July 2000

BY JEFF LAWRENCE

The network of the future will be transporting various types of traffic flows, including user (e.g., voice, audio, text, graphics, video, and telemetry), signaling, routing, and management traffic, over a common packet-switched infrastructure. The ability to observe or control these flows may be of interest to various benign or malevolent parties. Their motivations may differ, but corporate spies, intelligence agencies, organizational insiders, terrorists, criminals, and hackers all present real and credible threats to the security and integrity of the network infrastructure. It is important for the communications industry to consider these threats and develop meaningful and credible responses so as not to jeopardize the confidence of end users regarding the integrity of the network.

THE NETWORK
The PSTN consists of two separate networks: (1) the circuit-switched portion, which transports the voice and data streams, and (2) the signaling portion, which manages and controls the network resources and elements (e.g., service platforms and circuits). Applications that provide the network services run on service platforms under the direct physical and logical control of the network operator or service provider and are typically not directly accessible to end users. End users experience various services (call forwarding, three-way calling, etc.) but are generally insulated from all of the interactions within the network that actually provide these services.

What this means is that the PSTN is effectively a closed network under the control of a limited number of network operators. This closed architecture greatly contrasts the current direction of the converged network infrastructure. The Internet architecture and protocols are inherently more open than the PSTN architecture and protocols. This is one of the greatest strengths and greatest weaknesses of the Internet. In the future, users will have the freedom to manage and provision services much like network operators do today. These capabilities, together with the emergence of new, open service architectures; new, "always on" access technologies (such as DSL and cable), the integrated transport of user, signaling and management data on a single infrastructure and the growing proliferation of wireless technologies increase the vulnerability of network endpoints and elements.

SECURITY
Like anything else, network security is only as strong as its weakest link. There are many types of attacks (e.g., information gathering, social engineering, and spoofing attacks) that can possibly exploit the vulnerabilities of the network. The layering of security frameworks, policies, protocols, and products is essential to ensure the protection of applications, services, and the information residing in or traversing the network. Recent high-profile instances of hacking, denial of service attacks, viral infections, and worm infections have focused attention on network endpoints. In the future, network elements themselves will become increasingly vulnerable to these as well as other types of attacks.

The basic security of a network starts by restricting physical access to the network elements and moves on to frameworks which provide for the authentication of the communicating "principals" and for the assurance of the privacy and integrity of the data in transit between them. Principals can be defined as people, equipment, or programs that must be authenticated to verify that they are who they claim to be and that they are permitted access to the particular network element or resource in question. If authenticated, a security association is established between the principals and the data may then be transported between them.

Data communicated between network elements such as softswitches, service platforms, gateways, routers, and wireless handsets may consist of signaling, routing, management, billing, or other information. Certain fields of the voice and data packets (address fields, location information, requested services, etc.) will need to be protected on an end-to-end basis and others on a local basis, since network elements may need to access the information related to various routing, control, and service decisions. This processing must take place at wire speed, and if the information is not properly protected, the integrity of the network infrastructure could be compromised. A public key encryption and decryption process negotiates the encryption algorithms, manages the encryption keys, and maintains the privacy and integrity of the data transported between the principals.

The actual realization of a security framework could be based on any of a wide range of proprietary or standards-based forms. There are currently a number of different approaches: very reminiscent of the communications industry many years ago. Industry experts are beginning to recognize that convergence to a common set of standards will be essential to ensure the effective and widespread deployment of next-generation network applications and services. Simple security measures consist of placing firewalls and virus filters at the interfaces between the network endpoints and elements. In addition, virtual private networks (VPNs) are becoming an increasingly popular method for providing secure interconnection between principals.

VIRTUAL PRIVATE NETWORKS
VPNs address network security concerns using a combination of authentication, tunneling, and security services. Various VPN approaches include: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Socks, and IP Security (IPsec). These approaches differ by the layer they operate at, tunnel encapsulation, authentication mechanisms, encryption mechanisms, and address assignment mechanisms. PPTP is the most widely used tunneling protocol and was developed by Microsoft and several other equipment manufacturers. L2TP was developed by the Internet Engineering Task Force (IETF) and is a combination of PPTP and Cisco's Layer 2 Forwarding Protocol. A combination of L2TP with IPsec will -- unlike PPTP -- enable the future integration of VPN functionality with the public key infrastructure.

IP SECURITY
The IPsec standards, adopted by the IETF, facilitate secure communications between principals on an IP-based infrastructure by authenticating the principals and ensuring the integrity of the data moving between them. The Internet Security Association and Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) key negotiation and management protocols provide the mechanisms to establish security associations between principals and to get keys safely to principals, to reset keys periodically, and to protect their use from theft.

Various methods can be used for principals to learn each other's public keys. Trusted nodes, known as certificate authorities (CAs), issue and revoke data structures, known as digital certificates, that state the mapping between principals and public keys. Digital certificates contain the issuer's name, the principals identifying information, and a digital signature. The digital signature provides cryptographic evidence that the certificate is authentic, unaltered, not forged, and non-repudiable. If a principal trusts a particular CA and its public key, it can securely know the public key of the other principals, it can get a certificate signed by that CA, certifying that the public key belongs to the other principal. Digital certificates and their usage are specified in the ITU X.509 recommendation.

Data integrity is ensured by encrypting the traffic as it enters the network and decrypting it at the other end while allowing many different types of encryption algorithms, key lengths, and key escrow techniques. Interestingly, since most encryption attacks are focused on determining the key itself, the security of the data is less dependent on the encryption algorithms and more dependent on the length of the keys and how they are assigned. Also, note that data compression must occur before encryption since encrypted data should look like random bits, which by definition, have no pattern related to a compression scheme that could be operated upon.

CONCLUSION
There has been significant focus on security for store-and-forward applications, such as e-mail and network transport applications such as browsers, but very little focus has been given to the many vulnerabilities introduced as the network infrastructure moves towards an open, packet-based architecture. New paradigms will need to be deployed that not only address traditional security issues at the network endpoints, such as PCs, but also address security issues at the network elements that comprise the access and core infrastructure of the network, such as softswitches, service platforms, gateways, routers, and wireless handsets. There are many different approaches for providing network security, but the IPsec standards, because of their origin and flexibility, are particularly well suited to ensure the security, privacy, and integrity of the converged network infrastructure.

Jeff Lawrence is president and CEO of Trillium Digital Systems, a provider of communications software solutions for computer and communications equipment manufacturers. Trillium develops, licenses, and supports standards-based communications software solutions for SS7, ATM, ISDN, frame relay, V5, IP, and X.25/X.75 technologies. For more information, visit the company's Web site at trillium.com.

[ return to the July 2000 table of contents ]