Chap 01
Chap 01
Essentials
Chapter 1
Fourth Edition
by William Stallings
RFC 2828:
“a processing or communication service
provided by a system to give a specific kind of
protection to system resources”
Security Services (X.800)
Authentication - assurance that communicating
entity is the one claimed
have both peer-entity & data origin authentication
Access Control - prevention of the
unauthorized use of a resource
Data Confidentiality –protection of data from
unauthorized disclosure
Data Integrity - assurance that data received is
as sent by an authorized entity
Non-Repudiation - protection against denial by
one of the parties in a communication
Availability – resource accessible/usable
Security Mechanism
feature designed to detect, prevent, or
recover from a security attack
no single mechanism that will support all
services required
however one particular element underlies
many of the security mechanisms in use:
cryptographic techniques
hence our focus on this topic
Security Mechanisms (X.800)
specific security mechanisms:
encipherment, digital signatures, access
controls, data integrity, authentication
exchange, traffic padding, routing control,
notarization
pervasive security mechanisms:
trusted functionality, security labels, event
detection, security audit trails, security
recovery
Model for Network Security
Model for Network Security
using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used
by the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to
use the transformation and secret
information for a security service
Model for Network Access
Security
Model for Network Access
Security
using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated
information or resources
Standards
NIST:
National Institute of Standards and
Technology
FIPS: Federal Information Processing
Standards
SP: Special Publications
ISOC: Internet Society
Home for IETF (Internet Engineering Task
Force) and IAB (Internet Architecture Board)
RFCs: Requests for Comments
Summary
topic roadmap & standards organizations
security concepts:
confidentiality, integrity, availability
X.800 security architecture
security attacks, services, mechanisms
models for network (access) security