1. The Security Goals
a. Confidentiality: to protect theconfidential information and to guard against the malicious actions that will endangerthe confidentiality of information.
b. Integrity: changes of information needto be done only by authorized entities and through authorized mechanisms.
c. Availability: the creation and store ofinformation should be available and accessible to authorized entities.
2. The Security Attacks
a. Attacks Threatening Confidentiality (passive)
i. Snooping: unauthorized access to or interceptionof data.
ii. Traffic Analysis: Obtaining informationby monitoring online traffic.
b. Attacks Threatening Integrity (active)
i. Modification: the attacker interceptsthe message and changes it.
ii. Masquerading (Spoofing): the attackerimpersonates somebody else.
iii. Replaying: the attacker obtains a copyof a message and later tries to replay it.
iv. Repudiation: the sender of the message deniesthat he/she has sent the message; or the receiver of the message denies thathe/she has received the message.
c. Attacks Threatening Availability(active)
i. Denial of service (DoS): A kind ofattack that may slow down or totally interrupt the system service.
3. The Security Services
a. Data Confidentiality
The protection of data from unauthorizeddisclosure, including:
i. Connection Confidentiality: theprotection of all user data on connection.
ii. Connectionless Confidentiality: theprotection of all user data in a single data block.
iii. Selective-Field Confidentiality: theconfidentiality of selected fields within the user data on a connection or in asingle data block.
iv. Traffic Flow Confidentiality: theprotection of the information that might be derived from observation of trafficflows.
b. Data Integrity (including anti-changeand anti-replay)
The assurance that data received areexactly as sent by an authorized entity, including:
i. Connection Integrity with Recovery:provides for the integrity of all user data on a connection and detects anymodification, insertion, deletion, or replay of any data within an entire data sequence,with recovery attempted.
ii. Connection Integrity without Recovery:provides only detection for modification, insertion, deletion or replay,without recovery.
iii. Selective-Field Connection Integrity:provides for the integrity of selected fields within the user data of a datablock transferred over a connection and takes the form of determination ofwhether the selected fields have been modified, inserted, deleted or replayed.
iv. Connectionless Integrity: provides forthe integrity of a single connectionless data block and may take the form ofdetection of data modification, and additionally, a limited form od replaydetection may be provided.
v. Selective-Field Connectionless Integrity:provides for the integrity of selected fields within a single connectionlessdata block; takes the form of determination of whether the selected fields havebeen modified.
c. Authentication
The assurance that the communicating entityis the one that it claims to be, including:
i. Peer Entity Authentication: to provideconfidence of entity’s identity in association with logical connection.
ii. Data Origin Authentication: to provideassurance that the source of received data is as claimed in a connectionlesstransfer.
d. Nonrepudiation
Provides protection against denial byentities involved in a communication, including:
i. Nonrepudiation, Origin: proof that themessage was sent by the specified party.
ii. Nonrepudiation, Destination: proof thatthe message was received by the specified party.
e. Access Control
The prevention of unauthorized use of a resource.
4. The Security Mechanisms
a. Encipherment: the use of mathematicalalgorithm to transform data into a form that is not readily intelligible.
b. Data Integrity: mechanisms used to assurethe integrity of data units.
c. Digital Signature: data appended toprove the source and integrity of data and protect against forgery.
d. Authentication Exchange: the mechanismintended to ensure the identity of an entity by means of information exchange.
e. Traffic Padding: the insertion of bitsinto gaps in a data stream to frustrate traffic analysis attempts.
f. Routing Control: enables selection ofparticular physically secure routes for certain data and allows routingchanges.
g. Notarization: the use of a trusted thirdparty to assure certain properties of a data exchange.
h. Access Control: a variety of mechanismsthat enforce access rights to resources.
5. Relation between security services andsecurity mechanisms
|
Security Services |
Security Mechanisms |
|
Data Confidentiality |
Encipherment, Routing Control |
|
Data Integrity |
Encipherment, Digital Signature, Data Integrity |
|
Authentication |
Encipherment, Digital Signature, Authentication Exchange |
|
Nonrepudiation |
Digital Signature, Data Integrity, Notarization |
|
Access Control |
Access Control |
6. The Cryptography Techniques
Known as SECRET WRITING, it is a scienceand art of transforming message to make them secure and immune to attacks whichincluding the following techniques:
a. Symmetric-Key Encipherment
b. Asymmetric-Key Encipherment
c. Hashing
7. The Steganography Techniques
Steganography means COVERED WRITING whichis in contrast with cryptography. It hides message or information via othermedia.
转载于:https://www.cnblogs.com/tracydj/archive/2010/11/22/1884947.html