Scribd Logo
Upload

Welcome to Scribd!

  • Group 5 The OSI Security Architecture

    Uploaded by

    Tanaka Matend
    10 views17 pages

    Original Title

    Group 5 The OSI Security Architecture (2)

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views17 pages

    Group 5 The OSI Security Architecture

    Uploaded by

    Tanaka Matend

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Computer Security

    Group 5

    Members
    Prince Mupangavanhu – R192721N
    Wayne Nzvere – R132500H
    Nyasha P Muzeanenhamu – R191197V
    Edwin M Muzeza – R1814999V
    Anotida H.M Pasi – R1815002M
    Clive Masawi – R1814915Q
    Tatenda G Rufu – R193782A
    Silvanos Dambwa – R192722A
    Royal Guta – R193881Y
    The OSI Security Architecture
    Introduction
    CHAPTER 2
     The OSI Security architecture
    • Security attacks
    • Security services
    • Security mechanism
    The OSI security architecture

     The OSI security architecture focuses on security attacks, mechanisms, and


    services.

     Security attacks

    Any action that compromises the security of information owned by an organization.

    Two types of security attacks


    a) Passive attack
    b) active attack
    Passive attack

     In a passive attack, the attacker monitors or eavesdrops the transmission between


    and sender and receiver and the attacker try to retrieve the information being
    transmitted. In passive attack neither the sender nor the receiver is aware of the
    attack as the attacker only retrieve the message, he doesn’t perform any alteration
    to the captured message. The message is sent and received in the normal fashion.

    Two types of passive attacks are:


     Release of message contents
     and traffic analysis.
    Passive attack

    Release of message content


     The release of the message content is a kind of attack where the attacker listens to the

    telephone conversation, tracks electronic mail or the transferred file to retrieve the
    confidential message being transmitted. The opponent is quite interested in the content of
    the released message.
    Traffic analysis
     To protect the released message content the organization may apply a mask over the

    content of the message so that even if the attacker captures the message, he would not be
    able to understand the message. This technique of masking the released message is
    termed as encryption.
     In traffic analysis passive attack, the attacker monitors the pattern, length and frequency

    of the released message to guess the original message.


    Passive attack
    Active attack

    Active attacks involve some modification of the data stream or the creation of a false
    stream and can be subdivided into four categories :
     Masquerade ,
     Replay,
     Modification of messages,
     Denial of service.
    Active attack

     Masquerade
    In masquerade, the attacker pretends to be the sender.
     Replay

    In the replay, the message is captured in a passive way and is retransmitted to produce an
    unauthorized effect.

     Modification of message
    Modification of message means some data stream of the message is altered or modified to create
    an unauthorized effect.
     Denial of services

    The attacker suppresses all the messages directed to a particular receiver by overloading the
    network to degrade the network performance
    Active attack
    Active attack
    Security service

    X.800 and RFC 2828

     X.800 defines the service provided by protocol layer of communicating open


    system which ensures adequate security of the systems or of data transfers.

     RFC 2828 defines as a communication service that is provided by a system to give


    a specific kind of protection to system resources;
    Security services are divided into
    five categories

     Authentication
     Access control
     Data confidentiality
     Data integrity
     Nonrepudiation
    Security services are divided into
    five categories
     Authentication: It assures that the entity involves in the communication is the one it
    is claiming for.
     Access Control: This service assures that only the authorized entities are accessing
    the resources and prevents unauthorized access.
     Data Confidentiality: This service manages to maintain the confidentiality of data
    by preventing the exposure of the message content to the attacker.
     Data Integrity: This service makes it sure that the data received at the receiver end
    is from an authorized entity.
     Nonrepudiation: This service restricts the sending and receiving entity from
    denying the transmitted message.
    Security mechanism
    Security mechanism is an entire process that is specifically designed to identify
    the attack and develops a strategy to recover or prevent the attack. These security
    mechanism consist of :

     Cryptographic techniques,
    Process of converting ordinary plain text into unintelligible text and vice-versa.

     Encryption,
    Security method of encoding data from plaintext to ciphertext, which can only be
    decrypted by the user with the encryption key
    Security mechanism

     Encipherment
    The process of making data unreadable to unauthorized entities by applying
    cryptographic algorithm

     Digital Signature
    a mathematical technique used to validate the authenticity and integrity of a
    message, software or digital document.

     Access Control
    a method of guaranteeing that users are who they say they are and that they have
    the appropriate access to company data.
    Thank You

    You might also like