Security in Fixed and Wireless Networks E-Book

Table of Contents

Cover

Title Page

Copyright

About the authors

Preface to the second edition

Preface to the first edition

Part I: Foundations of Data Security Technology

Chapter 1: Introduction

1.1 Content and Structure of this Book

1.2 Threats and Security Goals

1.3 Network Security Analysis

1.4 Information Security Measures

1.5 Important Terms Relating to Communication Security

Chapter 2: Fundamentals of Cryptology

2.1 Cryptology, Cryptography and Cryptanalysis

2.2 Classification of Cryptographic Algorithms

2.3 Cryptanalysis

2.4 Estimating the Effort Needed for Cryptographic Analysis

2.5 Characteristics and Classification of Encryption Algorithms

2.6 Key Management

2.7 Summary

2.8 Supplemental Reading

2.9 Questions

Chapter 3: Symmetric Cryptography

3.1 Encryption Modes of Block Ciphers

3.2 Data Encryption Standard

3.3 Advanced Encryption Standard

3.4 RC4 Algorithm

3.5 The KASUMI algorithm

3.6 Summary

3.7 Supplemental Reading

3.8 Questions

Chapter 4: Asymmetric Cryptography

4.1 Basic Idea of Asymmetric Cryptography

4.2 Mathematical Principles

4.3 The RSA Algorithm

4.4 The Problem of the Discrete Logarithm

4.5 The Diffie–Hellman Key Exchange Algorithm

4.6 The ElGamal Algorithm

4.7 Security of Conventional Asymmetric Cryptographic Schemes

4.8 Principles of Cryptography Based on Elliptic Curves

4.9 Summary

4.10 Supplemental Reading

4.11 Questions

Chapter 5: Cryptographic Check Values

5.1 Requirements and Classification

5.2 Modification Detection Codes

5.3 Message Authentication Codes

5.4 Message Authentication Codes Based on MDCs

5.5 Authenticated Encryption

5.6 Summary

5.7 Supplemental Reading

5.8 Questions

Chapter 6: Random Number Generation

6.1 Random Numbers and Pseudo-Random Numbers

6.2 Cryptographically Secure Random Numbers

6.3 Statistical Tests for Random Numbers

6.4 Generation of Random Numbers

6.5 Generating Secure Pseudo-Random Numbers

6.6 Implementation Security

6.7 Summary

6.8 Supplemental Reading

6.9 Questions

Chapter 7: Cryptographic Protocols

7.1 Properties and Notation of Cryptographic Protocols

7.2 Data Origin and Entity Authentication

7.3 Needham–Schroeder Protocol

7.4 Kerberos

7.5 International Standard X.509

7.6 Security of Negotiated Session Keys

7.7 Advanced Password Authentication Methods

7.8 Formal Validation of Cryptographic Protocols

7.9 Summary

7.10 Supplemental Reading

7.11 Questions

Chapter 8: Secure Group Communication*

8.1 Specific Requirements for Secure Group Communication

8.2 Negotiation of Group Keys

8.3 Source Authentication

8.4 Summary

8.5 Supplemental Reading

8.6 Questions

Chapter 9: Access Control

9.1 Definition of Terms and Concepts

9.2 Security Labels

9.3 Specification of Access Control Policies

9.4 Categories of Access Control Mechanisms

9.5 Summary

9.6 Supplemental Reading

9.7 Questions

Part II: Network Security

Chapter 10: Integration of Security Services in Communication Architectures

10.1 Motivation

10.2 A Pragmatic Model

10.3 General Considerations for the Placement of Security Services

10.4 Integration in Lower Protocol Layers vs Applications

10.5 Integration into End Systems or Intermediate Systems

10.6 Summary

10.7 Supplemental Reading

10.8 Questions

Chapter 11: Link Layer Security Protocols

11.1 Virtual Separation of Data Traffic with IEEE 802.1Q

11.2 Securing a Local Network Infrastructure Using IEEE 802.1X

11.3 Encryption of Data Traffic with IEEE 802.1AE

11.4 Point-to-Point Protocol

11.5 Point-to-Point Tunneling Protocol

11.6 Virtual Private Networks

11.7 Summary

11.8 Supplemental Reading

11.9 Questions

Chapter 12: IPsec Security Architecture

12.1 Short Introduction to the Internet Protocol Suite

12.2 Overview of the IPsec Architecture

12.3 Use of Transport and Tunnel Modes

12.4 IPsec Protocol Processing

12.5 The ESP Protocol

12.6 The AH Protocol

12.7 The ISAKMP Protocol

12.8 Internet Key Exchange Version 1

12.9 Internet Key Exchange Version 2

12.10 Other Aspects of IPsec

12.11 Summary

12.12 Supplemental Reading

12.13 Questions

Chapter 13: Transport Layer Security Protocols

13.1 Secure Socket Layer

13.2 Transport Layer Security

13.3 Datagram Transport Layer Security

13.4 Secure Shell

13.5 Summary

13.6 Supplemental Reading

13.7 Questions

Part III: Secure Wireless and Mobile Communications

Chapter 14: Security Aspects of Mobile Communication

14.1 Threats in Mobile Communication Networks

14.2 Protecting Location Confidentiality

14.3 Summary

14.4 Supplemental Reading

14.5 Questions

Chapter 15: Security in Wireless Local Area Networks

15.1 The IEEE 802.11 Standard for WLANs

15.2 Entity Authentication

15.3 Wired Equivalent Privacy

15.4 Robust Secure Networks

15.5 Security in Public WLANs

15.6 Summary

15.7 Supplemental Reading

15.8 Questions

Chapter 16: Security in Mobile Wide-Area Networks

16.1 Global System for Mobile Communication

16.2 Universal Mobile Telecommunications System

16.3 Long-Term Evolution

16.4 Summary

16.5 Supplemental Reading

16.6 Questions

Part IV: Protecting Communications Infrastructures

Chapter 17: Protecting Communications and Infrastructure in Open Networks

17.1 Systematic Threat Analysis

17.2 Security of End Systems

17.3 Summary

17.4 Supplemental Reading

17.5 Questions

Chapter 18: Availability of Data Transport

18.1 Denial-of-Service Attacks

18.2 Distributed Denial-of-Service Attacks

18.3 Countermeasures

18.4 Summary

18.5 Supplemental Reading

18.6 Questions

Chapter 19: Routing Security

19.1 Cryptographic Protection of BGP

19.2 Identification of Routing Anomalies*

19.3 Summary

19.4 Supplemental Reading

19.5 Questions

Chapter 20: Secure Name Resolution

20.1 The DNS Operating Principle

20.2 Security Objectives and Threats

20.3 Secure Use of Traditional DNS

20.4 Cryptographic Protection of DNS

20.5 Summary

20.6 Supplemental Reading

20.7 Questions

Chapter 21: Internet Firewalls

21.1 Tasks and Basic Principles of Firewalls

21.2 Firewall-Relevant Internet Services and Protocols

21.3 Terminology and Building Blocks

21.4 Firewall Architectures

21.5 Packet Filtering

21.6 Bastion Hosts and Proxy Servers

21.7 Other Aspects of Modern Firewall Systems

21.8 Summary

21.9 Supplemental Reading

21.10 Questions

Chapter 22: Automated Attack Detection and Response

22.1 Operating Principle and Objectives of Intrusion Detection Systems

22.2 Design and operation of network-based IDSs

22.3 Response to Attacks and Automatic prevention

22.4 Techniques for Evading NIDSs

22.5 Summary

22.6 Supplemental Reading

22.7 Questions

Chapter 23: Management of Complex Communication Infrastructures*

23.1 Automatic Certificate Management

23.2 Automatic VPN Configuration

23.3 Summary

23.4 Supplemental Reading

23.5 Questions

Bibliography

Abbreviations

Index

End User License Agreement

Pages

xiii

xiv

xv

xvi

xvii

1

3

4

5

6

7

8

9

10

11

12

13

14

15

17

18

19

20

21

22

23

24

25

26

27

28

29

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

97

98

98

99

99

100

100

101

101

102

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

197

198

199

200

201

202

203

204

205

207

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

335

337

338

339

340

341

342

343

344

345

346

347

348

349

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

459

460

460

461

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

595

596

597

598

599

600

Guide

Cover

Table of Contents

Preface to the second edition

Part I: Foundations of Data Security Technology

Begin Reading

List of Illustrations

Chapter 1: Introduction

Figure 1.1 Architecture of layered communication systems

Figure 1.2 Dimensions of the security analysis of layered protocol architectures

Chapter 2: Fundamentals of Cryptology

Figure 2.1 Overview of cryptographic algorithms presented in this book

Chapter 3: Symmetric Cryptography

Figure 3.1 Electronic Code Book Mode

Figure 3.2 Cipher Block Chaining Mode

Figure 3.3 Ciphertext Feedback Mode

Figure 3.4 Output Feedback Mode

Figure 3.5 Overview of the DES algorithm

Figure 3.6 One round in the DES algorithm

Figure 3.7 Overview of Rijndael encryption

Figure 3.8 Overview of Rijndael decryption

Figure 3.9 Initialisation of RC4 algorithm

Figure 3.10 Encryption or decryption with the RC4 algorithm

Figure 3.11 One round of the KASUMI algorithm

Chapter 4: Asymmetric Cryptography

Figure 4.1 Euclidean algorithm

Figure 4.2 Extended Euclidean algorithm

Figure 4.3 Two elliptic curves over

Figure 4.4 Addition of two points in general position (left) and addition of identical points (right)

Figure 4.5 Points of the elliptic curve

Chapter 5: Cryptographic Check Values

Figure 5.1 Merkle-Dåmgard structure of cryptographic hash functions

Figure 5.2 An iteration of the MD5 function

Figure 5.3 An iteration of the SHA-1 function

Figure 5.4 Configuration of the rounds function in SHA-2

Figure 5.5 Hashing with cryptographic sponge functions

Figure 5.6 General structure of a CBC-MAC

Figure 5.7 Simplified Galois/Counter Mode sequence

Figure 5.8 Simplified sequence of the SpongeWrap method

Chapter 6: Random Number Generation

Figure 6.1 The random generator ANSI X9.17

Figure 6.2 Dual Elliptic Curve Deterministic Random Bit Generator sequence

Chapter 7: Cryptographic Protocols

Figure 7.1 Overview of the Kerberos protocol

Figure 7.2 The Inter-Realm Kerberos Protocol

Figure 7.3 Structure of X.509 certificates

Figure 7.4 Example of an X.509 certification hierarchy

Chapter 8: Secure Group Communication*

Figure 8.1 Example of a Logical Key Hierarchy for seven group members

Figure 8.2 Iolus scenario with GSI on two hierarchy levels

Figure 8.3 Example of a TGDH key hierarchy

Figure 8.4 Block diagram showing block-by-block authentication according to [PM03]

Figure 8.5 Time sequence of authentication with TESLA

Chapter 9: Access Control

Figure 9.1 The concept of a reference monitor

Figure 9.2 The conceptual access control matrix

Chapter 10: Integration of Security Services in Communication Architectures

Figure 10.1 Fundamental design decisions for network security (1)

Figure 10.2 Fundamental design decisions for network security (2)

Figure 10.3 A pragmatic model for secure networked systems

Figure 10.4 Mapping between protocol layers and requirement levels is not one-to-one

Figure 10.5 Authentication relationships in internetworks

Chapter 11: Link Layer Security Protocols

Figure 11.1 Structure of a physical local area network with VLANs

Figure 11.2 Controlled and uncontrolled ports with IEEE 802.1X

Figure 11.3 Protocol run of EAPOL protocol

Figure 11.4 Protecting a 802.3 frame with MACsec

Figure 11.5 Classical usage scenario for PPP

Figure 11.6 Frame format of PPP

Figure 11.7 Frame format of PPP link control protocol

Figure 11.8 Frame format of PPP Challenge Handshake Protocol (1)

Figure 11.9 Frame format of PPP Challenge Handshake Protocol (2)

Figure 11.10 Frame format of PPP Encryption Control Protocol

Figure 11.11 Format of encrypted PPP packets (DESEv2)

Figure 11.12 Structure of PPTP packets

Figure 11.13 Compulsory tunneling with PPTP

Figure 11.14 Voluntary tunneling with PPTP

Figure 11.15 Frame construction with voluntary PPTP tunnelling

Chapter 12: IPsec Security Architecture

Figure 12.1 Distributed information processing based on TCP/IP protocol suite

Figure 12.2 Format of an IPv4 packet

Figure 12.3 Format of a IPv6 packet

Figure 12.4 Overview of IPsec Standards

Figure 12.5 Packet formats for transport and tunnel modes

Figure 12.6 Structure of an IP packet with Authentication Header

Figure 12.7 Structure of an IP packet with Encapsulating Security Payload

Figure 12.8 Example of a sliding window before updating

Figure 12.9 Example of a sliding window after a window is updated

Figure 12.10 Integration alternatives for IPsec in end systems

Figure 12.11 Integration alternatives for IPsec in gateway systems

Figure 12.12 End-to-end security with transport mode

Figure 12.13 Use of tunnel mode in gateway systems

Figure 12.14 Use of tunnel mode between a host and a gateway

Figure 12.15 Nesting of security associations

Figure 12.16 Valid nesting of two security associations

Figure 12.17 Example of two SAs with invalid nesting

Figure 12.18 Packet format of ESP

Figure 12.19 Preparation of outgoing ESP packets (1/2)

Figure 12.20 Preparation of outgoing ESP packets (2/2)

Figure 12.21 Processing incoming ESP packets (1/2)

Figure 12.22 Processing of incoming ESP packets (2/2)

Figure 12.23 Packet format of AH

Figure 12.24 Variable and immutable fields of an IPv4 packet header

Figure 12.25 Variable and immutable fields of an IPv6 packet header

Figure 12.26 Preparation of outgoing AH packets (1/2)

Figure 12.27 Preparation of outgoing AH packets (2/2)

Figure 12.28 Processing of incoming AH packets (1/2)

Figure 12.29 Processing of incoming AH packets (2/2)

Figure 12.30 Frame format of ISAKMP data units

Figure 12.31 Protocol header for an ISAKMP payload

Figure 12.32 Short and long format for ISAKMP attributes

Figure 12.33 Structure of SA payload

Figure 12.34 Structure of the proposal payload

Figure 12.35 Structure of the transform payload

Figure 12.36 Process for main mode exchange with pre-shared key

Figure 12.37 Process of main mode exchange with signatures

Figure 12.38 Process of main mode exchange with public key encryption (Method 1)

Figure 12.39 Process of main mode exchange with public key encryption (Method 2)

Figure 12.40 Process of aggressive mode exchange with pre-shared key

Figure 12.41 Process of quick mode exchange

Figure 12.42 Key exchange sequence in IKEv2

Figure 12.43 Protocol structure for application of NAT-T in transport mode (top) and tunnel mode (bottom)

Chapter 13: Transport Layer Security Protocols

Figure 13.1 Architecture of the secure socket layer protocol

Figure 13.2 Frame format of the SSL record layer protocol

Figure 13.3 Full exchange for negotiating an SSL session

Figure 13.4 Abbreviated exchange for negotiating an SSL session

Figure 13.5 Simplified sequence of an attack on the CBC mode in TLS 1.0

Figure 13.6 Frame format of SSH transport protocol

Figure 13.7 Establishing an interactive SSH session

Chapter 15: Security in Wireless Local Area Networks

Figure 15.1 Components of an infrastructure network based on IEEE 802.11

Figure 15.2

Ad hoc

communication based on IEEE 802.11

Figure 15.3 Block diagram of WEP encryption

Figure 15.4 Block diagram of WEP decryption

Figure 15.5 TKIP protection sequence

Figure 15.6 Schematic diagram of the Michael rounds function

Figure 15.7 TKIP receiving routine

Figure 15.8 Simplified CCM encryption procedure

Figure 15.9 Structure of a 802.11 frame for CCMP

Chapter 16: Security in Mobile Wide-Area Networks

Figure 16.1 Architecture of a GSM network

Figure 16.2 Authentication in GSM networks

Figure 16.3 Overview of the architecture of a UMTS network

Figure 16.4 Overview of authentication exchange with UMTS

Figure 16.5 Generating authentication vectors with UMTS

Figure 16.6 Client-side processing with authentication

Figure 16.7 Schematic structure of LTE networks

Figure 16.8 Security-related messages on UE login into an LTE network

Figure 16.9 Key hierarchy in LTE networks

Chapter 17: Protecting Communications and Infrastructure in Open Networks

Figure 17.1 Example of a simplified threat tree for packet-oriented networks

Figure 17.2 Types of threat refinements: logical AND- and OR linking

Figure 17.3 Number of published security vulnerabilities with CVE numbers over the last few years

Figure 17.4 A self-replicating C program

Figure 17.5 New backslash escape sequence. The first C compiler requires the code on the left. All subsequent ones can use the code on the right and adopt the interpretation of the first code.

Chapter 18: Availability of Data Transport

Figure 18.1 Classic scenarios for distributed denial-of-service attacks: (a) master–slave victim; (b) master–slave reflector victim

Figure 18.2 Scenario for using TCP-SYN cookies

Figure 18.3 Stateful and stateless protocols

Figure 18.4 Centertrack: concentration of DoS traffic on a router for better traceability

Figure 18.5 Source Path Identification Engine: Architecture

Figure 18.6 Embedding of the traceback information in IPv4 packets

Chapter 19: Routing Security

Figure 19.1 Example of hierarchical Internet routing: the autonomous systems A, B and C each use an Interior Gateway Protocol internally. BGP is used between the autonomous systems.

Figure 19.2 Extension of BGP UPDATE messages by route attestations

Figure 19.3 Example of a Merkle Hash Tree over seven messages . Every parent node is the hash value of its child nodes. The signature takes place via the root node.

Figure 19.4 Trust relationships between providers in soBGP. Unbroken lines symbolise direct trust and dashed lines indirect trust.

Figure 19.5 Interdomain Route Validation with external servers

Figure 19.6 Example for geographically improbable paths. A path via two geographical clusters that is not directed via the core network (top) and a path that passes through the core network twice (bottom).

Chapter 20: Secure Name Resolution

Figure 20.1 Hierarchical naming in DNS and corresponding server hierarchy

Figure 20.2 Flow of information within a DNS zone. A caching server queries the root, TLD and authoritative servers of a domain for a client.

Figure 20.3 Possible threats to data integrity and authenticity at various points of the DNS infrastructure

Figure 20.4 Classic DNS cache poisoning sequence

Figure 20.5 Split-horizon DNS

Figure 20.6 Chain of trust in the use of DNSSEC

Chapter 21: Internet Firewalls

Figure 21.1 Firewall placement between a protected network and the Internet

Figure 21.2 Frame format of an IP packet with a TCP segment

Figure 21.3 Architecture of a packet filter firewall

Figure 21.4 Dual-homed-host architecture

Figure 21.5 Screened-host architecture

Figure 21.6 Screened-subnetwork architecture

Figure 21.7 Split-screened subnetwork architecture

Chapter 22: Automated Attack Detection and Response

Figure 22.1 PDRR process. The success of preventive measures is verified by attack detection. Short- and long-term measures are implemented to adapt it as necessary

Figure 22.2 Function blocks in an IDS

Figure 22.3 Waysofclassifying events

Figure 22.4 Possible positioning of a NIDS: on the open Internet, in the DMZ or internal networks

Figure 22.5 Model of NIDSs with automatic anomaly detection [EGD04]

Figure 22.6 Depending on the maximum time set for assembly, (1) the first three fragments produce a packet, (2) the last three fragments produce a packet or (3) all the fragments are discarded

Figure 22.7 Ratio of the discovery of attackers by means of external or internal measures according to [Ver13]

Chapter 23: Management of Complex Communication Infrastructures*

Figure 23.1 Interfaces and components of a PKI

Figure 23.2 Hub-and-spoke architecture: the parties link up to a central coordinator

Figure 23.3 Fully-meshed VPN: all parties are connected to each other

Figure 23.4 Topology of a Group Encrypted Transport VPN

Figure 23.5 Tunnel-less Encryption: GET copies parts of the inner IP header to the outer header

Figure 23.6 DMVPN: configuration of a static hub structure and flexible spoke associations

Figure 23.7 TED: establishment of IPsec associations between IPsec gateways, initiated by client traffic

Figure 23.8 With PMIDP, gateways announce their presence using regular multicast messages

Figure 23.9 SOLID maps complex transport networks in a ring structure

Figure 23.10 Example of connected paths for SOLID ring topology

List of Tables

Chapter 1: Introduction

Table 1.1 Technical security goals and threats

Chapter 2: Fundamentals of Cryptology

Table 2.1 Average times needed for an exhaustive search for a key

Table 2.2 Reference values for estimating the computational effort of cryptanalytic methods

Chapter 4: Asymmetric Cryptography

Table 4.1 Properties of modular arithmetic

Table 4.2 Key lengths for different techniques with comparable security level

Chapter 7: Cryptographic Protocols

Table 7.1 Notation of cryptographic protocols

Chapter 16: Security in Mobile Wide-Area Networks

Table 16.1 Common acronyms of GSM terminology

Table 16.2 Common abbreviations used with UMTS authentication

Chapter 21: Internet Firewalls

Table 21.1 Example of a packet filter specification

Table 21.2 Inclusion of source port in a packet filter rule set

Table 21.3 Inclusion of an ACK bit in the packet filter rule set

Table 21.4 Inclusion of bastion host in packet filter rule set

Security in Fixed and Wireless Networks (2nd Edition)

Copyright © 2014 by dpunkt.verlag GmbH, Heidelberg, Germany.

Title of the German original: Netzsicherheit ISBN 978-3-86490-115-7

Translation Copyright © 2016 by John Wiley & Sons Ltd, All rights reserved.

Registered office

John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom

For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com.

The right of the authors to be identified as the authors of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professional services and neither the publisher nor the author shall be liable for damages arising herefrom. If professional advice or other expert assistance is required, the services of a competent professional should be sought

Library of Congress Cataloging-in-Publication Data

Schaefer, Guenter (Telecommunications engineer), author.

[Netzsicherheit, Algorithmische Grundlagen und Protokolle. English]

Security in fixed and wireless networks / Dr Guenter Schaefer, Technische Universitaet Ilmenau, Michael Rossberg, Technische Universitaet Ilmenau.

pages\quad cm

Includes bibliographical references and index.

ISBN 978-1-119-04074-3 (cloth : alk. paper) 1. Computer networks--Security measures.\break 2. Wireless communication systems--Security measures. 3. Computer security. I. Rossberg, Michael, author. II. Title.

TK5105.59.S3313\quad 2003

005.8-dc23

2015034626

A catalogue record for this book is available from the British Library.

About the authors

Guenter Schaeferstudied computer science at Universitaet Karlsruhe, Germany, from 1989 to 1994. Between 1994 and 1999 he was a researcher at the Institute of Telematics, Universitaet Karlsruhe. After obtaining his PhD degree (1998) he worked at Ecole Nationale Supérieure des Télécommunications, Paris, France (1999–2000). Between 2000 and 2005 he was a researcher at Technische Universitaet Berlin in the Telecommunication Networks Group. Since 2005 he has been full professor of computer science at the Technische Universität Ilmenau, leading the Telematics/Computer Networks research group. His research interests lie in the areas of network security, networking protocols, mobile communications and innovative communication services/architectures, and he regularly gives courses on network security, networking subjects and the basics of computer science (programming, algorithms etc.).

Michael Rossberg studied computer science at Technische Universitaet Ilmenau, Germany, from 2002 to 2007. Since 2007 he has been a researcher at the Telematics/Computer Networks research group. In 2011 he obtained his PhD in computer science with a thesis on peer-to-peer-based autoconfiguration of large-scale IPsec VPNs. His research interests lie in network security, resilience against denial-of-service attacks and performance evaluation/optimisation. Since December 2013 he has served as a lecturer in the Telematics and Computer Networks research group.

Preface to the second edition

Since the publication of the first edition of this book, 12 years ago, many developments have taken place in the field of network security. Indeed, the innovations are so numerous that we decided to develop this second edition of the book in a team, therefore Michael Rossberg and myself now jointly maintain the book.

The evolution of the topic required not only a rigorous revision of the existing chapters, but also the addition of new material in order to take new developments into account. For example, quite a number of new cryptographic algorithms are discussed in the new edition, including new attacks and security insights on former ones. Nevertheless, we decided to keep the discussion of some historic approaches, like DES and MD5, as they serve as a foundation of the newer developments and are well suited to explain important concepts. We extended the chapter on asymmetric cryptography with an introduction to cryptography based on elliptic curves, as this approach plays a more and more important practical role due to the improvements in calculating discrete logarithms. The chapter on mobile Internet communication and Mobile IP has been dropped from the second edition because Mobile IP has not been widely adopted in the open Internet, only in very controlled environments.

Furthermore, the book has been extended by the addition of a completely new part, which covers the protection of whole communications infrastructures against targeted attacks on integrity and availability. The chapter on Internet firewalls from the first edition has been integrated into this part of the book, for obvious reasons.

In its resulting structure this second edition serves well as a foundation for two or three consecutive college-level courses, but it is also possible to teach some aspects independently. For example, a three-step approach could cover IT security foundations (Part I) in a first course, their application to networks (Parts II and III) in a second course and the protection of communications infrastructures in a final third course, and it may be possible to attend the last course without the first and second ones. In this latter case, only some central ideas from the first part of the book need to be studied first. A division into two lectures would cover essential parts of the first part of the book and discuss their application to networks. To cover all topics in the first three parts, one must plan for at least 4 hours of lectures per week. The protection of communications infrastructures would be the second independently held lecture in this case. We have had good experience with thetwo-step approach, which we have used for teaching at TU Ilmenau in recent years.

Please note that all chapters and sections in this book that are marked by an asterisk may safely be skipped during reading and teaching without impairing the understanding of subsequent material.

At this point we want to thank our students and the many other people who have helped us with their numerous questions and suggestions to present the teaching material in its current form. We would also like to thank two members of our research group who contributed slides to the lectures, which also served as a first foundation for the second edition of the book, Prof. Dr.-Ing. Thorsten Strufe and Dr.-Ing. Mathias Fischer. Prof. Dr. Martin Dietzfelbinger from the Complexity Theory and Efficient Algorithms research group provided us with valuable comments on our chapter on asymmetric cryptography, which we were largely able to integrate into this second edition. The responsibility for any errors that still might appear in the book despite all the help that was available, of course, lies with us. We will, therefore, continue to appreciate any comments or suggestions regarding the content of this book.

Ilmenau, July 2015 Guenter Schaefer and Michael Rossberg

Preface to the first edition

This book has evolved during my time as a technical assistant in the department of telecommunications networks at the Technical University of Berlin. It is based on my lecture Network Security that I have been presenting at the university since the winter semester of 2000/2001.

I therefore particularly want to express my warm gratitude to the head of this department, Professor Adam Wolisz, for the wonderful opportunities he has given me for my work. He has supported my plans to write a textbook on network security from the very beginning.

Dipl.-Ing. Mr. Andreas Hess offered to read and edit the entire first draft of my text. I am sincerely grateful to him for his fast turnaround times and numerous helpful suggestions for changes and improvements.

Mrs. Hedwig Jourdan von Schmöger translated the German version of the book into English. She not only had a good grasp of the technical content but also had a knack for dealing with my often rather long German sentences. I want to thank her for the very good working relationship we had.

This gratitude also extends to the editorial staffs of dpunkt.verlag and John Wiley & Sons, who were so helpful with both the German and English versions of the book. Their constant support and guidance made my task much easier. I also appreciate the helpful input from the various reviewers who provided useful and constructive comments.

Lastly, I want to thank the students who attended my lectures for their numerous questions and suggestions that gave me many ideas for how to structure this book.

The responsibility for any errors that still might appear in this book despite all the help that was available, of course, lies with me. I will, therefore, continue to appreciate any comments or suggestions regarding the content of this book.

Berlin, December 2003 Guenter Schaefer

Part IFoundations of Data Security Technology

Chapter 1Introduction

It is now a well-known fact that, despite all the benefits, the digital revolution with its omnipresent networking of information systems also involves some risks. This book looks at a specific category of risks, the category of risks that evolve as a result of eavesdropping and the manipulation of data transmitted in communication networks and the vulnerability of the communication infrastructure itself. In particular, measures are discussed that can be taken to minimise them.

Mankind1 very early on recognised the need to protect information that was being transferred or stored, and so the desire to protect information from unauthorised access is probably as old as writing itself. For example, reliable early records on protective measures describe a technique used by the Spartans around 400 BC. The technique entailed writing messages on a leather strip that was wrapped around a stick of a specific diameter. Before the message was delivered, the leather strip was removed from the stick, and a potential attacker who did not have a stick with the same diameter, because he did not know the diameter or anything about the technique, could not read the message. In a sense this was an implementation of the first ‘analogue’ encryption.

In2 the fourth century BC, the Greek Polybius developed a table of bilateral substitution that defined how to encode characters into pairs of symbols and their corresponding reinstatement, thereby specifying the first ‘digital’ encryption method. Of the Romans we know that they often protected their tactical communication by using simple monoalphabetic substitution methods. The most widely known one was probably the ‘Caesar cipher’, named after its creator Julius Caesar, in which each character of the alphabet is shifted upwards by three characters. Thus, ‘A’ becomes ‘D’, ‘B’ becomes ‘E’, etc.

The3 Arabs were the first people to develop a basic understanding of the two fundamental principles of substitution, that is, pure character replacement, and transposition, that is, changing the sequence of the characters of a text. When they evaluated a method they also considered how a potential attacker might analyse it. They were therefore aware of the significance of relative letter frequency in a language for the analysis of substitution ciphers because it gave some insight into substitution rules. By the beginning of the fifteenth century, the Arabic encyclopaedia ‘Subh al-a'sha’ already contained an impressive treatment and analysis of cryptographic methods.

In Europe, cryptology originated during the Middle Ages in the papal and Italian city-states. The first encryption algorithms merely involved vowel substitution, and therefore offered at least some rudimentary protection from ignorant attackers who may not have come up with the idea of trying out all the different possible vowel substitutions.

Not4 wanting to turn the entire development of cryptology into a scientific discipline at this juncture, we can deduce from the developments mentioned that special importance has always been given to protecting information. However, a second category of risks is increasingly becoming a major priority in the age of omnipresent communication networks. These risks actually affect communication infrastructures rather than the data being transmitted. With the development and expansion of increasingly complex networks, and the growing importance of these networks not only to the economic but also to the social development of the modern information society, there is also a greater demand for ways to secure communication infrastructures from deliberate manipulation. For economic operation it is important to ensure that the services provided by communication networks are available and functioning properly as well as that the use of these services can be billed correctly and in a way that everyone can understand.

1.1 Content and Structure of this Book

In this book equal treatment is given to the two task areas in network security mentioned: security of transmitted data and security of the communication infrastructure. We start by introducing central terms and concepts and providing an overview of the measures available for information security.

Building on this introductory information5, the rest of the chapters in Part 1 deal with the fundamental principles of data security technology. Chapter 2 uses basic concepts to introduce cryptology. Chapter 3 covers the use and functioning of symmetric ciphering schemes, whereas Chapter 4 is devoted to asymmetric cryptographic algorithms. Chapter 5 introduces cryptographic check values for the detection of message manipulation. Generating secure, non-predictable random numbers is the subject of Chapter 6. In a sense, the algorithms in these four chapters constitute the basic primitives of data security technology upon which the cryptographic protection mechanisms of network security are based. Chapter 7 discusses cryptographic protocols and introduces the authentication and key exchange protocols that are central to network security. Chapter 8 enlarges the topic in the context of scenarios with group communication. This deeper discussion may be skipped in an introductory course without impairing the understanding of further book chapters. Part 1 concludes with Chapter 9, which provides an introduction to the principles of access control.

Part 26 of this book focuses on the architectures and protocols of network security. It starts with Chapter 10, which examines general issues relating to the integration of security services in communication architectures. Chapter 11 discusses security protocols of the data link layer, Chapter 12 examines the security architecture for the Internet protocol IPsec and Chapter 13 closes Part 2 by describing security protocols for the transport layer.

Part7 3 of the book presents the field of secure wireless and mobile communication. Chapter 14 differentiates the additional security aspects that arise in mobile communications compared with conventional fixed networks, and presents approaches of a more conceptual nature for maintaining the confidentiality of the current location area of mobile devices. The other chapters in this part examine concrete examples of systems. Chapter 15 deals with the security functions of the IEEE 802.11 standard for wireless local networks and includes an in-depth discussion of the weaknesses of former versions of the standard. Chapter 16 introduces the security functions for the current standards for mobile wide-area networks, that is, GSM, UMTS and LTE.

While8 Parts 1 to 3 of the book mainly concentrate on the security of communication processes between end systems, the fourth and last part of the book deals with protection of large networks and the communication infrastructure. Chapter 17 first describes the basic problem of protecting systems in open networks and provides a short overview of systematic threat analysis. It also discusses the problem of protecting end systems as a requirement for secure network operation. Chapter 18 deals with denial-of-service attacks, which affect end systems as well as the communication infrastructure. Chapters 19 and 20 cover the security of fundamental communication infrastructure services: routing and name resolution. Internet firewalls as the main means for realising subnet-related access control are introduced in Chapter 21. Since attacks cannot always be prevented through the proactive security measures described in these chapters, it often makes sense to introduce additional control through intrusion detection systems and/or intrusion prevention systems. The principles of such systems and existing techniques are introduced in Chapter 22. Finally, Chapter 23 deals with difficulties in the management of large security infrastructures.

Before9 our attentive and inquisitive readers get too involved in the further content of this book, they should be made aware that the field of network security has developed into a very active field during the last few years. Consequently, extensive improvements are constantly being made to existing security protocols and new protocols are being developed and introduced. Doing justice to the speed of this development in a textbook thus becomes a very difficult if not impossible undertaking. We therefore ask for the reader's understanding if a detail or two has already been resolved in a way that deviates from our interpretation in a particular chapter or totally new protocols have established themselves in the meantime and are not dealt with in this book. It is precisely because of the rapid developments in this field that the priority of this book is to provide the reader with a fundamental understanding of the central principles presented and to describe them on the basis of concrete and relevant sample protocols.

1.2 Threats and Security Goals

The terms threat and security goal play an important role in assessing the risks in communication networks, therefore they will first be defined in general terms.

Definition 1.1

A threat in a communication network is a potential event or series of events that could result in the violation of one or more security goals. The actual implementation of a threat is called an attack.

Definition 1.1 10 is kept quite abstract and refers to the term security goal defined below. The following examples clarify the types of threats that exist:

a hacker intruding into the computer of a company;

someone reading someone else's transmitted e-mails;

a person altering sensitive data in a financial accounting system;

a hacker temporarily shutting down a web site;

somebody using or ordering services and goods in someone else's name.

The11 term security goal is another concept that is easier to explain with examples because at first glance security goals can vary considerably depending on the respective application scenario:

Banks:

protection from deliberate or unintentional modification of transactions;

reliable and non-manipulable identification of customers;

protection of personal identification numbers from disclosure;

protection of personal customer information.

Administration:

protection from disclosure of sensitive information;

use of electronic signatures for administrative documents.

Public network operators:

restriction of access to network management functions to authorised personnel only;

protection of the availability of the services offered;

guarantee of accurate and manipulation-safe billing of use of services;

protection of personal customer data.

Corporate and private networks:

protection of the confidentiality of exchanged data;

assurance of the authenticity of messages (details follow).

All networks: Protection from intrusion from outside.

Some12 of the security goals listed above are of course relevant to several different application scenarios — even if they are not repeated in the categories above. However, security goals can also be defined from a purely technical standpoint without being based on a concrete application scenario.

Definition 1.2

In the field of network security, a distinction can be made between the following technical security goals:

Confidentiality:

Transmitted or stored data and/or details about the communication itself, e.g. the identity of sender or receiver, should only be disclosed to authorised entities.

Data integrity:

It should be possible to detect unintentional or deliberate changes to data. This requires that the identification of the originator of the data is unique and cannot be manipulated.

Accountability:

It must be possible to identify the entity responsible for a particular event, e.g. use of a service.

Availability:

The services implemented in a system should be available and function properly.

Controlled access:

Only authorised entities should be able to access certain services and data.

Not all security experts and standards see the last goal to be full-fledged, but rather already covered by the first two goals. However, for communication networks it is often reasonable to restrict access to the network, even though there is no direct threat by any unauthorised access for that network itself.

Like13 security goals, threats can be viewed from a primarily technical standpoint and therefore technical threats are distinguished as follows:

Masquerade:

An entity pretends to have the identity of another entity.

Eavesdropping:

An entity reads information that is meant for someone else.

Authorisation violation:

An entity uses services or resources although it does not have appropriate permission.

Loss or modification of information:

Certain information is destroyed or changed.

Forgery:

An entity creates new information using the identity of another entity.

Repudiation:

An entity falsely denies having participated in a particular action.

Sabotage:

Any action that is aimed at reducing the availability or correct functioning of services or systems. In the context of computer networks these attacks are usually referred to by the term

denial-of-service (DoS)

.

These terms can be used as the basis for creating a general classification that clarifies which security goals are in danger of being exposed to which threats. Table 1.1 provides an overview of this classification. The table can be read in two different ways. On one hand, it shows that information confidentiality is threatened by the technical threats of masquerade, eavesdropping and authorisation violation; on the other hand, it can also be directly inferred from the table that forgery primarily threatens the security goals of data integrity, accountability and controlled access.

Table 1.1 Technical security goals and threats

In14 reality, a concrete attack often involves a combination of the threats mentioned above. An intrusion into a system often involves sniffing the access identification and related passwords. The identity of the sniffed identification is then provided for the access check with the latter representing a masquerade. Thus, Table 1.1 serves more the purpose of illustration than a definition of the abilities or possibilities of the different attacker types.

1.3 Network Security Analysis

When appropriate action is taken to counteract the above-mentioned threats to an actual application scenario, the counter-measures being considered first have to be evaluated carefully for the given network configuration. This requires a detailed security analysis of15 the network technology with an assessment of the risk potential of technical threats to the entities communicating in the network, along with an evaluation of the cost in terms of resources and time, that is, computing capacity, storage, message transfer, of executing known attack techniques.

Sometimes the detailed security analysis of a given network configuration or a specific protocol architecture will be needed to convince an organisation's financial controlling of the need for further security measures. Additionally, since the attack techniques as well as the network configuration are normally subjects of constant change, a security analysis and the respective derivation of risks needs to be constantly re-evaluated. In larger organisations it is advantageous to install a security management according to ISO 27001 [ISO13]. This includes, for example, the introduction of dedicated staff for IT security.

In any case, a key issue for security analyses is the question: ‘How can the complexity of the overall system be effectively reduced?’ Some fundamental techniques will be covered in Chapter 17 in more depth, but as a rule a detailed security analysis of a specific protocol architecture may be structured according to the following finely granulated attacks at the message level:

Passive attacks: Eavesdropping on protocol data units(PDUs);

Active attacks: Delay, replay, deletion and insertion of PDUs.

For16 any security analysis, one basic assumption needs to be that an actual hacker would have to be able to combine the attacks listed above in order to use them to construct more complex attacks from these basic building blocks interpreted as attack primitives. A ‘successful attack’ at the message level therefore requires that:

the attack produces no directly detectable side effects for other communication processes, e.g. for other connections or connectionless data transmission;

the attack produces few side effects for other PDUs in the same connection or in connectionless data transmission between the entities participating in the communication.

Otherwise, there is the inherent risk of attack detection and therefore the attacker may not be able to combine the building blocks to a more complex attack.

When a security analysis is produced for protocol architectures, each individual layer in the architecture should be checked for the attacks mentioned above.

Figure 1.1 shows the layered architecture typically used in communication systems today. In this architecture the end systems communicate with one another over a network of intermediate systems. The protocol functions are organised into five layers:

The lowest layer is the

physical layer

, which is responsible for transmitting bit streams over a physical medium, e.g. line or radio transmission link.

The

data link layer

above it combines multiple bits from the transmitted bit stream into transmission frames and carries out transmission that is protected against errors between two systems connected over a physical medium. It performs two basic tasks. When a shared medium is available to several systems, it coordinates access to the shared medium

(medium access control, MAC)

. It also takes appropriate measures to detect transmission errors so that defective frames received at the receiver are detected and can be discarded.

The

network layer

is responsible for the communication between end systems that are normally linked to one another over several intermediate systems. The main task of this layer therefore is routing and forwarding through the transmission network between the two end systems.

The

transport layer

enables an exchange of data between the processes of the end systems. The key tasks of this layer are addressing applications processes, detecting errors at the end-to-end level and, with a reliable service, implementing measures for error recovery, e.g. through retransmission.

Above the transport layer the

application layer

– as its name suggests – implements applications-specific protocols that are as diverse as the applications run in the end systems.

Figure 1.1 Architecture of layered communication systems

Only the three lower layers up to the network layer are normally implemented in the (intermediate) systems of the transmission network.

According to the description given above, a security analysis of layered protocol architectures can be structured along two dimensions (also compare Figure 1.2):

First the

systems and interfaces at risk

in the network configuration being analysed must be identified. For example, publicly accessible end systems, gateways to public networks as well as non-secure transmission routes (particularly in the case of wireless transmission) pose special security risks.

The security analysis is also structured according to the

layer

in which an attack can take place. Attacks do not necessarily have to occur in the application layer. On the contrary, depending on the intentions of the hacker, the main attack point can be the layers below the transport layer.

Figure 1.2 Dimensions of the security analysis of layered protocol architectures

A detailed security analysis is very useful for identifying the security risks that dominate in a particular network configuration. It can be used as the basis for selecting appropriate security measures to reduce these risks. The following section provides a general overview on this subject.

1.4 Information Security Measures

Many different security measures are available, each dealing with specific aspects of an information processing system and its embedding into the work processes supported by the system:

Physical security measures include lock systems and physical access controls, tamper proofing of security-sensitive equipment and environmental controls such as motion detectors, etc.

Personnel security measures

begin with a classification of the security-specific sensitivity of a position and also include procedures for employee screening and security training and awareness.

Administrative security measures include procedures for the controlled import of new software and hardware, detection of security-relevant occurrences through maintenance and regular checks of event logs as well as an analysis of known security breaches and incidents.

Media security measures are aimed at safeguarding the storage of information. Procedures and control mechanisms are implemented to identify, reproduce or destroy sensitive information and data carriers.

Radiation security measures are designed to prevent or limit electromagnetic emission from computer systems and peripheral devices (especially monitors) that a hacker could note and use to eavesdrop on information.

Life-cycle controls monitor the design, implementation and introduction of information processing systems. The specification and control of standards to be upheld for programming and documentation are geared towards achieving a ‘reliable’ development process.

System security measures for computers, operating systems and the applications run on computers are designed to secure information that is stored and processed in computing systems.

Expanding on the latter category, communication security measures are designed to protect information while it is being transmitted in a communication network. In conjunction with the measures that protect the network infrastructure itself, they form the category of network security measures.

The17 last category mentioned, network security, is the main subject of this book. However, it should be emphasised that a careful application of the entire catalogue of measures listed above is necessary to guarantee the security of information processing processes. This is due to the fact that a security system is only as secure as its weakest component. For example, a sophisticated password system that prevents the use of easily guessed passwords is minimally effective if users write their passwords on media that are not adequately protected or if a hacker can use a telephone call to induce someone to divulge a password (‘social engineering’).

1.5 Important Terms Relating to Communication Security

This section introduces the terms security service, cryptographic algorithm and cryptographic protocol, which are central to network security, and explains their relationship to one another.

Definition 1.3

A security service is an abstract service that seeks to achieve a specific security objective.

A18 security service can be implemented through either cryptographic or conventional means. For example, one way to prevent a file stored on a USB stick from being read by an unauthorised entity is to ensure that the file is encrypted before it is stored. On the other hand, the same goal can be achieved if the stick is locked up in a secure safe. Normally, the most effective approach is a combination of cryptographic and conventional methods.

In its generalisation, Definition 1.319 gives the impression that a multitude of different security services exist. Actually the number is surprisingly small; precisely five fundamental security services are distinguished:

As subsequent discussions in this book will show,

authentication

is the most important of all security services because it allows manipulation-safe identification of entities.

To a certain extent the security service data integrity, which ensures that data generated by a specific entity cannot undetectably be modified, is the ‘little brother’ of the authentication service.

Confidentiality

, which is aimed at preventing information from being made known to unauthorised entities, is probably the most widely known security service.

The security service

access control

checks that only entities that have proper authorisation can access certain information and services in a specified way.

The aim of the

non-repudiation

service is to enable the unique identification of the initiators of certain actions, such as the sending of a message, so that these completed actions cannot be disputed after the fact. In contrast to the authentication service this evidence can be provided to third parties.

Definition 1.4

A cryptographic algorithm is a mathematical transformation of input data (e.g. data, keys) to output data.

Cryptographic algorithms play an important role in the realisation of security services. However, a cryptographic algorithm used on its own is not sufficient because it also has to be embedded in a semantic context. This usually occurs as part of the definition of a cryptographic protocol.

Definition 1.5

A cryptographic protocol is a procedural instruction for a series of processing steps and message exchanges between multiple entities. The aim is to achieve a specific security objective.

The last two terms defined for cryptographic algorithms and protocols are of such fundamental significance for network security that they are dealt with in several chapters. However, the next chapter will first introduce the general basics of cryptology.

1

 Protecting transmitted data

2

 First substitution ciphers

3

 Origins of cryptanalysis

4

 Protection of infrastructure

5

 Part 1 of the book deals with fundamental principles

6

 Part 2 introduces architectures and protocols for network security

7

 Part 3 is devoted to wireless and mobile communication

8

 Part 4 deals with protection of communication infrastructures.

9

 The field of network security is currently marked by a major dynamic

10

 Examples of concrete threats

11

 Examples of security goals

12

 General definition of security goals

13

 General technical threats

14

 Real attacks often combine several threats

15

 Note: Unknown attack techniques are generally not possible to evaluate!

16

 Combination of attacks

17

 A secure information processing process requires a comprehensive catalogue of measures

18

 Implementation of security services

19

 Fundamental security services