Implementing Security for ATM Networks

Implementing Security for ATM Networks

Hardcover

$91.00
Members save with free shipping everyday! 
See details

Overview

Noting that the growth of asynchronous transfer mode (ATM) technology in voice, video, and data networking increase security concerns, Tarman and Witzke, technicians at the Sandia National Laboratories of the US Department of Energy, explain to network architects how to enforce security policies within their infrastructures, provide security device implementers with some of the background and philosophy underlying the mechanisms of basic researchers, and review the current status and future prospects of ATM security for researchers. Annotation c. Book News, Inc., Portland, OR (booknews.com)

Product Details

ISBN-13: 9781580532938
Publisher: Artech House, Incorporated
Publication date: 12/28/2001
Series: Artech House Computer Security Series
Pages: 318
Product dimensions: 6.28(w) x 9.22(h) x 1.00(d)

About the Author

Thomas D. Tarman and Edward L. Witzke are members of the technical staff at Sandia National Laboratories, a research and development facility for the United States Department of Energy, in Albuquerque, New Mexico. Mr. Tarman holds a BS. in computer and electrical engineering, and an M.S. in electrical engineering, both from Purdue University. Mr. Witzke holds a Bachelor of University Studies with a concentration in computer science from the University of New Mexico.

Table of Contents

Forewordxiii
Prefacexvii
Acknowledgmentsxxi
Part IFundamentals1
1Introduction to Network Security3
1.1Up-Front Security Analysis3
1.1.1Threats and Assets That Require Protection4
1.1.2Usage Policies7
1.1.3Attack Methods8
1.1.4Determining Countermeasures8
1.1.5Trust in Countermeasures9
1.1.6Balancing Acceptable Risk with Cost of Countermeasures11
1.2Protection Countermeasures12
1.2.1Encryption12
1.2.2Authentication16
1.2.3Authorization21
1.2.4Access Control21
1.2.5Auditing22
1.3Trade-Offs and Optimizations23
References23
2ATM Networking Fundamentals25
2.1ATM Reference Model26
2.2Cell Switching31
2.3ILMI36
2.4ATM Virtual Circuit Signaling37
2.5Routing ATM Connections40
2.6Multipoint Connections43
2.7Operations and Management45
2.8ATM Traffic Management47
2.9ATM Services50
2.9.1Classical IP over ATM51
2.9.2LANE52
2.9.3Multiprotocol over ATM54
2.10Summary56
References56
Part IIUsing ATM Security59
3ATM Security Using Traditional ATM Features61
3.1Implementing ATM Connection Policies62
3.1.1Access Control via Circuit Provisioning63
3.1.2Access Control for Signaled ATM Circuits67
3.2Network Configuration Security71
3.3Summary74
References75
4ATM Security Using the ATM Forum Security 1.1 Mechanisms77
4.1Security 1.1 Model78
4.1.1Security Agent80
4.1.2Security Message Transport84
4.2Security 1.1 Services89
4.2.1Security Message Exchange90
4.2.2User Plane Security Services95
4.2.3Control Plane Security Services105
4.3Summary107
References107
Part IIIImplementing ATM Security109
5SME Protocol111
5.1SME Fundamentals112
5.1.1Two-Way Message Exchange112
5.1.2Three-Way Message Exchange114
5.1.3Endpoint Requests for Security Services116
5.2SME Details117
5.2.1SSIE117
5.2.2Security Agent Addressing122
5.2.3Security Association Establishment128
5.3SME Message Transport133
5.3.1UNI 4.0 Point-to-Point Signaling133
5.3.2In-Band137
5.3.3Pt-Mpt Connections143
5.3.4Signaling-Based with In-Band Fallback144
5.3.5Endpoint Requests for Proxy Security Services144
5.4Summary146
References147
6Initial Authentication149
6.1Authentication Protocols151
6.2Using Secret-Key MACs153
6.2.1Keyed Message Digests153
6.2.2Block Cipher in CBC Mode154
6.3Using Public-Key Signature Algorithms154
6.4Example156
6.4.1Initiator Security Agent (Host) Processing157
6.4.2Responder Security Agent (Firewall) Processing158
6.4.3Initiator Security Agent (Host) Processing160
6.5Summary161
References161
7Data Origin Authentication163
7.1Implementation Overview164
7.2Implementation Details165
7.3Keyed MACs167
7.4SME and Data Origin Authentication169
7.5Control Plane Authentication and Integrity170
7.6Summary171
References172
8Encryption173
8.1Block Algorithms174
8.2Public-Key Versus Secret-Key Algorithms176
8.2.1RSA176
8.2.2Diffie-Hellman177
8.2.3DES177
8.2.4FEAL180
8.3Modes of Operation180
8.3.1CBC Mode181
8.3.2Counter Mode182
8.4Key Agility184
8.4.1Context Lookup185
8.4.2Encryption State185
8.5Encryptor Architecture186
8.5.1Component Modules188
8.5.2Resynchronization Processing for the Sample Architecture192
8.6State Maintenance Using OAM Cells193
8.6.1SKU196
8.6.2Cryptographic Resynchronization197
8.7Performance Considerations198
References199
9Access Control201
9.1General Access Control202
9.2Label-Based Access Control204
9.2.1FIPS 188206
9.2.2Label Transport in ATM Security209
9.3Summary211
References211
10PNNI Routing Security213
10.1Approach214
10.2Security Information Group217
10.3Control Plane Security and Link Establishment221
10.4Summary223
References224
Part IVAdditional Topics in ATM Security225
11Future Standards Development Topics227
11.1Security-Based Routing and Discovery227
11.2Renegotiation of Security Associations231
11.3In-Band SME for Simplex Connections234
11.4Wireless ATM Security237
11.4.1Shared Media Access Security239
11.4.2Security Standards Support for Wireless ATM239
11.5Summary242
References242
12Research Topics245
12.1Algorithm- and Robustness-Agile Encryption245
12.1.1Robustness Agility246
12.1.2Algorithm Agility246
12.2Control Plane Confidentiality249
12.3Control Plane Authentication252
12.4ATM Intrusion Detection255
12.4.1Switched Network Intrusion Detection257
12.4.2Anatomy of Intrusion Detection Systems258
12.4.3Example Attack261
12.4.4Advanced Issues262
References263
Acronyms and Abbreviations265
Selected Bibliography273
About the Authors281
Index283

Customer Reviews