Threats and protection mechanisms

Questions and Answers

What is peer entity authentication?

Used in a logical connection to provide confidence in the identities connected

What is data origin authentication?

In a connectionless transfer, provides assurance that the source of data is as claimed

What is access control?

The prevention of unauthorised use of resource.

What is connection confidentiality?

The protection of all user data on a connection.

What is connectionless confidentiality?

The protection of all user data on a single block.

What is selective field confidentiality ?

The confidentiality of selected fields within the user data on a connection or in a single data block

What is traffic flow confidentiality?

The protection of the information that might be derived from observation of traffic flows

What is data integrity?

The assurance that the data received is exactly as sent by the authorised entity

What is connection integrity with recovery?

Provides for the integrity of all users on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted.

What is connection integrity without recovery?

Like connection integrity with recovery, but provides only detection

What is selective field connection integrity?

Provides for the integrity of selected fields within user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted or replayed.

What is connectionless integrity?

Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided.

What is selective field connectionless integrity?

Provides for the integrity of selected fields within a single connectionless data block. Takes the form of determination whether the selective fields have been modified.

What is non repudiation?

Protection against denial by one of the entities involved in a communication of having participated in all or part of the communication

What is nonrepudiation origin?

Proof that the message was SENT by the specified party.

What is nonrepudiation destination?

Proof that the message was RECEIVED by the specified party.

What is specific security mechanisms?

May be implemented into the appropriate protocol layer in order to provide some of the OSI security services.

What is encipherment?

Using mathematical algorithms to transform a data into a form that is unreadable. The transformation and the reverse of the transformation depend on the algorithm being used and zero or more encryption keys

What is digital signature?

Data appended to or cryptographic transformation of a data unit that allows the recipient to prove the source and intergrity of the data unit and protect against forgery

What is access control in specific security mechanisms?

A variety of mechanisms that enforce access rights to resources

What is data integrity in specific security mechanism?

A variety of mechanisms that is used to ensure the integrity of a data unit or a stream of data units.

What is authentication exchange?

A mechanism intended to ensure the identity of an entity through information exchange.

What is traffic padding?

The insertion of data bits into gaps of data streams to frustrate traffic analysis attempts.

What is routing control?

Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breaching of security is suspected

What is notarization?

The use of a trusted third party to assure certain properties of a data exchange.

What is pervasive security mechanisms?

Mechanisms that are not specific to any OSI security service or protocol layer

What is trusted functionality?

Perceived to be correct with respect to some criteria

What is security label?

The marking bound to a resource that names or designates the security attributes of that resource

What is event detection?

Detection of security related event

What is security audit trail?

Data collected and possibly used to facilitate a security audit, which is an independent review and examination of system records and activities

What is security recovery?

Deals with request from mechanisms, such as event handling and management functions and takes recovery actions

Study Notes

Authentication and Integrity

• Peer Entity Authentication: Verifies the identity of entities (like users or devices) communicating over a network, ensuring both parties are who they claim to be.
• Data Origin Authentication: Confirms that the source of the data is legitimate and has not been altered from its original form.
• Access Control: Mechanisms to restrict unauthorized access to systems, applications, or data, often through authentication procedures.
• Connection Confidentiality: Protects the data transmitted over a network connection from being intercepted by unauthorized entities.

Confidentiality Types

• Connectionless Confidentiality: Ensures data confidentiality in communications that do not establish a dedicated connection, such as UDP (User Datagram Protocol).
• Selective Field Confidentiality: Applies confidentiality measures to specific parts or fields of data rather than the entire dataset.
• Traffic Flow Confidentiality: Protects information regarding the pattern and volume of transmitted data to conceal users' activities and communication flows.

Data and Connection Integrity

• Data Integrity: Ensures that data remains accurate, consistent, and unaltered during storage, processing, and transmission.
• Connection Integrity with Recovery: Ensures the integrity of a data connection while allowing for recovery in case of disruptions or errors during transmission.
• Connection Integrity without Recovery: Guarantees data integrity without providing mechanisms to recover lost or corrupted data.
• Selective Field Connection Integrity: Maintains the integrity of specific fields in a data connection, ensuring those particular areas are safeguarded.

Additional Integrity Concepts

• Connectionless Integrity: Verifies the integrity of data sent in a connectionless manner, without establishing a dedicated path for transmission.
• Selective Field Connectionless Integrity: Similar to connectionless integrity but focused on maintaining the integrity of designated fields.

Non-Repudiation

• Non-Repudiation: Ensures that an entity cannot deny the authenticity of their signature or the sending of a message, providing proof of the origin and delivery.
• Non-repudiation Origin: Protects against denial of a message being sent; assures that the message sender cannot disown their action.
• Non-repudiation Destination: Provides assurance that the recipient of a message can confirm its reception and cannot contest receiving it.

Security Mechanisms

• Specific Security Mechanisms: Unique tools or protocols designed to enhance security in systems by fulfilling specific security requirements.
• Encipherment: The process of converting plaintext into ciphertext to secure data during transmission.
• Digital Signature: A cryptographic technique used to validate the authenticity and integrity of a message, document, or digital file.

Security Mechanism Features

• Access Control in Specific Security Mechanisms: Integrated access restrictions in security protocols to allow only authorized users access to sensitive functions.
• Data Integrity in Specific Security Mechanisms: Measures designed to ensure data has not been altered unauthorizedly, incorporated within security protocols.

Additional Security Techniques

• Authentication Exchange: A method for parties to verify each other’s identities during a communication exchange.
• Traffic Padding: The practice of adding extra data to a transmission to obscure the actual amount of information being sent.
• Routing Control: Management of the path that data packets take through a network to ensure secure transmission.

Security Awareness and Controls

• Notarization: The process of certifying documents that adds an additional layer of security and trustworthiness.
• Pervasive Security Mechanisms: Security measures embedded in all aspects of a system to ensure holistic protection.
• Trusted Functionality: Components or features in a system that reliably perform security functions as intended.

Security Monitoring and Recovery

• Security Label: Markings or metadata assigned to data that indicate its security classification and handling requirements.
• Event Detection: The ability to identify and alert on security-related events or anomalies in system activities.
• Security Audit Trail: A log of events and changes made within a system, facilitating accountability and forensic analysis.
• Security Recovery: Strategies and processes put in place to restore a system’s functionality and integrity after a security incident or breach.

Description

For CNS