Table: Security Services (X.800)



Similar documents
Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Chap. 1: Introduction

Cryptography and Network Security

Information System Security

Cryptography and Network Security Chapter 1

Notes on Network Security - Introduction

IY2760/CS3760: Part 6. IY2760: Part 6

Content Teaching Academy at James Madison University

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52) #452%!.$!00,)#!4)/.

CSCI 4541/6541: NETWORK SECURITY

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

COSC 472 Network Security

Lecture II : Communication Security Services

Introduction to Security

Network Security. Network Security Hierarchy. CISCO Security Curriculum

How To Protect Your Data From Being Hacked On A Network (Kerberos) On A Pc Or Mac Or Ipad (Ipad) On An Ipad Or Ipa (Networking) On Your Computer Or Ipam (Network

Cryptography and Network Security: Overview

544 Computer and Network Security

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Securing IP Networks with Implementation of IPv6

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Information Security Basic Concepts

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

MSIT-121C (Elective 2): Cryptography and Network Security

Introduction to Internet Security

Authentication requirement Authentication function MAC Hash function Security of

THE SECURITY ISSUE. Chris J Mitchell

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Overview of computer and communications security

MANAGEMENT OF SECURE SYSTEMS AND SECURITY WITHIN OSI 1

A Noval Approach for S/MIME

Chapter 9. IP Secure

Overview. SSL Cryptography Overview CHAPTER 1

Compter Networks Chapter 9: Network Security

Network Security Technology Network Management

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security. Framework of security technologies for home network

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

TELECOMMUNICATION NETWORKS

Message Authentication Codes

Chapter 6 Electronic Mail Security

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

CRYPTOGRAPHY IN NETWORK SECURITY

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

SSL A discussion of the Secure Socket Layer

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

An Introduction to Cryptography and Digital Signatures

Electronic Data Interchange (EDI) Messaging Security

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Ericsson Group Certificate Value Statement

IT Networks & Security CERT Luncheon Series: Cryptography

Network Security. HIT Shimrit Tzur-David

Symmetric Mechanisms for Authentication in IDRP

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

Reference Guide for Security in Networks

Basics of Internet Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Network Security Essentials Chapter 7

Healthcare Compliance Solutions

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings

CS 4803 Computer and Network Security

Chapter 10. Network Security

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Chapter 17. Transport-Level Security

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Introduction to Security and PIX Firewall

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Business Issues in the implementation of Digital signatures

IPsec Details 1 / 43. IPsec Details

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Message Authentication

IC3 - Network Security. IC3 - Network Security. M.Sc. in Information Security Royal Holloway, University of London

Welcome to Information Systems Security (503009)

CallRail Healthcare Marketing. HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software

USB Portable Storage Device: Security Problem Definition Summary

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Neutralus Certification Practices Statement

Transcription:

SECURIT SERVICES X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Also the RFC 2828 defines security services as a processing or communication service that is provided by a system to give a specific kind of protection to system resources. Security Services implement security policies and are implemented by security mechanisms. X.800 divides these services into five categories and fourteen specific services as shown in the below Table. Table: Security Services (X.800) 1. AUTHENTICATION: The assurance that the communicating entity is the one that it laims to be. Peer Entity Authentication: Used in association with a logical connection to provide confidence in the identity of the entities connected. Data Origin Authentication: In a connectionless transfer, provides assurance that the source of received data is as claimed. 2. ACCESS CONTROL: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are

allowed to do). 3. DATA CONFIDENTIALIT: The protection of data from unauthorized disclosure. Connection Confidentiality:The protection of all user data on a connection. Connectionless Confidentiality: The protection of all user data in a single data block Selective-Field Confidentiality: The confidentiality of selected fields within the user Data on a connection or in a single data block. Traffic Flow Confidentiality: The protection of the information that might be Derived from observation of traffic flows. 4. DATA INTEGRIT: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Connection Integrity with Recovery: Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted. Connection Integrity without Recovery: As above, but provides only detection without recovery. Selective-Field Connection Integrity: Provides for the integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed. Connectionless Integrity: Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. Selective-Field Connectionless Integrity: Provides for the integrity of selected fields within a single connectionless data

block; takes the form of determination of whether the selected fields have been modified. 5. NONREPUDIATION: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Nonrepudiation, Origin: Proof that the message was sent by the specified party. Nonrepudiation, Destination: Proof that the message was received by the specified party. Security Mechanisms: The following Table lists the security mechanisms defined in X.800. The security mechanisms are divided into those that are implemented in a specific protocol layer and those that are not specific to any particular protocol layer or security service. X.800 distinguishes between reversible encipherment mechanisms and irreversible encipherment mechanisms. A reversible encipherment mechanism is simply an encryption algorithm that allows data to be encrypted and subsequently decrypted. Irreversible encipherment mechanisms include hash algorithms and message authentication codes, which are used in digital signature and message authentication applications. Table 1.4 indicates the relationship between Security Services and Security Mechanisms. Table:1.4 Relationship between Security Services and Security Mechanisms (X.800) Service Peer Entity Authentication Data origin Authentication Access Control Confidentiality Traffic Flow Confidentiality Data Integrity Non-repudation Availability Enciphe Digital Access Data Authentication Traffic Routing Notarization rement Signature Control Integrity Exchange Padding Control SPECIFIC SECURIT MECHANISMS Incorporated into the appropriate protocol layer in order to provide some of the OSI security

services. Encipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery. Access Control: A variety of mechanisms that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. Notarization: The use of a trusted third party to assure certain properties of a data exchange. PERVASIVE SECURIT MECHANISMS Mechanisms that are not specific to any particular OSI security service or protocol layer. Trusted Functionality: That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection: Detection of security-relevant events. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.

Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information