Network SecurityCurrent Status and Future Directions

Edited byChristos DouligerisDimitrios N. Serpanos

Wiley-InterscienceA John Wiley & Sons, Inc., Publication

InnodataFile Attachment9780470099735.jpg

Network Security

IEEE Press445 Hoes Lane

Piscataway, NJ 08854

IEEE Press Editorial BoardMohamed E. El-Hawary, Editor in Chief

R. Abari T. G. Croda R. J. HerrickS. Basu S. Farshchi M. S. NewmanA. Chatterjee S. V. Kartalopoulos N. SchulzT. Chen B. M. Hammerli

Kenneth Moore, Director of IEEE Book and Information Services (BIS)Steve Welch, Acquisitions Editor

Jeanne Audino, Project Editor

Technical ReviewersStuart Jacobs, Verizon

Lakshmi Raman, CableLabs Broadband Access Department

Network SecurityCurrent Status and Future Directions

Edited byChristos DouligerisDimitrios N. Serpanos

Wiley-InterscienceA John Wiley & Sons, Inc., Publication

Copyright 2007 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifi cally disclaim any implied warranties of merchantability or fi tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profi t or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Wiley Bicentennial Logo: Richard J. Pacifi co.

Library of Congress Cataloging-in-Publication Data is available.

ISBN 978-0-471-70355-6

Printed in the United States of America

10 9 8 7 6 5 4 3 2 1

http://www.copyright.comhttp://www.wiley.com/go/permissionhttp://www.wiley.com

ToVicky, Pennie, Kostis, Mariada, and our parents

Christos Douligeris

ToGeorgia, Loukia, and my parents

Dimitrios N. Serpanos

Contents

vii

Preface xiiiContributors xv

1. Computer Network Security: Basic Background and Current Issues 1

Panayiotis Kotzanikolaou and Christos Douligeris

1.1 Some Terminology on Network Security 1

1.2 ISO/OSI Reference Model for Networks 3

1.3 Network Security Attacks 71.4 Mechanisms and Controls for

Network Security: Book Overview and Structure 10

References 11

Part One Internet Security

2. Secure Routing 15

Ioannis Avramopoulos, Hisashi Kobayashi, Arvind Krishnamurthy, and Randy Wang

2.1 Introduction 152.2 Networking Technologies 162.3 Attacks in Networks 182.4 State of the Art 202.5 Conclusion and Research

Issues 28References 29

3. Designing Firewalls: A Survey 33

Angelos D. Keromytis and Vassilis Prevelakis

3.1 Introduction 333.2 Firewall Classifi cation 393.3 Firewall Deployment:

Management 433.4 Conclusions 48References 49

4. Security in Virtual Private Networks 51

Srinivas Sampalli

4.1 Introduction 514.2 VPN Overview 524.3 VPN Benefi ts 524.4 VPN Terminology 534.5 VPN Taxonomy 544.6 IPSec 574.7 Current Research on VPNs 604.8 Conclusions 61References 61

5. IP Security (IPSec) 65

Anirban Chakrabarti and Manimaran Govindarasu

5.1 Introduction 655.2 IPSec Architecture and

Components 675.3 Benefi ts and Applications of

IPSec 805.4 Conclusions 81References 82

6. IDS for Networks 83

John C. McEachen and John M. Zachary

6.1 Introduction 836.2 Background 846.3 Modern NIDSs 876.4 Research and Trends 936.5 Conclusions 95References 96

7. Intrusion Detection Versus Intrusion Protection 99

Luis Sousa Cardoso

7.1 Introduction 997.2 Detection Versus Prevention 102

viii Contents

7.3 Intrusion Prevention Systems: The Next Step in Evolution of IDS 104

7.4 Architecture Matters 1107.5 IPS Deployment 1127.6 IPS Advantages 1127.7 IPS Requirements: What to Look

For 1137.8 Conclusions 114References 115

8. Denial-of-Service Attacks 117

Aikaterini Mitrokotsa and Christos Douligeris

8.1 Introduction 1178.2 DoS Attacks 1188.3 DDoS Attacks 1208.4 DDoS Defense

Mechanisms 1278.5 Conclusions 131References 132

9. Secure Architectures with Active Networks 135

Srinivas Sampalli, Yaser Haggag, and Christian Labonte

9.1 Introduction 1359.2 Active Networks 1369.3 SAVE Test bed 1379.4 Adaptive VPN Architecture with

Active Networks 1389.5 (SAM) Architecture 1439.6 Conclusions 149References 150

Part Two Secure Services

10. Security in E-Services and Applications 157

Manish Mehta, Sachin Singh, and Yugyung Lee

10.1 Introduction 15710.2 What Is an E-Service? 15810.3 Security Requirements for E-

Services and Applications 160

10.4 Security for Future E-Services 175

References 177

11. Security in Web Services 179

Christos Douligeris and George P. Ninios

11.1 Introduction 17911.2 Web Services Technologies and

Standards 18011.3 Web Services Security

Standard 20111.4 Conclusions 203References 204

12. Secure Multicasting 205

Constantinos Boukouvalas and Anthony G. Petropoulos

12.1 Introduction 20512.2 IP Multicast 20512.3 Application Security

Requirements 20612.4 Multicast Security Issues 20712.5 Data Authentication 20712.6 Source Authentication

Schemes 20912.7 Group Key Management 21612.8 Group Management and Secure

Multicast Routing 22412.9 Secure IP Multicast

Architectures 22412.10 Secure IP Multicast Standardization

Efforts 22512.11 Conclusions 226References 226

13. Voice Over IP Security 229

Son Vuong and Kapil Kumar Singh

13.1 Introduction 22913.2 Security Issues in VoIP 22913.3 Vulnerability Testing 23413.4 Intrusion Detection

Systems 23813.5 Conclusions 243References 245

Contents ix

14. Grid Security 247

Kyriakos Stefanidis, Artemios G. Voyiatzis, and Dimitrios N. Serpanos

14.1 Introduction 24714.2 Security Challenges for

Grids 24814.3 Grid Security Infrastructure 24914.4 Grid Computing

Environments 25214.5 Grid Network Security 25314.6 Conclusions and Future

Directions 254References 255

15. Mobile Agent Security 257

Panayiotis Kotzanikolaou, Christos Douligeris, Rosa Mavropodi, and Vassilios Chrissikopoulos

15.1 Introduction 25715.2 Taxonomy of Solutions 26115.3 Security Mechanisms for Mobile

Agent Systems 264References 268

Part Three Mobile and Security

16. Mobile Terminal Security 275

Olivier Benoit, Nora Dabbous, Laurent Gauteron, Pierre Girard, Helena Handschuh, David Naccache, Stphane Soci, and Claire Whelan

16.1 Introduction 27516.2 WLAN and WPAN

Security 27616.3 GSM and 3GPP Security 27816.4 Mobile Platform Layer

Security 28416.5 Hardware Attacks on Mobile

Equipment 29016.6 Conclusion 294References 295

17. IEEE 802.11 Security 297

Daniel L. Lough, David J. Robinson, and Ian G. Schneller

17.1 Introduction 29717.2 Introduction to IEEE

802.11 29717.3 Wired Equivalent Privacy 30017.4 Additional IEEE 802.11 Security

Techniques 30217.5 Wireless Intrusion Detection

Systems 30617.6 Practical IEEE 802.11 Security

Measures 30917.7 Conclusions 311References 311

18. Bluetooth Security 313

Christian Gehrmann

18.1 Introduction 31318.2 Bluetooth Wireless

Technology 31318.3 Security Architecture 31518.4 Security Weaknesses and

Countermeasures 31818.5 Bluetooth Security: What Comes

Next? 327References 328

19. Mobile Telecom Networks 331

Christos Xenakis and Lazaros Merakos

19.1 Introduction 33119.2 Architectures Network 33119.3 Security Architectures 33619.4 Research Issues 34819.5 Conclusions 352References 352

20. Security in Mobile Ad Hoc Networks 355

Mike Burmester, Panayiotis Kotznanikolaou, and Christos Douligeris

20.1 Introduction 35520.2 Routing Protocols 35620.3 Security Vulnerabilities 360

x Contents

20.4 Preventing Attacks in MANETs 362

20.5 Trust in MANETs 36320.6 Establishing Secure Routes in a

MANET 36720.7 Cryptographic Tools for

MANETs 370References 371

21. Wireless Sensor Networks 375

Artemios G. Voyiatzis and Dimitrios N. Serpanos

21.1 Introduction 37521.2 Sensor Devices 37521.3 Sensor Network Security 37921.4 Future Directions 38821.5 Conclusions 388References 389

22. Trust 391

Lidong Chen

22.1 Introduction 39122.2 What Is a trust Model? 39122.3 How Trust Models Work? 39222.4 Where Trust Can Go

Wrong? 39922.5 Why Is It Diffi cult to Defi ne

Trust? 40122.6 Which Lessons Have We

Learned? 402References 403

Part Four Trust, Anonymity, and Privacy

23. PKI Systems 409

Nikos Komninos

23.1 Introduction 40923.2 Origins of Cryptography 40923.3 Overview of PKI Systems 41023.4 Components of PKI

Systems 411

23.5 Procedures of PKI Systems 41323.6 Current and Future Aspects of PKI

Systems 41423.7 Conclusions 416References 417

24. Privacy in Electronic Communications 419

Alf Zugenmaier and Joris Claessens

24.1 Introduction 41924.2 Protection from Third Party:

Confi dentiality 42024.3 Protection from Communication

Partner 42724.4 Invasions of Electronic Private

Sphere 43124.5 Balancing Privacy with Other

Needs 43424.6 Structure of Privacy 43624.7 Conclusion and Future

Trends 437References 437

25. Securing Digital Content 441

Magda M. Mourad and Ahmed N. Tantawy

25.1 Introduction 44125.2 Securing Digital Content: Need and

Challenges 44325.3 Content Protection

Techniques 44425.4 Illustrative Application: E-

Publishing of E-Learning Content 450

25.5 Concluding Remarks 456References 456

Appendix A. Cryptography Primer: Introduction to Cryptographic Principles and Algorithms 459

Panayiotis Kotzanikolaou and Christos Douligeris

A.1 Introduction 459A.2 Cryptographic Primitives 461A.3 Symmetric-Key

Cryptography 463

Contents xi

A.4 Asymmetric-Key Cryptography 468

A.5 Key Management 476A.6. Conclusions and Other Fields of

Cryptography 478References 479

Appendix B. Network Security: Overview of Current Legal and Policy Issues 481

Andreas Mitrakas

B.1 Introduction 481B.2 Network Security as a Legal

Requirement 482B.3 Network Security Policy

Overview 484B.4 Legal Aspects of Network

Security 487B.5 Self-Regulatory Security

Frameworks 502B.6 Conclusions 505References 505

Appendix C. Standards in Network Security 507

Despina Polemi and Panagiotis Sklavos

C.1 Introduction 507C.2 Virtual Private Networks: Internet

Protocol Security (IPSec) 507C.3 Multicast Security (MSEC) 512C.4 Transport Layer Security

(TLS) 513C.5 Routing Security 514C.6 ATM Networks Security 514C.7 Third-Generation (3G) Mobile

Networks 516C.8 Wireless LAN (802.11)

Security 522C.9 E-Mail Security 523C.10 Public-Key Infrastructure

(X.509) 526

Index 531

About the Editors and Authors 563

Preface

xiii

Network security is a critical parameter in the increasingly connected (networked) world.

Advances in communication systems and protocols, wired and wireless, achieving high speeds, high availability and low cost have enabled the development of high band-width backbones and have delivered high throughput to end users of private and public networks. Homes today are able to send and receive high bandwidth, real-time data, enabling high quality communication and a wide range of services. The progress in devel-opment, deployment and management of large, reliable networks has resulted not only in the evolution of new services, but to an infrastructure that leads to the provision of a wide range of consumer services that are signifi cantly more cost-effective than traditional ones. It is no surprise that the evolution of all these networks, and especially the Interneta public networkis changing the economy worldwide.

The continuous deployment of network services over this wide range of public and private networks has led to transactions and services that include personal, and sometimes quite sensitive, data. One only needs to consider simple, everyday services from pay-per-view and cable telephony to bill payments by phone, credit card charging and Internet banking. Such services require signifi cant effort not only to protect the sensitive data involved in the transactions and services, but to ensure integrity and availability of network services as well.

A typical approach to provide these services and increase security and dependability has been to deploy services over private networks, which are easier to protect than public ones. However, the advent of the Internet has changed electronic business models, provid-ing high fl exibility, ease of use, and enabling service deployment with substantially lower cost. Thus, the role of network security is signifi cantly more important in emerging network environments, where even private networks connect to the Internet, in order to exploit its multiple advantages.

As the view of traditional distributed systems has changed to a network-centric view in all types of application networksfi nancial, citizen support, military, etc.and as the requirement for employing heterogeneous networks and systems becomes increasingly important, the complexity of these systems has led to signifi cant security fl aws and prob-lems. The traditional approach to network service development, using several layers and protocols, together with the lack of systematic methods to design and implement secure end systems leads to vulnerabilities and diffi culties in implementing and managing secu-rity. Attackers continuously fi nd vulnerabilities at various levels, from the network itself to operating systems, and exploit them to crack systems and services.

The result of these phenomena is a signifi cant effort by the research community to address the design and implementation of secure computing systems and networks in order to enable the deployment of secure services. Due to the conventional approaches for service development over such complex, and most often heterogeneous networks and systems, the efforts of the networking community have been several and at various fronts. Thus, currently, there exist several approaches to provide security at various levels and degrees: secure protocols, secure protocol mechanisms, secure services (e.g., phone), fi rewalls, intrusion detection systems (IDS), etc.

xiv Preface

This book considers and addresses several aspects of network security, in an effort to provide a publication that summarizes the main current status and the promising and interesting future directions and challenges. The presented approaches are state-of-the-art, described by leaders in the fi eld. They include trends at several fronts, from Internet pro-tocols to fi rewalls and from mobile systems to IDS systems.

The chapters of the book are divided into four main sections which consider the main research challenges of today and the important approaches providing promising results for the future: (a) Internet security, (b) secure services, (c) security in mobile systems and (d) trust, anonymity and privacy. In each part several chapters address the main research results and trends. Importantly, we have included 3 appendices of critical background knowledge for the reader who is new to this important research area; the appendices cover (a) a primer in cryptography, (b) legal aspects and (c) standards in network security. Considering the debate about the increasing importance of security in everyday life and the catastrophic results its illegal and unethical use may bring, we believe that the appen-dices provide a good basis for readers who are interested in the role, restrictions, and limi-tations of network security in the emerging globally networked world.

In our effort to put this book together, we had the support of several authors, who have written the chapters, providing knowledge and insight through their efforts. The 25 chapters constitute a signifi cant effort on their behalf and we thank them for their efforts. The results of these efforts are a collection of high-quality chapters, which enable the reader to understand the main problems, results, and trends in most aspects of modern network security.

Also, we thank the reviewers of the book, who have provided insightful comments and helped improve the presentation and the quality of the book. Finally, we thank IEEE for its support to this effort and its high-quality work in the production of the fi nal result. As the overall effort has taken longer than expected, we also appreciate the patience of the authors until the production of the fi nal book. We certainly hope that the publication will prove to be a useful tool to all readers interested in network security.

Christos Douligeris Dimitrios N. Serpanos

Piraeus, GreecePatras, GreeceMarch 2007

Contributors

xv

Ioannis AvramopoulosDepartment of Computer Science,Princeton University,Princeton, New Jersey

Olivier BenoitSecurity Labs, Gemalto, La Ciotat, France

Constantinos BoukouvalasResearch and Development,OTE SA, Athens, Greece

Mike BurmesterDepartment of Computer Science,Florida State University, Tallahassee, Florida

Luis Sousa CardosoPortugal Telecom,Lisboa, Portugal

Anirban ChakrabartiDepartment of Electrical and Computer

Engineering,Iowa State University, Ames, Iowa

Lidong ChenComputer Security Division,National Institute of Standards and Technology

(NIST),Gaithersburg, Maryland

Vassilios ChrissikopoulosDepartment of Archiving and Library Studies,Ionian University, Corfu, Greece

Joris ClaessensEuropean Microsoft Innovation Center,Aachen, Germany

Nora DabbousIngenico,Paris, France

Christos DouligerisDepartment of Informatics,University of Piraeus,Piraeus, Greece

Laurent GauteronSecurity Labs,Gemalto, La Ciotat, France

Christian GehrmannEricsson Mobile Platforms AB,Lund, Sweden

Pierre GirardSecurity Labs,Gemalto, La Ciotat, France

Manimaran GovindarasuDepartment of Electrical and Computer

Engineering,Iowa State University,Ames, Iowa

Yaser HaggagDepartment of Computer Science,Dalhousie University,Halifax, Canada

Helena HandschuhSpansion,Levallois-Perret, France

xvi Contributors

Angelos D. KeromytisDepartment of Computer Science,Columbia University,New York, New York

Hisashi KobayashiDepartment of Electrical Engineering,School of Engineering and Applied Science,Princeton University,Princeton, New Jersey

Nikos KomninosAthens Information Technology,Peania, Attiki, Greece

Panayiotis KotzanikolaouDepartment of Informatics,University of Piraeus,Piraeus, Greece

Arvind KrishnamurthyDepartment of Computer Science and

Engineering,University of Washington,Seattle, Washington

Christian LabonteDepartment of Computer Science,Dalhousie University,Halifax, Canada

Yugyung LeeSchool of Computing Engineering,University of MissouriKansas City,Kansas City, Missouri

Daniel L. LoughGlobal Security Consultants,Warrenton, Virginia

Rosa MavropodiDepartment of Informatics,University of Piraeus,Piraeus, Greece

John C. McEachenDepartment of Electrical and Computer

Engineering,Naval Postgraduate School,Monterey, California

Manish MehtaSchool of Computing Engineering,University of MissouriKansas City,Kansas City, Missouri

Lazaros MerakosDepartment of Informatics and

Telecommunications,University of Athens,Athens, Greece

Andreas MitrakasEuropean Network and Information Security

Agency (ENISA),Heraklion, Greece

Aikaterini MitrokotsaDepartment of Informatics,University of Piraeus,Piraeus, Greece

Magda M. MouradIBM Thomas J. Watson Research Center,Yorktown Heights, New York

David NaccacheUniversit Paris II, Panthon-Assas,Paris, France

George P. NiniosDepartment of Informatics,University of Piraeus,Piraeus, Greece

Anthony G. PetropoulosDepartment of Informatics,University of Piraeus,Piraeus, Greece

Despina PolemiDepartment of Informatics,University of Piraeus,Piraeus, Greece

Contributors xvii

Vassilis PrevelakisDepartment of Computer Science,Drexel University,Philadelphia, Pennsylvania

David J. RobinsonGlobal Security Consultants,Odenton, Maryland

Snirivas SampalliDepartment of Computer Science,Dalhousie University,Halifax, Canada

Ian G. SchnellerGlobal Security Consultants,Odenton, Maryland

Dimitrios N. SerpanosDepartment of Electrical and Computer

Engineering,University of Patras,Patras, Greece

Kapil Kumar SinghDepartment of Computer Science,University of British Columbia,Vancouver, Canada

Sachin SinghHeartlab,Westerly, Rhode Island

Panagiotis SklavosTechnical Department,Expertnet SA,Chalandri, Greece

Stphane SociSecurity Labs,Gemalto, La Ciotat, France

Kyriakos StefanidisDepartment of Electrical and Computer

Engineering,University of Patras,Patras, Greece

Ahmed N. TantawyIBM Thomas J. Watson Research Center,Yorktown Heights, New York

Artemios G. VoyiatzisDepartment of Electrical and Computer

Engineering,University of Patras,Patras, Greece

Son VuongDepartment of Computer Science,University of British Columbia,Vancouver, Canada

Randy WangMicrosoft Research,Bangalore, India

Claire WhelanSchool of Computing,Dublin City University,Dublin, Ireland

Christos XenakisDepartment of Informatics and

Telecommunications,University of Athens,Athens, Greece

John M. ZacharyDepartment of Electrical and Computer

Engineering,Naval Postgraduate School,Monterey, California

Alf ZugenmaierDoCoMo Euro-Labs,Munich, Germany

Chapter 1

Computer Network Security: Basic Background and Current IssuesPanayiotis Kotzanikolaou and Christos Douligeris

1.1 SOME TERMINOLOGY ON NETWORK SECURITY

The purpose of this chapter is to introduce some basic network security terms and lead the reader through the rest of the book. It provides a baseline level of knowledge in the areas of information technology (IT) security and network security for those readers who are unfamiliar with these concepts. It also provides a set of common terms and defi nitions which will help those readers who already have some basic knowledge in network security to have a common understanding of the chapters that follow. However, advanced readers with a good background in networking and IT security may skip this chapter and proceed to the more specifi c areas covered in this book.

A broad defi nition of network security can be constructed by defi ning its two compo-nents, security and networks. Security may be given a wide variety of defi nitions. Accord-ing to the Oxford Dictionary, security is the freedom from danger or anxiety. Security can also be defi ned as follows:

A situation with no risk, with no sense of threat

The prevention of risk or threat

The assurance of a sense of confi dence and certainty

In traditional information theory [1], security is described through the accomplishment of some basic security properties, namely confi dentiality, integrity, and availability of information. Confi dentiality is the property of protecting the content of information from all users other than those intended by the legal owner of the information. The nonintended users are generally called unauthorized users. Other terms such as privacy have been used almost synonymously with confi dentiality. However, the term privacy represents a human attribute with no quantifi able defi nition. Integrity is the property of protecting information from alteration by unauthorized users. Availability is the property of protecting information from nonauthorized temporary or permanent withholding of information.

Other basic security properties are authentication and nonrepudiation. Authentication is divided into peer-entity authentication and data origin authentication. Peer entity authen-tication is the property of ensuring the identity of an entity (also called subject), which

1

Network Security: Current Status and Future Directions, Edited by C. Douligeris and D. N. SerpanosCopyright 2007 the Institute of Electrical and Electronics Engineers, Inc.

2 Chapter 1 Computer Network Security

may be a human, a machine, or another asset such as a software program. Data origin authentication is the property of ensuring the source of the information. Finally, nonrepu-diation is the property of ensuring that principals that have committed to an action cannot deny that commitment at a latter time. Detailed treatment of security properties can be found in several security standards, such as the ISO/IEC (International Organization for Standardization/International Engineering Consortium) 7498-2 [2] and the ITU-T (Inter-national Telecommunication Union) X.800 security recommendation [3].

In a practical approach, IT security involves the protection of information assets [4]. In a traditional IT risk analysis terminology, an asset is an object or resource which is worthy enough to be protected. Assets may be physical (e.g., computers, network infra-structure elements, buildings hosting equipment), data (e.g., electronic fi les, databases), or software (e.g., application software, confi guration fi les). The protection of assets can be achieved through several security mechanisms, that is, aimed at the prevention, detec-tion, or recovery of assets from security threats and vulnerabilities. A security threat is any event that may harm an asset. When a security threat is realized, an IT system or network is under a security attack. The attacker or threat agent is any subject or entity that causes the attack. The impact of the threat measures the magnitude of the loss that would be caused to the asset or asset owner if the threat were realized against it. A security vulnerability is any characteristic in a system which makes an asset more vulnerable to threats. The combination of threats, vulnerabilities, and assets provides a quantifi ed and/or qualifi ed measure of the likelihood of threats being realized against assets as well as the impact caused due to the realization of a threat. This measure is known as the security risk. Thus, the security mechanisms provide capabilities that reduce the security risk of a system. Note that system and network security do not rely solely on technical security mechanisms. In almost every information system and network, procedural and organiza-tional measures are generally required in addition to technical mechanisms in order to accomplish the desired security goals.

A computer network, or simply a network, is a collection of connected computers. Two or more computer systems are considered as connected if they can send and receive data from each other through a shared-access medium. The communicating entities in a computer network are generally known as principals, subjects, or entities. These principals can be further divided into users, hosts, and processes:

A user is a human entity responsible for its actions in a computer network.

A host is an addressable entity within a computer network. Each host has a unique address within a network.

A process is an instance of an executable program. It is used in a clientserver model in order to distinguish between the client and the server processes: A client process is a process that makes requests of a network service. A server process is a process that provides a network service, for example, a

demon process running continuously in the background on behalf of a service.

A network is considered as a wired or fi xed network if the access medium is some kind of physical cable connection between the computers, such as a copper cable or a fi ber-optic cable. On the other hand, a network is considered as a wireless network if the access medium relies on some kind of signaling through the air, such as radio frequency (RF) communication. A network can also be divided according to its geographical coverage. Depending on its size, a network can be a personal area network (PAN), a local area network (LAN), a metropolitan area network (MAN), or a wide area network (WAN).

1.2 ISO/OSI Reference Model for Networks 3

Regardless of the access medium and the coverage of a network, network security can be considered through the achievement of two security goals: computer system securityand communication security:

The goal of computer system security is to protect information assets against unau-thorized or malicious use as well as to protect the information stored in computer systems from unauthorized disclosure, modifi cation, or destruction.

The goal of communication security is to protect information during its transmission through a communication medium from unauthorized disclosure, modifi cation, or destruction.

1.2 ISO/OSI REFERENCE MODEL FOR NETWORKS

In order to have a deep understanding of the way that networking is performed, network reference models have been developed that group similar functions into abstractions known as layers. Each layers functions can communicate with the same layers functions of another network host. On the same host, the functions of a particular layer have inter-faces to communicate with the layers below and above it. This abstraction simplifi es and properly defi nes the necessary actions for networking.

The ISO Open Systems Interconnection (OSI) reference model [5] defi nes seven network layers as well as their interfaces. Each layer depends on the services provided by its intermediate lower layer all the way down to the physical network interface card and the wiring. Then, it provides its services to its immediate upper layer, all the way up to the running application. It needs to be noted that not all protocol stacks include all seven layers. The most popular protocol suite, Transmission Control Protocol/Internet Protocol (TCP/IP), has fi ve layers. There are no presentation and no session layers; the functions of these layers are incorporated in the layers above and below.

The seven layers of the OSI reference model are briefl y described bellow, from the highest to the lowest one:

Layer 7: Application Layer. This layer deals with the communication issues of an application. It identifi es and establishes the availability of the communicating prin-cipals and is also responsible to interface with the user. Examples of application layer protocols include the Session Initiation Protocol (SIP), the HyperText Transfer Protocol (HTTP), the File Transfer Protocol (FTP), the Simple Mail Transfer Pro-tocol (SMTP), and Telnet, to name just a few.

Layer 6: Presentation Layer. This layer is responsible for presenting the data to the upper application layer. Essentially, it translates the data and it performs tasks like data compression and decompression and data encryption and decryption. Some of the well-known standards and protocols of this layer include ASCII, ZIP, JPEG, TIFF, RTP, and the MIDI format.

Layer 5: Session Layer. This layer is responsible for initiating the contact between two computers and setting up the communication lines. It formats the data for transfer and it maintains the end-to-end connection. Two examples of session layer protocols are the remote procedure call (RPC) and the secure sockets layer (SSL) protocols.

Layer 4: Transport Layer. This layer defi nes how to address the physical locations of the network, establish connections between hosts, and handle network messag-

4 Chapter 1 Computer Network Security

ing. It also maintains the end-to-end integrity of the session and provides mecha-nisms to support session establishment for the upper layers. The TCP and the User Datagram Protocol (UDP) are the most widely known protocols of this layer, with the Stream Control Transmission Protocol (SCTP) gaining in usage.

Layer 3: Network Layer. This layer is responsible for routing and relaying the data between the network hosts. Its primary function is to send fragments of data called packets from a source to a destination host. It also includes the management of error detection, message routing, and traffi c control. The IP belongs at this layer.

Layer 2: Data Link Layer. This layer defi nes the conditions that must be followed by a host in order to access the network. It establishes the link between the hosts over a physical channel. It ensures message delivery to the proper device and trans-lates the transmitted bits for the lowest physical layer. Ethernet and Token Ring are typical examples of protocols that operate at this layer.

Layer 1: Physical Layer. This layer defi nes the physical connection between a host and a network. It mainly converts the bits into physical signaling suitable for trans-mission, such as voltages or light impulse. The device drivers that handle the com-munications hardware (network cards, wireless cards etc) operate at this layer.

The X.200 [6] recommendation of the ITU-T is aligned with the ISO/IEC 7498-1 standard.

1.2.1 Security in ISO/OSI Reference Model

According to the ISO/IEC 7498-1 [5] standard, each protocol layer is composed of three functional planes: users (also called bearers), signaling and control, and management. In order to secure network communications the security objectives should be accomplished in each appropriate protocol layer and in each suitable functional plane. The ISO/IEC 7498-2 [2] standard and the ITU-T X.800 Security Architecture for Open Systems Inter-connection recommendation [3] extend the ISO/OSI 7498-1 reference model (also described in the ITU-T recommendation X.200) to cover security aspects which are general archi-tectural elements of communications protocols. The X.800 recommendation provides a general description of security services and related mechanisms, which may be provided by the reference model. It also defi nes the positions within the reference model where the services and mechanisms may be provided.

Based on [2, 3], the security objectives are accomplished through security policiesand security services. A security policy is the set of criteria that defi ne the provision of security services, where a security service is a service which is provided by a layer of communicating open systems, in order to ensure adequate security of the systems or of data transfers. The security services are implemented by security mechanisms which are in general mechanisms that can be used to technically enforce and implement a security service.

1.2.2 Security Services and Security Mechanisms

As described in [2, 3], the basic security services in OSI communications include the following:

1.2 ISO/OSI Reference Model for Networks 5

1. Authentication. This service may be used to prove that the claimed identity of a communicating principal is valid (peer entity authentication) or that the claimed source of a data unit is valid (data origin authentication).

2. Access Control. This service can be used to protect the information assets and resources available via OSI from unauthorized access. This service may be applied to various types of access, such as read, write, or execute or combinations of the above. Access to resources may be controlled through various types of access policies, such as rule-based or identity-based security policies. The access control services should cooperate with the authentication services, since granting access rights to a principal requires prior authentication of the principal requesting a par-ticular access.

3. Data Confi dentiality. This service protects the data from disclosure to unauthor-ized principals. According to the X.800 recommendation, variants of this service include connection confi dentiality (when it involves all the layers of the commu-nication), connectionless confi dentiality (when it provides confi dentiality in a connectionless service data unit), selective fi eld confi dentiality (when it protects selective fi elds of the data), and traffi c fl ow confi dentiality (when it protects infor-mation that could be potentially derived from observation of traffi c fl ows).

4. Data Integrity. This service ensures that during their transmission the data are not altered by unauthorized principals. This service may have several forms. Connec-tion integrity with recovery provides integrity of the data and also detects modifi ca-tion, insertion, deletion, and replay of data. In contrast, connection integrity withrecovery does not attempt recovery. Selective fi eld connection integrity provides integrity for selective data fi elds within a connection. Connectionless versions of the above services also exist for connectionless data units.

5. Nonrepudiation. This service ensures that a principal cannot deny the transmis-sion or the receipt of a message. This service may take one or both of two forms. With nonrepudiation with proof of origin the recipient of data is provided with proof of the origin of data, so that the sender cannot later deny that he or she sent the particular data. With nonrepudiation with proof of delivery the sender of data is provided with proof of the delivery of data, so that the receiver cannot later deny having received the particular data.

Table 1.1 describes the relationship of security services and layers, as described [3]. It should be noted that in the application layer 7 it is possible that the application process itself provides security services.

The implementation of the security services is provided through security mechanisms. These can also be divided into several categories:

1. Encipherment Mechanisms. These mechanisms provide data confi dentiality ser-vices by transforming the data to forms not readable by unauthorized principals. The encipherment mechanisms can also complement a number of other security mechanisms. The encipherment algorithms are generally divided into symmetric(or secret key), where the same secret key is used for both encipherment and decipherment, and asymmetric (or public key), where two mathematically bounded keys are used, the public key for encipherment and the private, or secret, key for decipherment. Knowledge of the public key does not imply knowledge of the secret key. Issues related with the management of the keys are raised both in symmetric and asymmetric encipherment mechanisms. Examples of symmetric encipherment

6 Chapter 1 Computer Network Security

algorithms are AES, Twofi sh, and RC5, where examples of asymmetric encipher-ment algorithms are RSA and ElGamal. These are described in more detail in Appendix A. Network security protocols such as SSL/transport-level security (TLS) and IP Security (IPSec) discussed in Chapter 5 as well as security mecha-nisms such as virtual private networks (VPNs) discussed in Chapter 4 also use encipherment mechanisms to protect the confi dentiality of the communication.

2. Digital Signatures. Digital signatures are the electronic equivalent of ordinary signatures in electronic data. Such mechanisms are constructed by properly apply-ing asymmetric encipherment. The decipherment of a data unit with the private key of an entity corresponds to the signature procedure of the data unit. The result is the digital signature of the particular data unit produced by the holder of the private key. The encipherment of the generated digital signature with the corre-sponding public key of the particular entity corresponds to the verifi cation proce-dure. Digital signatures can be used to provide peer entity authentication and data origin authentication, data integrity, and nonrepudiation services. RSA, ElGamal, and DSA are examples of signature algorithms (see Appendix A for more details).

3. Access Control Mechanisms. The access control mechanisms are used to provide access control services. These mechanisms may use the authenticated identity of an entity or other information related with an entity (e.g., membership, permis-sions, or capabilities of the entity) in order to determine and enforce the access rights of the entity. The access control mechanisms may also report unauthorized access attempts as part of a security audit trail. Examples of access control mecha-nisms are fi rewalls (see Chapter 3) and operating system user access privileges.

4. Data Integrity Mechanisms. These mechanisms provide data integrity services by appending some kind of checksums to the data which may prove alteration of the data. Data integrity may involve a single data unit or fi eld or a stream of data units or fi elds. In general, provision of the second without the fi rst is not practical. The message authentication codes (MACs) and the digital signatures described in Appendix A can be used as data integrity mechanisms.

Table 1.1 Relationship of Security Services and Layers 17

Service 1 2 3 4 5 6 7

Peer entity authentication X X XData origin authentication X X XAccess control service X X XConnection confi dentiality X X X X X XConnectionless confi dentiality X X X X XSelective fi eld confi dentiality X XTraffi c fl ow confi dentiality X X XConnection integrity with recovery X XConnection integrity without recovery X X XSelective fi eld connection integrity XConnectionless integrity X X XSelective fi eld connectionless integrity XNonrepudiation of origin XNonrepudiation of delivery X

5. Authentication Mechanisms. These mechanisms provide authentication services by assuring the identity of a principal. Examples of such mechanisms are pass-words, cryptographic techniques, and biometrics. Authentication mechanisms may also be based on cryptographic techniques and trust infrastructures such as public key infrastructure (PKI), which are analyzed in Chapters 22 and 23, respectively.

6. Traffi c-Padding Mechanisms. These mechanisms provide protection from traffi c analysis attacks. Several network protocols and security mechanisms include padding mechanisms to protect the exchanged communication. These can be effec-tive only if the traffi c padding is protected by a confi dentiality service.

7. Routing Control Mechanisms. These mechanisms allow the selection of a specifi c route for the communicating data, either dynamically or statically through prear-ranged routes. Moreover, by applying security policies, data carrying certain secu-rity labels may be routed through certain subnetworks, relays, or links. Hackers, viruses, and malicious programs frequently exploit the security vulnerabilities of routing protocols in order to launch network security attacks. In Chapter 2, routing security is extensively discussed. Furthermore, Chapter 20 also discusses secure routing for wireless ad hoc networks.

8. Notarization Mechanisms. Finally, notarization mechanisms are used to assure the integrity, the source or destination, and the time of sending or delivering of transmitted data. Such assurance mechanisms may be part of the networking pro-tocols in use and/or of a trusted third party which may be used to assure the com-munication consistency and nonrepudiation. A notarization mechanism may be supported by other mechanisms such as digital signatures, encipherment, or integ-rity mechanisms.

Table 1.2 describes the relationship between security services and security mecha-nisms. If a mechanism is indicated as appropriate for a given service, this may be either on its own or in combination with other mechanisms. More details can be found in [3].

Other recommendations extend the security architecture of X.800 to focus on lower layer [7] and upper layer [8] security models. Moreover, the X.810X.816 recommenda-tions [915] focus on security frameworks for open systems and frameworks for authen-tication, access control, nonrepudiation, confi dentiality, integrity, and security audit and alarms. The ISO/IEC standard also defi nes the corresponding security standards in [1622] as well as standards for generic upper [23] and lower [24] layer security.

1.3 NETWORK SECURITY ATTACKS

It is obvious from the description above that security threats and attacks may involve any layer, from the physical to the application. It is possible that a successful attack in one layer may render useless the security measures taken in the other layers. Some basic network security attacks are described below:

Eavesdropping Attacks. These attacks consist of the unauthorized interception of network communication and the disclosure of the exchanged information. This can be performed in several different layersfor example, in the network layer by sniffi ng into the exchanged packets or in the physical layer by physically wiretap-ping the access medium (cabling or wireless medium).

1.3 Network Security Attacks 7

Tab

le 1

.2

Rel

atio

nshi

p B

etw

een

Secu

rity

Ser

vice

s an

d M

echa

nism

s

Dig

ital

Acc

ess

Dat

a A

uthe

ntic

atio

n T

raffi

c

Rou

ting

Serv

ice

Enc

iphe

rmen

t Si

gnat

ure

Con

trol

In

tegr

ity

Exc

hang

e Pa

ddin

g C

ontr

ol

Not

ariz

atio

n

Peer

ent

ity a

uthe

ntic

atio

n X

X

X

Dat

a or

igin

aut

hent

icat

ion

X

X

Acc

ess

cont

rol

serv

ice

X

Con

nect

ion

confi

den

tialit

y X

X

Con

nect

ionl

ess

confi

den

tialit

y X

X

Sele

ctiv

e fi e

ld c

onfi d

entia

lity

X

Tra

ffi c

fl o

w c

onfi d

entia

lity

X

X

X

Con

nect

ion

inte

grity

with

rec

over

y X

X

Con

nect

ion

inte

grity

with

out

reco

very

X

X

Sele

ctiv

e fi e

ld c

onne

ctio

n in

tegr

ity

X

X

Con

nect

ionl

ess

inte

grity

X

X

X

Sele

ctiv

e fi e

ld c

onne

ctio

nles

s in

tegr

ity

X

X

X

Non

repu

diat

ion

of o

rigi

n

X

X

X

Non

repu

diat

ion

of d

eliv

ery

X

X

X

8

Logon Abuse Attacks. A successful logon abuse attack would bypass the authen-tication and access control mechanisms and allow a user to obtain access with more privileges than authorized.

Spoofi ng Attacks. Spoofi ng is the act of a subject asserting an identity that the subject has no right to use. A simple instance of this type of attacks is IPspoofi ng, through which a system is convinced that it is communicating with a known principal and thus provides access to the attacker. The attacker sends a packet with an IP source address of a known trusted host by altering the packet at the transport layer. The target host may be deceived and accept the modifi ed packet as valid.

Intrusion Attacks. These types of attacks focus on unauthorized users gaining access to a system through the network. Such an attack would target specifi c vulnerabilities in assets. For example, a typical Web server intrusion attack is a buffer overfl ow attack, which occurs when a Web service receives more data than it has been programmed to handle and thus reacts in unexpected and unpredicted ways.

Hijacking Attacks. These attacks are essentially attempts to gain unauthorized access to a system by using a legitimate entitys existing connection. For example, at the session layer, if a user leaves an open session, this can be subject to sessionhijacking by an attacker. An example of session hijacking is the TCP sequence number attack: This attack exploits the communication session which was established between

the target host and a legitimate host that initiated the session. The attacker hijacks the session of the legitimate host by predicting a sequence number selected by the target host, which is used by the TCP.

Denial-of-Service (DoS) Attacks. These attacks attempt to exhaust the network or server resources in order to render it useless for legitimate hosts and users. A more advance type is the distributed denial-of-service (DDoS) attacks, where the attacker uses resources from a distributed environment against a target host. Some well-known DoS attacks are as follows: SYN Attack. In a SYN attack, the attacker exploits the inability of a server

process to handle unfi nished connection requests. The attacker fl oods a server process with connection requests, but it does not respond when the server answers those requests. This causes the attacked system to crash, while waiting for the proper acknowledgments of the initial requests.

Ping of Death. This is an early DoS attack in which an attacker sends a ping request that is larger than 65,536 bytes, which is the maximum allowed size for the IP, causing the system to crash or restart. Such attacks are not in use today, since most operating systems have implemented measures against it.

Application-Level Attacks. These attacks are concerned with the exploitation of weaknesses in the application layer and really focus on intrusion attacks in most casesfor example, security weaknesses in the Web server, in the specifi c technol-ogy used in the website, or in faulty controls in the fi ltering of an input on the server side. Examples of these attacks include malicious software attacks (viruses, Trojans,etc.), Web server attacks, remote command execution, Structured Query Language (SQL) injection, and cross-site scripting (XSS).

1.3 Network Security Attacks 9

10 Chapter 1 Computer Network Security

1.4 MECHANISMS AND CONTROLS FOR NETWORK SECURITY: BOOK OVERVIEW AND STRUCTURE

Several security mechanisms and controls have been developed to provide security ser-vices in various network layers for both wired and wireless networks and for various network protocols. Many of these mechanisms and controls are described in the following chapters of this book. Here we refer to some well-known mechanisms in order to familiar-ize the inexperienced reader with basic security mechanisms. The remainder of the book is organized in four topical parts of network security.

Part I (Chapters 29) discusses current security issues on todays Internet. At the core of network security is the protection of message routing and relaying. Several mechanisms and controls that deal with secure routing are discussed in Chapter 2. Firewalls are the basic mechanism for access control in networks, which are discussed in Chapter 3. The protection of message confi dentiality and integrity in remote communications may rely on security mechanisms that protect the communication as if it was performed in a closed network. These mechanisms are known as VPNs and are discussed in Chapter 4. Chapter 5 continues the study of IP security mechanisms, such as the IPSec and the SSL/TLS protocols.

Since the prevention of network attacks in not always successful, several tools have been developed in order to detect possible intrusion attacks. Intrusion detection systems (IDSs) for networks are explained in detail in Chapter 6. Chapter 7 continues on the same subject by analyzing intrusion prevention systems, which also take preventive measures in the presence of an attack. This chapter compares intrusion detection and intrusion prevention.

One of the most important categories of attacks against network availability which cannot always be dealt with using the mechanisms described in the previous chapters is DoS attacks. These are discussed in Chapter 8. Finally, security in active networks is dis-cussed in Chapter 9.

Secure networks rely heavily on secure network services, which is the topic of Part II (Chapters 1015). Security in E-services and applications is discussed in Chapter 10, where application layer vulnerabilities are analyzed along with existing security mecha-nisms. Protection of network communications in the application layer may involve higher level security mechanisms. Chapter 11 describes specifi c mechanisms of this layer and more particularly Web services security mechanisms. Security in specifi c network services such as IP Multicast and Voice over IP are analyzed in Chapters 12 and 13, respectively. Furthermore, Chapter 14 discusses the vulnerabilities and the security measures for Grids. Finally, Chapter 15 discusses security issues of mobile code used in networking, such as mobile agent security mechanisms. These are mainly used in another case of special-purpose networks, mainly intelligent networks.

Wireless networks, in general, have special security needs which are not always covered by the traditional network security mechanisms for several reasons, such as the difference in the access medium and the effi ciency requirements. Part III (Chapters 1621) is concerned with security in wireless networks. Chapter 16 discusses the issues of mobile terminal security for several wireless communication protocols. A very popular wireless communications protocol is the Institute of Electrical and Electronics Engineers (IEEE) 802.11. The security of IEEE 802.11 is discussed in Chapter 17. Chapter 18 refers to the security issues of another popular wireless protocol, Bluetooth. Chapter 19 analyzes mobile telecom network security, where emphasis is given on the effi ciency impact of security measures in these networks.