Security service is a service, provided by a layer of communicating open
systems in order to ensure adequate security of the systems or of data
transfers as per the ITU-T X.800 recommendation. Authoritative definition
that found in RFC 2828 is: “a processing or communication service that is
provided by a system to give a specific kind of protection to system
resources; security services implement security policies and are
implemented by security mechanisms”.
X.800 divides security services into five categories. They are:
1. Authentication
2. Access control
3. Data confidentiality
4. Data Integrity
5. Non repudiation
And other information is
1) Authentication
The authentication service assures that the communication is authentic. If
the message is single, authentication service assures the recipient that the
message is from the source that it claims to be from. In the case of an on-
going interaction we need to take care of two aspects that are important for
connection of a terminal to a host. First, at the time of connection initiation,
there should be an assurance from the service that the two entities are
authentic and second, the service must assure that no interference is
present in the connection with no rumour for a third party for the purposes of
unauthorized transmission or reception.
2) Access Control
In network security, access control means the ability to limit and control the
access to host systems and applications via communications links. We can
achieve protection against unauthorized access and use of resources. So it
is required to identify each entity trying to gain access, so that access rights
can be tailored to the individual.
3) Data Confidentiality
Data confidentiality is the protection of transmitted data from passive
attacks. So it is required to identify several levels of protection. The other
aspect of confidentiality is the protection of traffic flow from analysis. Thisrequires that an attacker not be able to observe the source and destination,
frequency, length, or other characteristics of the traffic on a communications
facility. The different types of confidentiality are:
i) Connection confidentiality: This service provides for the
confidentiality of all user-data on a connection
ii) Connectionless confidentiality: This service is about the
confidentiality of all user data in a single data block.
iii) Selective field confidentiality: This service provides for the
confidentiality of selected fields within the (N)-user-data on an (N)-
connection or in a single data block.
iv) Traffic flow confidentiality: This service protects the information
which might be derived from observation of traffic flows.
4) Data Integrity
Integrity can apply to a stream of messages, a single message, or selected
fields within a message. A connection-oriented integrity service deals with a
stream of messages. It assures that messages are received as sent with no
duplication, insertion, modification, reordering, or replays. This service also
addresses both message stream modification and denial of service. A
connectionless integrity service deals with individual messages. It provides
protection only against message modification.
Now we can make a distinction between service with and without recovery.
Since the integrity service relates to active attacks, the concern is usually
about detection rather than prevention. If any integrity violation is detected,
then the service simply reports this violation. So software or human
intervention is required in this case to recover from the violation. But there
are also mechanisms like automated recovery mechanisms available to
recover from the loss of integrity of data.
5) Nonrepudiation
Nonrepudiation prevents either the sender or the receiver from denying a
transmitted message. Thus, when a message is sent, the receiver can
prove that the alleged sender in fact sent the message. Similarly, when a
message is received, the sender can prove that the alleged receiver in fact
received the message.
0 comments:
Post a Comment