Scribd Logo
Upload

Welcome to Scribd!

  • 7 views

    Osi Security Architecture TCS 619

    Uploaded by

    ez8qgk6y

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Osi Security Architecture TCS 619

    Uploaded by

    ez8qgk6y
    7 views26 pages

    Original Title

    OSI SECURITY ARCHITECTURE TCS 619 (2)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    7 views26 pages

    Osi Security Architecture TCS 619

    Uploaded by

    ez8qgk6y

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 26

    OSI SECURITY ARCHITECTURE

    TCS 619: Unit 1


    Security architecture
    • “Security architecture” is the term used to define
    the overall system required to protect an
    organization’s IT infrastructure.
    • Such a system includes the specifications,
    processes, and standard operating procedures
    (SOPs) involved in preventing, mitigating, and
    investigating different threats.
    • Just as a building’s architectural design instructs
    engineers how to build a structure, a security
    architecture defines how personnel should carry
    out security processes.
    Security Architecture for OSI
    • ITU-T Recommendation X.800, Security
    Architecture for OSI defines systematic way to
    – Define the requirements for security
    – Characterizing the approaches to satisfying those
    requirements

    ITU-T- international Telecommunication Union


    OSI- Open Systems Interconnections
    OSI Security Architecture

    SECURITY
    ARCHITECTURE

    SECURITY SECURITY SECURITY


    ATTACK MECHANISM SERVICE
    OSI Security Architecture
    The following concepts are used:
    • Security attack : Any actions that compromises the
    security of information owned by an organization (or a
    person)
    • Security mechanism: a mechanism that is designed to
    detect, prevent, or recover from a security attack
    • Security service: a service that enhances the security
    of the data processing systems and the information
    transfers of an organization. The services make use of
    one or more security mechanisms to provide the
    service
    ATTACK
    GAINING THE ACCESS OF DATA BY UNAUTHORISED USER

    GAINING MEANS :
    1. ACCESSING DATA
    2. MODIFYING DATA
    3. DESTROYING DATA

    TWO TYPES OF ATTACK :


    1. PASSIVE
    2. ACTIVE ATTACK

    PASSIVE ATTACK : NO MODIFICATION IS DONE BY THE UNAUTHORISED


    PERSON

    ACTIVE : MODIFICATION IS DONE BY THE UNAUTHORISED PERSON


    ATTACKS

    The three goals of securityconfidentiality, integrity,


    and availabilitycan be threatened by security attacks.

    1 Attacks Threatening Confidentiality


    2 Attacks Threatening Integrity
    3 Attacks Threatening Availability

    1.7
    Taxonomy of attacks with relation to security goals
    Attacks Threatening Confidentiality

    Snooping refers to unauthorized access to or interception of


    data.

    Traffic analysis refers to obtaining some other type of


    information by monitoring online traffic.
    Passive Attacks
    Passive attacks are further divided into two parts based on
    their behaviour:
    • Eavesdropping: This involves the attacker intercepting and
    listening to communications between two or more parties
    without their knowledge or consent. Eavesdropping can be
    performed using a variety of techniques, such as packet
    sniffing, or man-in-the-middle attacks.
    • Traffic analysis: This involves the attacker analyzing
    network traffic patterns and metadata to gather
    information about the system, network, or device. Here the
    intruder can’t read the message but only understand the
    pattern and length of encryption. Traffic analysis can be
    performed using a variety of techniques, such as network
    flow analysis, or protocol analysis.
    Attacks Threatening Integrity

    1. Modification means that the attacker intercepts the


    message and changes it.

    2. Masquerading or spoofing happens when the attacker


    impersonates somebody else.

    3. Replaying means the attacker obtains a copy


    of a message sent by a user and later tries to replay it.

    4. Repudiation means that sender of the message might


    later deny that she has sent the message; the receiver of the
    message might later deny that he has received the message.
    REPLAY ATTACK
    • A REPLAY ATTACK OCCURS WHEN AN UNAUTHORIZED USER
    CAPTURES NETWORK TRAFFIC AND THEN SEND THE
    COMMUNICATION TO ITS ORIGINAL DESTINATION
    • TO PREVENT : USE TIMESTAMPS & SEQUENCE NUMBERS
    • IF THE TIMESTAMP IS BEYOND A CERTAIN TIME THEN THE
    PACKET IS DISCARDED.
    Attacks Threatening Availability

    Denial of service (DoS) is a very common attack. It may


    slow down or totally interrupt the service of a system.

    1.13
    Denial of Service Attacks
    In a denial of service attack, a hacker compromises a
    system and uses that system to attack the target
    computer, flooding it with more requests for services
    than the target can handle. In a distributed denial of
    service attack, hundreds of computers (known as a
    zombies) are compromised, loaded with DOS attack
    software and then remotely activated by the hacker.
    Passive Versus Active Attacks

    ATTACKS TYPE THREAT


    SNOOPING PASSIVE CONFIDENTIALITY
    TRAFFIC ANALYSIS

    MODIFICATION ACTIVE INTEGRITY


    MASQUERADING
    REPLAYING
    REPUDIATION

    DENIAL OF SERVICE ACTIVE AVAILABILITY


    SERVICES AND MECHANISMS

    ITU-T provides some Security Services and some


    Mechanisms to implement those services.
    Security services and mechanisms are closely related
    because a mechanism or combination of mechanisms
    are used to provide a service.

    Main Topics :

    1 Security Services (5 Types)


    2 Security Mechanism ( 8 Types)
    3 Relation between Services and Mechanisms
    Security Services(5 Types)
    Security services
    Security services refer to the different services available for maintaining the
    security and safety of an organization. They help in preventing any potential
    risks to security. Security services are divided into 5 types:

    • Authentication is the process of verifying the identity of a user or device


    in order to grant or deny access to a system or device.
    • Access control involves the use of policies and procedures to determine
    who is allowed to access specific resources within a system.
    • Data Confidentiality is responsible for the protection of information from
    being accessed or disclosed to unauthorized parties.
    • Data integrity is a security mechanism that involves the use of techniques
    to ensure that data has not been tampered with or altered in any way
    during transmission or storage.
    • Non- repudiation involves the use of techniques to create a verifiable
    record of the origin and transmission of a message, which can be used to
    prevent the sender from denying that they sent the message.
    Security Mechanism(8 Types)

    1.19
    Security Mechanism
    The mechanism that is built to identify any breach
    of security or attack on the organization, is called a
    security mechanism.
    Security Mechanisms are also responsible for
    protecting a system, network, or device against
    unauthorized access, tampering, or other security
    threats.
    Security mechanisms can be implemented at
    various levels within a system or network and can
    be used to provide different types of security, such
    as confidentiality, integrity, or availability.
    Security Mechanism
    • Encipherment (Encryption) involves the use of
    algorithms to transform data into a form that can only
    be read by someone with the appropriate decryption
    key. Encryption can be used to protect data it is
    transmitted over a network, or to protect data when it
    is stored on a device.
    • Digital signature is a security mechanism that involves
    the use of cryptographic techniques to create a unique,
    verifiable identifier for a digital document or message,
    which can be used to ensure the authenticity and
    integrity of the document or message.
    Security Mechanism
    • Traffic padding is a technique used to add
    extra data to a network traffic stream in an
    attempt to obscure the true content of the
    traffic and make it more difficult to analyze.
    • Routing control allows the selection of
    specific physically secure routes for specific
    data transmission and enables routing
    changes, particularly when a gap in security is
    suspected.
    Security Mechanism
    1. Encipherment:
    This is hiding or covering of data which provides
    confidentiality. It is also used to complement other
    mechanisms to provide other services. Cryptography and
    Steganography are used for enciphering
    2. Digital Integrity:
    The data integrity mechanism appends to the data a
    short check value that has been created by a specific
    process from the data itself. Data integrity is preserved by
    comparing check value received to the check value
    generated.
    Security Mechanism
    3. Digital Signature:
    A digital signature is a means by which the sender can
    electronically sign the data and the receiver can
    electronically verify the signature. Public and private keys
    can be used.
    4. Authentication Exchange:
    In this two entities exchange some messages to prove
    their identity to each other.
    5. Traffic Padding:
    Traffic padding means inserting some bogus data into the
    data traffic to thwart the adversary’s attempt to use the
    traffic analysis.
    Security Mechanism
    6. Routing Control:
    Routing control means selecting and continuously changing
    different available routes between sender and receiver to
    prevent the opponent from eavesdropping on a particular
    route.
    7. Notarization:
    Notarization means selecting a third trusted party to
    control the communication between two entities. The
    receiver can involve a trusted third party to store the
    sender request in order to prevent the sender from later
    denying that she has made a request.
    8. Access Control:
    Access control used methods to prove that a user has
    access right to the data or resources owned by a system.
    Examples of proofs are passwords and PINs.
    Relation between Services and Mechanisms
    1 Service = Many Mechanisms

    1.26

    You might also like