Security Services

salutionteach - October 22, 2023

 Security Services (X.800):-

Requirements X.800 defines security services in following categories.

  • Authentication
  • Access control
  • Data confidentiality
  • Data integrity
  • Nonrepudiation
  • Availability services 

1. Authentication:-

The authentication service is concerned with assuring that a communication is authentic:

  • The recipient of the message should be sure that the message came from the source that it claims to be

  • All communicating parties should be sure that the connection is not interfered with by unauthorized party.

Example: consider a person, using online banking service. Both the user and the bank should be assured in identities of each other.

2. Access control:-

The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a

resource, under what conditions access can occur, and what those accessing the resource are allowed to

do).

3. Data confidentiality:-

Protection of data from unauthorized disclosure. It includes:

  • Connection confidentiality
  • Connectionless confidentiality
  • Selective field confidentiality
  • Traffic-Flow Confidentiality

4. Data Integrity:-

The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).

5. Nonrepudiation:-

Provides protection against denial by one of the entities involved in a communication of having

participated in all or part of the communication.

Nonrepudiation can be related to

  • Origin: proof that the message was sent by the specified party
  • Destination: proof that the message was received by the specified party

Example: Imagine a user of online banking who has made a transaction, but later denied that. How the

bank can protect itself in such situation?

6. Availability service:-

The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).




Tags:

Post a Comment

0 Comments