Information Security: MIM737

Department of Information and

Marketing Sciences
Midlands State University
 Communication Controls
The communication subsystem is responsible for
transmitting data among all the other subsystems
within a system or for transmitting data to or
receiving data from another system. This chapter
examines the controls that can be established within
the communication subsystem to preserve asset
safeguarding and data integrity.
 Communication Controls
• Communication Subsystem Exposures
Component Failure
• The primary components in the communication
subsystem are communication lines, hardware and
software.
• In com lines, errors arise because of noise.
• Hardware and Software failure can occur for many
reasons; circuitry failure, a disk crash, a power
surge, insufficient temperature storage, program
bugs etc.
 Communication Controls
Subversive Threats
• In a subversive attack on the communication
subsystem, an intruder attempts to violate the
integrity of some component in the subsystem.
• Subversive attacks can either be passive or active.
• Passive attacks can be performed for traffic analysis,
they include; intruders reading and analyzing the
clear text source and destination identifiers
attached to a message for routing purposes, they
may examine the length and frequency of messages
being transmitted.
 Communication Controls
They are seven types of active attacks:
• Message insertion
• Delete a message being transmitted
• Message modification
• Change message order
• message duplication
• Denial of message services
• Spurious association e.g they may play a
handshaking sequence previously used by a
legitimate user of the system.
 Communication Controls
Line Error Detection
• Line errors can be detected by using either
loop(echo) check or building some form of
redundancy into the message transmitted.
Loop Check
• Involves the receiver of the message sending back
the message received to the sender.
• Since a loop check at least halves the throughput of
communication lines, normally it is used on full
duplex.
 Communication Controls
Redundancy Checks
• It takes the form of error detection codes. Three
major types of codes exist
• (a) Parity checking codes
• (b) M-out-of-N codes and
• (c) cyclic codes.
Error Correction
• Two methods are used to correct errors
• Error Correcting Codes: They enable line errors to be
detected and corrected at the receiving station.
 Communication Controls
• However to be able to carry error correction, large
amounts of redundancy are required in the
messages transmitted.
• There is also a danger the attempted correction of
an error will be carried out incorrectly.
Retransmission
• If this is to be used, the decision is to be made on
how much data is to be transmitted.
• Retransmission of small quantity of data is faster.
• The disadvantage is that error detection codes is
less efficient for small amounts of data.
 Communication Controls
• Error correction through retransmission requires
special logic to indicate the correct or incorrect
receipt of a message.
• Noise may also corrupt the control characters
Improving Network Reliability
• Besides using hardware and software to detect and
correct line errors, a communication network can
be designed to reduce the likelihood of line errors
and system failure occurring and to minimize the
effects of line errors and system failure when they
do occur.
 Communication Controls
Controls Over Subversive Threats
• They are two types of controls over subversive
threats to the communication subsystem.
• The first type seeks to establish physical barriers to
the data traversing the subsystem.
• The second type accepts that an intruder can gain
access.
• Here we look at controls that seek to render data
useless if it is intercepted by an intruder.
 Communication Controls
Link Encryption
• Protects all data traversing a communication link
between two nodes in a network.
• The two nodes share a common encryption key.
• The message and its source and destination
identifiers can be encrypted.
• Link encryption can not protect the integrity of data
if a node in the network is subverted.
• High costs may have to be incurred to protect the
security of each node in the network.
 Communication Controls
End to End Encryption
• End to End encryption protects the integrity of data
passing between a sender and receiver,
independently of the nodes that the data traverses.
• It provides limited protection against traffic analysis.
• Consequently, link encryption sometimes is used in
conjunction with end to end encryption to reduce
exposures from traffic analysis.

• .
 Communication Controls
Message Authentication Codes
• In EFTS, a control used to identify changes to a
message in transit is a MAC
• It is calculated by applying DES algorithm and a
secret key to selected data items in a message or to
the entire message.
• If the calculated MAC and the received MAC are not
equal, the message has been altered in some way
during transit.
 Communication Controls
Message Sequence Numbers
• Message sequence numbers are required to detect
any attack on the order of messages being
transmitted between a sender and a receiver.
• It must be impossible for the intruder to alter the
sequence number in a message.
 Communication Controls
Existence Controls
• Recovering a communication network if it fails
poses some difficult problems.
• Where possible, place redundant components and
spare parts throughout the network.
• Use equipment with in-built fault diagnosis
capabilities.
• Acquire high quality test equipment.
 Communication Controls
• Ensure adequate maintenance of hardware and
software, especially at remote sites
• It is essential that well trained personnel with high
technical competence operate the network.
• There must be provided with well documented
backup and recovery procedures.

• RESEARCH: TYPES OF FIREWALLS