services • Integrity Algorithm Agreement • Integrity Key Agreement • Signal / Control Data Integrity • Signal / Control Data Origin Authentication
Entity Authentication Services Mechanism Agreement Network Element Authentication Mechanism Explicit Symmetric Key Authentication Internet Security - System Analysis & Planning Network Domain Security, Safeguards Data Confidentiality Services • Cipher Algorithm Agreement • Cipher Key Agreement • Signal / Control Data Confidentiality Data Integrity Services • Integrity Algorithm Agreement • Integrity Key Agreement • Signal / Control Data Integrity • Signal / Control Data Origin Authentication
User - USIM Authentication Services PIN-based Authentication USIM - ME Authentication Services Shared Secret Authentication Internet Security - System Analysis & Planning User Domain Security, Safeguards
Secure USIM Download & Messaging Services Application Identity Authentication Application Data Confidentiality Application Data Origin Authentication Application Data Integrity Application Exchange Sequence Integrity Application Exchange Replay Protection Application Data Non-repudiation IP Security [TBD] Internet Security - System Analysis & Planning Application Domain Security, Safeguards User Traffic Confidentiality Service • End-to-End Data Confidentiality User Profile Confidentiality [TBD]
Internet Security - System Analysis & Planning * Mobile User Identity (MUI) Exchanges Temporary MUI (TMUI) Allocation • Similar to Mobile IP Registration • Source: UMTSSecurity Architecture [3G TS 33.102] Permanent MUI (IMUI) Identification
Internet Security - System Analysis & Planning Entity Authentication & Key Agreement • Parameters • Authentication Vector AV(i) := RAND(i)||XRES(i)||CK(i)||IK(i)||AUTN(i) AUTN,CK,IK,XRES derived from RAND,SQN,AMF • Authentication Data Request Authen_Req := IMUI || HLR_MSG • Authentication Data Request Authen_Res := [IMUI] || AV(1..n) • Comments • Authentication is conducted between HE/AuC & MS/USIM • HE is authentication& key distribution center • SN/VLR is trusted mediator • If HE is off-line then MS-SN authenticate using shared integrity key & protect their traffic using old (CK,IK)
Key Management Cipher Key (Ks) Initialization Vector (IV) Cipher Algorithms Synchronous Stream Cipher Data stream XOR with key stream Synchronization controlled by IV Issues Encryption synchronization mechanism TFO voice protection adaptation Data traffic protection adaptation Encryption termination at net gateways Encryption management Internet Security - System Analysis & Planning User Traffic Confidentiality
Internet Security - System Analysis & Planning Network Domain Security • Similar to Multi-Realm Kerberos • Layer I • Symmetric Session Key Negotiation using PK technology • Layer II • Session Key Distribution within each Operator • Layer III • Secure communication between Elements of different Operators
Internet Security - System Analysis & Planning Bibliography • 3rd Generation Partnership Project, Technical Specification Group (TSG) SA • 3G TS 21.133 - 3G Security; Security Threats & Requirements • 3G TS 21.120 - 3G Security; Security Principles & Objectives • 3G TS 33.105 - 3G Security; Cryptographic Algorithm Requirements • 3G TS 33.102 - UMTS; 3G Security; Security Architecture • 3G TS 23.101 - UMTS; General UMTS Architecture • GSMDocuments • GS 02.60 – GPRS; Service Description; Stage 1 • GS 03.60 – GPRS; Service Description; Stage 2 • GS 02.09 – Security Aspects • GS 03.20 – Security Related Network Functions • Source: http://www.etsi.org/
Assignment I :Security System Analysis & Planning Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University Fall 2005
Internet Security - System Analysis & Planning System: Campus Network
Internet Security - System Analysis & Planning Asset Evaluation • Important Users • Officers • Students • Important Assets • Management Records • Research Records • Teaching Records
Internet Security - System Analysis & Planning Threat Analysis Officer Subnet • For every subnet: • Identify nature of specific threats towards each networking resource & application • Evaluate severity of threats towards individual resource & application
Internet Security - System Analysis & Planning Service Planning • Perimeter Defense • Firewalls • Site-to-Site VPN • Remote Access VPN • IRS Gateway • Host/Server Defense • Configuration Manager • Security Patches • Anti-Virus Scanner • Anti-Spam Program • Spyware Blockers
Internet Security - System Analysis & Planning Assignment Work • Vulnerability Analysis [50%] • Service Planning [50%] • Architecture Recommendation [20%, optional]