EXPERIMENT NO.
01
GRADE:
DATE OF PERFORMANCE:
DATE OF ASSESSMENT: SIGNATURE OF LECTURER/ TTA:
AIM: Study of Information security concept. Aspects of security, various types
of attacks and OSI security architecture
THEORY:
Cybersecurity is the protection of information that is stored, transmitted, and processed in a
networked system of computers, other digital devices, and network devices and transmission lines,
including the Internet. Protection encompasses confidentiality, integrity, availability, authenticity,
and accountability. Methods of protection include organizational policies and procedures, as well
as technical means such as encryption and secure communications protocols
subsets of cybersecurity:
Information security: This term refers to preservation of confidentiality, integrity, and
availability of information. In addition, other properties, such as authenticity, accountability,
nonrepudiation, and reliability can also be involved.
Network security: This term refers to protection of networks and their service from unauthorized
modification, destruction, or disclosure, and provision of assurance that the network performs its
critical functions correctly and there are no harmful side effects
Security Objectives
Confidentiality: Preserving authorized restrictions on information access and disclosure,
including means for protecting personal privacy and proprietary information. A loss of
confidentiality is the unauthorized disclosure of information.
Integrity: Guarding against improper information modification or destruction, including ensuring
information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification
or destruction of information.
Availability: Ensuring timely and reliable access to and use of information. A loss of availability
is the disruption of access to or use of information or an information system.
Authenticity: The property of being genuine and being able to be verified and trusted; confidence
in the validity of a transmission, a message, or message originator. This means verifying that users
are who they say they are and that each input arriving at the system came from a trusted source.
Page 1 of 4
�Accountability: The security goal that generates the requirement for actions of an entity to be
traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion
detection and prevention, and after-action recovery and legal action. Because truly secure systems
are not yet an achievable goal, we must be able to trace a security breach to a responsible party.
Systems must keep records of their activities to permit later forensic analysis to trace security
breaches or to aid in transaction disputes.
THE OSI SECURITY ARCHITECTURE
To assess effectively the security needs of an organization and to evaluate and choose various
security products and policies, the manager responsible for security needs some systematic way of
defining the requirements for security and characterizing the approaches to satisfying those
requirements.
For our purposes, the OSI security architecture provides a useful, if abstract, overview of many of
the concepts that this book deals with. The OSI security architecture focuses on security attacks,
mechanisms, and services.
1. Security attack: Any action that compromises the security of information owned by an
organization.
2. Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.
3. Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms
to provide the service.
1. SECURITY ATTACK
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the attacker is to obtain information that is being transmitted. Two types of
passive attacks are the release of message contents and traffic analysis.
Passive attacks are very difficult to detect because they do not involve any alteration of the
data. Typically, the message traffic is sent and received in an apparently normal fashion
and neither the sender nor receiver is aware that a third party has read the messages or
observed the traffic pattern. However, it is feasible to prevent the success of these attacks,
usually by means of encryption. Thus, the emphasis in dealing with passive attacks is on
prevention rather than detection.
Active Attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories: replay, masquerade, modification of
messages, and denial of service.
A masquerade enables an authorized entity with few privileges to obtain extra privileges
by impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect
Page 2 of 4
� The denial of service is the disruption of an entire network, either by disabling the network
or by overloading it with messages so as to degrade performance
2. SECURITY SERVICES
Security services implement security policies and are implemented by security
mechanisms.
Authentication The authentication service is concerned with assuring that a
communication is authentic
Peer entity authentication: Provides for the corroboration of the identity of a peer entity
in an association. Two entities are considered peers if they implement the same protocol
in different systems.
Data origin authentication: This type of service supports applications like electronic
mail, where there are no ongoing interactions between the communicating entities.
Access Control
In the context of network security, access control is the ability to limit and control the
access to host systems and applications via communications links.
Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With respect to
the content of a data transmission, several levels of protection can be identified
Data Integrity
Data Integrity deals with a stream of messages, assures that messages are received as sent
with no duplication, insertion, modification, reordering, or replays.
Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message.
Availability Service
Availability is the property of a system, or a system resource being accessible and usable
upon demand by an authorized system entity, according to performance specifications for
the system.
3. SECURITY MECHANISMS
Cryptographic algorithms:
A reversible cryptographic mechanism is simply an encryption algorithm that allows data
to be encrypted and subsequently decrypted. Irreversible cryptographic mechanisms
include hash algorithms and message authentication codes, which are used in digital
signature and message authentication applications.
Data integrity: This category covers a variety of mechanisms used to assure the integrity
of a data unit or stream of data units.
Page 3 of 4
� Digital signature: Data appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and
protect against forgery.
Authentication exchange: A mechanism intended to ensure the identity of an entity by
means of information exchange.
Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
Routing control: Enables selection of particular physically or logically secure routes for
certain data and allows routing changes, especially when a breach of security is suspected.
Notarization: The use of a trusted third party to assure certain properties of a data exchange.
Access control: A variety of mechanisms that enforce access rights to resources
Benefits of OSI Security Architecture
Some major benefits of the OSI Security Architecture are as follows:
OSI Security Architecture Provides Security
The security model is designed to provide security to organizations to prevent their data from being
breached. Hence, the major goal is accomplished well by the OSI Security Architecture.
OSI Security Architecture Provides International Standards
It provides a worldwide standard for the security of systems. This standard can be followed by
every organization in the world and does not need to worry about the separate implementation for
each organization as the model has been designed to cater to all kinds of needs related to security.
Easy for the Managers
The OSI security model makes it easy for the managers to build a security model for the
organization based on strong security pillars and principles. The managers do not have to think
much out of the box on their own and can simply implement the OSI model as per the security
requirements of their organization.
So, these were some of the benefits of OSI security architecture.
Page 4 of 4
