Abstract
In this chapter, a novel performance model for assessing security of a layered network has been proposed. The work is motivated by the fact that there is a need for a reference framework to account for all threats to a networked system. There are few such models available, and one of them is recommended by the International Telecommunications Union (ITU). The proposed assessment model is based on the ITU security framework, recommended in the ITU-T Recommendation X.805. We employ this model to quantify network security against five threat categories mentioned in the recommendations. The quantification has been done based on the recommended measures against all threats. A threat vector has been proposed that defines required measures for a particular threat category. Other vectors, such as the security implementation vector define how effectively these measures are implemented in a given device, system, or network. As a simple application of the proposed model, the security provided by the IEEE 802.15.4 standard is analyzed, viewing it as an ‘end-to-end’ system (e.g., for ad hoc sensor network applications). The proposed security assessment model can be applied to any type of network (wireless, wired, optical, service oriented, transport, etc.). The model can be employed to obtain security assessment in the form of five security metrics, one for each threat category (destruction, corruption, removal, disclosure, and interruption). An expression for the overall security against all threats has also been derived.
Top2. Background
Information assurance systems have evolved into highly complex systems, based on a large number of sub-systems and components. There are too many factors that influence the performance of a security system. Even a small part of it can be quite complex to analyze. For example, an encryption algorithm has to be complex enough so that it can’t be reverse-engineered even if publicized, such as what happened with RC4. There are many ways in which an encryption algorithm can be compromised; it could have weak key generation, distribution or/and regeneration mechanisms, weak random number generation mechanism, or simply could allow one of the several attacks (Heys, 2010). In networked systems, information assurance can be even more challenging as the sources of compromise multiply due to a number of protocol layers and types of activities (user data exchange, signaling information exchange or management data). Consequently, each activity on each layer has to be protected, as any layer can be the source of attack as shown in Figure 1. Additionally, the types and numbers of attacks are increasing all the time as reported in a recent survey paper by Igure and Williams (Igure & Williams, 2008). A comprehensive security system will protect not only against the known threats, but also the threats that are yet to be designed and discovered. One way to design such a system is to first define threat categories that could account for all attacks and then define security measures against these categories (instead of individual attacks). This is essentially the approach taken by the Lucent Network Security Framework (LNSF) (McGee , 2004). The ITU-T Security Framework (ITU-T, 2003) is a result of Lucent Network Security Framework, developed by Bell Labs. The ITU-T X.805 differs only slightly from the original LNSF framework in that X.805 defines five threat categories as against four defined by LNSF.