IS-Mid-1 Question and Answers
IS-Mid-1 Question and Answers
The OSI Security Architecture is internationally recognized and provides a standardized technique
for deploying security measures within an organization. It focuses on three major concepts:
security attacks, security mechanisms, and security services, which are critical in protecting data
and communication processes.
OSI (Open Systems Interconnection) security refers to a set of protocols, standards, and
techniques used to ensure the security of data and communications in a network environment
based on the OSI model. The International Organisation for Standardisation (ISO) established this
model to provide a conceptual framework for understanding how different networking protocols
interact within a layered architecture.
OSI Security Architecture
Security attack: A security attack means any action that puts the data or overall security of the
system at risk. An attack might be successful or unsuccessful. In case of a successful attack, the
attacker can complete his/her motive of breaking the security of the system in any way he/she wants
to. In case of an unsuccessful attack, the system remains secured and no harm to the security is
done. There are majorly 2 types of attacks: active attacks and passive attacks.
• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack. The mechanisms are divided into those
that are implemented in a specific protocol layer, such as TCP or an application-layer
protocol..
• Security service: A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization. The services are intended to
counter security attacks, and they make use of one or more security mechanisms to provide the
service.
Confidentiality: This involves making sure that information is accessible only to those who are
authorized. A practical example is the use of encryption methods like the Advanced Encryption
Standard (AES) to encrypt data transmitted over a network. This encryption ensures that, even if
data is intercepted, it remains unintelligible to unauthorized entities.
Integrity: This objective focuses on maintaining the accuracy and consistency of data over its entire
lifecycle. A relevant example is the application of hash functions like SHA-256. This function
allows a system to verify the integrity of transmitted data by comparing the received data's hash
value to the expected hash value.
Availability: This ensures that information and resources are consistently available to authorized
users. Techniques employed to achieve this include implementing redundant network configurations
and strategies to mitigate Distributed Denial of Service (DDoS) attacks, thereby ensuring
continuous service availability.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are the release of message contents and traffic analysis.
1) Release of message contents:
The release of message contents is easily understood .A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive or confidential information.We would
like to prevent an opponent from learning the contents of these transmissions.
2) Traffic analysis:
A second type of passive attack, traffic analysis, is subtler .Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message. The common
technique for masking contents is encryption. If we had encryption protection in place, an
opponent might still be able to observe the pattern of these messages. The opponent could
determine the location and identity of communicating hosts and could observe the frequency and
length of messages being exchanged. This information might be useful in guessing the nature of
the communication that was taking place.
Passive attacks are very difficult to detect, because they do not involve any alteration of the data.
Active attack: An active attack attempts to alter system resources or affect their operation.
Active attacks involve some modification of the data stream or the creation of a false stream.
Active attacks can be subdivided into four categories:
masquerade,
replay,
modification of messages, and
Denial of service.
Masquerade:
A masquerade takes place when one entity pretends to be a different entity (Figure:). A
masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those privileges.
Replay :
Replay involves the passive capture of a data unit and its subsequent retransmission to produce
an unauthorized effect.
Modification of messages:
Modification of messages simply means that some portion of a legitimate message is altered, or
that messages are delayed or reordered, to produce an unauthorized effect (Figure: c).
For example, a message meaning “Allow John Smith to read confidential file accounts” is
modified to mean “Allow Fred Brown to read confidential file accounts
Denial of service:
The denial of service prevents or inhibits the normal use or management of communications
facilities (Figure d). This attack may have a specific target;
For example, an entity may suppress all messages directed to a particular destination (e.g., the
security audit service).
Another form of service denial is the disruption of an entire network—either by disabling the
network or by overloading it with messages so as to degrade performance
3 Explain security services and security mechanisms
The classification of security services are as follows:
CONFIDENTIALITY: Ensures that the information in a computer system and transmitted
information are accessible only for reading by authorized parties. Confidentiality is the
protection of transmitted data from passive attacks. For example, when a TCP connection isset
up between two systems, this broad protection prevents the release of any user data transmitted
over the TCP connection.
Traffic-Flow Confidentiality
The protection of the information that might be derived from observation of traffic flows.
AUTHENTICATION: The authentication service is concerned with assuring that a
communicationis Authentic. The assurance that the communicating entity is the one that it
claims to be.
Ensures that the origin of a message or electronic document is correctly identified, with an
assurance that the identity is not false.
Used in association with a logical connection to provide confidence in the identity of the entities
connected.
Data-Origin Authentication
In a connectionless transfer, provides assurance that the source of received data is as claimed.
INTEGRITY: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating
and delaying or replaying of transmitted messages.
NON REPUDIATION: Requires that neither the sender nor the receiver of a message be able
to deny the transmission. when a message is sent, the receiver can prove that the alleged sender
in fact sent the message. Similarly, when a message is received, the sender can prove that the
alleged receiver in fact received the message.
ACCESS CONTROL: Requires that access to information resources may be controlled by the
target system . access control is the ability to limit and control the access to host systems and
applications via communications links. To achieve this, each entity trying to gain access must
first be identified, or authenticated
AVAILABILITY: Requires that computer system assets be available to authorized parties
whenneeded
SECURITY MECHANISMS
TRAFFIC PADDING: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
ROUTING CONTROL: Enables selection of particular physically secure routes for certain data
andallows routing changes once a breach of security is suspected.
NOTARIZATION: The use of a trusted third party to assure certain properties of a data exchange
p = D(k, C) = (C - k) mod 26
Example-2:
12
Plain text is deepshika and key is 5
Cipher text=(3+5)mod26=8
(4+5)mod 26=9 continue the process
Ciphertext is ijjuxmopf
13