Thursday, April 18, 2013

Specific security mechanisms

The security services may be provided by means of security mechanism:
  • Encipherment
  • Digital signature
  • Access control
  • Data integrity
  • Authentication exchange
  • Traffic padding
  • Routing control
  • Notarization
The table1/X.800 shows the relationships between services and mechanisms
Illustration of relationship of security services and mechanisms
ServiceMechanism

EnciphermentDigital signatureAccess controlData integrityAuthentication exchangeTraffic paddingRouting controlNotarization
Peer entity authenticationYY··Y···
Data origin authenticationYY······
Access control service··Y·····
Connection confidentiality








Y.····Y·
Connectionless confidentialityY·····Y·
Selective field confidentialityY·······
Traffic flow confidentialityY····YY·
Connection Integrity with recoveryY··Y····
Connection integritywithout recoveryY··Y····
Selective field connection integrityY··Y····
Connectionless integrityYY·Y····
Selective field connectionless integrityYY·Y····
Non-repudiation. Origin·Y·Y···Y
Non-repudiation. Delivery
Y·Y···Y


Some of them can be applied to connection oriented protocols, other to connectionless protocols or both.
The table 2/X.800 illustrates the relationship of security services and layers:

Illustration of the relationship of security services and layers
ServiceLayer

1234567*
Peer entity authentication··YY··Y
Data origin authentication··YY··Y
Access control service··YY··Y
Connection confidentialityYYYY·YY
Connectionless confidentiality·YYY·YY
Selective field confidentiality·····YY
Traffic flow confidentialityY·Y···Y
Connection Integrity with recovery···Y··Y
Connection integrity without recovery··YY··Y
Selective field connection integrity······Y
Connectionless integrity··YY··Y
Selective field connectionless integrity······Y
Non-repudiation Origin······Y
Non-repudiation. Delivery······Y

at

No comments:

Post a Comment