Cisco Knowledge Suite Cisco SystemsCisco Press

Cutting Edge
Core Reference
Guided Learning
Networking Architecture
Internet Protocols (IP)
Network Protocols
Transport and Application Protocols
Desktop Protocols
Security and Troubleshooting
Network Resources and Management
Integrated Services

ATM Networks and Security

by Dr. Eva Bozoki - May 30, 2000

ATM Networks and Security

1. Introduction


2. ATM Connections


3. ATM Protocol Basics


4. Attacks


5. Security Measures


6. Placement of the User Plane Security Services


7. Secure Call Setup Protocol


8. Conclusion






About the Author


5. Security Measures

From the vulnerabilities and attacks previously outlined,it is obvious that ATM networks need security measures . Following are the measures that you can employ and tips on how you might employ them.

5.1. Confidentiality

In order to protect the content of an ATM cell from disclosure, confidentiality measures must be employed. This can be accomplished by encrypting the payload section of the ATM cell. The cryptographic module (algorithm and hardware) must operate at gigabit per second rate. High-speed encryption devices are currently available.

For ATM user data (payload), this is primarily a user plane security service. The confidentiality issues for the control and management planes lie beyond the scope of this paper, but they are discussed in the ATM Forum specifications [ATMSEC99].

5.2. Integrity

Integrity measures use cryptographic checksums to detect modification of the payload. These checksums can include the use of counters and time stamp to detect replay attacks.

For ATM user data (payload), this is primarily a user plane security service. This service is also needed for the control plane protecting the integrity of data in signaling.

5.3. Access Control

Access control measures (commonly characterized as firewall functions) impose constraints on communication between hosts and other network entities. These measures restrict the use of resources so that they are consistent with the appropriate security policies set up by the organization using the ATM services. Access control in ATM networks primarily consists of approving or denying authorization for a connection. This is done on a per-connection basis at the call setup phase.

ATM firewall functions can be integrated with cryptographic functions, although some are implemented independently. Separate ATM firewalls are available, while a combined solution can be implemented as a customized integration project.

5.4. Authentication and Key Management

Strong authentication is another tool that is essential for fighting ATM security attacks. This must include both authentication of the origin of the data and authentication of the communication partners. Authentication mechanisms can include digital certificates, digital signatures, challenge-response schemes, and hardware tokens, among others.

Authentication is primarily implemented in the control plane (through secure signaling), although it also may be implemented in the user plane, or even the management plane.

Negotiations of security parameters, including key management, are part of the support services. They are needed to provide the security services. Due to the high speed and consequently high volume of transferred data, the crypto keys must change frequently ("key agility"), and some traditional key distribution and management protocol might not be applicable. Instead, "key agile" management protocols suited to the ATM protocol are used.


Previous | Next


Breaking News

One of the primary architects of OpenCable, Michael Adams, explains the key concepts of this initiative in his book OpenCable Architecture.

Expert Advice

Ralph Droms, Ph.D., author of The DHCP Handbook and chair of the IETF Dynamic Host Configuration Working Group, guides you to his top picks for reliable DHCP-related information.

Just Published

Residential Broadband, Second Edition
by George Abe

Introduces the topics surrounding high-speed networks to the home. It is written for anyone seeking a broad-based familiarity with the issues of residential broadband (RBB) including product developers, engineers, network designers, business people, professionals in legal and regulatory positions, and industry analysts.


From the Brains at InformIT


Contact Us


Copyright, Terms & Conditions


Privacy Policy


© Copyright 2000 InformIT. All rights reserved.