Lecture 1

OSI SECURITY ARCHITECTURE

Delivery by
Joel Anandraj.E
AP/IT
 OSI Security Architecture

The OSI (open systems interconnection) security

architecture provides a systematic framework for defining
security attacks, mechanisms, and services.

2
 Services, Mechanisms, Attacks
It considers three aspects of information security:
 security attack
 security mechanism
 security service

3
 Security Attack
Any action that compromise the security of
information.
Threat & attack used to mean same thing can be classified as,
 Passive Attack
 Active Attack

4
 Passive Attacks
 Passive attacks attempt to learn or make use of
information from the system but does not affect system
resources.

 Are difficult to detect because they do not involve any

alteration of the data.

5
 Release of message contents

6
 Traffic analysis

7
 Active attacks
 Active attacks attempt to alter system resources or affect
their operation.
 Easy to detect because they will involve alteration of the
data.

8
 Masquerade
A masquerade takes place when one entity pretends
to be a different entity

9
 Replay

10
 Modification of messages

11
 Denial of service

12
 Security Mechanism
A mechanism that is designed to detect, prevent, or recover
from a security attack.

13
 Encipherment
The use of mathematical algorithm to transform data into a
another form that is not understandable.

14
 Digitalsignature
A valid digital signature gives a recipient reason to believe
that the message was created by a known sender.

15
 Access control
A variety of mechanisms that enforce access right to resource.

16
 Data integrity
A variety of mechanism used to assure the integrity of a data
unit.

17
 Traffic padding
The insertion of bits into gaps in a data stream to avoid traffic
analysis attempts.

18
 Routing control
Enables selection of particular physically secure routes for data.

19
 Notarization
The use of a trusted third party to assure certain
properties of a data exchange.

20
 Security service
 A service that enhances the security of data processing
systems and information transfers.

 A security service makes use of one or more security

mechanisms.

21
 Security Services

 Authentication
 Access control
 Data Confidentiality
 Data Integrity
 Non-Repudiation

22
 Authentication
Authentication is a process of verification of the sender.

23
 Access Control
Prevention of the unauthorized use of a resource

24
 Data Confidentiality
Protection of data from unauthorized disclosure.

25
 Data Integrity
Assurance that data received is as sent by an authorized entity

26
 Non-Repudiation
Nonrepudiation prevents either sender or receiver from
denying a transmitted message.

27