home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1994 March
/
Internet Info CD-ROM (Walnut Creek) (March 1994).iso
/
inet
/
isoc
/
isoc_news
/
issue1-2
/
n-1-2-040.33.1a
< prev
next >
Wrap
Text File
|
1993-03-01
|
6KB
|
110 lines
N-1-2-040.33.1 Towards an Internet Security Architecture: Part I
by Stephen Kent*, kent@bbn.com
In this issue I begin a multi-part series addressing architectural
security issues in the Internet. Policy statements about user,
vendor, system administrator, and network provider responsibilities
have been published (RFC 1281), as have more detailed statements about
good security procedures (RFC 1244). However, these very high level
and very low level approaches to security should be complemented by an
architectural view of security for the Internet. This, and succeeding
columns, will explore various aspects of Internet security
architecture as the community begins to be explored in the Internet
community. Some of the text in this column is extracted from
background material I prepared for the second workshop on the future
of the Internet architecture, an event which took place in January,
1992.
As the Internet grows in size, in geographic extent, and in
cultural diversity, security becomes increasingly important and
increasingly difficult to achieve. Growth in the size and cultural
diversity of the user population increases the likelihood that not
all users will share the same concepts of security and privacy.
Increases in the size and geographic extent of the Internet make
efforts to identify and trace incidents of unauthorized access more
difficult, especially when international boarders are crossed. As
the Internet grows to include organizations beyond educational,
research, and computer and network vendor organizations, new demands
are being made for security.
Security in the Internet can be characterized in various ways.
For example, one can distinguish security requirements for different
types of Internet participants: network service providers, application
service providers, end users, and vendors.
In general, network service providers may emphasize security
requirements that allow them to provide robust ("hardened") network
services to their subscribers. Secure management of network
components (authentication, integrity, access control, and
confidentiality) is an important aspect of a hardened network
offering. Other service provider requirements may best be met by
security mechanisms addressing quality of service guarantees. Some,
e.g., regional and other backbone, network service providers also may
be interested in mechanisms to support accounting/billing, to support
policy routing, and may wish to provide subscribers with mechanisms to
create virtual private networks using common transmission and
switching facilities. The latter requirements might focus on
confidentiality and access control mechanisms.
In a campus network environment, provision of standard (user and
process) authentication facilities may be of major concern, e.g., as
input to access control for network resources, policy routing, etc.
Here too security for management of network components
(authentication, integrity, access control, and confidentiality) is
important. Most local network administrations do not bill for
transmission and switching, but they still have a need for secure
network management in support of availability. Moreover, an
administrator may have a need to control access between his facilities
and the Internet in general, to protect his local user population
against external threats. Many of these administrators also function
as local providers of application services, e.g., print and file
servers, and they may need to perform accounting for cost recovery
purposes.
Network application service providers are concerned with controlling
access to resources, i.e., the network application services the
provide. They would seem to be ideal candidates for authentication,
access control and non-repudiation mechanisms, e.g., in support of
accounting and billing and to ensure access to application services
for authorized users. To the extent that end users require other
features, e.g., confidentiality, in using applications, they, too,
become requirements for these service providers.
End users may have a variety of security requirements, depending on
individual perceptions of security threats and how they value their
data. Access control facilities may rank high for users who wish to
protect their computers and data against unauthorized disclosure or
modification. When communicating with other users, the end user may
wish to employ security technology to ensure the privacy,
authenticity, and integrity of his communications. A user may be
required to employ a combination of security techniques to establish
his authorization before being allowed to access various network
applications, both locally and on an Internet-wide basis.
Finally, vendors bring to the table concern about the costs of
implementing various security technology, including performance and
export control limitations. The specific security services offered in
products should be driven by customer demands from end users, service
providers, system administrators, etc. In addition to the
client-derived requirements, software license management issues also
may call for authentication, access control, non-repudiation, and
confidentiality mechanisms.
This characterization illustrates that security in the Internet can
take on different meanings for different participants in the Internet.
Subsequent columns will continue this theme, examining how to
characterize security requirements for the various elements of the
Internet community, exploring security mechanisms being developed into
Internet standards, and discussing principles which might form the
basis of a security architecture for the Internet.
* Chief Scientist, BBN Communications, Cambridge, MA
