密码学——OSI安全框架(Cryptography - The OSI Security Architecture)
2017-07-27 14:16
211 查看
The OSI Security Architecture
To assess effectively the security needs of an organisation and to evaluate and choose various security products and policies, we need some systematic way of defining the requirements for security and characterising the approaches to satisfying those requirements. The OSI Security Architecture focuses on three essential parts: security attacks, security mechanisms and security services.
Security attack: Any action that compromise the security of information owned by an organization.
Security mechanism: Any process that is used to detect, prevent or recover from a security attack.
Security service: Any processing or communication service that enhances the security of data processing systems and the information transformation of an organisation.
Security Attack
Security attacks can be classified into passive attacks and active attacks.
A passive attack attempts to learn or make use of information from a system without affecting system resources.
An active attack attempts to modify system resources or affect their operations.
Passive Attack
The goal of opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis.
The release of message contents is quite clear. For example, somebody is watching your secret email, monitoring what information you are sending and receiving.
Traffic analysis. For example, to prevent the release of messages of your secret email, you use some encryption algorithm to mask your email contents. The hacker might not see the contents but could determine the location, identify the communication hosts and observe the frequency and the length of exchanged messages.
Passive attack is vey difficult to detect due to huge amount of data. Hence, we are focusing on prevention rather than detection.
Active attack
Active attack involves some modification of data stream and creation of false stream. It can be divided into four categories: masquerade, replay, modification of messages and denial of services.
masquerade: one entity pretends to be a different entity. For example,
Replay: refers to the passive capture of a data unit and its subsequent retransmission to produce an unauthorised effort.
Modification of message: means some portion of a legitimate message is altered. For example, a message means “I love you” is altered to be “I hate you”.
The denial of service prevents the access of some services or the use of some facilities.
Security Mechanism
Security Service
写在最后的话(PS)
All texts above are from “Cryptography and Network Security: Principles and Practice, 6/E by William Stallings “.
Welcome questions always and forever. ^_^
To assess effectively the security needs of an organisation and to evaluate and choose various security products and policies, we need some systematic way of defining the requirements for security and characterising the approaches to satisfying those requirements. The OSI Security Architecture focuses on three essential parts: security attacks, security mechanisms and security services.
Security attack: Any action that compromise the security of information owned by an organization.
Security mechanism: Any process that is used to detect, prevent or recover from a security attack.
Security service: Any processing or communication service that enhances the security of data processing systems and the information transformation of an organisation.
Security Attack
Security attacks can be classified into passive attacks and active attacks.
A passive attack attempts to learn or make use of information from a system without affecting system resources.
An active attack attempts to modify system resources or affect their operations.
Passive Attack
The goal of opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis.
The release of message contents is quite clear. For example, somebody is watching your secret email, monitoring what information you are sending and receiving.
Traffic analysis. For example, to prevent the release of messages of your secret email, you use some encryption algorithm to mask your email contents. The hacker might not see the contents but could determine the location, identify the communication hosts and observe the frequency and the length of exchanged messages.
Passive attack is vey difficult to detect due to huge amount of data. Hence, we are focusing on prevention rather than detection.
Active attack
Active attack involves some modification of data stream and creation of false stream. It can be divided into four categories: masquerade, replay, modification of messages and denial of services.
masquerade: one entity pretends to be a different entity. For example,
Replay: refers to the passive capture of a data unit and its subsequent retransmission to produce an unauthorised effort.
Modification of message: means some portion of a legitimate message is altered. For example, a message means “I love you” is altered to be “I hate you”.
The denial of service prevents the access of some services or the use of some facilities.
Security Mechanism
Security Service
写在最后的话(PS)
All texts above are from “Cryptography and Network Security: Principles and Practice, 6/E by William Stallings “.
Welcome questions always and forever. ^_^
相关文章推荐
- Cryptography, Security and the Future
- The Security Architecture of the Chromium Browser
- System.Security.Cryptography.CryptographicException: The data to be decrypted exceeds the maximum for this modulus of 128 bytes. (RSACryptoServiceProv
- System.Security.Cryptography.CryptographicException: The system cannot find the file specified
- The Best Damn IT Security Management Book Period
- Hackers Beware: The Ultimate Guide to Network Security by Eric Cole
- A low-level Look at the ASP.NET Architecture
- iPhone/iPod Touch: application executable is missing a required architecture. At least one of the fo
- The Architecture of the Java Virtual Machine(2)
- The 59 Top Influencers in IT Security
- PowerVR GPU - The Architecture Concepts
- The Architecture of Open Source Applications-知名开源项目各种架构分析-前言
- <BEA-090870> [Security:099060]The URL specified<BEA-000362>
- The Cisco Three Layer Hierarchical Model vs the OSI Model
- java.lang.SecurityException: JCE cannot authenticate the provider BC
- AFNetworking 提示"The resource could not be loaded because the App Transport Security policy requires
- The Cryptography API, or How to Keep a Secret(四)
- SQLite的架构(The Architecture Of SQLite)
- sicily 1231. The Embarrassed Cryptography