Professional Documents
Culture Documents
Group 5
Members
Prince Mupangavanhu – R192721N
Wayne Nzvere – R132500H
Nyasha P Muzeanenhamu – R191197V
Edwin M Muzeza – R1814999V
Anotida H.M Pasi – R1815002M
Clive Masawi – R1814915Q
Tatenda G Rufu – R193782A
Silvanos Dambwa – R192722A
Royal Guta – R193881Y
The OSI Security Architecture
Introduction
CHAPTER 2
The OSI Security architecture
• Security attacks
• Security services
• Security mechanism
The OSI security architecture
Security attacks
telephone conversation, tracks electronic mail or the transferred file to retrieve the
confidential message being transmitted. The opponent is quite interested in the content of
the released message.
Traffic analysis
To protect the released message content the organization may apply a mask over the
content of the message so that even if the attacker captures the message, he would not be
able to understand the message. This technique of masking the released message is
termed as encryption.
In traffic analysis passive attack, the attacker monitors the pattern, length and frequency
Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories :
Masquerade ,
Replay,
Modification of messages,
Denial of service.
Active attack
Masquerade
In masquerade, the attacker pretends to be the sender.
Replay
In the replay, the message is captured in a passive way and is retransmitted to produce an
unauthorized effect.
Modification of message
Modification of message means some data stream of the message is altered or modified to create
an unauthorized effect.
Denial of services
The attacker suppresses all the messages directed to a particular receiver by overloading the
network to degrade the network performance
Active attack
Active attack
Security service
Authentication
Access control
Data confidentiality
Data integrity
Nonrepudiation
Security services are divided into
five categories
Authentication: It assures that the entity involves in the communication is the one it
is claiming for.
Access Control: This service assures that only the authorized entities are accessing
the resources and prevents unauthorized access.
Data Confidentiality: This service manages to maintain the confidentiality of data
by preventing the exposure of the message content to the attacker.
Data Integrity: This service makes it sure that the data received at the receiver end
is from an authorized entity.
Nonrepudiation: This service restricts the sending and receiving entity from
denying the transmitted message.
Security mechanism
Security mechanism is an entire process that is specifically designed to identify
the attack and develops a strategy to recover or prevent the attack. These security
mechanism consist of :
Cryptographic techniques,
Process of converting ordinary plain text into unintelligible text and vice-versa.
Encryption,
Security method of encoding data from plaintext to ciphertext, which can only be
decrypted by the user with the encryption key
Security mechanism
Encipherment
The process of making data unreadable to unauthorized entities by applying
cryptographic algorithm
Digital Signature
a mathematical technique used to validate the authenticity and integrity of a
message, software or digital document.
Access Control
a method of guaranteeing that users are who they say they are and that they have
the appropriate access to company data.
Thank You