CS 689 (Research Methods)

1
CS 689 (Research Methods)
Security in Asynchronous Transfer Mode(ATM)
By SOBHA SIRIPURAPU
2
Introduction

• ATM Asynchronous Transfer Mode
• Originally designed to implement B-ISDN
  (Broadband Integrated Services Digital Network)
  technology so that all forms of data traffic (
  voice , video, data etc.) can be transferred over
  telecommunication networks.

3
Introduction (contd)

• ATMs flexibility to deliver different classes of
  traffic at high or low speeds has made it a
  popular choice for many networks.
• Therefore security is an emerging concern in the
  ATM networks.

4
Problem Description

• Security is becoming more and more significant in
  network environment with the emergence of the
  internetworking technology.
• Security in ATM networks is developing into a
  major concern because it was not a part of the
  original design.
• This research describes why security in ATM
  networks is a potential issue and details the
  security measures needed to protect the network.

5
Motivation

• ATM networks require adequate security features
  to protect the involved systems, their interfaces
  and the information they process. The security
  requirements for ATM networks originate from the
  following sources -
• ----- Customers / subscribers who use the
  ATM network

6
Motivation (contd)

• ---- the public communities / authorities who
  demand security using directives to ensure
  availability of services, fair competition and
  privacy protection.
• ---- network operators / service providers who
  require security to safeguard their interests.

7
Objective

• The primal objectives in ATM security are
• Confidentiality Confidentiality of stored and
  transferred data
• Data Integrity Protection of stored and
  transferred information.
• Accountability Accountability for all ATM
  networks and transactions.

8
Objective (contd)

• Availability All legitimate requests should be
  allowed to pass.
• In this research, we first examine the threats
  to ATM networks, the requirements of ATM security
  and its implementation issues.

9
Threats to ATM networks

• The following intentional threats should be
  considered in a threat analysis of an ATM
  network
• Masquerade(spoofing)
• The pretence by an entity to be a different
  entity.
• Eavesdropping
• A breach of confidentiality by monitoring
  communication.
• Unauthorized access
• An entity attempts to access data in
  violation to the security policy in force.

10
Threats to ATM networks (contd)

• Loss or corruption of information
• Repudiation
• An entity involved in a communication
  exchange subsequently denies the fact.
• Forgery
• Denial of Service
• This occurs when an entity fails to perform
  its function or prevents other entities from
  performing their functions.

11
Requirements of a Secured Network

• Verification of Identities
• Establish and verify the identity of the
  user.
• Controlled access and authorization
• No access to unauthorized information.
• Protection of Confidentiality
• Stored and communicated data should be
  confidential.
• Protection of Data Integrity
• Guaranteed integrity of communicated data.

12
Requirements of a Secured Network (contd)

• Strong Accountability
• An entity cant deny the responsibility of its
  performed actions as with their effects.
• Activity Logging
• Should support the capability to retrieve
  information about security activities.
• Alarm reporting
• Should be able to generate alarm notification
  about selective security related events.

13
Requirements of a Secured Network (contd)

• Audit
• During security violations, the system should
  be able to analyze the logged data relevant to
  security.
• Security recovery
• Should be able to recover from successful or
  services derived from the above.
• Security Management
• The security system should be able to manage
  the security services derived from the above
  requirements.

14
Generic Threats
Main Security Objecti-ves Masque-rade Eaves Droppi-ng Un-authoriz-ed Access Loss or Corruption of (transferred)information Repudiation Forger y Denial of service
Confidentiality x x x
Data Integrity x x x x
Accountability x x x x
Availability x x x x
Mapping of Objectives and Threats
15
ATM Security Scope

• ATM architecture includes three planes
• User Plane this is responsible for transfer of
  user data.
• Control Plane is responsible for connection
  establishment, release etc.
• Management Plane is responsible for proper
  functioning of various entities in the above two
  planes.

16
Figure 1 ATM Architecture
17

• User Plane Security
• The user plane entities interact directly with
  user and have to be flexible to meet the
  requirements.
• It provides security services like access
  control,authentication, data confidentiality and
  integrity
• Depending on customer requirements services like
  key exchange, certification infrastructure and
  negotiation of security options, might be useful.

18

• Control Plane Security
• This configures the network to provide
  communication channel for a user it interacts
  with the switching table or manages the virtual
  channel.
• Most of the threats to security are relative to
  control plane. Therefore it is very important to
  secure the control plane.
• This plane may be secured by providing
  authentication and confidentiality of the signal.

19

• If the message recipient can verify the source of
  this message, then denial of service attack
  cannot happen.
• Control plane authentication can also be used to
  provide the auditing information for accurate
  billing which should be immune to repudiation.

20

• Management Plane Security
• This plane considers bootstrapping security,
  authenticated neighbor discovery, the Interim
  Local Management Interface security and permanent
  virtual circuit security.
• Security recovery and security management have to
  be provided in security framework.

21
Figure 2
22
Security of the ATM layer

• ATM layer entities perform ATM data transfer on
  behalf of the other entities in the three planes
  as shown in figure 2.
• Since all data have to be transferred through ATM
  layer, the security of ATM layer is extremely
  important.

23
Draft of Phase I Security Specification

• To solve the security problem for ATM security,
  ATM Forum Security Working Group is working on an
  ATM security infrastructure and have come up
  with Phase I Security Specification.
• This deals mainly with security mechanisms in
  user plane and a part of control plane.
• It includes mechanisms for authentication,
  confidentiality, data integrity and access
  control for the user plane.

24
ATM Firewalls

• Firewalls are widely used security mechanisms in
  the internet as of today.
• Traditional firewalls are not sufficient for ATM
  networks because of two main reasons
• --- A Packet filtering router needs to
  terminate end-to-end ATM connections in order to
  extract IP packets for inspection.
• --- The filtering bandwidth of a traditional
  firewall is far less than the typical ATM rate of
  data transfer.

25

• Two approaches to solve the problem of
  incorporating firewalls in ATM networks are as
  follows
• a) Parallel FirewallsIn this, distribution
  of load is done in two ways.
• i) Static Distribution of connections One way
  is to provide a separate proxy server for reach
  service that has to be supported.By distributing
  the proxy servers among different hosts, the
  security can also be improved.
• ii) Dynamic Distribution of Connections A
  proxy server may be replicated on multiple
  processors.Connections can then be dynamically
  mapped to replicated proxy servers.

26

• The advantage of this solution is that meta proxy
  may gather status and load statistics from the
  proxy servers that enables a fair and balanced
  distribution of incoming connections.
• ATM Firewalls with FQoS
• The concept of Firewall Quality of Service
  (FQoS) is to optimize the effort to make the
  connections secure.

27
Conclusions

• ATM has been predicted to be the most popular
  network technology in coming years. Therefore
  making ATM secure in terms of data transmission
  is a prime concern in network research and
  development. Though the Security Framework (Phase
  I) published by the ATM forum gives us a general
  overall view of the requirement, solutions
  meeting these are very few in number today.

28
References

• http//www.3com.com- 3 Com Corporation
• http//www.gdc.com-General Datacomm,Inc.
• http//www.cisco.com -Cisco systems, Inc.
• http//www.newbridge.com -Newbridge Networks
  Corporation.
• ATM Forum Security Framework (Phase 1)
• http//www.atmforum.com
• http//www.computerworld.com
• http//www.network.com
• http//www.nortel.com

29

• QUESTIONS?