Modelling and Analysis of Network Security Policies

Nowadays, computers and network communications have a pervasive presence in all our daily activities. Their correct configuration in terms of security is becoming more and more complex due to the growing number and variety of services present in a network. Generally, the security configuration of a computer network is dictated by specifying the policies of the security controls (e.g. firewall, VPN gateway) in the network. This implies that the specification of the network security policies is a crucial step to avoid errors in network configuration (e.g., blocking legitimate traffic, permitting unwanted traffic or sending insecure data). In the literature, an anomaly is an incorrect policy specification that an administrator may introduce in the network. In this thesis, we indicate as policy anomaly any conflict (e.g. two triggered policy rules enforcing contradictory actions), error (e.g. a policy cannot be enforced because it requires a cryptographic algorithm not supported by the security controls) or sub-optimization (e.g. redundant policies) that may arise in the policy specification phase. Security administrators, thus, have to face the hard job of correctly specifying the policies, which requires a high level of competence. Several studies have confirmed, in fact, that many security breaches and breakdowns are attributable to administrators’ responsibilities. Several approaches have been proposed to analyze the presence of anomalies among policy rules, in order to enforce a correct security configuration. However, we have identified two limitations of such approaches. On one hand, current literature identifies only the anomalies among policies of a single security technology (i.e., IPsec, TLS), while a network is generally configured with many technologies. On the other hand, existing approaches work on a single policy type, also named domain (i.e., filtering, communication protection). Unfortunately, the complexity of real systems is not self-contained and each network security control may affect the behavior of other controls in the same network. The objective of this PhD work was to investigate novel approaches for modelling security policies and their anomalies, and formal techniques of anomaly analysis. We present in this dissertation our contributions to the current policy analysis state of the art and the achieved results. A first contribution was the definition of a new class of policy anomalies, i.e. the inter-technology anomalies, which arises in a set of policies of multiple security technologies. We provided also a formal model able to detect these new types of anomalies. One of the results achieved by applying the inter-technology analysis to the communication protection policies was to categorize twelve new types of anomalies. The second result of this activity was derived from an empirical assessment that proved the practical significance of detecting such new anomalies. The second contribution of this thesis was the definition of a newly-defined type of policy analysis, named inter-domain analysis, which identifies any anomaly that may arise among different policy domains. We improved the state of the art by proposing a possible model to detect the inter-domain anomalies, which is a generalization of the aforementioned inter-technology model. In particular, we defined the Unified Model for Policy Analysis (UMPA) to perform the inter-domain analysis by extending the analysis model applied for a single policy domain to comprehensive analysis of anomalies among many policy domains. The result of this last part of our dissertation was to improve the effectiveness of the analysis process. Thanks to the inter-domain analysis, indeed, administrators can detect in a simple and customizable way a greater set of anomalies than the sets they could detect by running individually any other model

Secure APIs For Applications In Microkernel-Based Systems

The Internet evolved from a collection of computers to today’s agglomeration of all sort of devices (e.g. printers, phones, coffee makers, cameras and so on) a large part of which contain security vulnerabilities. The current wide scale attacks are, in most cases, simple replays of the original Morris Worm of the mid-80s. The effects of these attacks are equally devastating because they affect huge numbers of connected devices. The reason for this lack of progress is that software developers will keep writing vulnerable software due to problems associated with the way software is designed and implemented and market realities. So in order to contain the problem we need effective control of network communications and more specifically, we need to vet all network connections made by an application on the premise that if we can prevent an attacker from reaching his victim, the attack cannot take place. This paper presents a comprehensive network security framework, including a well-defined applications programming interface (API) that allows fine-grained and flexible control of network connections. In this way, we can finally instantiate the principles of dynamic network control and protect vulnerable applications from network attacks

Securing media streams in an Asterisk-based environment and evaluating the resulting performance cost

When adding Confidentiality, Integrity and Availability (CIA) to a multi-user VoIP (Voice over IP) system, performance and quality are at risk. The aim of this study is twofold. Firstly, it describes current methods suitable to secure voice streams within a VoIP system and make them available in an Asterisk-based VoIP environment. (Asterisk is a well established, open-source, TDM/VoIP PBX.) Secondly, this study evaluates the performance cost incurred after implementing each security method within the Asterisk-based system, using a special testbed suite, named DRAPA, which was developed expressly for this study. The three security methods implemented and studied were IPSec (Internet Protocol Security), SRTP (Secure Real-time Transport Protocol), and SIAX2 (Secure Inter-Asterisk eXchange 2 protocol). From the experiments, it was found that bandwidth and CPU usage were significantly affected by the addition of CIA. In ranking the three security methods in terms of these two resources, it was found that SRTP incurs the least bandwidth overhead, followed by SIAX2 and then IPSec. Where CPU utilisation is concerned, it was found that SIAX2 incurs the least overhead, followed by IPSec, and then SRTP

Covert6: A Tool to Corroborate the Existence of IPv6 Covert Channels

Covert channels are any communication channel that can be exploited to transfer information in a manner that violates the system’s security policy. Research in the field has shown that, like many communication channels, IPv4 and the TCP/IP protocol suite have been susceptible to covert channels, which could be exploited to leak data or be used for anonymous communications. With the introduction of IPv6, researchers are acutely aware that many vulnerabilities of IPv4 have been remediated in IPv6. However, a proof of concept covert channel system was demonstrated in 2006. A decade later, IPv6 and its related protocols have undergone major changes, which has introduced a need to reevaluate the current state of covert channels within IPv6. The current research demonstrates the corroboration of covert channels in IPv6 by building a tool that establishes a covert channel against a simulated enterprise network. This is further validated against multiple channel criteria

Protocol security for third generation telecommunication systems

In this thesis, a novel protocol stack architecture is presented. The Future Core Networks System (FCNS) forms a secure reference model for use in packet-switched structures, with its applicability ranging from computer to telecommunication networks. An insight on currently used network protocol systems is given, analysing standardised sets of communication rules with respect to the security they afford to the messages exchanged. The lack of protection schemes for the internal protocol stack messages and the implementation pitfalls of their security architectures are described, in relation to the effects they have on the communication process. The OSI security model is also considered, with disadvantages identified in the placement of security functionality and its management. The drawbacks depicted for currently used systems form the motivation behind this work. The analysis of the FCNS follows, which is composed of three parts. In the first part, the FCNS communication layers are examined, with respect to the mechanisms used to establish, maintain and tear down a connection between peer entities. In the second part, the security mechanisms of the proposed reference architecture are given, including details on the FCNS keystream generator used for the security of the internal FCNS messages. Finally, the FCNS Error Protocol is depicted, illustrating the modes of operation and advantages it exhibits over currently used systems. The work then moves into presenting details of the software FCNS implementation, followed by the presentation of the results and measurements obtained by the case studies created. Comparisons are given in relation to the TCP/IP suite, to provide the means of identifying the FCNS applicability in various network environments. The work is concluded by presenting the FCNS functionality in delivering information for the UMTS, together with further work that may enhance the flexibility and use of the proposed architecture

A comparative study of in-band and out-of-band VOIP protocols in layer 3 and layer 2.5 environments

For more than a century the classic circuit-switched telephony in the form of PSTN (Public Service Telephone Network) has dominated the world of phone communications (Varshney et al., 2002). The alternative solution of VoIP (Voice over Internet Protocol) or Internet telephony has increased dramatically its share over the years though. Originally started among computer enthusiasts, nowadays it has become a huge research area in both the academic community as well as the industry (Karapantazis and Pavlidou, 2009). Therefore, many VoIP technologies have emerged in order to offer telephony services. However, the performance of these VoIP technologies is a key issue for the sound quality that the end-users receive. When making reference to sound quality PSTN still stands as the benchmark.Against this background, the aim of this project is to evaluate different VoIP signalling protocols in terms of their key performance metrics and the impact of security and packet transport mechanisms on them. In order to reach this aim in-band and out-of-band VoIP signalling protocols are reviewed along with the existing security techniques which protect phone calls and network protocols that relay voice over packet-switched systems. In addition, the various methods and tools that are used in order to carry out performance measurements are examined together with the open source Asterisk VoIP platform. The findings of the literature review are then used in order to design and implement a novel experimental framework which is employed for the evaluation of the in-band and out-of-band VoIP signalling protocols in respect to their key performance networks. The major issue of this framework though is the lack of fine-grained clock synchronisation which is required in order to achieve ultra precise measurements. However, valid results are still extracted. These results show that in-band signalling protocols are highly optimised for VoIP telephony and outperform out-of-band signalling protocols in certain key areas. Furthermore, the use of VoIP specific security mechanisms introduces just a minor overhead whereas the use of Layer 2.5 protocols against the Layer 3 routing protocols does not improve the performance of the VoIP signalling protocols

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

SECURITY MEASUREMENT FOR LTE/SAE NETWORK DURING SINGLE RADIO VOICE CALL CONTINUITY (SRVCC).

Voice has significant place in mobile communication networks. Though data applications have extensively gained in importance over the years but voice is still a major source of revenue for mobile operators. It is obvious that voice will remain an important application even in the era of Long Term Evolution (LTE). Basically LTE is an all-IP data-only transport technology using packet switching. Therefore, it introduces challenges to satisfy quality of service expectations for circuit-switched mobile telephony and SMS for LTE capable smartphones, while being served on the LTE network. Since 2013, mobile operators have been busy deploying Voice Over LTE (VoLTE). They are relying on a VoLTE technology called Single Radio Voice Call Continuity (SRVCC) for seamless handover between packet-switch domain to circuit-switch domain or vice versa. The aim of thesis is to review and identify the security measurement during SRVCC and verify test data for ciphering and integrity algorithm.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

SECURITY MEASUREMENT FOR LTE/SAE NETWORK DURING SINGLE RADIO VOICE CALL CONTINUITY (SRVCC).

Voice has significant place in mobile communication networks. Though data applications have extensively gained in importance over the years but voice is still a major source of revenue for mobile operators. It is obvious that voice will remain an important application even in the era of Long Term Evolution (LTE). Basically LTE is an all-IP data-only transport technology using packet switching. Therefore, it introduces challenges to satisfy quality of service expectations for circuit-switched mobile telephony and SMS for LTE capable smartphones, while being served on the LTE network. Since 2013, mobile operators have been busy deploying Voice Over LTE (VoLTE). They are relying on a VoLTE technology called Single Radio Voice Call Continuity (SRVCC) for seamless handover between packet-switch domain to circuit-switch domain or vice versa. The aim of thesis is to review and identify the security measurement during SRVCC and verify test data for ciphering and integrity algorithm.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

The InfoSec Handbook

Computer scienc