Scribd
Upload
43 views4 pages

Cryptography Notes

The OSI Security Architecture, defined by ITU in the X.800 recommendation, provides a framework for security services in network systems, closely related to the OSI model. It categorizes security attacks into passive and active types, outlines key security services like authentication and data confidentiality, and describes mechanisms such as encryption and digital signatures to implement these services. The architecture applies security measures across various OSI layers, ensuring comprehensive protection against threats to information security.

Uploaded by

subhulakshmi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views4 pages

Cryptography Notes

The OSI Security Architecture, defined by ITU in the X.800 recommendation, provides a framework for security services in network systems, closely related to the OSI model. It categorizes security attacks into passive and active types, outlines key security services like authentication and data confidentiality, and describes mechanisms such as encryption and digital signatures to implement these services. The architecture applies security measures across various OSI layers, ensuring comprehensive protection against threats to information security.

Uploaded by

subhulakshmi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

The OSI Security Architecture

The OSI Security Architecture, defined by the International Telecommunication Union (ITU)
in the X.800 recommendation, provides a framework for understanding and designing
security services within network systems. It is closely related to the OSI (Open Systems
Interconnection) model, which standardizes the functions of a telecommunication or
computing system into seven abstraction layers.

Key Components of OSI Security Architecture:


1. Security Attacks
These are actions that compromise the security of information. They are classified into:

Passive Attacks – Attempt to learn or make use of information from the system but do not
affect system resources (e.g., eavesdropping, traffic analysis).

Active Attacks – Attempt to alter system resources or affect their operation (e.g.,
masquerade, replay, modification, denial of service).

2. Security Services
These are services that enhance the security of data processing and transfer. According to
X.800, the main security services include:

Security Service Description


Authentication Confirms the identity of users and devices
Access Control Prevents unauthorized use of resources
Data Confidentiality Protects data from unauthorized disclosure
Data Integrity Ensures that data has not been altered or tampered with
Non-repudiation Prevents denial of a previous commitment or action by a party (e.g.,
emails)

3. Security Mechanisms
These are tools and techniques used to implement security services:

Encipherment (Encryption) – Protects data confidentiality.

Digital Signatures – Ensures authentication, data integrity, and non-repudiation.

Access Controls – Enforces access rights to resources.


Data Integrity Mechanisms – Detect changes to data.

Authentication Protocols – Verifies identities.

Traffic Padding – Protects against traffic analysis in passive attacks.

Routing Control – Ensures secure routing paths.

Notarization – Uses a trusted third party to verify certain data exchanges.

4. Relationship to OSI Layers


Security services and mechanisms can be applied at various OSI layers:

Application Layer – Email encryption, digital signatures

Transport Layer – Secure socket layer (SSL/TLS)

Network Layer – IPsec for secure IP communication

Data Link Layer – MAC-level encryption

Security Attacks
Security attacks are actions that compromise the confidentiality, integrity, or
availability of information or systems. In the OSI Security Architecture, these attacks are
broadly classified into two categories:
1. Passive Attacks
These involve monitoring or listening to transmissions without altering the data. The goal is
to gather information without being detected.

Types of Passive Attacks:


Release of Message Contents
➤ Unauthorized users read confidential information (e.g., emails, documents, messages).

Traffic Analysis
➤ Even if data is encrypted, attackers observe patterns, frequency, or size of messages to
infer sensitive information.

🔹 Characteristics:
Hard to detect

Do not affect the system's operation

Focused on confidentiality
2. Active Attacks
These involve modifying data or disrupting system operations. They are more dangerous than
passive attacks because they tamper with the data or services.

Types of Active Attacks:


Masquerade
➤ An attacker pretends to be an authorized user to gain access.

Replay Attack
➤ Data is captured and retransmitted to produce unauthorized effects.

Modification of Messages
➤ Data is altered or tampered with during transmission.

Denial of Service (DoS)


➤ Attackers overload systems or networks, making services unavailable to legitimate users.

🔹 Characteristics:
Easier to detect than passive attacks

Threatens integrity, availability, and authentication

Security Mechanisms
Security mechanisms are techniques and tools used to implement security services and protect
against security attacks (as defined in the OSI Security Architecture).

They provide the means to detect, prevent, or recover from a security breach and ensure data
protection, user authentication, and system integrity.

✅ Types of Security Mechanisms (per ITU-T X.800):


1. Encipherment (Encryption)
Converts plain data into unreadable format (ciphertext) using cryptographic algorithms.
Used to ensure confidentiality.
Types:

Symmetric Encryption (same key for encryption/decryption)

Asymmetric Encryption (public/private key pair)

2. Digital Signatures
Provides authentication, data integrity, and non-repudiation.
A sender signs data using their private key; the receiver verifies it with the sender’s public
key.

3. Access Control
Restricts unauthorized users from accessing resources.

Can include user ID/passwords, role-based access, biometric authentication, etc.

4. Data Integrity Mechanisms


Ensures that data is not altered or tampered with.

Mechanisms include:

Hash functions

Checksums

Message Authentication Codes (MACs)

5. Authentication Exchange
Verifies the identity of communicating parties.

Can involve challenge-response protocols, tokens, biometrics, etc.

6. Traffic Padding
Sends dummy data to obscure actual traffic patterns.

Used to prevent traffic analysis (a passive attack).

7. Routing Control
Ensures that data follows secure or trusted paths in a network.

Prevents data from being routed through untrusted or compromised nodes.

8. Notarization
Involves a trusted third party (e.g., a notary server or time-stamping authority) to verify or
record a transaction.

Supports non-repudiation.

You might also like