Scribd Logo
Upload

Welcome to Scribd!

  • Week 1 - Εισαγωγή στην ασφάλεια δικτύων

    Uploaded by

    Tintin Mirai
    3 views10 pages
    The OSI Security Architecture provides a framework for defining security requirements and approaches. It describes security attacks, mechanisms, and services, and their relationships. Security services like authentication, access control, data confidentiality, data integrity, and nonrepudiation are implemented using security mechanisms like encipherment, digital signatures, and access control. These services protect systems and information from security attacks.

    Original Description:

    Original Title

    Week 1_Εισαγωγή στην ασφάλεια δικτύων

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The OSI Security Architecture provides a framework for defining security requirements and approaches. It describes security attacks, mechanisms, and services, and their relationships. Security services like authentication, access control, data confidentiality, data integrity, and nonrepudiation are implemented using security mechanisms like encipherment, digital signatures, and access control. These services protect systems and information from security attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    3 views10 pages

    Week 1 - Εισαγωγή στην ασφάλεια δικτύων

    Uploaded by

    Tintin Mirai
    The OSI Security Architecture provides a framework for defining security requirements and approaches. It describes security attacks, mechanisms, and services, and their relationships. Security services like authentication, access control, data confidentiality, data integrity, and nonrepudiation are implemented using security mechanisms like encipherment, digital signatures, and access control. These services protect systems and information from security attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 10

    OSI security architecture

    The OSI Security Architecture is a framework that provides a systematic


    way of defining the requirements for security and characterizing the
    approaches to satisfying those requirements. The document defines
    security attacks, mechanisms, and services, and the relationships among
    these categories.

    The following concepts are used:

    • Security attack: Any actions that compromises the security of information


    owned by an organization (or a person)
    • Security mechanism: a mechanism that is designed to detect, prevent, or
    recover from a security attack
    • Security service: a service that enhances the security of the data
    processing systems and the information transfers of an organization. The
    services make use of one or more security mechanisms to provide the
    service

    Threat
    A potential for violation of security, which exists when there is a
    circumstance, capability, action, or event that could breach security and
    cause harm. That is, a threat is a possible danger that might exploit a
    vulnerability.

    Attack
    An assault on system security that derives from an intelligent threat. That
    is, an intelligent act that is a deliberate attempt (especially in the sense of a
    method or technique) to evade security services and violate the security
    policy of a system.
    Passive and Active Security Threats

    Passive attacks have to do with eavesdropping on, or monitoring,


    transmissions. Electronic mail, file transfers, and client/server exchanges
    are examples of transmissions that can be monitored.

    Active attacks include the modification of transmitted data and attempts to


    gain unauthorized access to computer systems.

    List and briefly define categories of passive and active security attacks:

    Passive attacks: release of message contents and traffic analysis.


    Active attacks: masquerade, replay, modification of messages, and denial
    of service.

    • Passive attack: aims to learn or make use of information from the system
    but does not affect system resources.

    • Active attack: attempts to alter system resources or affect their


    operation.

    Active Attacks
    How to deal with?

    • Detect and recover from disruption or delay


    • It is more feasible than prevention
    List and briefly define categories of Security Services.

    • Security service is a service which ensures adequate security of the


    systems or of data transfers

    • X.800 Recommendation divides security services into 5 categories:

    • Authentication
    • Access control
    • Data confidentiality
    • Data integrity
    • Nonrepudiation
    • Availability service

    Authentication: The assurance that the communicating entity is the one


    that it claims to be.

    Access control: The prevention of unauthorized use of a resource (i.e., this


    service controls who can have access to a resource, under what conditions
    access can occur, and what those accessing the resource are allowed to do).
    Data confidentiality: The protection of data from unauthorized disclosure.

    Data integrity: The assurance that data received are exactly as sent by an
    authorized entity (i.e., contain no modification, insertion, deletion, or
    replay).

    Nonrepudiation: Provides protection against denial by one of the entities


    involved in a communication of having participated in all or part of the
    communication.

    Availability service: The property of a system or a system resource being


    accessible and usable upon demand by an authorized system entity,
    according to performance specifications for the system (i.e., a system is
    available if it provides services according to the system design whenever
    users request them).
    Security mechanisms
    Security mechanisms are used to implement security services. They include
    (X.800):

    • Encipherment
    • Digital signature
    • Access Control mechanisms
    • Data Integrity mechanisms
    • Authentication Exchange
    • Traffic Padding
    • Routing Control
    • Notarisation

    List and briefly define categories of security mechanisms.


    Encipherment: The use of mathematical algorithms to transform data into a
    form that is not readily intelligible. The transformation and subsequent
    recovery of the data depend on an algorithm and zero or more encryption
    keys.
    Digital Signature: Data appended to, or a cryptographic transformation
    of, a data unit that allows a recipient of the data unit to prove the source and
    integrity of the data unit and protect against forgery (e.g., by the recipient).
    Access Control: A variety of mechanisms that enforce access rights to
    Resources.
    Data Integrity: A variety of mechanisms used to assure the integrity
    of a data unit or stream of data units.
    Authentication Exchange: A mechanism intended to ensure the identity of
    an entity by means of information exchange.
    Traffic Padding: The insertion of bits into gaps in a data stream to
    Frustrate traffic analysis attempts.
    Routing Control: Enables selection of particular physically secure
    Routes for certain data and allows routing changes, especially when a breach
    of security is suspected.
    Notarization: The use of a trusted third party to assure certain
    Properties of a data exchange
    Authentication

    The authentication service is concerning with assuring that a communication


    is authentic:

    • The recipient of the message should be sure that the message came from
    the source that it claims to be
    • All communicating parties should be sure that the connection is not
    interfered with by unauthorized party.

    Example: consider a person, using online banking service. Both the user and
    the bank should be assured in identities of each other.

    Access control

    This service controls


    • who can have access to a resource;
    • under what conditions access can occur
    • what those accessing are allowing to do.

    Example: in online banking a user may be allowed to see his balance, but
    not allowed to make any transactions for some of his accounts.

    Data confidentiality

    The protection of data from unauthorized disclosure (from passive attacks).

    • Connection confidentiality
    • Connectionless confidentiality
    • Selective field confidentiality
    • Traffic-Flow Confidentiality
    Data Integrity

    • The assurance that data received are exactly as sent by an authorized


    entity, i.e. contain:
    • no modification
    • no insertion
    • no deletion
    • no replay

    • Protection from active attacks

    • It may be
    • integrity with recovery, or
    • Integrity without recovery (detection only)

    Nonrepudiation

    • Protection against denial by one of the entities involved in


    a communication of having participated in the communication.

    • Nonrepudiation can be related to:


    • Origin: proof that the message was sent by the specified
    Party.
    • Destination: proof that the message was received by the
    specified party.

    Example: Imagine a user of online banking who has made a


    transaction, but later denied that. How the bank can protect
    itself in a such situation.
    Availability service

    • Protects a system to ensure its availability


    • Particularly, it addresses denial-of-service attacks
    • Depends on other security services: access
    control, authentication, etc
    Security Mechanisms (X.800)
    Security Services

    You might also like