Sei sulla pagina 1di 1

Storage

States Transmission

Processing (use)

Prevent unauth access


Confidentiality
Only send/recv understand message

Prevent unauth modification, destruction

Integrity Data integrity

System integrity

Availability Accessible and usable to authorised users


Security objectives
Authenticity Verified and trusted

System ability

Ensures actions of a system entity are uniquely


traceable
Accountability
Hold entity responsible

Non-reputability Receiver can prove sender in fact sent message

Compromise security of information

Message contents Encryption


Security attack Passive
Traffic analysis

Active Modification or injection of data

Detect, prevent or recover from attack

Math transformation

Encipherment Reversible Codec

Irreversible Hash

Forgery protection
Digital Signature
Prove source
Security mechanism
1 - Introduction
Access Control Resource protection

Data Integrity Data unit(s)

Authentication Exchange Ensure identity

Traffic Padding Obscure analysis

Routing Control Physical secure routes non-NSA

Notarization Trusted third party

Transmission
Enhance security of
Processing

two-way Authenticity

Peer Entity auth Masquerade protection

Authentication SSL

source Authenticity
Data-Origin auth
PGP

Access control Prevent unauthorised use of resource

Prevent unauthorised data disclosure

Security services Connection All data on a connection

Data confidentiality Connectionless Single data blocks

Selective-field

Traffic-flow traffic flow analysis

Modification, insertion, deletion

Connection Replay
Data integrity
Optional: recovery

Selective-field

Origin Proof that message was sent


Nonrepudiation
Destination Proof that message was received

Potrebbero piacerti anche