Analysis of ATM network security.
The article provides an analysis of information security issues in data transmission networks built on the basis of technical means of ATM technology, taking into account the features of the interaction of various types of equipment and the architecture of the protocols used.
Introduction
The telecommunications and communication market offers a wide range of specialized technologies aimed at use in specific telematic services.
At present, issues of integration of network services within the framework of unified technologies, allowing unification of means of construction of data transmission networks in relation to a wide range of information services, including real-time services (telephone communication), information retrieval, teleconferences, etc., are becoming increasingly important in the practice of building distributed information systems.
Development and implementation of asynchronous transmission technology based on fast packet switching of telematic services traffic is aimed at increasing the efficiency of using existing high-performance physical data transmission channels.
ATM networks provide universal means of backbone data transmission networks, allowing the transport of user messages within teleservices that differ significantly in the requirements of semantic, temporal and logical transparency.
Currently, leading manufacturers of ATM equipment — NEWBRIDGE, NORTEL, CISCO, etc. — offer a wide range of technical means with which it is possible to create heterogeneous corporate communication systems with a unified transmission, switching and routing environment.
Naturally, the issues of ensuring security in such systems are complex and should be considered both from the point of view of the physical interconnection of individual information subsystems and from the point of view of specific sets of protocols used for interaction between subscribers of the communication network.
The main problems of the current stage of development of means of automation of information exchange processes, including means of communication and telecommunications, are associated with a significant increase in the complexity of scientific and technical developments in the field of information technology.
As a result, technical means potentially contain a large number of errors and unregulated capabilities that can be used by intruders.
Therefore, any software and hardware solutions must be carefully analyzed for potential security threats, and the adequate level of equipment with protective means must be constantly reviewed.
An important property of heterogeneous distributed information systems is that the degree of their criticality to external and internal violations increases faster than the functionality provided by the selected level of complexity and cost.
In other words, situations are possible when the cost of ensuring a given level of system stability in relation to external threats turns out to be commensurate or even higher than the cost of the system itself.
To analyze threats to data transmission networks implemented using ATM technology, let us consider the structure of a branched corporate network (CN), the integration of individual segments of which is implemented using ATM technology (Fig. 1).
Fig. 1. Architecture of protected objects in ATM technology
Within the structure, the following levels of information interaction can be distinguished:
1. Access of the local segment of the CS to the transport data transmission network within the lower levels of the ATM protocols. Implemented by the ATM switch of the border section of the transport network.
2. Transport data transmission network. Implemented by the network of backbone ATM switches of the telecom operator.
3. The LAN segment of the CS connected to the border switch via an ATM-LAN bridge.
4. The level of access of network television services without establishing a connection.
5. The level of the standard broadband interface of the ATM network. (Real-time video/audio transmission television services.)
6. The level of the standard narrowband interface of digital synchronous channels. It is implemented by terminal adapters at the output of the linear termination of the ATM network transmission medium. At this level, standard ISDN-compatible telephone services can be connected to the CS.
In accordance with the points of concentration of information flows (see Fig. 1), Fig. 2 shows the classification of threat entities.
Fig. 2. Classification of threat entities
In general, potential threat points are classified by spatial-topological (horizontal connections) and protocol-logical (vertical connections) features. The horizontal and vertical components of threats are interconnected.
For example, acting at the highest OSI/ISO levels, an intruder from among the subscribers of the external ATM subnet can gain unauthorized access to the network station of the CS, as a result of which the threat point will move to the original CS. On the other hand, depending on the point of concentration of information flows of the CS, which is the object of attack, it is possible to use various protocol stacks to gain access to information resources of various OSI/ISO levels.
Threats to ATM network security
Given the above, it is advisable to limit our consideration to the classification of threats and intruders either by spatial-topological or protocol-logical features. Since the architecture of corporate networks and individual transport subnets for data transmission differs significantly, it is advisable to consider threats at the level of ATM protocols, which are standard and independent of specific network architectures.
Figure 3 shows the structure of the ATM network protocol stack.
Figure 3. Encapsulation levels of ATM network protocol stack headers
As shown in Fig. 3, the structure of the ATM network protocol stack, which includes:
• The physical layer, at which the parameters of the information flow transported directly through the transmission medium are determined.
• The ATM layer on the transmitting side is used to multiplex the output flow of ATM cells into a single bit information flow transmitted to the physical layer. In order to reduce the probability of distortion of the address parts of ATM cells and prevent errors of incorrect routing, the contents of the ATM cell headers are checked by the CRC code on the receiving side. If there are no errors, the contents of the data field are transmitted to the adaptation layer. Otherwise, the cell is destroyed.
• The segmentation and assembly layer of the ATM adaptation sublayer segments the incoming information block of the convergence layer into fragments of 47 octets and passes them to the ATM layer. On the receiving side, the identifiers of the virtual path and virtual channel are checked. If they are correct, the contents of the ATM cell data field are passed to the teleservice convergence layer. Otherwise, the cell is destroyed.
• The teleservice convergence layer converts the incoming traffic into a form suitable for use in a specific teleservice.
Figure 4 shows the classification of threats to the security of ATM CS in accordance with the formats of the header fields of the protocol blocks shown in the previous figure.
Fig. 4. Classification of ATM security threats
In general, three types of threats can be distinguished:
— threats to functionality;
— threats to integrity;
— threats to unauthorized access.
Threats to functionality are associated with the possibility of losing the required level of service to the client of the CS or completely blocking access to the resource as a result of the intruder's actions.
Such actions can be caused by:
— disruption of bit stream synchronization at the level of receiving and transmitting devices by destroying or distorting the flags of the regenerator and service sections in physical layer frames;
— disruption of ATM cell stream synchronization by periodically distorting the values of cell header checksums;
— modification of route and address information in the control servers of intermediate switching nodes. The result of such actions may be, for example, a refusal to connect to a CS client;
— modification of traffic parameters in the end nodes of the transport network. This may adversely affect the quality of service for the clients of the CS;
— modification of priority bits in ATM cells.
Threats to integrity are associated with changes in the information content of protocol data blocks transmitted over the network and may include:
— insertion or removal of ATM cells in the switching nodes of the transport network. In this case, various types of losses are possible
— from distortion of information data blocks to disruption of signaling services and network operation;
— traffic insertion, as a result of which unauthorized transmission of information by third parties is possible over the selected virtual connection.
NSD threats are associated with the possibility of analyzing the information content of data fields and control headers of protocol blocks transmitted from the source to the receiver. This group may include:
— redirection of traffic for the purpose of subsequent analysis of its information content;
— interception of an active virtual connection without redirecting traffic;
— unauthorized viewing of diagnostic messages of network management and monitoring services for the purpose of analyzing statistics of network subscriber traffic parameters.
Conclusions
1. Within the framework of the data transmission transport network, the security of user connections in terms of integrity, functionality and confidentiality of the transmitted information must be ensured.
2. Protection of information flows from unauthorized access must be ensured by means of telecom services at the level of OSI/ISO application protocols.
3. Protection from unauthorized access of address and control fields of ATM cell headers must be ensured by technical means and equipment of the telecom operator.
4. Monitoring of connection integrity and support of the functionality of the ATM transport network must be ensured by telecom operators in the presence of specialized means of protection of control servers in transit switching nodes.