ECE509 Cyber Security :

Concept, Theory, and Practice

CryptographySpring 2014

Attack Types

• Passive attack: observe communications and/or data

• Active attack: modify communications and/or data

What are the security services in the OSI model?

Security Services in OSI Model

• Physical Layer:

• Data-Link Layer:

• Network Layer:

• Transport Layer:

• Session Layer:

• Presentation Layer:

• Application Layer:

Security Services in OSI Model

• Confidentiality • Integrity

• Authentication

• Access Control

• Non-repudiation

Security Mechanisms to provide the needed security services

• Checksums/hash algorithms: Authorization and Integrity

• Encryption: Confidentiality, Integrity, Authentication

• Digital signatures: Integrity, Authentication, Non-repudiation

Secure Sockets Layer (SSL)

• Mechanisms:– Hashing

• SHA: Secure Hash Algorithm• MD5: Message-Digest algorithm

– Encryptions• DES: Data Encryption Standard• RSA: Ron Rivest, Adi Shamir, and Leonard

Adleman– Signatures

• DSA: Digital Signature Algorithm • RSA: Ron Rivest, Adi Shamir, and Leonard

Adleman

Hash Function

Data Channel

Hashing

MessageHash

Data

MAC (Message Authentication Code)

Data Channel

MAC

Data

ChannelMessage

MAC

Traditional Encryption(Symmetric Encryption)

Common Key

Insecure ChannelData Data

Key Agreement

Key Agreement

Insecure ChannelData Data

Public Key Encryption

Insecure ChannelData Data

Digital Signature

Data

Channel

Hashing

MessageHash

Data

Encrypt Signature Channel Signature

Digital Signature

Data

Signature

Hashing

Decrypt

Compare Message Hash

Message/Data Encryption

Data Data

EncryptedSession

Key

EncryptedSession

KeyChannel

Channel

Reading

• “Understanding Security Using the OSI Model”, SANS Institute InfoSec Reading Room, [ https://www.sans.org/reading-room/whitepapers/protocols/understanding-security-osi-model-377 ]