Cyber Security

Lecture # 2

Dr. Shafiq Hussain

Associate Professor

1
 Objectives
• Introduction to Cyber Security

2
 OSI Security Architecture
• The OSI (Open Systems Interconnection) Security
Architecture defines a systematic approach to
providing security at each layer.

• It defines security services and security mechanisms

that can be used at each of the seven layers of the OSI
model to provide security for data transmitted over a
network.

• These security services and mechanisms help to

ensure the confidentiality, integrity, and availability
of the data.
Dr Shafiq 3
 OSI Security Architecture (Cont..)
OSI Security Architecture focuses on these concepts:

• Security Attack

• Security mechanism

• Security Service

Dr Shafiq 4
OSI Security Architecture

Dr Shafiq 5
 OSI Security Architecture
1. Security Attacks:
• A security attack is an attempt by a person or entity to
gain unauthorized access to disrupt or compromise
the security of a system, network, or device.

• These are defined as the actions that put at risk an

organization’s safety.

Dr Shafiq 6
 OSI Security Architecture
A. Passive Attack:
• Attacks in which a third-party intruder tries to access
the message/ content/ data being shared by the sender
and receiver by keeping a close watch on the
transmission is called Passive Attacks.

• These types of attacks involve the attacker observing

or monitoring system, network, or device activity
without actively disrupting or altering it.

Dr Shafiq 7
 OSI Security Architecture
• Passive attacks are typically focused on gathering
information or intelligence, rather than causing
damage or disruption.

• Here, both the sender and receiver have no clue that

their message/ data is accessible to some third-party
intruder.

• The message/ data transmitted remains in its usual

form without any deviation from its usual behavior.
Dr Shafiq 8
 OSI Security Architecture
• This makes passive attacks very risky as there is no
information provided about the attack happening in
the communication process.

• One way to prevent passive attacks is to encrypt the

message/data that needs to be transmitted, this will
prevent third-party intruders to use the information
though it would be accessible to them.

Dr Shafiq 9
 OSI Security Architecture
Passive attacks are further divided into two parts based on
their behavior:

1. Eavesdropping:
– This involves the attacker intercepting and listening to
communications between two or more parties without
their knowledge or consent.

– Eavesdropping can be performed using a variety of

techniques, such as packet sniffing, or man-in-the-
middle attacks.
Dr Shafiq 10
 OSI Security Architecture
2. Traffic analysis:
– This involves the attacker analyzing network traffic
patterns and metadata to gather information about the
system, network, or device.

– Here the intruder can’t read the message but only

understand the pattern and length of encryption.

– Traffic analysis can be performed using a variety of

techniques, such as network flow analysis, or protocol
analysis.
Dr Shafiq 11
 OSI Security Architecture
B. Active Attacks:
• Active attacks refer to types of attacks that involve
the attacker actively disrupting or altering system,
network, or device activity.

• Active attacks are typically focused on causing

damage or disruption, rather than gathering
information or intelligence.

Dr Shafiq 12
 OSI Security Architecture
• The message/ data transmitted doesn’t remain in its
usual form and shows deviation from its usual
behavior.

• This makes active attacks dangerous as there is no

information provided of the attack happening in the
communication process and the receiver is not aware
that the data/ message received is not from the sender.

Dr Shafiq 13
 OSI Security Architecture
Masquerade:
• Masqurade is a type of active attack in which the
attacker pretends to be an authentic sender in order to
gain unauthorized access to a system.

• This type of attack can involve the attacker using

stolen or forged credentials, or manipulating
authentication or authorization controls in some other
way.

Dr Shafiq 14
 OSI Security Architecture
Replay:
• Replay is a type of active attack in which the attacker
intercepts a transmitted message through a passive
channel and then maliciously or fraudulently replays
or delays it at a later time.

Dr Shafiq 15
 OSI Security Architecture
Modification of Message :
• Modification of Message involves the attacker
modifying the transmitted message and making the
final message received by the receiver look like it’s
not safe or non-meaningful.

• This type of attack can be used to manipulate the

content of the message or to disrupt the
communication process.

Dr Shafiq 16
 OSI Security Architecture
Denial of service (DoS) :
• Denial of service (DoS) attacks involve the attacker
sending a large volume of traffic to a system,
network, or device in an attempt to overwhelm it and
make it unavailable to legitimate users.

Dr Shafiq 17
 OSI Security Architecture
2. Security Mechanism
• The mechanism that is built to identify any breach of
security or attack on the organization, is called a
security mechanism.

• Security Mechanisms are also responsible for

protecting a system, network, or device against
unauthorized access, tampering, or other security
threats.

Dr Shafiq 18
 OSI Security Architecture
• Security mechanisms can be implemented at various
levels within a system or network and can be used to
provide different types of security, such as
confidentiality, integrity, or availability.

Dr Shafiq 19
 OSI Security Architecture
Encipherment (Encryption)
• Encipherment (Encryption) involves the use of
algorithms to transform data into a form that can only
be read by someone with the appropriate decryption
key.

• Encryption can be used to protect data it is

transmitted over a network, or to protect data when it
is stored on a device.

Dr Shafiq 20
 OSI Security Architecture
Digital signature
• Digital signature is a security mechanism that
involves the use of cryptographic techniques to create
a unique, verifiable identifier for a digital document
or message, which can be used to ensure the
authenticity and integrity of the document or
message.

Dr Shafiq 21
 OSI Security Architecture
Traffic padding
• Traffic padding is a technique used to add extra data
to a network traffic stream in an attempt to obscure
the true content of the traffic and make it more
difficult to analyze.

Dr Shafiq 22
 OSI Security Architecture
Routing control
• Routing control allows the selection of specific
physically secure routes for specific data transmission
and enables routing changes, particularly when a gap
in security is suspected.

Dr Shafiq 23
 OSI Security Architecture
3. Security Services:
• Security services refer to the different services
available for maintaining the security and safety of an
organization.

• They help in preventing any potential risks to

security. Security services are divided into 6 types:

Dr Shafiq 24
 OSI Security Architecture
a) Authentication:
• Authentication is the process of verifying the identity
of a user or device in order to grant or deny access to
a system or device.

b) Authorizatin:
• Authorizatin is the process of granting access to a
user or device in order to grant or deny access to a
particular resource or asset in the system or device.

Dr Shafiq 25
 OSI Security Architecture
c) Data Confidentiality :
• Data Confidentiality is responsible for the protection
of information from being accessed or disclosed to
unauthorized parties.

d) Data Integrity:
• Data integrity is a security mechanism that involves
the use of techniques to ensure that data has not been
tampered with or altered in any way during
transmission or storage.
Dr Shafiq 26
 OSI Security Architecture
e) Non- repudiation:
• Non- repudiation involves the use of techniques to
create a verifiable record of the origin and
transmission of a message, which can be used to
prevent the sender from denying that they sent the
message.

f) Availability:
• Availibility means data or resource or system must be
available to legitimate user of the system.
Dr Shafiq 27
 Questions
Any Question Please?

You can contact me at: [email protected]

Your Query will be answered within one working day.

28
Further Readings

29
Thanks

30