1

CHAPTER

INTRODUCTION

1.1 The OSI Security Architecture

1.2 Security Attacks
1.3 Security Services
1.4 Security Mechanisms
1.5 A Model for Network Security
Chapter 1 2

KEY POINTS

• The OSI (open systems interconnection) security

architecture provides a systematic framework for defining
security attacks, mechanisms, and services.
• Security attacks are classified as either passive attacks,
which include unauthorized reading of a message of file
and traffic analysis; and active attacks, such as
modification of messages or files, and denial of service.
• A security mechanism is any process (or a device
incorporating such a process) that is designed to detect,
prevent, or recover from a security attack. Examples of
mechanisms are encryption algorithms, digital signatures,
and authentication protocols.
• Security services include authentication, access control,
data confidentiality, data integrity, nonrepudiation, and
availability.

The requirements of information security within an

organization have undergone two major changes in the last several
decades. Before the widespread use of data processing equipment,
the security of information felt to be valuable to an organization
was provided primarily by physical and administrative means. An
example of the former is the use of rugged filing cabinets with a
combination lock for storing sensitive documents. An example of
the latter is personnel screening procedures used during the hiring
process.
With the introduction of the computer, the need for
automated tools for protecting files and other information stored
on the computer became evident. This is especially the case for a
shared system, such as a time-sharing system, and the need is even
more acute for systems that can be accessed over a public
telephone network, data network, or the Internet. The generic
Chapter 1 3

name for the collection of tools designed to protect data and to

thwart hackers is computer security.
The second major change that affected security is the
introduction of distributed systems and the use of networks and
communications facilities for carrying data between terminal user
and computer and between computer and computer. Network
security measures are needed to protect data during their
transmission. In fact, the term network security is somewhat
misleading, because virtually all business, government, and
academic organizations interconnect their data processing
equipment with a collection of interconnected networks. Such a
collection is often referred to as an internet, and the term internet
security is used.
There are no clear boundaries between these two forms of
security. For example, one of the most publicized types of attack
on information systems is the computer virus. A virus may be
introduced into a system physically when it arrives on a diskette or
optical disk and is subsequently loaded onto a computer. Viruses
may also arrive over an internet. In either case, once the virus is
resident on a computer system, internal computer security tools
are needed to detect and recover from the virus.
This book focuses on internet security, which consists of
measures to deter, prevent, detect, and correct security violations
that involve the transmission of information. That is a broad
statement that covers a host of possibilities. To give you a feel for
the areas covered in this book, consider the following examples of
security violations:

1. User A transmits a file to user B. The file contains sensitive

information (e.g., payroll records) that is to be protected
from disclosure. User C, who is not authorized to read the
file, is able to monitor the transmission and capture a copy
of the file during its transmission.
2. A network manager, D, transmits a message to a computer,
E, under its management. The message instructs computer
E to update an authorization file to include the identities of
a number of new users who are to be given access to that
Chapter 1 4

computer. User F intercepts the message, alters its contents

to add or delete entries, and then forwards the message to
E, which accepts the message as coming from manager D
and updates its authorization file accordingly.
3. Rather than intercept a message, user F constructs its own
message with the desired entries and transmits that message
to E as if it had come from manager D. Computer E accepts
the message as coming from manager D and updates its
authorization file accordingly.
4. An employee is fired without warning. The personnel
manager sends a message to a server system to invalidate
the employee's account. When the invalidation is
accomplished, the server is to post a notice to the
employee's file as confirmation of the action. The employee
is able to intercept the message and delay it long enough to
make a final access to the server to retrieve sensitive
information. The message is then forwarded, the action
taken, and the confirmation posted. The employee's action
may go unnoticed for some considerable time.
5. A message is sent from a customer to a stockbroker with
instructions for various transactions. Subsequently, the
investments lose value and the customer denies sending the
message.

Although this list by no means exhausts the possible types

of security violations, it illustrates the range of concerns of
network security. Internetwork security is both fascinating and
complex. Some of the reasons follow:

1. Security involving communications and networks is not as

simple as it might first appear to the novice. The
requirements seem to be straightforward; indeed, most of
the major requirements for security services can be given
self-explanatory one-word labels: confidentiality,
authentication, nonrepudiation, integrity. But the
mechanisms used to meet those requirements can be quite
Chapter 1 5

complex, and understanding them may involve rather subtle

reasoning.
2. In developing a particular security mechanism or algorithm,
one must always consider potential attacks on those
security features. In many cases, successful attacks are
designed by looking at the problem in a completely
different way, therefore exploiting an unexpected weakness
in the mechanism.
3. Because of point 2, the procedures used to provide
particular services are often counterintuitive: It is not
obvious from the statement of a particular requirement that
such elaborate measures are needed. It is only when the
various countermeasures are considered that the measures
used make sense.
4. Having designed various security mechanisms, it is
necessary to decide where to use them. This is true both in
terms of physical placement (e.g., at what points in a
network are certain security mechanisms needed) and in a
logical sense [e.g., at what layer or layers of an architecture
such as TCP/IP (Transmission Control Protocol/Internet
Protocol) should mechanisms be placed].
5. Security mechanisms usually involve more than a particular
algorithm or protocol. They usually also require that
participants be in possession of some secret information
(e.g., an encryption key), which raises questions about the
creation, distribution, and protection of that secret
information. There is also a reliance on communications
protocols whose behavior may complicate the task of
developing the security mechanism. For example, if the
proper functioning of the security mechanism requires
setting time limits on the transit time of a message from
sender to receiver, then any protocol or network that
introduces variable, unpredictable delays may render such
time limits meaningless.
Chapter 1 6

Thus, there is much to consider. This chapter provides a

general overview of the subject matter that structures the material
in the remainder of the book. We begin with a general discussion
of network security services and mechanisms and of the types of
attacks they are designed for. Then we develop a general overall
model within which the security services and mechanisms can be
viewed.

1.1 The OSI Security Architecture

To assess effectively the security needs of an organization
and to evaluate and choose various security products and policies,
the manager responsible for security needs some systematic way
of defining the requirements for security and characterizing the
approaches to satisfying those requirements. This is difficult
enough in a centralized data processing environment; with the use
of local and wide area networks, the problems are compounded.
ITU-T Recommendation X.800, Security Architecture for
OSI, defines such a systematic approach. The OSI security
architecture is useful to managers as a way of organizing the task
of providing security. Furthermore, because this architecture was
developed as an international standard, computer and
communications vendors have developed security features for
their products and services that relate to this structured definition
of services and mechanisms.
For our purposes, the OSI security architecture provides a
useful, if abstract, overview of many of the concepts that this book
deals with. The OSI security architecture focuses on security
attacks, mechanisms, and services. These can be defined briefly as
follows:

• Security attack: Any action that compromises the security

of information owned by an organization.
• Security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or
recover from a security attack.
Chapter 1 7

• Security service: A processing or communication service

that enhances the security of the data processing systems
and the information transfers of an organization. The
services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide
the service.

1.2 Security Attacks

A useful means of classifying security attacks, used both in
X.800 and RFC 2828, is in terms of passive attacks and active
attacks. A passive attack attempts to learn or make use of
information from the system but does not affect system resources.
An active attack attempts to alter system resources or affect their
operation.

Passive Attacks
Passive attacks are in the nature of eavesdropping on, or
monitoring of, transmissions. The goal of the opponent is to obtain
information that is being transmitted. Two types of passive attacks
are release of message contents and traffic analysis.
The release of message contents is easily understood
(Figure 1.3a). A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent
from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is subtler
(Figure 1.3b). Suppose that we had a way of masking the contents
of messages or other information traffic so that opponents, even if
they captured the message, could not extract the information from
the message. The common technique for masking contents is
encryption. If we had encryption protection in place, an opponent
might still be able to observe the pattern of these messages.
Chapter 1 8

Figure 1.3: Passive Attacks

The opponent could determine the location and identity of

communicating hosts and could observe the frequency and length
of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.
Passive attacks are very difficult to detect because they do
not involve any alteration of the data. Typically, the message
traffic is not sent and received in an apparently normal fashion and
the sender nor receiver is aware that a third party has read the
messages or observed the traffic pattern. However, it is feasible to
prevent the success of these attacks, usually by means of
Chapter 1 9

encryption. Thus, the emphasis in dealing with passive attacks is

on prevention rather than detection.

Active Attacks
Active attacks involve some modification of the data stream
or the creation of a false stream and can be subdivided into four
categories: masquerade, replay, modification of messages, and
denial of service.
A masquerade takes place when one entity pretends to be a
different entity (Figure 1.4a). A masquerade attack usually
includes one of the other forms of active attack. For example,
authentication sequences can be captured and replayed after a
valid authentication sequence has taken place, thus enabling an
authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect
(Figure 1.4b).
Modification of messages simply means that some portion
of a legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect (Figure 1.4c). For
example, a message meaning "Allow John Smith to read
confidential file accounts" is modified to mean "Allow Fred
Brown to read confidential file accounts."
The denial of service prevents or inhibits the normal use or
management of communications facilities (Figure 1.4d). This
attack may have a specific target; for example, an entity may
suppress all messages directed to a particular destination (e.g., the
security audit service). Another form of service denial is the
disruption of an entire network, either by disabling the network or
by overloading it with messages so as to degrade performance.
Chapter 1 10

Figure 1.4(a, b): Active Attacks

Active attacks present the opposite characteristics of

passive attacks. Whereas passive attacks are difficult to detect,
measures are available to prevent their success. On the other hand,
it is quite difficult to prevent active attacks absolutely, because of
the wide variety of potential physical, software, and network
vulnerabilities. Instead, the goal is to detect active attacks and to
recover from any disruption or delays caused by them. If the
detection has a deterrent effect, it may also contribute to
prevention.
Chapter 1 11

Figure 1.4(c, d): Active Attacks

1.3 Security Services

X.800 defines a security service as a service provided by a
protocol layer of communicating open systems, which ensures
adequate security of the systems or of data transfers. Perhaps a
clearer definition is found in RFC 2828, which provides the
following definition: a processing or communication service that
is provided by a system to give a specific kind of protection to
Chapter 1 12

system resources; security services implement security policies

and are implemented by security mechanisms.
X.800 divides these services into five categories and
fourteen specific services (Table 1.2). We look at each category in
turn.

Authentication
The authentication service is concerned with assuring that a
communication is authentic. In the case of a single message, such
as a warning or alarm signal, the function of the authentication
service is to assure the recipient that the message is from the
source that it claims to be from. In the case of an ongoing
interaction, such as the connection of a terminal to a host, two
aspects are involved. First, at the time of connection initiation, the
service assures that the two entities are authentic, that is, that each
is the entity that it claims to be. Second, the service must assure
that the connection is not interfered with in such a way that a third
party can masquerade as one of the two legitimate parties for the
purposes of unauthorized transmission or reception. Two specific
authentication services are defined in X.800:

• Peer entity authentication: Provides for the corroboration of

the identity of a peer entity in an association. It is provided
for use at the establishment of, or at times during the data
transfer phase of, a connection. It attempts to provide
confidence that an entity is not performing either a
masquerade or an unauthorized replay of a previous
connection.
• Data origin authentication: Provides for the corroboration
of the source of a data unit. It does not provide protection
against the duplication or modification of data units. This
type of service supports applications like electronic mail
where there are no prior interactions between the
communicating entities.
Chapter 1 13

Table 1.2: Security Services (X.800)

Access Control
In the context of network security, access control is the
ability to limit and control the access to host systems and
applications via communications links. To achieve this, each
entity trying to gain access must first be identified, or
Chapter 1 14

authenticated, so that access rights can be tailored to the

individual.

Data Confidentiality
Confidentiality is the protection of transmitted data from
passive attacks. With respect to the content of a data transmission,
several levels of protection can be identified. The broadest service
protects all user data transmitted between two users over a period
of time. For example, when a TCP connection is set up between
two systems, this broad protection prevents the release of any user
data transmitted over the TCP connection. Narrower forms of this
service can also be defined, including the protection of a single
message or even specific fields within a message. These
refinements are less useful than the broad approach and may even
be more complex and expensive to implement.
The other aspect of confidentiality is the protection of
traffic flow from analysis. This requires that an attacker not be
able to observe the source and destination, frequency, length, or
other characteristics of the traffic on a communications facility.

Data Integrity
As with confidentiality, integrity can apply to a stream of
messages, a single message, or selected fields within a message.
Again, the most useful and straightforward approach is total
stream protection.
A connection-oriented integrity service, one that deals with
a stream of messages, assures that messages are received as sent,
with no duplication, insertion, modification, reordering, or replays.
The destruction of data is also covered under this service. Thus,
the connection-oriented integrity service addresses both message
stream modification and denial of service. On the other hand, a
connectionless integrity service, one that deals with individual
messages without regard to any larger context, generally provides
protection against message modification only.
We can make a distinction between the service with and
without recovery. Because the integrity service relates to active
Chapter 1 15

attacks, we are concerned with detection rather than prevention. If

a violation of integrity is detected, then the service may simply
report this violation, and some other portion of software or human
intervention is required to recover from the violation.
Alternatively, there are mechanisms available to recover from the
loss of integrity of data, as we will review subsequently. The
incorporation of automated recovery mechanisms is, in general,
the more attractive alternative.

Nonrepudiation
Nonrepudiation prevents either sender or receiver from
denying a transmitted message. Thus, when a message is sent, the
receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that
the alleged receiver in fact received the message.

Availability Service
Both X.800 and RFC 2828 define availability to be the
property of a system or a system resource being accessible and
usable upon demand by an authorized system entity, according to
performance specifications for the system (i.e., a system is
available if it provides services according to the system design
whenever users request them). A variety of attacks can result in
the loss of or reduction in availability. Some of these attacks are
amenable to automated countermeasures, such as authentication
and encryption, whereas others require some sort of physical
action to prevent or recover from loss of availability of elements
of a distributed system.
X.800 treats availability as a property to be associated with
various security services. However, it makes sense to call out
specifically an availability service. An availability service is one
that protects a system to ensure its availability. This service
addresses the security concerns raised by denial-of-service attacks.
It depends on proper management and control of system resources
and thus depends on access control service and other security
services.
Chapter 1 16

1.4 Security Mechanisms

Table 1.3 lists the security mechanisms defined in X.800.
As can be seen the mechanisms are divided into those that are
implemented in a specific protocol layer and those that are not
specific to any particular protocol layer or security service. These
mechanisms will be covered in the appropriate places in the book
and so we do not elaborate now, except to comment on the
definition of encipherment. X.800 distinguishes between
reversible encipherment mechanisms and irreversible
encipherment mechanisms. A reversible encipherment mechanism
is simply an encryption algorithm that allows data to be encrypted
and subsequently decrypted. Irreversible encipherment
mechanisms include hash algorithms and message authentication
codes, which are used in digital signature and message
authentication applications.

1.5 A Model for Network Security

A model for much of what we will be discussing is
captured, in very general terms, in Figure 1.5. A message is to be
transferred from one party to another across some sort of internet.
The two parties, who are the principals in this transaction, must
cooperate for the exchange to take place. A logical information
channel is established by defining a route through the internet
from source to destination and by the cooperative use of
communication protocols (e.g., TCP/IP) by the two principals.
Chapter 1 17

Table 1.3: Security Mechanisms (X.800)

Security aspects come into play when it is necessary or

desirable to protect the information transmission from an opponent
who may present a threat to confidentiality, authenticity, and so
on. All the techniques for providing security have two
components:
Chapter 1 18

Figure 1.5: Model for Network Security

• A security-related transformation on the information to be

sent. Examples include the encryption of the message,
which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents
of the message, which can be used to verify the identity of
the sender
• Some secret information shared by the two principals and,
it is hoped, unknown to the opponent. An example is an
encryption key used in conjunction with the transformation
to scramble the message before transmission and
unscramble it on reception.

A trusted third party may be needed to achieve secure

transmission. For example, a third party may be responsible for
distributing the secret information to the two principals while
keeping it from any opponent. Or a third party may be needed to
arbitrate disputes between the two principals concerning the
authenticity of a message transmission.
This general model shows that there are four basic tasks in
designing a particular security service:
Chapter 1 19

1. Design an algorithm for performing the security-related

transformation. The algorithm should be such that an
opponent cannot defeat its purpose.
2. Generate the secret information to be used with the
algorithm.
3. Develop methods for the distribution and sharing of the
secret information.
4. Specify a protocol to be used by the two principals that
makes use of the security algorithm and the secret
information to achieve a particular security service.