Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 689 (Research Methods) Security in Asynchronous Transfer Mode(ATM) By SOBHA SIRIPURAPU.

Published byMalcolm George Modified over 8 years ago

Similar presentations

Presentation on theme: "CS 689 (Research Methods) Security in Asynchronous Transfer Mode(ATM) By SOBHA SIRIPURAPU."— Presentation transcript:

1 CS 689 (Research Methods) Security in Asynchronous Transfer Mode(ATM) By SOBHA SIRIPURAPU

2 Introduction ATM – Asynchronous Transfer Mode Originally designed to implement B-ISDN (Broadband Integrated Services Digital Network) technology so that all forms of data traffic ( voice, video, data etc.) can be transferred over telecommunication networks.

3 Introduction (contd…) ATM’s flexibility to deliver different classes of traffic at high or low speeds has made it a popular choice for many networks. Therefore security is an emerging concern in the ATM networks.

4 Problem Description Security is becoming more and more significant in network environment with the emergence of the internetworking technology. Security in ATM networks is developing into a major concern because it was not a part of the original design. This research describes why security in ATM networks is a potential issue and details the security measures needed to protect the network.

5 ATM networks require adequate security features to protect the involved systems, their interfaces and the information they process. The security requirements for ATM networks originate from the following sources : - ----- Customers / subscribers who use the ATM network Motivation

6 Motivation (contd…) ---- the public communities / authorities who demand security using directives to ensure availability of services, fair competition and privacy protection. ---- network operators / service providers who require security to safeguard their interests.

7 Objective The primal objectives in ATM security are: Confidentiality : Confidentiality of stored and transferred data Data Integrity : Protection of stored and transferred information. Accountability : Accountability for all ATM networks and transactions.

8 Objective (contd…) Availability : All legitimate requests should be allowed to pass. In this research, we first examine the threats to ATM networks, the requirements of ATM security and its implementation issues.

9 Threats to ATM networks The following intentional threats should be considered in a threat analysis of an ATM network: Masquerade(“spoofing”): The pretence by an entity to be a different entity. Eavesdropping: A breach of confidentiality by monitoring communication. Unauthorized access: An entity attempts to access data in violation to the security policy in force.

10 Threats to ATM networks (contd…) Loss or corruption of information Repudiation: An entity involved in a communication exchange subsequently denies the fact. Forgery Denial of Service: This occurs when an entity fails to perform its function or prevents other entities from performing their functions.

11 Requirements of a Secured Network Verification of Identities : Establish and verify the identity of the user. Controlled access and authorization : No access to unauthorized information. Protection of Confidentiality : Stored and communicated data should be confidential. Protection of Data Integrity : Guaranteed integrity of communicated data.

12 Requirements of a Secured Network (contd…) Strong Accountability : An entity can’t deny the responsibility of its performed actions as with their effects. Activity Logging : Should support the capability to retrieve information about security activities. Alarm reporting : Should be able to generate alarm notification about selective security related events.

13 Requirements of a Secured Network (contd…) Audit : During security violations, the system should be able to analyze the logged data relevant to security. Security recovery : Should be able to recover from successful or services derived from the above. Security Management : The security system should be able to manage the security services derived from the above requirements.

14 Main Security Objecti- ves Masque- rade Eaves Droppi- ng Un- authoriz -ed Access Loss or Corrupti on of (transfer red)infor mation Repudia tion Forger yDenial of service Confide ntiality x x x Data Integrity x x x x Account ability x x x x Availabi lity x x x x Generic Threats Mapping of Objectives and Threats

15 ATM Security Scope ATM architecture includes three planes : User Plane : this is responsible for transfer of user data. Control Plane : is responsible for connection establishment, release etc. Management Plane : is responsible for proper functioning of various entities in the above two planes.

16 Figure 1 : ATM Architecture

17 User Plane Security The user plane entities interact directly with user and have to be flexible to meet the requirements. It provides security services like access control,authentication, data confidentiality and integrity Depending on customer requirements services like key exchange, certification infrastructure and negotiation of security options, might be useful.

18 Control Plane Security This configures the network to provide communication channel for a user; it interacts with the switching table or manages the virtual channel. Most of the threats to security are relative to control plane. Therefore it is very important to secure the control plane. This plane may be secured by providing authentication and confidentiality of the signal.

19 If the message recipient can verify the source of this message, then denial of service attack cannot happen. Control plane authentication can also be used to provide the auditing information for accurate billing which should be immune to repudiation.

20 Management Plane Security This plane considers bootstrapping security, authenticated neighbor discovery, the Interim Local Management Interface security and permanent virtual circuit security. Security recovery and security management have to be provided in security framework.

21 Figure 2

22 Security of the ATM layer ATM layer entities perform ATM data transfer on behalf of the other entities in the three planes as shown in figure 2. Since all data have to be transferred through ATM layer, the security of ATM layer is extremely important.

23 Draft of Phase I Security Specification To solve the security problem for ATM security, ATM Forum Security Working Group is working on an ATM security infrastructure and have come up with Phase I Security Specification. This deals mainly with security mechanisms in user plane and a part of control plane. It includes mechanisms for authentication, confidentiality, data integrity and access control for the user plane.

24 ATM Firewalls Firewalls are widely used security mechanisms in the internet as of today. Traditional firewalls are not sufficient for ATM networks because of two main reasons : --- A Packet filtering router needs to terminate end-to-end ATM connections in order to extract IP packets for inspection. --- The filtering bandwidth of a traditional firewall is far less than the typical ATM rate of data transfer.

25 Two approaches to solve the problem of incorporating firewalls in ATM networks are as follows : a) Parallel Firewalls:In this, distribution of load is done in two ways. i) Static Distribution of connections: One way is to provide a separate proxy server for reach service that has to be supported.By distributing the proxy servers among different hosts, the security can also be improved. ii) Dynamic Distribution of Connections : A proxy server may be replicated on multiple processors.Connections can then be dynamically mapped to replicated proxy servers.

26 The advantage of this solution is that meta proxy may gather status and load statistics from the proxy servers that enables a fair and balanced distribution of incoming connections. ATM Firewalls with FQoS : The concept of Firewall Quality of Service (FQoS) is to optimize the effort to make the connections secure.

27 Conclusions ATM has been predicted to be the most popular network technology in coming years. Therefore making ATM secure in terms of data transmission is a prime concern in network research and development. Though the Security Framework (Phase I) published by the ATM forum gives us a general overall view of the requirement, solutions meeting these are very few in number today.

28 References http://www.3com.com-http://www.3com.com- 3 Com Corporation http://www.gdc.comhttp://www.gdc.com-General Datacomm,Inc. http://www.cisco.comhttp://www.cisco.com -Cisco systems, Inc. http://www.newbridge.com -Newbridge Networks Corporation. ATM Forum Security Framework (Phase 1) http://www.atmforum.com http://www.computerworld.com http://www.network.com http://www.nortel.com

29 QUESTIONS?

Download ppt "CS 689 (Research Methods) Security in Asynchronous Transfer Mode(ATM) By SOBHA SIRIPURAPU."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

Similar presentations

Ads by Google