Chapter 1 Introduction Security Violations OSI Security Architecture

  • Slides: 20
Download presentation
Chapter 1 Introduction • Security Violations • OSI Security Architecture • Network Security Model

Chapter 1 Introduction • Security Violations • OSI Security Architecture • Network Security Model Block Ciphers

Security Violations 1. Capture File F is SENSITIVE A F -------> C CAPTURES F

Security Violations 1. Capture File F is SENSITIVE A F -------> C CAPTURES F Block Ciphers B

Security Violations 2. Intercept - Update Authorisation File F is SENSITIVE A sends message

Security Violations 2. Intercept - Update Authorisation File F is SENSITIVE A sends message to B: ”Update F with names” A(m) m B(F) C INTERCEPTS m and adds name of C A(m) m C(m) m B(F) Block Ciphers

Security Violations 3. Substitute Authorisation File F is SENSITIVE C PRETENDS to be A

Security Violations 3. Substitute Authorisation File F is SENSITIVE C PRETENDS to be A C sends message to B: ”Update F with name of C” {C}A(m) m Block Ciphers B(F)

Security Violations 4. Intercept - Preempt A sends message to B: ”STOP C’s r/w

Security Violations 4. Intercept - Preempt A sends message to B: ”STOP C’s r/w access” A(m 0) m 0 B(m 1) m 1 STOP(C) C INTERCEPTS m 0: A(m 0) m 0 C m 0 B(m 1) C(r/w ACCESS) B(m 1) m 1 STOP(C) Block Ciphers

Security Violations 5. Denial C sends message to B C(m) m B Later, B

Security Violations 5. Denial C sends message to B C(m) m B Later, B QUERIES C about message B m, ? C C DENIES sending message C(m, ? ) NO Block Ciphers B

OSI Security Architecture (X. 800 – Security for Open Systems Interconnection) • International Standard

OSI Security Architecture (X. 800 – Security for Open Systems Interconnection) • International Standard • 5 Categories • 14 Services Block Ciphers

OSI Security Architecture Categories(services) • Authentication (peer-entity, data-origin) • Access Control • Data Confidentiality

OSI Security Architecture Categories(services) • Authentication (peer-entity, data-origin) • Access Control • Data Confidentiality (connection, connectionless, selective-field, traffic-flow) • Data Integrity (connection[recovery, no-recovery, selective-field], connectionless[no-recovery, selective-field]) • Non. Repudiation (origin, destination) Block Ciphers

OSI Security Architecture Authentication Data Origin (m not protected) A(m) m B B(m, A)

OSI Security Architecture Authentication Data Origin (m not protected) A(m) m B B(m, A) AUTHENTIC(A)? Peer Entity A c B S(A, B) AUTHENTIC(A, B)? S(c, masquerador, replay) SECURE(c)? Block Ciphers

OSI Security Architecture Access Control Access REQUEST: A(m) m Host MATCHES m to A:

OSI Security Architecture Access Control Access REQUEST: A(m) m Host MATCHES m to A: {Host/System}(m, A) m’ {Host/System} A A GRANTED read/write access: c A(m’) {Host/System} Block Ciphers

OSI Security Architecture Confidentiality CONNECTION: c. K A B (e. g. TCP) CONNECTIONLESS: A

OSI Security Architecture Confidentiality CONNECTION: c. K A B (e. g. TCP) CONNECTIONLESS: A m K B SELECTIVE-FIELD: c. K|c’ A B TRAFFIC-FLOW: A { } B Block Ciphers

OSI Security Architecture Integrity CONNECTION-RECOVERY: A c m modification/destruction B(m) recover m CONNECTION-NO RECOVERY:

OSI Security Architecture Integrity CONNECTION-RECOVERY: A c m modification/destruction B(m) recover m CONNECTION-NO RECOVERY: A c m modification/destruction B(m) detect !! SELECTIVE FIELD: A c m|m’ modification/destruction B(m) detect(m) Block Ciphers !!

OSI Security Architecture Non-Repudiation SENDER VERIFICATION: A m, [A] B(m, [A]) m A RECEIVER

OSI Security Architecture Non-Repudiation SENDER VERIFICATION: A m, [A] B(m, [A]) m A RECEIVER VERIFICATION: A m B B [m], [B] A([m], [B]) m B Block Ciphers

OSI Security Architecture Availability • Upon request • Denial of Service • Attack Countermeasures:

OSI Security Architecture Availability • Upon request • Denial of Service • Attack Countermeasures: Authentication Encryption Physical Response Block Ciphers

SECURITY MECHANISMS (X. 800) - specific • Encipherment – unintelligible • Signature – data

SECURITY MECHANISMS (X. 800) - specific • Encipherment – unintelligible • Signature – data tag to ensure a) Source b) Integrity c) anti-forgery • Access Control • Data Integrity • Authentication • Traffic Padding – prevent traffic analysis • Routing Control – adapt upon partial failure • Notarization – trusted third party Block Ciphers

SECURITY MECHANISMS (X. 800) - pervasive • Trusted Functionality • Security Label • Event

SECURITY MECHANISMS (X. 800) - pervasive • Trusted Functionality • Security Label • Event Detection • Audit Trail • Recovery Block Ciphers

ATTACKS • PASSIVE: System unaltered, – hard to detect, easier to prevent • ACTIVE:

ATTACKS • PASSIVE: System unaltered, – hard to detect, easier to prevent • ACTIVE: System altered, – easier to detect, hard to prevent Block Ciphers

ATTACKS • PASSIVE: eavesdropping, message release, • ACTIVE: replay, modification, monitoring, traffic analysis masquerade(impersonation),

ATTACKS • PASSIVE: eavesdropping, message release, • ACTIVE: replay, modification, monitoring, traffic analysis masquerade(impersonation), denial of service(supression, overload) Block Ciphers

Model for Network Security Block Ciphers 19

Model for Network Security Block Ciphers 19

Model for Network Access Security • Gatekeeper: password-based login, screening logic • Internal controls:

Model for Network Access Security • Gatekeeper: password-based login, screening logic • Internal controls: monitor activity, Block Ciphers analyse stored info 20

OSI Model OSI MODEL OSI Model Communication ArchitectureOSI Model OSI MODEL OSI Model Communication Architecture
OSI modelis Kas yra OSI OSI Open StandartsOSI modelis Kas yra OSI OSI Open Standarts
OSI TCPIP 1 OSI 2 OSI 3 TCPIPOSI TCPIP 1 OSI 2 OSI 3 TCPIP
OSI Model OSI Reference Model OSI Model TheOSI Model OSI Reference Model OSI Model The
OSI LAYERS ccna OSI Model OSI means OpenOSI LAYERS ccna OSI Model OSI means Open
RULE 9 VIOLATIONS PENALTIES RULE 9 VIOLATIONS PENALTIESRULE 9 VIOLATIONS PENALTIES RULE 9 VIOLATIONS PENALTIES
OSI Architecture o ISO OSI International Standard OrganizationOSI Architecture o ISO OSI International Standard Organization
NM architectures RMON OSI Network Management Architecture OSINM architectures RMON OSI Network Management Architecture OSI
TCPIP OSI TCPIP OSI FOREFRONT SECURITY MS FOREFRONTTCPIP OSI TCPIP OSI FOREFRONT SECURITY MS FOREFRONT
Networking Fundamentals Introduction and OSI model OSI ModelNetworking Fundamentals Introduction and OSI model OSI Model
Lesson 2 Introduction to the OSI Model OSILesson 2 Introduction to the OSI Model OSI
Computer Networking Concepts OSI Model Introduction OSI OpenComputer Networking Concepts OSI Model Introduction OSI Open
The OSI Security Architecture Network Security 1 TheThe OSI Security Architecture Network Security 1 The
OSI Reference Model Layered Communication Sritrusta Sukaridhoto OSIOSI Reference Model Layered Communication Sritrusta Sukaridhoto OSI
OSI Model n Open Systems Interconnection OSI isOSI Model n Open Systems Interconnection OSI is
FUNGSI TIAP LAYER OSI Model Seven Layer OSIFUNGSI TIAP LAYER OSI Model Seven Layer OSI
OSI Model OSI Reference Model By Vibhav KrashanOSI Model OSI Reference Model By Vibhav Krashan
Sieci komputerowe Model OSI Model OSI z OpenSieci komputerowe Model OSI Model OSI z Open
OSI Modeli Hafta 3 OSI Model http wwwOSI Modeli Hafta 3 OSI Model http www