Network Security Current Status and Future Directions

(1)

Network Security

Current Status and Future Directions

Edited by

Christos Douligeris

Dimitrios N. Serpanos

Wiley-Interscience

(2)

(3)

(4)

IEEE Press

445 Hoes Lane Piscataway, NJ 08854

IEEE Press Editorial Board

Mohamed E. El-Hawary, Editor in Chief

R. Abari T. G. Croda R. J. Herrick

S. Basu S. Farshchi M. S. Newman

A. Chatterjee S. V. Kartalopoulos N. Schulz

T. Chen B. M. Hammerli

Kenneth Moore, Director of IEEE Book and Information Services (BIS)

Steve Welch, Acquisitions Editor

Jeanne Audino, Project Editor Technical Reviewers

Stuart Jacobs, Verizon

(5)

Network Security

Current Status and Future Directions

Edited by

Christos Douligeris

Dimitrios N. Serpanos

Wiley-Interscience

(6)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifi cally disclaim any implied warranties of merchantability or fi tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profi t or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Wiley Bicentennial Logo: Richard J. Paciﬁ co.

Library of Congress Cataloging-in-Publication Data is available. ISBN 978-0-471-70355-6

Printed in the United States of America 10 9 8 7 6 5 4 3 2 1

(7)

To

Vicky, Pennie, Kostis, Mariada, and our parents Christos Douligeris

To

Georgia, Loukia, and my parents Dimitrios N. Serpanos

(8)

(9)

Preface

xiii

Network security is a critical parameter in the increasingly connected (networked) world.

Advances in communication systems and protocols, wired and wireless, achieving high speeds, high availability and low cost have enabled the development of high band-width backbones and have delivered high throughput to end users of private and public networks. Homes today are able to send and receive high bandwidth, real-time data, enabling high quality communication and a wide range of services. The progress in devel-opment, deployment and management of large, reliable networks has resulted not only in the evolution of new services, but to an infrastructure that leads to the provision of a wide range of consumer services that are signiﬁ cantly more cost-effective than traditional ones. It is no surprise that the evolution of all these networks, and especially the Internet—a public network—is changing the economy worldwide.

The continuous deployment of network services over this wide range of public and private networks has led to transactions and services that include personal, and sometimes quite sensitive, data. One only needs to consider simple, everyday services from pay-per-view and cable telephony to bill payments by phone, credit card charging and Internet banking. Such services require signiﬁ cant effort not only to protect the sensitive data involved in the transactions and services, but to ensure integrity and availability of network services as well.

A typical approach to provide these services and increase security and dependability has been to deploy services over private networks, which are easier to protect than public ones. However, the advent of the Internet has changed electronic business models, provid-ing high ﬂ exibility, ease of use, and enablprovid-ing service deployment with substantially lower cost. Thus, the role of network security is signiﬁ cantly more important in emerging network environments, where even private networks connect to the Internet, in order to exploit its multiple advantages.

As the view of traditional distributed systems has changed to a network-centric view in all types of application networks—fi nancial, citizen support, military, etc.—and as the requirement for employing heterogeneous networks and systems becomes increasingly important, the complexity of these systems has led to signifi cant security fl aws and prob-lems. The traditional approach to network service development, using several layers and protocols, together with the lack of systematic methods to design and implement secure end systems leads to vulnerabilities and diffi culties in implementing and managing secu-rity. Attackers continuously fi nd vulnerabilities at various levels, from the network itself to operating systems, and exploit them to crack systems and services.

The result of these phenomena is a signiﬁ cant effort by the research community to address the design and implementation of secure computing systems and networks in order to enable the deployment of secure services. Due to the conventional approaches for service development over such complex, and most often heterogeneous networks and systems, the efforts of the networking community have been several and at various fronts. Thus, currently, there exist several approaches to provide security at various levels and degrees: secure protocols, secure protocol mechanisms, secure services (e.g., phone), ﬁ rewalls, intrusion detection systems (IDS), etc.

(16)

xiv Preface

This book considers and addresses several aspects of network security, in an effort to provide a publication that summarizes the main current status and the promising and interesting future directions and challenges. The presented approaches are state-of-the-art, described by leaders in the ﬁ eld. They include trends at several fronts, from Internet pro-tocols to ﬁ rewalls and from mobile systems to IDS systems.

The chapters of the book are divided into four main sections which consider the main research challenges of today and the important approaches providing promising results for the future: (a) Internet security, (b) secure services, (c) security in mobile systems and (d) trust, anonymity and privacy. In each part several chapters address the main research results and trends. Importantly, we have included 3 appendices of critical background knowledge for the reader who is new to this important research area; the appendices cover (a) a primer in cryptography, (b) legal aspects and (c) standards in network security. Considering the debate about the increasing importance of security in everyday life and the catastrophic results its illegal and unethical use may bring, we believe that the appen-dices provide a good basis for readers who are interested in the role, restrictions, and limi-tations of network security in the emerging globally networked world.

In our effort to put this book together, we had the support of several authors, who have written the chapters, providing knowledge and insight through their efforts. The 25 chapters constitute a signiﬁ cant effort on their behalf and we thank them for their efforts. The results of these efforts are a collection of high-quality chapters, which enable the reader to understand the main problems, results, and trends in most aspects of modern network security.

Also, we thank the reviewers of the book, who have provided insightful comments and helped improve the presentation and the quality of the book. Finally, we thank IEEE for its support to this effort and its high-quality work in the production of the ﬁ nal result. As the overall effort has taken longer than expected, we also appreciate the patience of the authors until the production of the ﬁ nal book. We certainly hope that the publication will prove to be a useful tool to all readers interested in network security.

Christos Douligeris Dimitrios N. Serpanos

Piraeus, Greece Patras, Greece March 2007

(17)

Contributors

xv Ioannis Avramopoulos

Department of Computer Science, Princeton University,

Princeton, New Jersey

Olivier Benoit

Security Labs,

Gemalto, La Ciotat, France

Constantinos Boukouvalas

Research and Development, OTE SA, Athens, Greece

Mike Burmester

Department of Computer Science,

Florida State University, Tallahassee, Florida

Luis Sousa Cardoso

Portugal Telecom, Lisboa, Portugal

Anirban Chakrabarti

Department of Electrical and Computer Engineering,

Iowa State University, Ames, Iowa

Lidong Chen

Computer Security Division,

National Institute of Standards and Technology (NIST),

Gaithersburg, Maryland

Vassilios Chrissikopoulos

Department of Archiving and Library Studies, Ionian University, Corfu, Greece

Joris Claessens

European Microsoft Innovation Center, Aachen, Germany Nora Dabbous Ingenico, Paris, France Christos Douligeris Department of Informatics, University of Piraeus, Piraeus, Greece Laurent Gauteron Security Labs,

Christian Gehrmann

Ericsson Mobile Platforms AB, Lund, Sweden

Pierre Girard

Security Labs,

ManimaranGovindarasu

Iowa State University, Ames, Iowa

Yaser Haggag

Department of Computer Science, Dalhousie University,

Halifax, Canada

Helena Handschuh

Spansion,

(18)

xvi Contributors Angelos D. Keromytis

Department of Computer Science, Columbia University,

New York, New York

Hisashi Kobayashi

Department of Electrical Engineering, School of Engineering and Applied Science, Princeton University,

Princeton, New Jersey

Nikos Komninos

Athens Information Technology, Peania, Attiki, Greece

Panayiotis Kotzanikolaou

Department of Informatics, University of Piraeus, Piraeus, Greece

Arvind Krishnamurthy

Department of Computer Science and Engineering,

University of Washington, Seattle, Washington

Christian Labonte

Halifax, Canada

Yugyung Lee

School of Computing Engineering, University of Missouri—Kansas City, Kansas City, Missouri

Daniel L. Lough

Global Security Consultants, Warrenton, Virginia Rosa Mavropodi Department of Informatics, University of Piraeus, Piraeus, Greece John C. McEachen

Naval Postgraduate School, Monterey, California

Manish Mehta

School of Computing Engineering, University of Missouri—Kansas City, Kansas City, Missouri

Lazaros Merakos

Department of Informatics and Telecommunications, University of Athens, Athens, Greece

Andreas Mitrakas

European Network and Information Security Agency (ENISA), Heraklion, Greece Aikaterini Mitrokotsa Department of Informatics, University of Piraeus, Piraeus, Greece Magda M. Mourad

IBM Thomas J. Watson Research Center, Yorktown Heights, New York

David Naccache

Université Paris II, Panthéon-Assas, Paris, France George P. Ninios Department of Informatics, University of Piraeus, Piraeus, Greece Anthony G. Petropoulos Department of Informatics, University of Piraeus, Piraeus, Greece Despina Polemi Department of Informatics, University of Piraeus, Piraeus, Greece

(19)

Contributors xvii Vassilis Prevelakis

Department of Computer Science, Drexel University,

Philadelphia, Pennsylvania

David J. Robinson

Global Security Consultants, Odenton, Maryland

Snirivas Sampalli

Halifax, Canada

Ian G. Schneller

Global Security Consultants, Odenton, Maryland

Dimitrios N. Serpanos

University of Patras, Patras, Greece

Kapil Kumar Singh

Department of Computer Science, University of British Columbia, Vancouver, Canada

Sachin Singh

Heartlab,

Westerly, Rhode Island

Panagiotis Sklavos Technical Department, Expertnet SA, Chalandri, Greece Stéphane Socié Security Labs,

Kyriakos Stefanidis

Ahmed N. Tantawy

IBM Thomas J. Watson Research Center, Yorktown Heights, New York

Artemios G. Voyiatzis

Son Vuong

Department of Computer Science, University of British Columbia, Vancouver, Canada Randy Wang Microsoft Research, Bangalore, India Claire Whelan School of Computing, Dublin City University, Dublin, Ireland

Christos Xenakis

Department of Informatics and Telecommunications, University of Athens, Athens, Greece

John M. Zachary

Naval Postgraduate School, Monterey, California

Alf Zugenmaier

DoCoMo Euro-Labs, Munich, Germany

(20)

(21)

Chapter

1 Computer Network Security: Basic

Background and Current Issues

Panayiotis Kotzanikolaou and Christos Douligeris

1.1 SOME TERMINOLOGY ON NETWORK SECURITY

The purpose of this chapter is to introduce some basic network security terms and lead the reader through the rest of the book. It provides a baseline level of knowledge in the areas of information technology (IT) security and network security for those readers who are unfamiliar with these concepts. It also provides a set of common terms and deﬁ nitions which will help those readers who already have some basic knowledge in network security to have a common understanding of the chapters that follow. However, advanced readers with a good background in networking and IT security may skip this chapter and proceed to the more speciﬁ c areas covered in this book.

A broad defi nition of network security can be constructed by defi ning its two compo-nents, security and networks. Security may be given a wide variety of defi nitions. Accord-ing to the Oxford Dictionary, security is the freedom from danger or anxiety. Security can also be defi ned as follows:

• A situation with no risk, with no sense of threat • The prevention of risk or threat

• The assurance of a sense of conﬁ dence and certainty

In traditional information theory [1], security is described through the accomplishment of some basic security properties, namely confi dentiality, integrity, and availability of information. Confi dentiality is the property of protecting the content of information from all users other than those intended by the legal owner of the information. The nonintended users are generally called unauthorized users. Other terms such as privacy have been used almost synonymously with confi dentiality. However, the term privacy represents a human attribute with no quantifi able defi nition. Integrity is the property of protecting information from alteration by unauthorized users. Availability is the property of protecting information from nonauthorized temporary or permanent withholding of information.

Other basic security properties are authentication and nonrepudiation. Authentication is divided into peer-entity authentication and data origin authentication. Peer entity authen-tication is the property of ensuring the identity of an entity (also called subject), which

1 Network Security: Current Status and Future Directions, Edited by C. Douligeris and D. N. Serpanos

(22)

2 Chapter 1 Computer Network Security

may be a human, a machine, or another asset such as a software program. Data origin authentication is the property of ensuring the source of the information. Finally, nonrepu-diation is the property of ensuring that principals that have committed to an action cannot deny that commitment at a latter time. Detailed treatment of security properties can be found in several security standards, such as the ISO/IEC (International Organization for Standardization/International Engineering Consortium) 7498-2 [2] and the ITU-T (Inter-national Telecommunication Union) X.800 security recommendation [3].

In a practical approach, IT security involves the protection of information assets [4]. In a traditional IT risk analysis terminology, an asset is an object or resource which is “worthy” enough to be protected. Assets may be physical (e.g., computers, network infra-structure elements, buildings hosting equipment), data (e.g., electronic fi les, databases), or software (e.g., application software, confi guration fi les). The protection of assets can be achieved through several security mechanisms, that is, aimed at the prevention, detec-tion, or recovery of assets from security threats and vulnerabilities. A security threat is any event that may harm an asset. When a security threat is realized, an IT system or network is under a security attack. The attacker or threat agent is any subject or entity that causes the attack. The impact of the threat measures the magnitude of the loss that would be caused to the asset or asset owner if the threat were realized against it. A security

vulnerability is any characteristic in a system which makes an asset more vulnerable to threats. The combination of threats, vulnerabilities, and assets provides a quantiﬁ ed and/or qualiﬁ ed measure of the likelihood of threats being realized against assets as well as the impact caused due to the realization of a threat. This measure is known as the security

risk. Thus, the security mechanisms provide capabilities that reduce the security risk of a system. Note that system and network security do not rely solely on technical security mechanisms. In almost every information system and network, procedural and organiza-tional measures are generally required in addition to technical mechanisms in order to accomplish the desired security goals.

Acomputer network, or simply a network, is a collection of connected computers. Two or more computer systems are considered as connected if they can send and receive data from each other through a shared-access medium. The communicating entities in a computer network are generally known as principals, subjects, or entities. These principals can be further divided into users, hosts, and processes:

• A user is a human entity responsible for its actions in a computer network. • A host is an addressable entity within a computer network. Each host has a unique

address within a network.

• A process is an instance of an executable program. It is used in a client–server model in order to distinguish between the client and the server processes:

䊊_{A client process is a process that makes requests of a network service.}

䊊_{A server process is a process that provides a network service, for example, a} demon process running continuously in the background on behalf of a service. A network is considered as a wired or ﬁ xed network if the access medium is some kind of physical cable connection between the computers, such as a copper cable or a ﬁ ber-optic cable. On the other hand, a network is considered as a wireless network if the access medium relies on some kind of signaling through the air, such as radio frequency (RF) communication. A network can also be divided according to its geographical coverage. Depending on its size, a network can be a personal area network (PAN), a local area network (LAN), a metropolitan area network (MAN), or a wide area network (WAN).

(23)

1.2 ISO/OSI Reference Model for Networks 3

Regardless of the access medium and the coverage of a network, network security can be considered through the achievement of two security goals: computer system security

andcommunication security:

• The goal of computer system security is to protect information assets against unau-thorized or malicious use as well as to protect the information stored in computer systems from unauthorized disclosure, modiﬁ cation, or destruction.

• The goal of communication security is to protect information during its transmission through a communication medium from unauthorized disclosure, modiﬁ cation, or destruction.

1.2 ISO/OSI REFERENCE MODEL FOR NETWORKS

In order to have a deep understanding of the way that networking is performed, network reference models have been developed that group similar functions into abstractions known as layers. Each layer’s functions can communicate with the same layer’s functions of another network host. On the same host, the functions of a particular layer have inter-faces to communicate with the layers below and above it. This abstraction simpliﬁ es and properly deﬁ nes the necessary actions for networking.

The ISO Open Systems Interconnection (OSI) reference model [5] deﬁ nes seven network layers as well as their interfaces. Each layer depends on the services provided by its intermediate lower layer all the way down to the physical network interface card and the wiring. Then, it provides its services to its immediate upper layer, all the way up to the running application. It needs to be noted that not all protocol stacks include all seven layers. The most popular protocol suite, Transmission Control Protocol/Internet Protocol (TCP/IP), has ﬁ ve layers. There are no presentation and no session layers; the functions of these layers are incorporated in the layers above and below.

The seven layers of the OSI reference model are brieﬂ y described bellow, from the highest to the lowest one:

• Layer 7: Application Layer. This layer deals with the communication issues of an application. It identiﬁ es and establishes the availability of the communicating prin-cipals and is also responsible to interface with the user. Examples of application layer protocols include the Session Initiation Protocol (SIP), the HyperText Transfer Protocol (HTTP), the File Transfer Protocol (FTP), the Simple Mail Transfer Pro-tocol (SMTP), and Telnet, to name just a few.

• Layer 6: Presentation Layer. This layer is responsible for presenting the data to the upper application layer. Essentially, it translates the data and it performs tasks like data compression and decompression and data encryption and decryption. Some of the well-known standards and protocols of this layer include ASCII, ZIP, JPEG, TIFF, RTP, and the MIDI format.

• Layer 5: Session Layer. This layer is responsible for initiating the contact between two computers and setting up the communication lines. It formats the data for transfer and it maintains the end-to-end connection. Two examples of session layer protocols are the remote procedure call (RPC) and the secure sockets layer (SSL) protocols.

• Layer 4: Transport Layer. This layer deﬁ nes how to address the physical locations of the network, establish connections between hosts, and handle network

(24)

messag-4 Chapter 1 Computer Network Security

ing. It also maintains the end-to-end integrity of the session and provides mecha-nisms to support session establishment for the upper layers. The TCP and the User Datagram Protocol (UDP) are the most widely known protocols of this layer, with the Stream Control Transmission Protocol (SCTP) gaining in usage.

• Layer 3: Network Layer. This layer is responsible for routing and relaying the data between the network hosts. Its primary function is to send fragments of data called

packets from a source to a destination host. It also includes the management of error detection, message routing, and trafﬁ c control. The IP belongs at this layer. • Layer 2: Data Link Layer. This layer deﬁ nes the conditions that must be followed

by a host in order to access the network. It establishes the link between the hosts over a physical channel. It ensures message delivery to the proper device and trans-lates the transmitted bits for the lowest physical layer. Ethernet and Token Ring are typical examples of protocols that operate at this layer.

• Layer 1: Physical Layer. This layer deﬁ nes the physical connection between a host and a network. It mainly converts the bits into physical signaling suitable for trans-mission, such as voltages or light impulse. The device drivers that handle the com-munications hardware (network cards, wireless cards etc) operate at this layer. The X.200 [6] recommendation of the ITU-T is aligned with the ISO/IEC 7498-1 standard.

1.2.1 Security in ISO/OSI Reference Model

According to the ISO/IEC 7498-1 [5] standard, each protocol layer is composed of three functional planes: users (also called bearers), signaling and control, and management. In order to secure network communications the security objectives should be accomplished in each appropriate protocol layer and in each suitable functional plane. The ISO/IEC 7498-2 [2] standard and the ITU-T X.800 Security Architecture for Open Systems Inter-connection recommendation [3] extend the ISO/OSI 7498-1 reference model (also described in the ITU-T recommendation X.200) to cover security aspects which are general archi-tectural elements of communications protocols. The X.800 recommendation provides a general description of security services and related mechanisms, which may be provided by the reference model. It also deﬁ nes the positions within the reference model where the services and mechanisms may be provided.

Based on [2, 3], the security objectives are accomplished through security policies

andsecurity services. A security policy is the set of criteria that deﬁ ne the provision of security services, where a security service is a service which is provided by a layer of communicating open systems, in order to ensure adequate security of the systems or of data transfers. The security services are implemented by security mechanisms which are in general mechanisms that can be used to technically enforce and implement a security service.

1.2.2 Security Services and Security Mechanisms

As described in [2, 3], the basic security services in OSI communications include the following:

(25)

1.2 ISO/OSI Reference Model for Networks 5 1. Authentication. This service may be used to prove that the claimed identity of a

communicating principal is valid (peer entity authentication) or that the claimed source of a data unit is valid (data origin authentication).

2. Access Control. This service can be used to protect the information assets and resources available via OSI from unauthorized access. This service may be applied to various types of access, such as read, write, or execute or combinations of the above. Access to resources may be controlled through various types of access policies, such as rule-based or identity-based security policies. The access control services should cooperate with the authentication services, since granting access rights to a principal requires prior authentication of the principal requesting a par-ticular access.

3. Data Confi dentiality. This service protects the data from disclosure to unauthor-ized principals. According to the X.800 recommendation, variants of this service includeconnection confi dentiality (when it involves all the layers of the commu-nication), connectionless confi dentiality (when it provides confi dentiality in a connectionless service data unit), selective fi eld confi dentiality (when it protects selective fi elds of the data), and traffi c fl ow confi dentiality (when it protects infor-mation that could be potentially derived from observation of traffi c fl ows).

4. Data Integrity. This service ensures that during their transmission the data are not altered by unauthorized principals. This service may have several forms. Connec-tion integrity with recovery provides integrity of the data and also detects modifi ca-tion, inserca-tion, deleca-tion, and replay of data. In contrast, connection integrity with recovery does not attempt recovery. Selective fi eld connection integrity provides integrity for selective data fi elds within a connection. Connectionless versions of the above services also exist for connectionless data units.

5. Nonrepudiation. This service ensures that a principal cannot deny the transmis-sion or the receipt of a message. This service may take one or both of two forms. Withnonrepudiation with proof of origin the recipient of data is provided with proof of the origin of data, so that the sender cannot later deny that he or she sent the particular data. With nonrepudiation with proof of delivery the sender of data is provided with proof of the delivery of data, so that the receiver cannot later deny having received the particular data.

Table 1.1 describes the relationship of security services and layers, as described [3]. It should be noted that in the application layer 7 it is possible that the application process itself provides security services.

The implementation of the security services is provided through security mechanisms. These can also be divided into several categories:

1. Encipherment Mechanisms. These mechanisms provide data conﬁ dentiality ser-vices by transforming the data to forms not readable by unauthorized principals. The encipherment mechanisms can also complement a number of other security mechanisms. The encipherment algorithms are generally divided into symmetric

(or secret key), where the same secret key is used for both encipherment and decipherment, and asymmetric (or public key), where two mathematically bounded keys are used, the public key for encipherment and the private, or secret, key for decipherment. Knowledge of the public key does not imply knowledge of the secret key. Issues related with the management of the keys are raised both in symmetric and asymmetric encipherment mechanisms. Examples of symmetric encipherment

(26)

algorithms are AES, Twoﬁ sh, and RC5, where examples of asymmetric encipher-ment algorithms are RSA and ElGamal. These are described in more detail in Appendix A. Network security protocols such as SSL/transport-level security (TLS) and IP Security (IPSec) discussed in Chapter 5 as well as security mecha-nisms such as virtual private networks (VPNs) discussed in Chapter 4 also use encipherment mechanisms to protect the conﬁ dentiality of the communication.

2. Digital Signatures. Digital signatures are the electronic equivalent of ordinary signatures in electronic data. Such mechanisms are constructed by properly apply-ing asymmetric encipherment. The decipherment of a data unit with the private key of an entity corresponds to the signature procedure of the data unit. The result is the digital signature of the particular data unit produced by the holder of the private key. The encipherment of the generated digital signature with the corre-sponding public key of the particular entity corresponds to the veriﬁ cation proce-dure. Digital signatures can be used to provide peer entity authentication and data origin authentication, data integrity, and nonrepudiation services. RSA, ElGamal, and DSA are examples of signature algorithms (see Appendix A for more details).

3. Access Control Mechanisms. The access control mechanisms are used to provide access control services. These mechanisms may use the authenticated identity of an entity or other information related with an entity (e.g., membership, permis-sions, or capabilities of the entity) in order to determine and enforce the access rights of the entity. The access control mechanisms may also report unauthorized access attempts as part of a security audit trail. Examples of access control mecha-nisms are ﬁ rewalls (see Chapter 3) and operating system user access privileges.

4. Data Integrity Mechanisms. These mechanisms provide data integrity services by appending some kind of checksums to the data which may prove alteration of the data. Data integrity may involve a single data unit or fi eld or a stream of data units or fi elds. In general, provision of the second without the fi rst is not practical. The message authentication codes (MACs) and the digital signatures described in Appendix A can be used as data integrity mechanisms.

Table 1.1 Relationship of Security Services and Layers 1–7

Service 1 2 3 4 5 6 7

Peer entity authentication X X X

Data origin authentication X X X

Access control service X X X

Connection conﬁ dentiality X X X X X X

Connectionless conﬁ dentiality X X X X X

Selective ﬁ eld conﬁ dentiality X X

Traffi c fl ow confi dentiality X X X

Connection integrity with recovery X X

Connection integrity without recovery X X X

Selective ﬁ eld connection integrity X

Connectionless integrity X X X

Selective ﬁ eld connectionless integrity X

Nonrepudiation of origin X

(27)

5. Authentication Mechanisms. These mechanisms provide authentication services by assuring the identity of a principal. Examples of such mechanisms are pass-words, cryptographic techniques, and biometrics. Authentication mechanisms may also be based on cryptographic techniques and trust infrastructures such as public key infrastructure (PKI), which are analyzed in Chapters 22 and 23, respectively.

6. Traffi c-Padding Mechanisms. These mechanisms provide protection from traffi c analysis attacks. Several network protocols and security mechanisms include padding mechanisms to protect the exchanged communication. These can be effec-tive only if the traffi c padding is protected by a confi dentiality service.

7. Routing Control Mechanisms. These mechanisms allow the selection of a speciﬁ c route for the communicating data, either dynamically or statically through prear-ranged routes. Moreover, by applying security policies, data carrying certain secu-rity labels may be routed through certain subnetworks, relays, or links. Hackers, viruses, and malicious programs frequently exploit the security vulnerabilities of routing protocols in order to launch network security attacks. In Chapter 2, routing security is extensively discussed. Furthermore, Chapter 20 also discusses secure routing for wireless ad hoc networks.

8. Notarization Mechanisms. Finally, notarization mechanisms are used to assure the integrity, the source or destination, and the time of sending or delivering of transmitted data. Such assurance mechanisms may be part of the networking pro-tocols in use and/or of a trusted third party which may be used to assure the com-munication consistency and nonrepudiation. A notarization mechanism may be supported by other mechanisms such as digital signatures, encipherment, or integ-rity mechanisms.

Table 1.2 describes the relationship between security services and security mecha-nisms. If a mechanism is indicated as appropriate for a given service, this may be either on its own or in combination with other mechanisms. More details can be found in [3].

Other recommendations extend the security architecture of X.800 to focus on lower layer [7] and upper layer [8] security models. Moreover, the X.810–X.816 recommenda-tions [9–15] focus on security frameworks for open systems and frameworks for authen-tication, access control, nonrepudiation, conﬁ dentiality, integrity, and security audit and alarms. The ISO/IEC standard also deﬁ nes the corresponding security standards in [16–22] as well as standards for generic upper [23] and lower [24] layer security.

1.3 NETWORK SECURITY ATTACKS

It is obvious from the description above that security threats and attacks may involve any layer, from the physical to the application. It is possible that a successful attack in one layer may render useless the security measures taken in the other layers. Some basic network security attacks are described below:

• Eavesdropping Attacks. These attacks consist of the unauthorized interception of network communication and the disclosure of the exchanged information. This can be performed in several different layers—for example, in the network layer by

snifﬁ ng into the exchanged packets or in the physical layer by physically wiretap-ping the access medium (cabling or wireless medium).

(28)

Table 1.2

Relationship Between Security Services and Mechanisms

Digital Access Data Authentication Trafﬁ c Routing Service Encipherment Signature Control Integrity Exchange Padding Control Notarization

Peer entity authentication

X

Data origin authentication

X

Access control service

X Connection confi dentiality X X Connectionless confi dentiality X X Selective fi eld confi dentiality X Traffi c fl ow confi dentiality X X X

Connection integrity with recovery

X

Connection integrity without recovery

X

Selective ﬁ

eld connection integrity

X X Connectionless integrity X X X Selective ﬁ

eld connectionless integrity

X X X Nonrepudiation of origin X X X Nonrepudiation of delivery X X X 8

(29)

• Logon Abuse Attacks. A successful logon abuse attack would bypass the authen-tication and access control mechanisms and allow a user to obtain access with more privileges than authorized.

• Spoofi ng Attacks. Spoofi ng is the act of a subject asserting an identity that the subject has no right to use. A simple instance of this type of attacks is IP spoofi ng, through which a system is convinced that it is communicating with a known principal and thus provides access to the attacker. The attacker sends a packet with an IP source address of a known trusted host by altering the packet at the transport layer. The target host may be deceived and accept the modifi ed packet as valid.

• Intrusion Attacks. These types of attacks focus on unauthorized users gaining access to a system through the network. Such an attack would target speciﬁ c vulnerabilities in assets. For example, a typical Web server intrusion attack is a

buffer overﬂ ow attack, which occurs when a Web service receives more data than it has been programmed to handle and thus reacts in unexpected and unpredicted ways.

• Hijacking Attacks. These attacks are essentially attempts to gain unauthorized access to a system by using a legitimate entity’s existing connection. For example, at the session layer, if a user leaves an open session, this can be subject to session hijacking by an attacker. An example of session hijacking is the TCP sequence number attack:

䊊_{This attack exploits the communication session which was established between} the target host and a legitimate host that initiated the session. The attacker hijacks the session of the legitimate host by predicting a sequence number selected by the target host, which is used by the TCP.

• Denial-of-Service (DoS) Attacks. These attacks attempt to exhaust the network or server resources in order to render it useless for legitimate hosts and users. A more advance type is the distributed denial-of-service (DDoS) attacks, where the attacker uses resources from a distributed environment against a target host. Some well-known DoS attacks are as follows:

䊊 _{SYN Attack}_._{In a SYN attack, the attacker exploits the inability of a server} process to handle unﬁ nished connection requests. The attacker ﬂ oods a server process with connection requests, but it does not respond when the server answers those requests. This causes the attacked system to crash, while waiting for the proper acknowledgments of the initial requests.

䊊 _{Ping of Death}_._{This is an early DoS attack in which an attacker sends a} ping request that is larger than 65,536 bytes, which is the maximum allowed size for the IP, causing the system to crash or restart. Such attacks are not in use today, since most operating systems have implemented measures against it.

• Application-Level Attacks. These attacks are concerned with the exploitation of weaknesses in the application layer and really focus on intrusion attacks in most cases—for example, security weaknesses in the Web server, in the speciﬁ c technol-ogy used in the website, or in faulty controls in the ﬁ ltering of an input on the server side. Examples of these attacks include malicious software attacks (viruses, Trojans, etc.), Web server attacks, remote command execution, Structured Query Language (SQL) injection, and cross-site scripting (XSS).

(30)

1.4 MECHANISMS AND CONTROLS FOR NETWORK SECURITY: BOOK OVERVIEW AND STRUCTURE

Several security mechanisms and controls have been developed to provide security ser-vices in various network layers for both wired and wireless networks and for various network protocols. Many of these mechanisms and controls are described in the following chapters of this book. Here we refer to some well-known mechanisms in order to familiar-ize the inexperienced reader with basic security mechanisms. The remainder of the book is organized in four topical parts of network security.

Part I (Chapters 2–9) discusses current security issues on today’s Internet. At the core of network security is the protection of message routing and relaying. Several mechanisms and controls that deal with secure routing are discussed in Chapter 2. Firewalls are the basic mechanism for access control in networks, which are discussed in Chapter 3. The protection of message conﬁ dentiality and integrity in remote communications may rely on security mechanisms that protect the communication as if it was performed in a closed network. These mechanisms are known as VPNs and are discussed in Chapter 4. Chapter 5 continues the study of IP security mechanisms, such as the IPSec and the SSL/TLS protocols.

Since the prevention of network attacks in not always successful, several tools have been developed in order to detect possible intrusion attacks. Intrusion detection systems (IDSs) for networks are explained in detail in Chapter 6. Chapter 7 continues on the same subject by analyzing intrusion prevention systems, which also take preventive measures in the presence of an attack. This chapter compares intrusion detection and intrusion prevention.

One of the most important categories of attacks against network availability which cannot always be dealt with using the mechanisms described in the previous chapters is DoS attacks. These are discussed in Chapter 8. Finally, security in active networks is dis-cussed in Chapter 9.

Secure networks rely heavily on secure network services, which is the topic of Part II (Chapters 10–15). Security in E-services and applications is discussed in Chapter 10, where application layer vulnerabilities are analyzed along with existing security mecha-nisms. Protection of network communications in the application layer may involve higher level security mechanisms. Chapter 11 describes speciﬁ c mechanisms of this layer and more particularly Web services security mechanisms. Security in speciﬁ c network services such as IP Multicast and Voice over IP are analyzed in Chapters 12 and 13, respectively. Furthermore, Chapter 14 discusses the vulnerabilities and the security measures for Grids. Finally, Chapter 15 discusses security issues of mobile code used in networking, such as mobile agent security mechanisms. These are mainly used in another case of special-purpose networks, mainly intelligent networks.

Wireless networks, in general, have special security needs which are not always covered by the traditional network security mechanisms for several reasons, such as the difference in the access medium and the efﬁ ciency requirements. Part III (Chapters 16–21) is concerned with security in wireless networks. Chapter 16 discusses the issues of mobile terminal security for several wireless communication protocols. A very popular wireless communications protocol is the Institute of Electrical and Electronics Engineers (IEEE) 802.11. The security of IEEE 802.11 is discussed in Chapter 17. Chapter 18 refers to the security issues of another popular wireless protocol, Bluetooth. Chapter 19 analyzes mobile telecom network security, where emphasis is given on the efﬁ ciency impact of security measures in these networks.

(31)

Another case of wireless networks is the class of wireless ad hoc networks, where the network services are provided through cooperation of the network nodes rather than from static network infrastructures. These networks have special security considerations caused by node mobility. The particular security problems as well as the possible solutions for these networks are presented in Chapter 20, which discusses security in mobile ad hoc networks. Finally, Chapter 21 discusses security in wireless sensor networks, namely wireless ad hoc networks consisting of sensor nodes with very limited capabilities.

Security services cannot be established in any system if one cannot depend on peer relations such as trust and anonymity. Trust, anonymity, and privacy issues are the topic of Part IV. The problem of trust in networking is discussed in Chapter 22. Trusted parties can be the basis of various security services that need key distribution and validation, key establishment, or signature services. A well-known trust infrastructure service is PKI, which is described in Chapter 23, along with its applications in network security. Chapter 24 discusses the technical, ethical, and social nature of network security, mainly privacy in electronic communications. Finally, Chapter 25 is concerned with securing digital content, a very sensitive issue in networking due to the open nature and the vast deploy-ment of the Internet.

The book also contains three appendices, each of which provides introductory knowl-edge to speciﬁ c issues related to network security. Most of the security mechanisms employed in network security described in the chapters implement cryptographic algo-rithms and protocols for tasks such as encryption, decryption, key exchange, digital sig-natures, and authentication codes. Appendix A provides a brief introduction on basic deﬁ nitions of cryptography as well as a description of widely used cryptographic algo-rithms and protocols. Appendix B is concerned with the legal issues of network security. As explained earlier, network security cannot depend only on technical measures. The validity of digital signatures and copyright issues are some of the legal issues analyzed in Appendix B. Finally, Appendix C lists many security standards which have been published by well-respected standardization bodies. It is generally accepted that in IT innovations cannot be widely implemented and accepted if there are no available set standards to allow the interfacing of different implementation.

REFERENCES

1. A. J. Menezes, P. C. Oorschot, and S. A. Vanstone,

Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1997.

2. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Inter-connection—Part 2: Security Architecture, ISO/IEC 7498-2, ISO, Geneva, 1989.

3. International Telecommunication Union (ITU),

Secu-rity Architecture for Open Systems Interconnection for CCIT Applications, Recommendation ITU-T X.800, ITU, Geneva, 1991.

4. T. R. Peltier, Information Security Risk Analysis, Auerbach Publications, New York, 2001.

5. International Organization for Standardization

(ISO),Information Processin g Systems—Open Systems

Interconnection—Part 1: Basic Reference Model, ISO/IEC 7498-1, ISO, 1984, also ISO/OSI 7498-1, Geneva, 1994.

Infor-mation Technology—Open Systems Interconnection— Basic Reference Model: The Basic Model, Recommendation ITU-T X.200, ITU, Geneva, 1994.

Infor-mation Technology—Open Systems Interconnection— Lower Layers Security Model, Recommendation ITU-T X.802, ITU, Geneva, 1995.

Infor-mation Technology—Open Systems Interconnection— Upper Layers Security Model, Recommendation ITU-T X.802, ITU, Geneva, 1994.

Infor-mation Technology—Open Systems Interconnection— Security Frameworks for Open Systems: Overview, Recommendation ITU-T X.810, ITU, Geneva, 1995.

Infor-mation Technology—Open Systems Interconnection— References 11

(32)

12 Chapter 1 Computer Network Security Security Frameworks for Open Systems: Authentication Framework, Recommendation ITU-T X.811, ITU, Geneva, 1995.

Infor-mation Technology—Open Systems Interconnection— Security Frameworks for Open Systems: Access Control Framework, Recommendation ITU-T X.812, ITU, Geneva, 1995.

Infor-mation Technology—Open Systems Interconnection— Security Frameworks for Open Systems: Non-Repudiation Framework, Recommendation ITU-T X.813, ITU, Geneva, 1996.

Infor-mation Technology—Open Systems Interconnection— Security Frameworks for Open Systems: Conﬁ dentiality Framework, Recommendation ITU-T X.814, ITU, Geneva, 1995.

Infor-mation Technology—Open Systems Interconnection— Security Frameworks for Open Systems: Integrity Framework, Recommendation ITU-T X.815, ITU, Geneva, 1995.

Infor-mation Technology—Open Systems Interconnection— Security Frameworks for Open Systems: Security Audit and Alarms Framework, Recommendation ITU-T X.815, ITU, Geneva, 1995.

16. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Inter-connection—Part 1: Security Frameworks for Open Systems: Overview, ISO/IEC 10181-1, ISO, Geneva, 1996.

17. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Inter-connection—Part 2: Security Frameworks for Open Systems: Authentication Framework, ISO/IEC 10181-2, ISO, Geneva, 1996.

18. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Inter-connection—Part 3: Security Frameworks for Open Systems: Access Control Framework, ISO/IEC 10181-3, ISO, Geneva, 1996.

19. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Inter-connection—Part 4: Security Frameworks for Open Systems: Non-Repudiation Framework, ISO/IEC 10181-4, ISO, Geneva, 1996.

20. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Interconnection—Part 5: Security Frameworks for Open Systems: Conﬁ dentiality Framework, ISO/IEC 10181-5, ISO, Geneva, 1996.

21. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Inter-connection—Part 6: Security Frameworks for Open Systems: Integrity Framework, ISO/IEC 10181-6, ISO, Geneva, 1996.

22. International Organization for Standardization (ISO), Information Processing Systems—Open Systems Inter-connection—Part 7: Security Frameworks for Open Systems: Security Audit and Alarms Framework, ISO/ IEC 10181-7, ISO, Geneva, 1996.

23. International Organization for Standardization (ISO), Information Technology—Open Systems Interconnec-tion—Generic Upper Layers Security: Overview, Models and Notation, ISO/IEC 11586-1, ISO, Geneva, 1996.

24. International Organization for Standardization (ISO), Information Technology—Open Systems Interconnec-tion—Generic Upper Layers Security: Exchange Service Element (SESE) Service Deﬁ nition, ISO/IEC 11586-2, ISO, Geneva, 1996.

(33)

Part One

Internet Security

The Internet is characterized by the substantial advantage of increased connectivity, which has resulted in a growing number of services. However, this advantage is exploited by malicious intruders in order to carry out various attacks against the integrity of the Internet’s infrastructure and the privacy of its users. A broad range of solutions have been proposed in order to ensure data confi dentiality, integrity, source authenticity, nonrepudiation, and availability for data communication between users over the Internet. In this part, many aspects of network security, including possible threats and proactive as well as reactive ways to combat them, are described. More specifi cally, in this part we will focus on secure routing, fi rewalls, virtual private networks (VPNs), Internet Protocal (IP) level security, intrusion detection systems (IDSs), intrusion prevention systems (IPSs), denial-of-service (DoS) attacks, and security issues concerning active networks.

Secure routing, the delivery of packets from a source to a destination, represents the most important function that supports networks. Network technologies that can be used to achieve secure routing as well as possible threats that focus on disrupting the packet delivery service are described. Moreover, possible countermeasures against these threats and protection mechanisms of network technologies are described in order to demonstrate common grounds between them.

A ﬁ rewall is a collection of components that can be used to enforce an organizationwide policy on all network trafﬁ c entering or leaving the

organization’s network. In this part the concept of the network ﬁ rewall as well as its redundancy and performance issues and its forms of internal

(partitioning)—distributed, personal, and layer 2—are discussed.

In addition VPN technology, which represents an effective means of providing secure communication between geographically distributed network entities, is discussed. More speciﬁ cally, in this part a comprehensive overview of VPNs, including its operation, taxonomy, and conﬁ guration, is presented as well as a discussion of security mechanisms in VPNs and current research issues concerning VPNs.

13 Network Security: Current Status and Future Directions, Edited by C. Douligeris and D. N. Serpanos

(34)

14 Part One Internet Security

IPSec (IP Security) constitutes a security solution that is possible to be widely deployed over the Internet due to its substantial capability to achieve data conﬁ dentiality, integrity, source authentication, and availability. A detailed description of IPSec, which guarantees privacy and integrity of IP data packets irrespective of security features at application and socket layers, is presented.

Furthermore, IDSs as a second layer of defense are presented thoroughly. The focus is on network-based intrusion detection systems (NIDSs) compared to host-based IDSs. A deﬁ nition of NIDSs as well as some historical background on NIDSs is provided, followed by a discussion of trends in NIDSs and current research issues in NIDSs. An IPS is a convergence of a ﬁ rewall and an IDS. A thorough description of IDSs and a comparison of IDSs versus IPSs are presented.

One of the most challenging issues to availability are DoS attacks.

Denial-of-service attacks constitute one of the major threats and are among the hardest security problems in today’s Internet. The main aim of a DoS attack is the disruption of services by attempting to limit access to a machine or service. The problem of DoS attacks is investigated and the motivation and the defense problems are presented. Moreover the problem of distributed DoS (DDoS) attacks is introduced, while the basic characteristics of well-known DDoS tools, the various types of DDoS attacks, and various types of DDoS defense

mechanisms are presented.

Active networks are a new networking technology which adds programming capability to network nodes and datagrams traveling in the network. This leads to the creation of a dynamic adaptive network that is able to offer advantages such as dynamic creation and execution of network services and distributed processing and management. Active networks are used in order to design two secure architectures. The ﬁ rst is an adaptive VPN framework that can offer ﬂ exible, portable services and customizable VPN mechanisms to provide on-demand secure tunnels in a dynamic environment. The second architecture deploys secure multicasting on a VPN through the use of active networks.

The main security issues, both in real-world environments as well as in research settings, are discussed in this part of the book. Chapter 2 looks at the main issues regarding the secure routing of information on today’s Internet. Chapter 3 surveys techniques to design effi ciently and effectively fi rewalls and the main issues that arise in their deployment. The benefi ts in security from the use of VPNs are analyzed in Chapter 4. Chapter 5 presents in detail the IPsec protocol to enhance security in an IP environment. Chapters 6 and 7 analyze techniques to detect and protect networks from attacks, such as DoS and DDOS which are discussed in Chapter 8. A testbed that can provide a reference framework to validate the previous techniques is given in Chapter 9.

Network Security Current Status and Future Directions

Network Security

Current Status and Future Directions

Edited by

Christos Douligeris

Dimitrios N. Serpanos

Network Security

Current Status and Future Directions

Edited by

Christos Douligeris

Dimitrios N. Serpanos

Contents

Preface

Contributors

Chapter

1

Computer Network Security: Basic

Background and Current Issues

Panayiotis Kotzanikolaou and Christos Douligeris

Part One

Internet Security