Risk Propagation Assessment for Network Security E-Book

Contents

LIST OF FIGURES

LIST OF TABLES

INTRODUCTION

PART 1: NETWORK SECURITY RISK ASSESSMENT

CHAPTER 1. INTRODUCTION TO INFORMATION SYSTEM SECURITY RISK MANAGEMENT PROCESS

1.1. On the importance of network security for network designers

1.2. On the impact of risk assessment in the decision-making process for network security designers

1.3. Quantitative versus qualitative risk assessment approaches

1.4. Network security risk propagation concept

CHAPTER 2. SECURITY RISK MANAGEMENT BACKGROUND

2.1. Qualitative security risk management methods

2.2. Quantitative security risk assessment approaches

2.3. Toward a quantitative propagation-based risk assessment methodology

CHAPTER 3. A QUANTITATIVE NETWORK RISK ASSESSMENT METHODOLOGY BASED ON RISK PROPAGATION

3.1. Quantifying methodology parameters

3.2. Network security risk assessment process

3.3. Conclusion

PART 2: APPLICATION TO AIRPORT COMMUNICATION NETWORK DESIGN

CHAPTER 4. THE AEROMACS COMMUNICATION SYSTEM IN THE SESAR PROJECT

4.1. Overview of the European SESAR project

4.2. Overview of aeronautical communications operating concept and requirements

4.3. Introduction to the AeroMACS communication system

CHAPTER 5. AERONAUTICAL NETWORK CASE STUDY

5.1. Experimental parameters

5.2. AeroMACS case study: experimental results

5.3. Improving AeroMACS network security

CONCLUSION

BIBILOGRAPHY

INDEX

First published 2013 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

ISTE Ltd27-37 St George’s RoadLondon SW19 4EUUK

www.iste.co.uk

John Wiley & Sons, Inc.111 River StreetHoboken, NJ 07030USA

www.wiley.com

© ISTE Ltd 2013The rights of Mohamed Slim Ben Mahmoud, Nicolas Larrieu and Alain Pirovano to be identified as the author of this work have been asserted by them in accordance with the Copyright, Designs and Patents Act 1988.

Library of Congress Control Number: 2012954206

British Library Cataloguing-in-Publication Data

A CIP record for this book is available from the British Library

ISSN: 2051-2481 (Print)

ISSN: 2051-249X (Online)

ISBN: 978-1-84821-454-5

List of Figures

List of Tables

Introduction

Risk assessment is generally considered as the core of the computational framework in a risk management process for a network information system. This process is mandatory and crucial for the protection of interconnected systems that provide various services to their clients or users. Traditionally, system vulnerabilities are identified, determining the occurrence of threats being exploited, and evaluating the consequences of attacks that could take advantage of these security weaknesses. Having assessed the risks, security countermeasures (which could be technical or operational) are identified and then implemented to mitigate those risks.

In the literature, there is a plethora of risk assessment methodologies defined for network security. Nevertheless, most of them rely on a quantitative security analysis. In such approaches, security experts evaluate the potential likelihood and impact of each identified threat to determine the risk level for the network system. This is a big issue as security expertise is expensive financially speaking, and relatively slow compared to an automated risk assessment procedure: several workshops and appointments have to be held in order to catch the subjective assessment of the experts. Furthermore, the assessment risk processes are often based on a ranking scale (e.g. low, medium, high). Using such an evaluation methodology allows us possibly to compare two different risk levels (for instance, between high and low), but it is impossible to estimate the distance between them (for instance, between two security levels ranked as high). This can be confusing for a security network administrator willing to improve the overall security level of the network.

The Improving Network Security Using a Risk Propagation-based Quantitative Assessment Methodology book deals with risk assessment methodologies for network architecture design. The main goal is to present and illustrate an innovative risk propagation-based quantitative assessment tool. This risk assessment methodology takes into account the inherent characteristics of any computer network in general (such as interconnection between nodes). This contribution is motivated, first by the shortcomings noticed in qualitative risk assessment methodologies. Second, the existing quantitative risk assessment models for network security generally missed out an essential concept in network security risk evaluation, namely risk propagation. In this book, we fill this gap showing how important risk propagation can be in the network risk computation step. Furthermore, this original approach helps network and security administrators to design and build more robust and secure network topologies.

As an implementation case study, a new aeronautical communication system called AeroMACS (Aeronautical Mobile Airport Communications System) is considered. AeroMACS has been recently identified as the future wireless access network for airport surface communications, which will be soon deployed at European and American airports. It is based on the IEEE 802.16-2009 standard, which is also known as WiMAX1. Indeed, aeronautical communications are about to shift the paradigm of digital data in the near future.

Owing to the progress made in information technology (IT) in the last decades, aviation industry stakeholders are enhancing and expanding their networks not only to overcome congestion issues related to voice radio communications but also to modernize the air traffic management (ATM) environment through worldwide collaborative projects like Single European Sky ATM Research (SESAR). The introduction of data communication technologies, such as AeroMACS, emphasizes the need for secure systems to protect against cyber attacks and external threats.

This book is split into two parts. Part 1 is related to network security risk assessment, while Part 2 concerns the aeronautical case study and the AeroMACS technology.

Part 1: Network security risk assessment

Chapter 1 provides an introduction to information system security risk management process. The objective of this chapter is to underline the importance of network security in network design and emphasize the impact of risk assessment in the decision-making process of network security policies. Furthermore, the risk propagation concept is explained.

Chapter 2 provides a state of the art of existing risk management methodologies that can be currently used (quantitative and qualitative methodologies).

In Chapter 3, an original quantitative network risk assessment model based on risk propagation is introduced. All the parameters defined in the methodology are explained. Then, the chapter goes through the network security risk assessment process.

Part 2: Application to airport communication network design

After the first part dedicated to risk assessment, an extensive case study is presented in the second part of the book. The main goal is to present to the reader a complete application of the risk assessment methodology to future airport communication network design.

Chapter 4 introduces the aeronautical background necessary to understand this case study: the European SESAR project is briefly presented and then specific aeronautical communication concepts and terminology are discussed. The chapter ends with a section dedicated to the AeroMACS technology (protocol architecture, network reference model, security features) used in the case study.

Finally, Chapter 5 presents all the experimental scenarios and their results. The risk assessment results are used at each step to improve the choices made later in the following experiments as the tool is meant to be used (a decision-making tool for network security and network design).

1http://standards.ieee.org/about/get/802/802.16.html

PART 1

Network Security Risk Assessment

1

Introduction to Information System Security Risk Management Process

Currently, network security is an important part of a network design process. Information System Security Risk Management (ISSRM) allows network engineers to maximize the network security level they want to achieve. Usually, ISSRM processes follow an overall framework composed of classical and common steps. Nevertheless, these steps can differ from one method to another and do not necessarily put the same weight on each step. For instance, some methods focus on security controls and countermeasures whereas others put more effort on risk assessment and treatment procedures.

However, a general ISSRM framework can be drawn and considered as a basis for any information security management-related work, as illustrated in Figure 1.1.

This general ISSRM framework is composed of six steps:

Figure 1.1.General information system security risk management process

1.1. On the importance of network security for network designers

Network security is a critical step in IT network and system design. Security countermeasures (firewalls, virtual private networks (VPNs), authentication, authorization and accounting (AAA) servers, etc.) are the first protection layer against threats and malicious actions targeting the system resources. In order to provide an effective and robust network, a sound risk analysis and a well-thought security policy are required. Hence, before deploying the network security system, network designers have to carefully think about security by respecting the following guidances: