HCSE421 Network Security and Cryptography

The OSI Security Architecture

Prepared By
T. G. Rebanowako
 Outline

• Introduction
• Security Attacks
• Security Services
• Security Mechanisms
 Introduction

Security managers need:

• systematic approach to defining security requirements and characterizing the
approaches to satisfy the security requirements,
• to effectively assess the organization’s security needs, and
• evaluate and choose various security products and policies.
However:
• task is difficult in centralized data processing environments, and
• use of LANs and WANs compounds the problems involved.
 Introduction (cont’d ….)

The ITU-T Recommendation X.800, Security Architecture for OSI, defines a systematic
approach that can be adopted by organizations.
• OSI security architecture is useful to managers as way of organizing the task of security provision.
• computer and communications vendors have bench-marked development of security
features for their products and services with this structured definition of services and
mechanisms.
•architecture focuses on security attacks, mechanisms, and services.
• RFC 4949, Internet Security Glossary provides definitions of the terms threat and attack as
follows:
• Threat: potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm.
• Attack: assault on system security that derives from an intelligent threat.
 Security Attacks

X.800 and RFC 4949 both classify security attacks in terms of passive attacks and
active attacks.
•Passive Attacks: involve eavesdropping on, or monitoring of, transmissions, opponent’s intention
being to obtain information being transmitted.
•Two types identified:
• Release of message contents
• Traffic analysis
•Very difficult to detect as no alteration of data is involved.
•Feasible to prevent these attacks, thus focus should be prevention rather than detection.
Passive Attacks
 Release of Message Contents

• Passive attack targeting sensitive or confidential information which we would like

to prevent an opponent from learning.
 Traffic Analysis
Opponent might still be able to observe the pattern of the messages to:
• determine location and identity of communicating hosts and
• observe the frequency and length of messages being exchanged.
• information might be useful in guessing the nature of communication that was taking place.
 Active Attacks
•Involve modification of data stream or creation of false stream.
•Difficult to prevent due to wide variety potential vulnerabilities.
•Goal is to detect active attacks and to recover from any disruption or delays caused by them.
•include masquerade, replay, modification of messages, and denial of service.
 Masquerade
•One entity pretends to be another entity.
•usually includes one of the other forms of attack
• authentication sequences can be captured and replayed after a valid authentication
sequence has taken place,
• enables an authorized entity with few privileges to obtain extra privileges by
impersonating an entity with such privileges.
 Replay
•Involves passive capture of a data unit and its subsequent re-transmission to
produce an unauthorized effect.
 Modification of Messages
•Portion of legitimate message is altered, or messages are delayed or reordered, to
produce an unauthorized effect.
 Denial of Service
•Prevents or inhibits the normal use or management of communications facilities.
•May have a specific target:
• an entity may suppress all messages directed to a particular destination (such as security
audit service).
•Another form of service denial is disruption of entire network (either by disabling
network or overloading it with messages) so as to degrade performance.
 Security Services

•X.800 defines a security service as a service provided by a protocol layer of

communicating open systems which ensures adequate security of the systems or
data transfers.
•RFC 4949 provides a clearer definition: a processing or communication service
provided by a system to give a specific kind of protection to system resources;
security services implement security policies and are implemented by security
mechanisms.
•X.800 divides these services into five categories (authentication, access control, data
confidentiality, data integrity, nonrepudiation) and fourteen specific services.
 Authentication

•Concerned with assuring that a communication is authentic.

•For single message (e.g. warning or alarm signal) function of authentication service
is to assure recipient that message is from source that it claims to be from.
•For ongoing interaction (e.g. connection of terminal to a host) two aspects are
involved:
• at time of connection initiation, service assures that the two entities are authentic, i.e.,
each is the entity it claims to be;
• assure connection is not interfered with to allow a third party to masquerade as one of
the two legitimate parties for purposes of unauthorized transmission or reception.
 Authentication (cont’d ….)

X.800 defines two specific authentication services:

Peer entity authentication:
• provides for corroboration of identity of peer entity in an association.
• Two entities are considered peers if they implement to same protocol in different
systems
• Provided for use at establishment of, or at times during data transfer phase of, a
connection.
• Attempts to provide confidence that an entity is not performing either a masquerade or
an unauthorized replay of a previous connection.
Data origin authentication:
• Provides for corroboration of source of a data unit, but does not provide protection
against duplication or modification of data units.
• Supports such applications as email where there are no prior interactions between
communicating entities.
 Access Control

•Involves ability to limit and control access to systems and applications via
communications links in a network.
•Accomplished by ensuring each entity trying to gain access must first be identified,
or authenticated.
•Access rights can be tailored to the individual.
•Prevention of unauthorized use of a resource.
•Controls who can have access to a resource, under what conditions access can
occur, and what those accessing the resource are allowed to do.
 Data Confidentiality

•Involves protection of transmitted data from passive attacks.

•Broadest service involves protecting all user data transmitted between two users
over a period of time.
•Narrower form involves protecting a single message or even specific fields within a
message.
•Protection can also be availed to traffic flow from analysis to prevent an attacker
from observing the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.
 Data Integrity

•Can apply to stream of messages, single message, or selected fields within a

message.
•Most useful and straightforward approach is total stream protection.
•A connection-oriented integrity service, which deals with a stream messages,
assures messages are received as sent with no duplication, insertion, modification,
reordering, or replays.
•Destruction of data also covered under this service.
•Connection-oriented integrity service addresses both message stream modification
and denial of service.
•Connectionless integrity service which deals with individual messages without
regard to any larger context generally provides protection against message
modification only.
•Distinction can be made between service with or without recovery.
 Nonrepudiation

•Prevents either sender or receiver from denying a transmitted message.

•When a message is sent, the receiver can prove that the alleged sender in fact sent
the message.
•Similarly, when a message is received, the sender can prove that the alleged
receiver in fact received the message.
 Availability Service

•Both X.800 and RFC 4949 define availability as the property of a system or system
resource being accessible and usable upon demand by an authorized system entity,
according to performance specifications for the system.
•A system is available if it provides services according to the system design whenever
users request them.
•A variety of attacks can result in the loss of or reduction in availability.
•Some of these attacks are amenable to automated countermeasures (e.g.,
authentication and encryption).
•Others require some sort of physical action to prevent or recover from loss of
availability of elements of a distributed system.
 Availability Service (cont’d ….)

•X.800 treats availability as a property to be associated with various security services.

•However, availability service is one that protects a system to ensure its availability.
•This service addresses the security concerns raised by denial-of-service attacks.
•Depends on proper management and control of system resources.
•Depends on access control service and other security services.
 Security Mechanisms

Security mechanisms defined in X.800 are divided into:

•those that are implemented in a specific protocol layer (e.g., TCP or an
application-layer protocol) and
•those that are not specific to any particular protocol layer or security service.
X.800 also distinguishes between:
• reversible encipherment mechanisms include encryption algorithms that allow
data to be encrypted and subsequently decrypted.
• irreversible encipherment mechanisms include hash algorithms and message
authentication codes used in digital signature and message authentication
applications.
 Specific Security Mechanisms
•May be incorporated into the appropriate protocol layer to provide some of the OSI security services.

Security Mechanism Definition

Encipherment Use of mathematical algorithms to transform data into a form that is not readily
intelligible with the transformation and subsequent recovery of data depending on an
algorithm and zero or more encryption keys.
Digital Signature Data appended to, or a cryptographic transformation of, a data unit that allows a
recipient of the data unit to prove the source and integrity of the data unit and protect
against forgery (e.g., by the recipient).
Access Control Variety of mechanisms that enforce access rights to resources.
Data Integrity Variety of mechanisms used to assure integrity of a data unit or stream of data units.
Authentication Exchange Mechanism intended to ensure identity of an entity by means of information exchange
Traffic Padding Insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Routing Control Enables selected of particular physically secure routes for certain data and allows
routing changes, especially when a breach of security is suspected.
Notarization Use of trusted third part to assure certain properties of a data exchange.
 Pervasive Security Mechanisms
•Mechanisms not specific to any particular OSI security service or protocol layer.

Security Mechanism Definition

Trusted Functionality Perceived to be correct with respect to some criteria (e.g., as established
by a security policy).
Security Label Marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
Event Detection Detection of security-relevant events.
Security Audit Trail Data collected and potentially used to facilitate a security audit, which is an
independent review and examination of system records and activities.
Security Recovery Deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
 Relationship Between Security Services and Mechanisms
•X.800 also indicates the relationship between security services and security
mechanisms.
Security Service Security Mechanisms

Peer Entity Authentication Encipherment, Digital Signature, Authentication

Exchange.
Data Origin Authentication Encipherment, Digital Signature.
Access Control Access Control
Confidentiality Encipherment, Routing Control.
Traffic Flow Confidentiality Encipherment, Traffic Padding, Routing Control.
Data Integrity Encipherment, Digital Signature, Data Integrity.
Nonrepudiation Digital Signature, Data Integrity, Notarization.
Availability Data Integrity, Authentication Exchange.
 References

1. V.S. Bagad and I.A. Dhotre, Information and Network Security, 2nd Edition,
Technical Publications, 2017

2. William Stallings, Cryptography and Network Security: Principles and Practice, 7 th

Edition, Pearson, 2017
-----End-----