4.2 SECURITY SERVICES

Team-Fly

4.2 SECURITY SERVICES

As shown in Table 4.1, the OSI security architecture distinguishes between five classes of security services. These classes comprise authentication, access control, data confidentiality, data integrity, and non-repudiation services. Just as layers define functionality in the OSI-RM, so do services in the OSI security architecture. The services may be placed at appropriate layers in the OSI-RM.

1. Authentication services are to provide for the authentication of communicating peer entities or for the authentication of data origins:

   • A peer entity authentication service is to provide the ability to verify that a peer entity in an association is the one it claims to be. In particular, a peer entity authentication service provides assurance that an entity is not attempting to masquerade or perform an unauthorized replay of some previous association. Peer entity authentication is typically performed either during a connection establishment phase or, occasionally, during a data transfer phase.

   • A data origin authentication service is to allow the sources of data received to be verified to be as claimed. A data origin authentication service, however, cannot provide protection against the duplication or modification of data units. In this case, a data integrity service must be used in conjunction with a data origin authentication service. Data origin authentication is typically provided during a data transfer phase.

   Authentication services are important because they are a prerequisite for proper authorization, access control, and accountability. Authorization refers to the process of granting rights, which includes the granting of access based on access rights. Access control refers to the process of enforcing access rights, and accountability to the property that ensures that the actions of a principal may be traced uniquely to this particular principal.

2. Access control services are to provide for the protection of system resources against unauthorized use. As mentioned previously, access control services are closely tied to authentication services: A user or a process acting on a user's behalf must be properly authenticated before an access control service can effectively mediate access to system resources. In general, access control services are the most commonly thought of services in both computer and communication security.

3. Data confidentiality refers to the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. Thus, data confidentiality services provide for the protection of data from unauthorized disclosure:

   • A connection confidentiality service provides confidentiality of all data transmitted in a connection.

   • A connectionless confidentiality service provides confidentiality of single data units.

   • A selective field confidentiality service provides confidentiality of only certain fields within the data during a connection or in a single data unit.

   • A traffic flow confidentiality service provides protection of information that may otherwise be compromised or indirectly derived from a traffic analysis.

   We will see later that the provision of a traffic flow confidentiality service requires fundamentally different security mechanisms than the other data confidentiality services mentioned.

4. Data integrity refers to the property that information is not altered or destroyed in an unauthorized way. Thus, data integrity services provide for the protection of data from unauthorized modifications:

   • A connection integrity service with recovery provides integrity of data in a connection. The loss of integrity is recovered, if possible.

   • A connection integrity service without recovery provides integrity of data in a connection. In this case, however, the loss of integrity is not recovered.

   • A selected field connection integrity service provides integrity of specific fields within the data during a connection.

   • A connectionless integrity service provides integrity of single data units.

   • A selected field connectionless integrity service provides integrity of specific fields within single data units.

   Note that on a connection, the use of a peer entity authentication service at the start of the connection and a connection integrity service during the connection can jointly provide for the corroboration of the source of all data units transferred on the connection, the integrity of those data units, and may additionally provide for the detection of duplication of data units, for example, by using sequence numbers.

5. Non-repudiation services prevent one of the entities involved in a communication from later denying having participated in all or part of the communication. Consequently, they have to provide some sort of protection against the originator of a message or action denying that he or she has originated the message or the action, as well as against the recipient of a message denying that he or she has received the message. Consequently, there are two non-repudiation services to be distinguished:

   • A non-repudiation service with proof of origin provides the recipient of a message with a proof of origin.

   • A non-repudiation service with proof of delivery provides the sender of a message with a proof of delivery.

   Non-repudiation services are becoming increasingly important in the context of electronic commerce on the Internet. This importance can be best illustrated through an example. An investor decides to sell a large number of shares, and sends the request to a stockbroker who sells the stocks. Now the stock price rises sharply, and the investor denies ever sending the order to sell the stocks. Conversely, it is possible that under reverse circumstances, the stockbroker may deny receiving the order to sell the stock. In this type of situation, it is easy to see that non-repudiation services are essential and critical for transacting securely over the Internet [4].

Team-Fly