Securityat What Level?

   

Security at What Level?

In today's Internet, there are a lot of protocols designed to secure traffic at various levels in the network. It depends on the security requirements of the application and the user to decide where in the stack security should be implemented. Irrespective of where in the stack security is implemented, the following basic services have to be provided:

  • Key management (This includes negotiation of keys and storage of keys.)

  • Confidentiality

  • Nonrepudiation

  • Integrity/authentication

  • Authorization

Depending on where in the stack the security is implemented, it is possible to provide some or all of the services above. In some cases, it does make sense to provide some capabilities at one layer and other capabilities at a different layer.

This section discusses the advantages and disadvantages of providing security at various layers in the stack.

Application Layer

Application-level security has to be implemented in end hosts. Providing security at the application layer has the following advantages:

  • Executing in the context of the user enables easy access to user credentials such as private keys.

  • Complete access to the data the user wants to protect. This simplifies the task of providing services such as nonrepudiation.

  • An application can be extended without having to depend on the operating system to provide these services. Normally, applications have no control over what gets implemented in the operating system.

  • Application understands the data and can provide appropriate security.

The downside to application layer security is that the security mechanisms have to be designed independently for each application. This implies existing applications have to be enhanced to provide security. As each application has to define its own security mechanisms, there is a greater probability of making mistakes and hence opening up security holes for attacks.

In implementing security mechanisms in applications, applications integrate with a system providing the security mechanisms. Examples of such systems are PGP, Kerberos, and Secure Shell. These systems are application-level protocols that provide the capability of key negotiation and other security services. Applications are enhanced to call into this system to use their security mechanisms. One example is the e-mail clients that use PGP to provide e-mail security. In this case, the e-mail clients are extended the following capabilities:

  • ability to look up public keys in a local database that correspond to a particular user,

  • ability to provide security services such as encryption/decryption, nonrepudiation, and authentication for e-mail messages.

Applications should design their own security mechanisms when their needs are specific and they cannot depend on the lower layers to provide those services. One such example is nonrepudiation. It is difficult for lower layer to provide nonrepudiation services as they do not have access to the data.

Transport Layer

Providing security at the transport layer has a definite advantage over the application-layer security as it does not mandate enhancements to each application. Existing applications get security services seamlessly.

However, obtaining the user context gets complicated. In order to provide user-specific services, assumptions are made that a single user is using the system, which is becoming a popular paradigm. Like application-level security, transport-layer security can only be implemented on an end system.

Transport-layer security is protocol specific. Transport Layer Security (TLS) is a protocol that provides security services such as authentication, integrity, and confidentiality on top of TCP. TLS needs to maintain context for a connection and is not currently implemented over UDP as UDP does not maintain any context. As the security mechanism is transport-protocol specific, security services such as key management may be duplicated for each transport protocol.

The World Wide Web currently provides security services using TLS. However, if security services were implemented at the network layer, this can be moved down to the network layer. Another limitation of transport-layer security as it is currently defined is that the applications still need modification to request security services from the transport layer.

Network Layer

Implementing security at this layer has many advantages. First off, the overheads of key negotiation decrease considerably. This is because multiple transport protocols and applications can share the key management infrastructure provided by the network layer. Also, if security is implemented at lower layers, fewer applications need changes. It reduces the explosion in the implementation of security protocols at the higher layer. If security is implemented at higher layers, each application has to design its own security mechanism. This is overkill and the probability of someone making a mistake is much higher. Also, security is provided seamlessly for any transport protocol.

One of the most useful features of network layer security is the ability to build VPNs and intranets. Because VPNs and intranets are subnet based, and network layer supports subnet-based security, it is easy to implement VPNs and intranets.

The disadvantage of implementing security at the network layer is the difficulty in handling issues such as nonrepudiation of data. This is better handled in higher layers. It is more difficult to exercise control on a per user basis on a multiuser machine when security is implemented at network layer. However, mechanisms can be provided to perform user-based security on end hosts. On the routers, there is no context of user and this problem does not arise.

IP Security, the focus of this book, provides security at the network layer. IPSec is the only protocol that can secure all and any kind of Internet traffic. IPSec also allows per flow or per connection security and thus allows for very fine-grained security control.

Data Link Layer

If there is a dedicated link between two hosts/routers and all the traffic needs to be encrypted for the fear of snooping, one can use hardware devices for encryption.

The advantage of this solution is speed. However, this solution is not scalable and works well only on dedicated links. Moreover, the two entities involved in communication have to be physically connected.

This type of model is useful in automatic teller machines where all the machines are connected via dedicated links to a central office. If ATM machines were connected to an IP network instead of dedicated secure links, the data link layer security would not suffice and one would have to move up one layer to provide security services.


   
Top


IPSec(c) The New Security Standard for the Internet, Intranets, and Virtual Private Networks
IPSec (2nd Edition)
ISBN: 013046189X
EAN: 2147483647
Year: 2004
Pages: 76

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net