itu-t recommendation x.805 security architecture for systems providing end-to-end communications
DESCRIPTION
ITU-T Recommendation X.805 Security Architecture for Systems Providing End-to-End Communications. IETF 63 meeting. Zachary Zeltsan, Bell Laboratories, Lucent Technologies Rapporteur of Question 5 SG 17. Outline. - PowerPoint PPT PresentationTRANSCRIPT
ITU-T RecommendationX.805 Security Architecture for Systems Providing End-to-End
Communications
IETF 63 meeting
Zachary Zeltsan, Bell Laboratories,
Lucent TechnologiesRapporteur of Question 5 SG 17
2
Outline
Origin of the ITU-T Recommendation X.805 - Security Architecture for Systems Providing End-to-End Communications
Three main issues that X.805 addresses Security Dimensions Security Layers Security Planes ITU-T X.805 Security Architecture ITU-T Recommendation X.805 as a base for security work in
FGNGN Security Capability WG
3
Origin of the ITU-T Recommendation X.805
• ITU-T Recommendation X.805 Security architecture for systems providing end‑to‑end communications had been developed by ITU-T SG 17 (ITU-T Lead Study Group on Telecommunication Security) and was published in October 2003.
• The group has developed a set of the well-recognized Recommendations on security. Among them are X.800 Series of Recommendations on security and X.509 - Public-key and Attribute Certificate Frameworks.
4
Three main issues that X.805 addresses
The security architecture addresses three essential issues:
1. What kind of protection is needed and against what threats?
2. What are the distinct types of network equipment and facility groupings that need to be protected?
3. What are the distinct types of network activities that need to be protected?
5
ITU-T X.800 Threat Model(simplified)
X
X1 - Destruction (an attack on availability):
– Destruction of information and/or network resources
2 - Corruption (an attack on integrity):
– Unauthorized tampering with an asset
3 - Removal (an attack on availability):
– Theft, removal or loss of information and/or other resources
4 - Disclosure (an attack on confidentiality):
– Unauthorized access to an asset
5 - Interruption (an attack on availability):
– Interruption of services. Network becomes unavailable or unusable
6
Access Control
Authentication
Non-repudiation
Data Confidentiality
Communication Security
Data Integrity
Availability
Privacy
• Limit & control access to network elements, services & applications
• Examples: password, ACL, firewall
• Prevent ability to deny that an activity on the network occurred
• Examples: system logs, digital signatures
• Ensure information only flows from source to destination
• Examples: VPN, MPLS, L2TP
• Ensure network elements, services and application available to legitimate users
• Examples: IDS/IPS, network redundancy, BC/DR
• Provide Proof of Identity• Examples: shared secret,
PKI, digital signature, digital certificate
• Ensure confidentiality of data • Example: encryption
• Ensure data is received as sent or retrieved as stored
• Examples: MD5, digital signature, anti-virus software
• Ensure identification and network use is kept private
• Examples: NAT, encryption
Eight Security Dimensions Address the Breadth of Network
Vulnerabilities
Eight Security Dimensions applied to each Security Perspective (layer and plane)
7
How the Security Dimensions Map to the Security Threats
SecurityDimension
X.800 Security Threats
Destruction Corruption Removal Disclosure Interruption
Access Control
Authentication
Non-Repudiation Data Confidentiality Communication Security
Data Integrity
Availability
Privacy
8
Security Layers
• Concept of Security Layers represents hierarchical approach to securing a network
• Mapping of the network equipment and facility groupings to Security Layers could be instrumental for determining how the network elements in upper layers can rely on protection that the lower layers provide.
9
Three Security Layers
• Each Security Layer has unique vulnerabilities, threats• Infrastructure security enables services security enables applications security
Infrastructure Security
Applications Security
Services Security
THREATS
VULNERABILITIES
ATTACKS
Destruction
Disclosure
Corruption
Removal
Infrastructure Security
Applications Security
Services SecurityVULNERABILITIES
InterruptionVulnerabilities Can ExistIn Each Layer
1 - Infrastructure Security Layer:• Fundamental building blocks of networks
services and applications• Examples:
– Individual routers, switches, servers– Point-to-point WAN links– Ethernet links
2 - Services Security Layer:• Services Provided to End-Users• Examples:
– Frame Relay, ATM, IP– Cellular, Wi-Fi,– VoIP, QoS, IM, Location services– Toll free call services
3 - Applications Security Layer:• Network-based applications accessed by
end-users• Examples:
– Web browsing– Directory assistance– Email– E-commerce
10
Example: Applying Security Layers to IP Networks
Applying Security Layers to IP Networks
Infrastructure Security Layer– Individual routers, servers– Communication links
Services Security Layer– Basic IP transport– IP support services (e.g., AAA, DNS, DHCP)– Value-added services: (e.g., VPN, VoIP, QoS)
Applications Security Layer– Basic applications (e.g. FTP, web access)– Fundamental applications (e.g., email)– High-end applications (e.g., e-commerce, e-training)
11
Security Planes
• Concept of Security Planes could be instrumental for ensuring that essential network activities are protected independently (e.g. compromise of security at the End-user Security Plane does not affect functions associated with the Management Security Plane).
• Concept of Security Planes allows to identify potential network vulnerabilities that may occur when distinct network activities depend on the same security measures for protection.
12
• Security Planes represent the types of activities that occur on a network.• Each Security Plane is applied to every Security Layer to yield nine security
Perspectives (3 x 3)• Each security perspective has unique vulnerabilities and threats
Three Security Planes
Infrastructure Security
Applications Security
Services Security
End User Security
Control/Signaling Security
Management Security
VULNERABILITIES
Security Layers
Security Planes
Infrastructure Security
Applications Security
Services Security
End User Security
Control/Signaling Security
Management Security
VULNERABILITIES
Security Layers
Security Planes
Vulnerabilities Can ExistIn Each Layer and Plane
THREATS
ATTACKS
Destruction
Disclosure
Corruption
Removal
Interruption
1 - End-User Security Plane:• Access and use of the network by the
customers for various purposes:– Basic connectivity/transport– Value-added services (VPN, VoIP, etc.)– Access to network-based applications
(e.g., email)
2 - Control/Signaling Security Plane:• Activities that enable efficient functioning of
the network• Machine-to-machine communications
3 - Management Security Plane:• The management and provisioning of
network elements, services and applications
• Support of the FCAPS functions
13
Example: Applying Security Planes to Network Protocols
End User Security Plane Activities
•End-user data transfer•End-user – application interactions
Protocols• HTTP, RTP, POP, IMAP• TCP, UDP, FTP• IPsec, TLS
Control/Signaling Security Plane Activities
•Update of routing/switching tables•Service initiation, control, and teardown•Application control
Protocols
• BGP, OSPF, IS-IS, RIP, PIM
• SIP, RSVP, H.323, SS7.• IKE, ICMP• PKI, DNS, DHCP, SMTP
Management Security Plane
•Operations•Administration•Management•Provisioning
Activities Protocols•SNMP•Telnet•FTP•HTTP
14
Acc
ess
Man
agem
ent
Infrastructure Security
Applications Security
Services Security
End User Security
Control/Signaling Security
Management Security
8 Security Dimensions
Dat
a C
on
fid
enti
ali
ty
Co
mm
un
icat
ion
Sec
uri
ty
Inte
gri
ty
Ava
ila
bil
ity
Pri
vacy
Au
then
tic
atio
n
No
n-re
pu
dia
tio
n
Security Layers
Security PlanesA
cces
s C
on
tro
l
Infrastructure Security
Applications Security
Services Security
End User Security
Control/Signaling Security
Management Security
THREATS
VULNERABILITIES
8 Security Dimensions
ATTACKS
Dat
a C
on
fid
enti
ali
ty
Co
mm
un
icat
ion
Sec
uri
ty
Dat
a In
teg
rity
Ava
ila
bil
ity
Pri
vacy
Au
then
tic
atio
n
No
n-re
pu
dia
tio
n
Security Layers
Security Planes
ITU-T X.805: Security Architecture for Systems Providing End-to-End
Communications
Vulnerabilities Can ExistIn Each Layer, Plane
Destruction
Disclosure
Corruption
Removal
Interruption
15
– Management Network: top row – Network Services: middle column– Security Module: Layer & Plane
Intersection
Access Control
Authentication
Non-repudiation
Data Confidentiality
Infrastructure Layer
Services LayerApplications
Layer
Management Plane Module one Module four Module seven
Control/Signaling Plane
Module two Module five Module eight
User PlaneModule three Module six Module Nine
Communication Security
Data Integrity
Availability
Privacy
The eight Security Dimensions Are Applied to Each Security Module
Modular Form of X.805
Provides a systematic, organized way for performing network security assessments and planning
16
Module 3 – Infrastructure Layer – End-User Plane
ww
w.l
uc
en
t.c
om
/se
cu
rity
Security Dimension
Security Objectives
Access ControlEnsure that only authorised personnel or devices are allowed access to end-user data that is transiting a network element or communications link or is resident in an offline storage device.
Authentication
Verify the identity of the person or device attempting to access end-user data that is transiting a network element of communications link or is resident in an offline storage device.
Authentication techniques may be required as part of Access Control.
Non-Repudiation
Provide a record identifying each individual or device that accessed end-user data that is transiting a network element or communications link, or is resident in offline devices and that the action was performed. The record is to be used as proof of access to end-user data.
Data Confidentiality
Protect end-user data that is transiting a network element or communications link, or is resident in an offline storage device against unauthorised access or viewing. Techniques used to address access control may contribute to providing data confidentiality for end-user data.
Communication Security
Ensure that end-user data that is transiting a network element or communications link is not diverted or intercepted as it flows between the end points (without an authorised access)
Data Integrity Protect end-user data that is transiting a network element or communications link or is resident in offline storage devices against unauthorised modification, deletion, creation and replication.
Availability Ensure that access to end-user data resident in in offline storage devices by authorised personnel and devices cannot be denied.
PrivacyEnsure that network elements do not provide information pertaining to the end-users network activities (eg. Users geographic location, websites visited, content etc.) to unauthorised personnel.
17
Summary: X.805 Provides a Holistic Approach to Network
Security Comprehensive, end-to-end network view of security
Applies to any network technology– Wireless, wireline, optical networks– Voice, data, video, converged networks
Applies to variety of networks– Service provider networks– Enterprise (service provider’s customer) networks– Government networks– Management/operations, administrative networks– Data center networks
Is aligned with other security ITU-T Recommendations and ISO standards
18
ITU-T Recommendation X.805 is a Base for Security work in FGNGN
Security Capability WG
Guidelines for NGN security and X.805 NGN threat model (based on ITU-T X.800 and X.805
Recommendations)
Security Dimensions and Mechanisms (based on ITU-T X.805)Access controlAuthenticationNon-repudiationData confidentiality
Communication securityData integrityAvailabilityPrivacy
NGN security requirements for Release 1 and X.805 General considerations based on the concepts of X.805
19
AcronymsAAA Authentication, Authorization, Accounting
ACL Access Control List
ATM Asynchronous Transfer Mod
BC Business Continuity
BGP Border Gateway Protocol
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Service
DR Disaster Recovery
FCAPS Fault-management, Configuration, Accounting, Performance, and Security
FTP File Transfer Protocol
HTTP Hyper Text Transfer Protocol
ICMP Internet Control Message Protocol
IDS Intrusion Detection System
IKE Internet Key Exchange protocol
IM Instant Messaging
IMAP Internet Message Access Protocol
IPS Intrusion Prevention System
IPsec IP security (set of protocols)
IS-IS Intermediate System-to-Intermediate System (routing protocol)
L2TP Layer Two Tunneling Protocol
MPLS Multi-Protocol Label Switching
NAT Network Address Translation
OSPF Open Shortest Path First
PIM Protocol-Independent Multicast
PKI Public Key Infrastructure
POP Post Office Protocol
QoS Quality of Service
RIP Routing Information Protocol
RSVP Resource Reservation Setup Protocol
RTP Real-time Transport Protocol
SIP Session Initiation Protocol
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SS7 Signaling System 7
TCP Transmission Control Protocol
TLS Transport Layer Security protocol
UDP User Datagram Protocol
VoIP Voice over IP
VPN Virtual Private Network
20
Thank you!