Lecture 2: OSI Security Architecture PDF

Document Details

StylishSpessartine

Uploaded by StylishSpessartine

University of Science and Technology

Prof. Noureldien A. Noureldien

Tags

OSI security architecture security attacks security mechanisms computer security

Summary

This lecture provides an overview of the OSI Security Architecture, its components, and types of attacks including passive and active attacks. It details security services like authentication, access control, and confidentiality. This course material is suitable for undergraduate students.

Full Transcript

University of Science and Technology Faculty of Computer Science and Information Technology Department of Information and Communication Technology Lecture (2) Instructor: Prof. Noureldien A. Noureldien 1. The OSI Security Architecture To assess effectively the security needs of an organization and...

University of Science and Technology Faculty of Computer Science and Information Technology Department of Information and Communication Technology Lecture (2) Instructor: Prof. Noureldien A. Noureldien 1. The OSI Security Architecture To assess effectively the security needs of an organization and to evaluate andchoose various security products and policies, the manager responsible for computerand network security needs some systematic way of defining the requirementsfor security and characterizing the approaches to satisfying those requirements. The OSI security architecture is useful to managers as a wayof organizing the task of providing security. Furthermore, because this architecturewas developed as an international standard, computer and communications vendorshave developed security features for their products and services that relate to thisstructured definition of services and mechanisms. The OSI security architecturefocuses on security attacks, mechanisms, and services. These can be defined briefly as ■■ Security attack: Any action that compromises the security of informationowned by an organization. ■■ Security mechanism: A process (or a device incorporating such a process) thatis designed to detect, prevent, or recover from a security attack. ■■ Security service: A processing or communication service that enhances thesecurity of the data processing systems and the information transfers of anorganization.The services are intended to counter security attacks, and theymake use of one or more security mechanisms to provide the service. In the literature, the terms threat and attack are commonly used to mean moreor less the same thing. Table 1.1 provides definitions taken from RFC 4949, InternetSecurity Glossary. 1 1.1 Security Attacks A useful means of classifying security attacks isin terms of passive attacks and active attacks. A passive attack attempts to learn ormake use of information from the system but does not affect system resources. Anactive attack attempts to alter system resources or affect their operation. 1.1.1. Passive Attacks Passive attacks (Figure 1.2a) are in the nature of eavesdropping on, or monitoringof, transmissions. The goal of the opponent is to obtain information that is beingtransmitted. Two types of passive attacks are: the release of message contents andtraffic analysis. The first type of passive attack is therelease of message content thatis easily understood. A telephone conversation,an electronic mail message, and a transferred file may contain sensitive orconfidential information. We would like to prevent an opponent from learning thecontents of these transmissions. The second type of passive attack, traffic analysis. Suppose that wehad a way of masking the contents of messages or other information traffic so thatopponents, even if they captured the message, could not extract the informationfrom the message. The common technique for masking contents is encryption. If wehad encryption protection in place, an opponent still might be able to observe thepattern of these messages. The opponent could determine the location and identityof communicating hosts and could observe the frequency and length of messagesbeing exchanged. This information might be useful in guessing the nature of thecommunication that was taking place. 2 Passive attacks are very difficult to detect because they do not involve anyalteration of the data. Typically, the message traffic is sent and received in anapparently normal fashion and neither the sender nor the receiver is aware that a third party has read the messages or observed the traffic pattern. 3 1.1.2 Active Attacks Active attacks (Figure 1.2b) involve some modification of the data stream or thecreation of a false stream and can be subdivided into four categories: masquerade,replay, modification of messages, and denial of service. 1- A masquerade takes place when one entity pretends to be a different entity(path 2 of Figure 1.2b is active). A masquerade attack usually includes one of theother forms of active attack. For example, authentication sequences can be capturedand replayed after a valid authentication sequence has taken place, thus enabling anauthorized entity with few privileges to obtain extra privileges by impersonating anentity that has those privileges. 2- Replay involves the passive capture of a data unit and its subsequent retransmissionto produce an unauthorized effect (paths 1, 2, and 3 active). 3- Modification of messages simply means that some portion of a legitimate messageis altered, or that messages are delayed or reordered, to produce an unauthorizedeffect (paths 1 and 2 active). For example, a message meaning “Allow JohnSmith to read confidential file accounts” is modified to mean “Allow Fred Brownto read confidential file accounts.” 4- The denial of service prevents or inhibits the normal use or management ofcommunications facilities (path 3 active). This attack may have a specific target; forexample, an entity may suppress all messages directed to a particular destination. Active attacks present the opposite characteristics of passive attacks. Whereaspassive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely becauseof the wide variety of potential physical, software, and network vulnerabilities. 1.2 Security Mechanisms Table 1.3 lists the security mechanisms. The mechanisms are dividedinto those that are implemented in a specific protocol layer, such as TCPor an application-layer 4 protocol, and those that are not specific to any particular protocol layer or security service. Table 2.1: Security Mechanisms 5 1.3 Security Services 6 A security service is defined as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems orof data transfers. Perhaps a clearer definition is found in RFC 4949, which providesthe followingdefinition: A processing or communication service that is provided bya system to give a specific kind of protection to system resources; security servicesimplement security policies and are implemented by security mechanisms. 1. Authentication The authentication service is concerned with assuring that a communication isauthentic.In the case of a single message, thefunction of the authentication service is to assure the recipient that the messageis from the source that it claims to be from. In the case of an ongoing interaction,such as the connection of a terminal to a host, two aspects are involved. First, at thetime of connection initiation, the service assures that the two entities are authentic(i.e., that each is the entity that it claims to be). Second, the service must assure thatthe connection is not interfered with in such a way that a third party can masqueradeas one of the two legitimate parties for the purposes of unauthorized transmissionor reception. 2. Access Control In the context of network security, access control is the ability to limit and controlaccess to host systems and applications via communications links. To achievethis,each entity trying to gain access must first be identified or authenticated, sothat access rights can be tailored to the individual. 3. Data Confidentiality Confidentiality is the protection of transmitted data from passive attacks. With respectto the content of data transmission, several levels of protection can be identified. The broadest service protects all user data transmitted between two usersover a period of time. For example, when a TCP connection is set up between twosystems, this broad protection prevents the release of any user data transmitted overthe TCP connection. 7 The other aspect of confidentiality is the protection of traffic flow fromanalysis.This requires that an attacker not be able to observe the source and destination,frequency, length, or other characteristics of the traffic on a communicationsfacility. 4. Data Integrity As with confidentiality, integrity can apply to a stream of messages, a singlemessage,or selected fields within a message. Again, the most useful and straightforwardapproach is total stream protection. A connection-oriented integrity service deals with a stream of messagesand assures that messages are received as sent with no duplication, insertion,modification, reordering, or replays. The destruction of data is also coveredunder this service. Thus, the connection-oriented integrity service addressesboth message stream modification and denial of service. On the other hand, aconnectionless integrity service deals with individual messages without regard toany larger context and generally provides protection against message modificationonly. 5. Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transmitted message.Thus, when a message is sent, the receiver can prove that the alleged sender infact sent the message. Similarly, when a message is received, the sender can provethat the alleged receiver in fact received the message. 6. Availability Service RFC 4949 define availability to be the property of a system or asystem resource being accessible and usable upon demand by an authorized systementity, according to performance specifications for the system (i.e., a systemis available if it provides services according to the system design whenever users request them). A variety of attacks can result in the loss of or reduction in availability (attacks against availability).Some of these attacks can be prevented using automated countermeasures, suchas authentication and encryption, whereas others require some sort of physicalactivity to prevent or recover from the loss of availability of elements of a distributedsystem. 8 Table 2.2, indicates the relationship between securityservices and security mechanisms. Table 2.2. Relationship between security services and security mechanisms. 9

Use Quizgecko on...
Browser
Browser