OSI Security Architecture:

The OSI security architecture helps the managers responsible for the security of an
organization in defining the requirements for security. It was introduced as an
‘international standard’ which let the computer and communication vendor develop
products that have security features based on this architecture.

Security attack: Any action that compromises the security of

information owned by an organization.
Security mechanism: A process (or a device incorporating such a process)
that is designed to detect, prevent, or recover from a security attack.
Security service: A processing or communication service that enhances
the security of the data processing systems and the information
transfers of an organization. The services are intended to counter
security attacks, and they make use of one or more security mechanisms
to provide the service

SECURITY ATTACKS:
Release of message content
The release of the message content is a kind of attack
where the attacker listens to the telephone
conversation and tracks electronic mail or the
transferred file to retrieve the confidential message
being transmitted.
Traffic analysis
To protect the released message content, the
organization may apply a mask over the content of
the message so that even if the attacker captures the
message, he would not be able to understand the
message. This technique of masking the released
message is termed encryption.
1. Masquerade
In a masquerade active attack, the attacker
pretends to be the sender. To understand it
 better, consider that in figure 2 above, only path
2 is active in the masquerade attack.

2. Replay
In the replay, the message is captured in a
passive way and is retransmitted to produce an
unauthorized effect. To understand replay,
consider that in figure 2, paths 1, 2 and 3 are
active.

3. Modification of message
Modification of the message means some data
stream of the message is altered or modified to
create an unauthorized effect. Path 1 and 2 are
active in this kind of attack.

4. Denial of services
The attacker suppresses all the messages directed
to a particular receiver by overloading
the network to degrade the network
performance

Security Mechanism

The security mechanism is an entire process that is specifically designed

to identify the attack and develops a strategy to recover or prevent the
attack.

Some of the mechanisms are

Encipherment
Digital Signature
Access Control
Security Services

Considering X.800’s security services, the services can

be classified into five categories. So, we are going to
discuss them here:

 Authentication: It assures that the entity involves

in the communication is the one it is claiming for.

 Access Control: This service assures that only

authorized entities are accessing the resources
and prevents unauthorized access.

 Data Confidentiality: This service manages to

maintain the confidentiality of data by
preventing the exposure of the message content
to the attacker.

 Data Integrity: This service makes sure that the

data received at the receiver end is from an
authorized entity.

 Nonrepudiation: This service restricts the sending

and receiving entity from denying the
transmitted message.