Introduction to Critical Network Infrastructures

Similar documents
Wireless Access Protocol(WAP) architecture

Overview. M-commerce vs. E-commerce

Outline. CS5984 Mobile Computing HTTP. HTTP (especially 1.0) Problems 1/2. Dr. Ayman Abdel-Hamid, CS5984. Wireless Web.

Wireless Internet: layers 3,4,5. Wireless Internet: Layers 3,4,5 Case Study: WAP. WAP: Wireless Application Protocol

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science Sixth Semester. Contact Hrs / week: 4 Total hrs: 64

Chapter 3. Technology Adopted. 3.1 Introduction

Glossary 1. ARPU or Average Revenue per User A method of measuring revenue associated with the delivery of mobile commerce services by MNOs.

Evolution and Migration to IMT-2000 & Systems beyond

INTRODUCTION TO CRITICAL NETWORK INFRASTRUCTURES

Enabling the Wireless Internet

NGN: Carriers and Vendors Must Take Security Seriously

Ch.16 - Wireless WAN System Architectures

Requirements for the Operations & Management of 4G Networks

4. B2C,B2E Systems: Concepts and Architectures

Wireless Network Introduction

ITU Activities Related to the Internet and IP-based Networks

Glossary. ADO.NET ActiveX Data Objects for.net. A set of data access technologies included in the.net Framework class libraries.

Cybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives

WAP via ORBCOMM. Andrew R Cardoza, Sias Mostert.

ITU-APT Workshop on NGN Planning March 2007, Bangkok, Thailand

E-Commerce. Infrastructure I: Computer Networks

M.SARAVANA KARTHIKEYAN

Next Generation Networks (NGN): Quality of Service Issues & Consumer Protection. Session No 6 (Day 2)

CITEL s s Focus on Cybersecurity and Critical Infrastructure Protection CITEL

Page 1. WAP Overview. An overview of the. Wireless Application Protocol to the IAB. Copyright IBM 2000

NGN: The Evolution of Wireless Networks

WAP. Bringing the internet to you. Cynthia Luk Marianne Morris Harvey Wong. 4 April, 2002 CMPUT 499

Satellite Services Regulatory Issues and Broadband Internet. Note: Please ask Questions Anytime!

Chapter 2 The 3G Mobile Communications

Towards Global Implementation

3G G Mobile Services. Sun Park R&D Center SK Telecom

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Achieving End-to-End Security in the Internet of Things (IoT)

Challenges in Developing National Cyber Security Policy Frameworks

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

Wireless Medium Access Control and CDMA-based Communication Lesson 15 i-mode

GRAPHICAL SIMULATION OF WIRELESS APPLICATION PROTOCOL

Evolution from GSM to UMTS (IMT-2000)*

IP Mobility vs. Session Mobility

Chapter 7. Telecommunications, the Internet, and Wireless Technology

Many countries decided on IMT-2000

GPRS and UMTS T

An Overview of Wireless Networks

4G Mobile Communications

Wireless Communication in Europe. Agenda

Information Security in Corporation

Chapter 10: Wireless Networking. School of information science and Engineering, SDU

MOBILE IP AND WIRELESS APPLICATION PROTOCOL

Understanding the Japanese Broadband Miracle

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

Concepts, Technology, and Applications of Mobile Commerce

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Mobile Communications in Japan

The Internet and the World Wide Web

Accessing Online Mutual Fund Information from Schwab

ICT Market and Regulatory Trends

Critical Information Infrastructure Protection Law

Virtual private networks

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Glossary. xii. Marina Yue Zhang and Mark Dodgson Downloaded from Elgar Online at 02/04/ :16:01PM via free access

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The Migration to Ipv6

Summary of Cyber Security Issues in the Electric Power Sector

What is NGN? Hamid R. Rabiee Mostafa Salehi, Fatemeh Dabiran, Hoda Ayatollahi Spring 2011

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

1 Introduction and Overview

European Union Agency for Network and Information Security

Regulatory Policies and Guidelines for Satellite Services. E. Kasule Musisi ITSO Consultant Cell:

Computer Networks. Computer Networks. Telecommunication Links. CMPUT101 Introduction to Computing - Spring Chapter 12: Computer Networks 1

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

Troubleshooting and Cyber Protection Josh Wheeler

The Challenge of Spam An Internet Society Public Policy Briefing

Seamless integration of heterogeneous wireless network technologies -?/!

Satellite Services Regulatory Issues and Broadband Internet

Philippine Mobile networks status, regulatory challenges and plans for 4G. Atty. Roy D. Ibay SMART Communications,Philippines

TEL2813/IS2820 Security Management

ARYCOM Comunicação via satélite Ltda.

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

Keys to a more secure data environment

National Cybersecurity preparation to deal with Cyber Attacks

Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2

Concept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua

ENISA Cooperation in the EU / NIS Directive

s s Broadband Strategy xdsl & NGN Insung Jun, Ph.D. Vice President Network Engineering Center KT Corp.

Wireless Grows Up. Craig J. Mathias. Principal, Farpoint Group. Strategic Interop - 10 September Our Objectives for This Morning

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Area Covered is small Area covered is large. Data transfer rate is high Data transfer rate is low

A Survey Paper on Wireless Access Protocol

Introduction to LAN/WAN. Application Layer (Part III)

4G Technology in contrast with other G Technologies Raja Solanki,Vineeet Godara, Prashant Solanki, Dhronacharya Engineering College,Gurgaon,India

Garry Mukelabai Communications Authority Zambia

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Security Management Models And Practices Feb 5, 2008

STUDY ON INTERNET PROTOCOL TELEPHONY. March 2004

Building Smart Community by Broadband ICT Infrastructure

Network Connectivity and Mobility Part 2

Ingate SIParator /Firewall SIP Security for the Enterprise

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Transcription:

Introduction to Critical Network Infrastructures 2002. 5. 20 Kijoon Chae Ewha Womans University

Contents Background Objective What is CNI? Network Trends and Vulnerabilities Current Problems for CNI Solutions for Security Problems Other Areas Impacting Infrastructures Suggestions and Conclusion 2

Worldwide Internet Users 407.1 527.57 544.2 (Unit : millions, %) Latin- America 4.93% (25.3) Africa 0.81% (4.2) 276.0 US & Canada 35.19% (181.2) Asia/Pacific 28.04% (157.5) 160.0 Europe 30.12% (171.4) Middle-East 0.91% (4.6) 1998? 1999? 2000? 2001? 2002? 2? (Source: NUA) 3

Number of Domains (Upper 6 countries) 6 5 Germany England Netherlands Italy Japan Korea 4 3 2 1 0 1997 1998 1999 2000 2001.6 2002.1 Germany 105,344 288,191 1,384,361 3,738,732 4,658,764 5,254,281 England 95,151 196,753 807,487 2,506,589 2,977,535 3,295,442 Netherlands 40,000 65,000 160,000 530,000 643,638 702,854 Italy 21,658 45,819 93,279 437,322 569,143 594,452 Japan 33,739 58,549 124,573 234,294 417,013 473,539 Korea 8,045 26,166 207,023 517,354 454,799 465,323 (Source: KRNIC) 4

Why is the Internet vulnerable? Millions of entry points world-wide Tens of thousands of interconnected networks Open systems culture Ease of use of intruder tools 5

What is a Security Vulnerability? Security Vulnerability : flaw or weakness in a system s design, implementation or operation that could be exploited to violate the system s security (RFC 2828) Threat: action or event to do harm to security Vulnerability + Threat Risk 6

Protocol Vulnerabilities Standards bodies have accepted protocols with serious vulnerabilities. Security depends on the whole protocol. Protocol vulnerabilities last a long time. Threats change over time. Implicit assumptions are often violated. Application layer protocols also have security vulnerabilities. Inattention to security issues creates vulnerable protocols. (Source: Dr. Greg Shannon at Lucent Technologies ITU-T Workshop on Security, Seoul, 13-14 May 2002) 7

Objective The great variety of vulnerabilities and threats exist on the network. Most IT-based network infrastructures are not secure. International cooperation is needed to secure CNIs. Identify the explicit significance of the CNIs Provide possible solutions to resolve CNI security problems Find methods to collaborate and cooperate among countries 8

What is CNI? Logical aspect A public or private network that carries information relevant to national security and safety or information of high financial value Physical aspect The whole network or a part of the network that exchanges information of high significance 9

Network Trends: Internet The twenty-first century is the era of the Internet. Internet has been helpful to combine techniques of traditional industry and info-communication. 10

Problems of Internet Inefficient communications High cost and low transmission speeds to end-users Bottleneck impediments to the construction of high-speed networks Unfair network access policies Inefficient network extension Excessive waiting times Service with no guarantee of the bandwidth between end users and QoS for a real-time service Poor of security provision Need to develop Next-Generation Internet (NGI) 11

Hierarchical Architecture of Internet Network Backbone ISP Network Carrier Network Leased Line Data Network (F/R, X.25) F/R X.25 Optical Network PSTN/ISDN Headend CATV Network Access LAN PSTN ISDN Cable Modem May cause Bottlenecks 12

Next Generation Internet Resolve today s Internet problems Adjust to changes in demand as society becomes more information-oriented Present potential solutions to the problems of network congestion, service delay, lack of addresses, expensive charges, etc. Support multimedia and mobile services of a high speed and performance with guaranteed qualities 13

NGI (United States) 14

NGI (Canada: CANARIE) 15

Hierarchical Architecture of NGI APAN-SG TAP TEN-155 TAP vbns Star-TAP TAP Next Generation Internet Network (High-Speed Network) CA*net2 TAP APAN-JP TAP NAP Regional ISP A Backbone (High-Speed Network) Regional ISP B NAP Regional ISP C Giga-POP Giga-POP Campus Network Customer Network Customer Network 16

Security of Internet / NGI Security services are applied to individual systems, networks of a particular nation. Necessary to apply security system at the intermediate access point Interoperability among individual security systems should be provided. Secure network techniques should be introduced. 17

Mobile Communication Anywhere, anytime, anyplace communication systems Next-generation mobile systems foresee the convergence of mobile, fixed and IP networks towards future high-speed services. International Trends of Mobile Systems Evolved from the 1 st generation to the 2 nd generation (2G) From analogue to digital system Provide better quality and higher capacity at a lower cost 2G (CDMA, GSM, TDMA) 2.5G system HDR, GPRS, EDGE The 3 rd generation (3G) system Called IMT-2000 or FPLMTS Integrated applications and services o multimedia messaging, infotainment, location-based services, etc,. cdma2000, W-CDMA The 4 th generation (4G) system Various internetworking and integrating technologies IP and high-speed packet wireless transmission Provide mobile multimedia services over tens of Mbps at low cost 18

From 2G to 3G mobile systems EDGE: Enhanced Data GSM Environment GPRS: General Packet Radio Service HDR: High Data Rate Cdma2000 1x: Code Division Multiple Access 2000 2 mbps? cdma2000 CDMA 1.8-2.4 mbps HDR GPRS Cdma2000 1x 2 mbps? W -CDMA GSM TDMA 115 kbps EDGE 384 kbps 2G 2000-2001- 2001 2002 2002-2003 2003-2005 Source: ITU IMT-2000 and Beyond Study Group. 19

Mobile Communication Technologies Migrate mobile traffic onto an all-ip network IP is scalable and can tolerate a variety of radio protocols. Translate into enhanced data transmission services for Internet-enabled devices Stimulate the innovation of diversified services for consumers More flexible for application development than current networks Support a wide array of access technologies 802.11b, W-CDMA, Bluetooth, HyperLAN, etc. 20

Mobile and fixed-line users worldwide 1,200 1,000 800 World Mobile Subscribers (millions) World's Fixed Lines (millions) 600 400 200 0 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 Source: ITU World Telecommunication Indicators Database. By the end of 2001, almost one in every six of the world s inhabitants had a mobile phone. During 2002, mobile subscribers will overtake the number of fixed lines worldwide. 21

Vulnerability on Mobile Systems Data stores and data transmissions are becoming increasingly vulnerable to interception, hacking and viruses. The main vulnerabilities occur at the translation point between the wireless protocols and the wireline (fixed) protocols. Strong authentication procedures are required to prevent security breaches. WAP (Wireless Application Protocol) 2.0 protocol Ericsson, Motorola, Nokia, and Unetworkired Planet organized WAP Forum. Employs WTLS (Wireless Transport Layer Security) I-mode Developed by NTT DoCoMo Employs SSL communication just between I-mode gateway and server 22

WAP Protocol Stack HTML JavaScript Application Layer ( WAE ) WML Microbrowser WTA Interface WML Script Virtual Machine Standard Library WAP Content Type Other Services & Application HTTP TLS - SSL Session Layer ( WSP ) Transaction Layer ( WTP ) Security Layer ( WTLS ) TCP/IP UDP/IP Transport Layer ( WDP ) Bearers GSM IS-136 CDMA PHS CDPD IMT-2000 UMTS Etc. Source : WAP Forum, http://www.wapforum.org 23

WTLS Protocol Stack Transaction Protocol ( WTP ) or Applications WTLS Hand Shake Protocol Alert Protocol Application Protocol Change Cipher Spec Protocol Record Protocol Datagram Protocol ( WDP / UDP ) Bearer Networks Source : WAP Forum, http://www.wapforum.org 24

Vulnerability of Wireless Internet Service Client WML Attacker WML- Script WTAI TCP/IP UDP/IP Etc. WSP / WTP WAP Gateway Data Data Transfer Exposure WML Encoder WML Script Compiler Protocol Adapters HTTP Web Server CGI Script. Etc. Content WML Decks With WML- Script End to end communication is not secure!!! 25

Transaction Security In relation to transaction security, the privacy firm Meconomy makes the following recommendations: 1. The use of an open platform for devices, in order to enable users to apply their own privacy and security technologies 2. Separation of personal identifiers from transactional data, to increase privacy and security. 3. Use of data collected for a transaction should be limited to the specific transaction in question. 26

Satellite Communication Service Local Satellite Service (EUTELSAT, PANAMSAT) International Satellite Service (INTELSAT, INMARSAT) National Satellite Service (KOREASAT, BS) Fixed Satellite Service (FSS) Broadcasting Satellite Service (BSS) Mobile Satellite Service (MSS) 27

Satellite Communication Services Traditional Services Low-speed data communication Long-distance telephone transmission International TV broadcasting services Enhanced Services High-speed data communication Satellite ISDN service Satellite mobile communication High quality of broadcasting Low costs 28

Types of Satellite Communication Geostationary Satellite 36,000km above the ground 270msec delay International calls Broadcasting services Trans-ocean, land, aeronaut communication e.g. INTELSAT LEO-Satellite 1,000km above the ground Communication anywhere in the world Mobile Internet e.g. Iridium, Globalstar, INMARSAT s IOC plan 29

Vulnerabilities on Satellite Communication Echo resulting from physical distance! Abuse confidential data! Vulnerability Difficult to repair! Intentional communication jamming! 30

Current Problems associated with CNI As networks become more global, more and more people have access to critical data. Networks involved in CNI are vulnerable to many dangerous threats: Physical damages on the infrastructure by natural factors or unintentional troubles e.g. Natural disaster, power outage, network failure, etc. Security factors in network systems operating the infrastructure e.g. Unauthorized access, intrusions, network disruptions, malicious software, etc. Attacks through weak points in network components such as operating systems, routers, switches, name servers, etc. Developing policies and technologies to resolve the problems and enhance confidence for CNI is required. 31

Power Attack Virtual Power Supply Power Power Crash Server Remote Backup System Virtual Server UPS 32

Number of Incidents Reported incidents 52,658 21,756 9,859 6 132 252 406 773 1,334 2,340 2,412 2,573 2,134 3,734 year 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 Source : CERT (http://www.cert.org/) 33

Solutions for Security Problems Reasons for CNI security to become a significant issue data protection, economic dependency, national security, e-commerce, etc. Need for international cooperation for CNI security Resolving CNI security problems is an urgent priority. Grades of security capability vary greatly between different networks. No common policy or system to guarantee reliability Since IT industries evolve very fast, CNIs cannot be secured indefinitely using existing security tools. Major types of policy Providing systematic legal solutions Awareness-raising regarding the necessity of CNI security 34

Security Schemes & Policies for CNI(1/2) Building a theoretical framework for understanding and predicting the nature of the CNI securities and their effects as a whole Developing the capability to model and simulate in real time the behavior of the CNI by developing an architecture and related enabling technologies Developing a set of quantitative metrics for measuring the scale of impacts of CNI disruptions Developing new technologies and techniques to contain, mitigate, and defend against the effects of CNI disruptions 35

Security Schemes & Policies for CNI(2/2) Developing capabilities to adequately and realistically test new methodologies, techniques, and technologies. Defining a set of tasks for further work on specific CNI policy issues that could be analyzed using tools and methodologies. Developing the ability to characterize and incorporate new critical infrastructures into the models and methodologies as such infrastructures develop. 36

Security Services A Interruption B A X Interception B AVAILABILITY A X B CONFIDENTIALITY Revocation Non - REPUDIATION A X B A X B Modification Masquerade INTEGRITY AUTHENTICATION 37

Security Services AUTHENTICATION I N T E G R I T Y NON - REPUDIATION A V A L A B I L I T Y CONFIDENTIALITY 38

Network Security Model Trusted Third party (e.g. arbiter, distributer of secret information) Principal Message Secret information Information channel Principal Message Secret information Security-related transformation Security-related transformation Opponent 39

Cooperation Mechanisms for CNI Scopes of CNI concerns National scope Concern the main security or government network in a particular nation Considered impossible to ensure the security of important data or strategic functions of a nation on the public Internet A separate network is required. US Govnet Independent government administrative network that is planned to be a private voice and data network based on the IP protocol But, with no connectivity to commercial or public networks Must perform functions with no risk of penetration or disruption from users on other networks 40

Cooperation Mechanisms for CNI International scope Mainly focus on trade and financial networks over the world SWIFT Global data communication system Operate for the exchange financial information among international banks for many years EDI (Electronic Data Interchange) Allow the easy processing of customs documents in the trading world 41

Cooperation Mechanisms for CNI Need of international cooperation for CNI Security problems of International network increase. Although a network of a particular nation may provide a high degree of reliability or security, the security of total networks may still depend on lower level s interconnected networks. In spite of the fact that cooperation for CNI security on the international level is regarded as essential, few of the existing international CNI security systems have been standardized. International standard organizations, such as ITU, could play an important role in standardizing policies and technologies for CNI security. 42

Cooperation Mechanisms for CNI International cooperation for CNI security OECD (Organization for Economic Co-operation and Development) Security guidelines recommend a policy that limits its member from individual data distribution processes when a particular member is not equipped with a security system at the same level as that of other members. EU Cooperate with US to improve the security of critical infrastructures, Made all possible research efforts on CERTs (Computer Emergency Response Teams) EC Cooperate with G8, OECD, UN, etc. Global Business Dialogue on E-Commerce / Global Internet Project Forums for discussion about security problems between private sector players with regard to e-commerce 43

Other Areas Impacting Infrastructure Possible constructive steps to protect CNI from other networks: Complete separation of CNI from other network areas US Govnet, CIA, Pentagon, Korean Military Networks Advantage : maximize the security of critical data Disadvantage : limitation to user access depending on the location and situation Heightened security for other network areas related to CNI CNI co-exists with the Internet or is interconnected with other networks for optimal data access. Impossible to set up separate networks for every CNI Ensure further security by applying security policies and technologies at access point level or end-to-end level 44

Suggested Principles to Enhance Trust in CNI Establish detailed standards to distinguish between CNIs and non-cnis Classify CNI infrastructures, analyzing those CNI systems in operation in order to understand their status and to assign them to a particular category Analyse the vulnerable aspects in CNIs by category and prepare possible steps to enhance security for each category Legislate an internationally certified warranty policy for CNI security and establish a specific standard for the security being applied for particular CNIs in order to guarantee a certain lever of service for users 45

Suggestions for Possible Role by the ITU Establish security management standards at the international level in order to apply general security principles for CNI Establish standards for security policies and technologies in order to guarantee the reliable and efficient operation of networks, both for independent and interconnected CNIs Identify examples of CNI best practice 46

Conclusion CNI is a public or private network that carries information relevant to national security and safety or information of high financial value. Roughly classified into two categories: Completely independent and separate Connected to other networks There is a lack of awareness of CNIs, a lack of investment in CNI security and a lack of standardization. It is urgent that common security issues be analyzed, and solutions be developed through international support and cooperation. 47

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback