SlideShare a Scribd company logo

2-OSI SECURITY ARCHITECTURE F1.pptxfdddss

Download as PPTX, PDF
M
maniv2769

The OSI Security Architecture, defined by the ITU's X.800 standard, outlines a framework for securing open systems by addressing security attacks, services, and mechanisms. It categorizes security attacks into passive and active types and specifies various security services and mechanisms to counter these attacks, such as encipherment, digital signatures, and access control. The architecture serves as a guideline for vendors to develop security features for their communications and data processing products.

Engineering
1 of 56
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
OSI SECURITY ARCHITECTURE
OSI SECURITY ARCHITECTURE • X.800 is a standard developed by the International Telecommunication Union (ITU) defined Security Architecture for OSI. • OSI Security Architecture – provides a framework for security services in open systems. – defines security to systems and also for the data being transferred between them. – Open systems refer to computer systems that interact with other systems over a network, often using standardized communication protocols.
OSI SECURITY ARCHITECTURE • The OSI security architecture is useful to managers as a way of organizing the task of providing security. • Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms.
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
THE OSI SECURITY ARCHITECTURE • Security attack: Any action that compromises the security of information owned by an organization. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and are implemented by security mechanisms. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
SECURITY ATTACK • Unauthorized attempt to access, manipulate, damage, disrupt, or disable computer systems, networks, or data. • Attacks are carried out by individuals or groups, often referred to as attackers.
SECURITY ATTACK-INSECURED COMMUNICATION . INSECURE CHANNEL ALICE BOB MIDDLE MAN
SECURITY ATTACKS • Broadly classified into two types – passive attacks – active attacks
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
Passive Attacks • Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. • The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the – release of message contents – traffic analysis.
Release of message contents- obtain information that is being transmitted.
Traffic analysis- monitoring the transmissions. • The opponent could determine the – location of communicating hosts – identity the communicating hosts – observe the frequency of messages being exchanged. – length of messages being exchanged.
Traffic analysis
Active Attacks Active attacks involve –some modification of the data stream –or the creation of a false stream –can be subdivided into four categories: • masquerade • replay • modification of messages • denial of service.
Masquerade • Masquerade takes place when one entity pretends to be a different entity.
Masquerade
Replay • Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Replay
Modification of messages • Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect
Modification of messages
Denial of service • Denial of service prevents or inhibits the normal use or management of communications facilities. • This attack may have a specific target. • for example, an entity may suppress all messages directed to a particular destination.
Denial of service
SECURITY SERVICES • X.800 defines a security service as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. • Security services implement security policies and are implemented by security mechanisms.
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
AUTHENCATION
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
Integrity- No Modification
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
Non Repudiation
SECURITY MECHANISMS • The mechanisms are divided into two types: – those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol – those that are not specific to any particular protocol layer or security service. Two Types • SPECIFIC SECURITY MECHANISMS (implemented in a specific protocol layer) • PERVASIVE SECURITY MECHANISMS (not specific to any particular protocol layer)
SPECIFIC SECURITY MECHANISMS • May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. The mechanisms are:
Encipherment • The use of mathematical algorithms to transform data into a form that is not readily intelligible. • The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
Encipherment or Encryption
Digital Signature • Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
Access Control • A variety of mechanisms that enforce access rights to resources.
Data Integrity • A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Traffic Padding • The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Routing Control • Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
Notarization • The use of a trusted third party to assure certain properties of a data exchange.
Authentication Exchange • A mechanism intended to ensure the identity of an entity by means of information exchange.
PERVASIVE SECURITY MECHANISMS • Mechanisms that are not specific to any particular OSI security service or protocol layer. The mechanisms are:
Trusted Functionality • Trusted Functionality refers to specific functions within a system that perform their intended actions securely. • Trusted Functionalities operate under strict security protocols, ensuring they cannot be easily tampered with by malicious entities. • Trusted functionalities include: – Key Management – Authentication and Authorization – Data Integrity and Confidentiality
Security Label • A security label is a tag of metadata attached to an object, such as a file, database record, or communication message, indicating the level of security associated with that object. • Security labels are used to enforce access control policies, ensuring that only authorized users or systems can access or modify the labeled object according to its security classification.
Security Label
Event Detection • Detection of security-relevant events.
Security Audit Trial • Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.
Security Audit Trial
SECURITY RECOVERY • Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.

More Related Content

PPTX
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
maniv2769
 
PPTX
CNS new ppt unit 1.pptx
RizwanBasha12
 
PDF
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
PPT
ch01.ppt
ssuser4198c4
 
PPT
Module-1.ppt cryptography and network security
AparnaSunil24
 
PDF
Lec 01.pdf
MohammedElkayesh
 
PPTX
Ch1 Cryptography network security slides.pptx
salutiontechnology
 
PPT
Ch01
ssusere796b3
 
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
maniv2769
 
CNS new ppt unit 1.pptx
RizwanBasha12
 
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
ch01.ppt
ssuser4198c4
 
Module-1.ppt cryptography and network security
AparnaSunil24
 
Lec 01.pdf
MohammedElkayesh
 
Ch1 Cryptography network security slides.pptx
salutiontechnology
 
Ch01
ssusere796b3
 

Similar to 2-OSI SECURITY ARCHITECTURE F1.pptxfdddss (20)

PPTX
Basics -1.pptx kiy fdest xfderwe dgdar d
SoundaryaBC2
 
PPTX
X.800 defines a security service iyew gt
SoundaryaBC2
 
PPTX
Information and network security 8 security mechanisms
Vaibhav Khanna
 
PDF
Network security chapter 1
osama elfar
 
PPTX
Unit-1.pptx
ssuseref9c81
 
PDF
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
Abiramis19
 
PPT
Network Security 1st Lecture
babak danyal
 
PPT
Network and Information Security unit 1.ppt
Vivekananda Gn
 
PPT
CNS Unit-I_final.ppt
SwapnaPavan2
 
PDF
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
karthikasivakumar3
 
PPT
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
PPTX
Unit 1-NETWORK Security.pptx............
r47381047
 
PPTX
information security unit 1 notes ppt contents
Krishna681298
 
PDF
ch01.pdf
Samtech6
 
PPT
lecture2-1 part one about cryptography.ppt
abduganiyevbekzod011
 
PPT
Cryptography - Unit I | Introduction to Security Concepts
CUO VEERANAN VEERANAN
 
PPTX
2.Types of Attacks.pptx
NISARSHAIKH57
 
PPTX
Seminar Information Protection & Computer Security (Cryptography).pptx
umardanjumamaiwada
 
PPTX
cns unit 1.pptx
Saranya Natarajan
 
PPTX
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Basics -1.pptx kiy fdest xfderwe dgdar d
SoundaryaBC2
 
X.800 defines a security service iyew gt
SoundaryaBC2
 
Information and network security 8 security mechanisms
Vaibhav Khanna
 
Network security chapter 1
osama elfar
 
Unit-1.pptx
ssuseref9c81
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
Abiramis19
 
Network Security 1st Lecture
babak danyal
 
Network and Information Security unit 1.ppt
Vivekananda Gn
 
CNS Unit-I_final.ppt
SwapnaPavan2
 
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
karthikasivakumar3
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Unit 1-NETWORK Security.pptx............
r47381047
 
information security unit 1 notes ppt contents
Krishna681298
 
ch01.pdf
Samtech6
 
lecture2-1 part one about cryptography.ppt
abduganiyevbekzod011
 
Cryptography - Unit I | Introduction to Security Concepts
CUO VEERANAN VEERANAN
 
2.Types of Attacks.pptx
NISARSHAIKH57
 
Seminar Information Protection & Computer Security (Cryptography).pptx
umardanjumamaiwada
 
cns unit 1.pptx
Saranya Natarajan
 
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Ad

Recently uploaded (20)

PPTX
UNIT - 3 Total quality Management .pptx
gokuld13012005
 
PPTX
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PPT
Occupational Health and Safety Management System
Akshay Kant Mishra
 
PPT
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
PDF
BIO-INSPIRED HORMONAL MODULATION AND ADAPTIVE ORCHESTRATION IN S-AI-GPT
ijaia
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
COURSE DESCRIPTOR OF SURVEYING R24 SYLLABUS
MNANDITHACIVILSTAFF
 
PDF
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
PPTX
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
PPTX
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
PPTX
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
PDF
UNIT no 1 INTRODUCTION TO DBMS NOTES.pdf
pawarbhaktiit
 
PDF
PREDICTION OF DIABETES FROM ELECTRONIC HEALTH RECORDS
ijaia
 
PDF
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
PDF
Visual Aids for Exploratory Data Analysis.pdf
Ashutosh Satapathy
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
UNIT - 3 Total quality Management .pptx
gokuld13012005
 
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
Occupational Health and Safety Management System
Akshay Kant Mishra
 
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
BIO-INSPIRED HORMONAL MODULATION AND ADAPTIVE ORCHESTRATION IN S-AI-GPT
ijaia
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
COURSE DESCRIPTOR OF SURVEYING R24 SYLLABUS
MNANDITHACIVILSTAFF
 
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
UNIT no 1 INTRODUCTION TO DBMS NOTES.pdf
pawarbhaktiit
 
PREDICTION OF DIABETES FROM ELECTRONIC HEALTH RECORDS
ijaia
 
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
Visual Aids for Exploratory Data Analysis.pdf
Ashutosh Satapathy
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPT on Performance Review to get promotions
prashant593122
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Ad

2-OSI SECURITY ARCHITECTURE F1.pptxfdddss

  • 2. OSI SECURITY ARCHITECTURE • X.800 is a standard developed by the International Telecommunication Union (ITU) defined Security Architecture for OSI. • OSI Security Architecture – provides a framework for security services in open systems. – defines security to systems and also for the data being transferred between them. – Open systems refer to computer systems that interact with other systems over a network, often using standardized communication protocols.
  • 3. OSI SECURITY ARCHITECTURE • The OSI security architecture is useful to managers as a way of organizing the task of providing security. • Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms.
  • 5. THE OSI SECURITY ARCHITECTURE • Security attack: Any action that compromises the security of information owned by an organization. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and are implemented by security mechanisms. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
  • 6. SECURITY ATTACK • Unauthorized attempt to access, manipulate, damage, disrupt, or disable computer systems, networks, or data. • Attacks are carried out by individuals or groups, often referred to as attackers.
  • 8. SECURITY ATTACKS • Broadly classified into two types – passive attacks – active attacks
  • 10. Passive Attacks • Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. • The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the – release of message contents – traffic analysis.
  • 11. Release of message contents- obtain information that is being transmitted.
  • 12. Traffic analysis- monitoring the transmissions. • The opponent could determine the – location of communicating hosts – identity the communicating hosts – observe the frequency of messages being exchanged. – length of messages being exchanged.
  • 14. Active Attacks Active attacks involve –some modification of the data stream –or the creation of a false stream –can be subdivided into four categories: • masquerade • replay • modification of messages • denial of service.
  • 15. Masquerade • Masquerade takes place when one entity pretends to be a different entity.
  • 17. Replay • Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
  • 19. Modification of messages • Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect
  • 21. Denial of service • Denial of service prevents or inhibits the normal use or management of communications facilities. • This attack may have a specific target. • for example, an entity may suppress all messages directed to a particular destination.
  • 23. SECURITY SERVICES • X.800 defines a security service as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. • Security services implement security policies and are implemented by security mechanisms.
  • 37. SECURITY MECHANISMS • The mechanisms are divided into two types: – those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol – those that are not specific to any particular protocol layer or security service. Two Types • SPECIFIC SECURITY MECHANISMS (implemented in a specific protocol layer) • PERVASIVE SECURITY MECHANISMS (not specific to any particular protocol layer)
  • 38. SPECIFIC SECURITY MECHANISMS • May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. The mechanisms are:
  • 39. Encipherment • The use of mathematical algorithms to transform data into a form that is not readily intelligible. • The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
  • 41. Digital Signature • Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
  • 43. Access Control • A variety of mechanisms that enforce access rights to resources.
  • 44. Data Integrity • A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
  • 45. Traffic Padding • The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
  • 46. Routing Control • Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
  • 47. Notarization • The use of a trusted third party to assure certain properties of a data exchange.
  • 48. Authentication Exchange • A mechanism intended to ensure the identity of an entity by means of information exchange.
  • 49. PERVASIVE SECURITY MECHANISMS • Mechanisms that are not specific to any particular OSI security service or protocol layer. The mechanisms are:
  • 50. Trusted Functionality • Trusted Functionality refers to specific functions within a system that perform their intended actions securely. • Trusted Functionalities operate under strict security protocols, ensuring they cannot be easily tampered with by malicious entities. • Trusted functionalities include: – Key Management – Authentication and Authorization – Data Integrity and Confidentiality
  • 51. Security Label • A security label is a tag of metadata attached to an object, such as a file, database record, or communication message, indicating the level of security associated with that object. • Security labels are used to enforce access control policies, ensuring that only authorized users or systems can access or modify the labeled object according to its security classification.
  • 53. Event Detection • Detection of security-relevant events.
  • 54. Security Audit Trial • Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.
  • 56. SECURITY RECOVERY • Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions.