SA Access Control Security Violations; OSI Security Architecture; Network Security Model Security Violations.
zaheerimpeccable
9 views
20 slides
Jun 25, 2024
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
OSI
Slide Content
Chapter 1 -
Introduction
•Security Violations
•OSI Security Architecture
•Network Security Model
Introduction
•Security Violations
•OSI Security Architecture
•Network Security Model
Security Violations
File F is SENSITIVE
F
A -------> B
C CAPTURESF
1. Capture
File F is SENSITIVE
F
A -------> B
C CAPTURESF
1. Capture
Security Violations
Authorisation File F is SENSITIVE
A sends message toB: ”Update F with names”
A(m) m B(F)
C INTERCEPTSm and adds name of C
A(m) mC(m) mB(F)
2. Intercept -Update
Authorisation File F is SENSITIVE
A sends message toB: ”Update F with names”
A(m) m B(F)
C INTERCEPTSm and adds name of C
A(m) mC(m) mB(F)
2. Intercept -Update
Security Violations
Authorisation File F is SENSITIVE
C PRETENDSto be A
C sends message toB: ”Update F with name of C”
{C}A(m) m B(F)
3. Substitute
Authorisation File F is SENSITIVE
C PRETENDSto be A
C sends message toB: ”Update F with name of C”
{C}A(m) m B(F)
3. Substitute
Security Violations
A sends message to B: ”STOPC’s r/w access”
A(m0) m0 B(m1)
B(m1) m1 STOP(C)
C INTERCEPTSm0:
A(m0) m0C m0B(m1)
C(r/w ACCESS)
B(m1) m1 STOP(C)
4. Intercept -Preempt
A sends message to B: ”STOPC’s r/w access”
A(m0) m0 B(m1)
B(m1) m1 STOP(C)
C INTERCEPTSm0:
A(m0) m0C m0B(m1)
C(r/w ACCESS)
B(m1) m1 STOP(C)
4. Intercept -Preempt
Security Violations
C sends message to B
C(m) m B
Later,
B QUERIESC about message
B m,? C
C DENIESsending message
C(m,?) NO B
5. Denial
C sends message to B
C(m) m B
Later,
B QUERIESC about message
B m,? C
C DENIESsending message
C(m,?) NO B
5. Denial
OSI Security Architecture
(X.800 –Security for Open Systems Interconnection)
•International Standard
•5 Categories
•14 Services
(X.800 –Security for Open Systems Interconnection)
•International Standard
•5 Categories
•14 Services
OSI Security Architecture
Categories(services)
•Authentication(peer-entity, data-origin)
•Access Control
•Data Confidentiality(connection,
connectionless, selective-field, traffic-flow)
•Data Integrity(connection[recovery,
no-recovery, selective-field],
connectionless[no-recovery,selective-field])
•NonRepudiation(origin, destination)
Categories(services)
•Authentication(peer-entity, data-origin)
•Access Control
•Data Confidentiality(connection,
connectionless, selective-field, traffic-flow)
•Data Integrity(connection[recovery,
no-recovery, selective-field],
connectionless[no-recovery,selective-field])
•NonRepudiation(origin, destination)
OSI Security Architecture
Authentication
Data Origin (m not protected)
A(m) mB
B(m,A) AUTHENTIC(A)?
Peer Entity
A cB
S(A,B) AUTHENTIC(A,B)?
S(c,masquerador,replay) SECURE(c)?
Authentication
Data Origin (m not protected)
A(m) mB
B(m,A) AUTHENTIC(A)?
Peer Entity
A cB
S(A,B) AUTHENTIC(A,B)?
S(c,masquerador,replay) SECURE(c)?
OSI Security Architecture
Access Control
Access REQUEST:
A(m) m{Host/System}
Host MATCHESm to A:
{Host/System}(m,A) m’A
A GRANTED read/write access:
c
A(m’) {Host/System}
Access Control
Access REQUEST:
A(m) m{Host/System}
Host MATCHESm to A:
{Host/System}(m,A) m’A
A GRANTED read/write access:
c
A(m’) {Host/System}
OSI Security Architecture
Confidentiality
CONNECTION:
c
K
A B (e.g. TCP)
CONNECTIONLESS:
A m
KB
SELECTIVE-FIELD:
c
K|c’
A B
TRAFFIC-FLOW:
A {} B
Confidentiality
CONNECTION:
c
K
A B (e.g. TCP)
CONNECTIONLESS:
A m
KB
SELECTIVE-FIELD:
c
K|c’
A B
TRAFFIC-FLOW:
A {} B
OSI Security Architecture
Integrity
CONNECTION-RECOVERY:
c modification/destruction
A m B(m) recover m
CONNECTION-NO RECOVERY:
c modification/destruction
A m B(m) detect !!
SELECTIVE FIELD:
c modification/destruction
A m|m’B(m) detect(m) !!
Integrity
CONNECTION-RECOVERY:
c modification/destruction
A m B(m) recover m
CONNECTION-NO RECOVERY:
c modification/destruction
A m B(m) detect !!
SELECTIVE FIELD:
c modification/destruction
A m|m’B(m) detect(m) !!
OSI Security Architecture
Non-Repudiation
SENDER VERIFICATION:
A m,[A]B(m,[A]) mA
RECEIVER VERIFICATION:
A m B
B [m],[B]A([m],[B]) mB
Non-Repudiation
SENDER VERIFICATION:
A m,[A]B(m,[A]) mA
RECEIVER VERIFICATION:
A m B
B [m],[B]A([m],[B]) mB
OSI Security Architecture
Availability
•Upon request
•Denialof Service
•Attack Countermeasures:
Authentication
Encryption
Physical Response
Availability
•Upon request
•Denialof Service
•Attack Countermeasures:
Authentication
Encryption
Physical Response
SECURITY MECHANISMS
(X.800) -specific
•Encipherment –unintelligible
•Signature –data tag to ensure
a) Source b) Integrity c) anti-forgery
•Access Control
•Data Integrity
•Authentication
•Traffic Padding –prevent traffic analysis
•Routing Control –adapt upon partial failure
•Notarization –trusted third party
(X.800) -specific
•Encipherment –unintelligible
•Signature –data tag to ensure
a) Source b) Integrity c) anti-forgery
•Access Control
•Data Integrity
•Authentication
•Traffic Padding –prevent traffic analysis
•Routing Control –adapt upon partial failure
•Notarization –trusted third party
SECURITY MECHANISMS
(X.800) -pervasive
•Trusted Functionality
•Security Label
•Event Detection
•Audit Trail
•Recovery
(X.800) -pervasive
•Trusted Functionality
•Security Label
•Event Detection
•Audit Trail
•Recovery
ATTACKS
•PASSIVE:
System unaltered,
–hard to detect, easier to prevent
•ACTIVE:
System altered,
–easier to detect, hard to prevent
•PASSIVE:
System unaltered,
–hard to detect, easier to prevent
•ACTIVE:
System altered,
–easier to detect, hard to prevent
ATTACKS
•PASSIVE:
eavesdropping, monitoring,
message release, traffic analysis
•ACTIVE:
replay, masquerade(impersonation),
modification, denial of service(supression,overload)
•PASSIVE:
eavesdropping, monitoring,
message release, traffic analysis
•ACTIVE:
replay, masquerade(impersonation),
modification, denial of service(supression,overload)
Block Ciphers 19
Model for Network Security
Model for Network Security
Block Ciphers 20
Model for Network
Access Security
•Gatekeeper: password-based login, screening logic
•Internal controls: monitor activity, analyse stored info
Model for Network
Access Security
•Gatekeeper: password-based login, screening logic
•Internal controls: monitor activity, analyse stored info
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 9
- Slides 20
- Age 524 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views