This presentation describes about security goals, security services, security mechanisms and techniques

1. S.Rajapriya, Assistant Professor of IT

2. Security Services
 The International Telecommunication Union –
Telecommunication Standardization Sector provides some security
services and mechanisms to implement the security services .
There are 5 services related to the security goals and attacks.

3. It is designed to protect data from disclosure attack.
The service defined by X.800 is very broad an encompasses confidentiality
of the whole message.
It is designed to prevent snooping an traffic analysis attack.
It is designed to protect data from modification, insertion, deletion and
replaying by an adversary.

4. This service provides authentication to the party on the other of the line.
If it is a connection oriented communication, it provides authentication
during the connection establishment.
For connectionless communication, it authenticates the source of the data.
This service protects against repudiation by either the sender or receiver
of the data.
The receiver – with the proof of origin, prove the identity of the sender if
denied.
The sender – with the proof of delivery, prove the data was delivered

5. This service provides protection against unauthorized access to data
which involves reading, writing, modifying executing the programs etc.,

6. Security Mechanisms
ITU-T (X.800) defined some mechanisms to provide security services.

7. Hiding or covering the data.
Two techniques : Cryptography and Steganography
This mechanism appends to the data a check value created by a specific
process from the data itself.
 The receiver receives the data and the check value – creates a new
check value from the received data and compares with the received one.
If they are same then the integrity of the data is preserved.

8. It is a means by which the sender can electronically sign the data and the
receiver can electronically verify the data.
Two entities exchange some messages to prove their identity to each
other.
It means inserting some bogus data into the data traffic to thwart the
adversary’s attempt to use the traffic analysis.

9. It means selecting and changing different available routes between the
sender and the receiver.
 Notarization means selecting a trusted third party to control the
communication between the two entities.
It uses methods to prove that a user has access rights to the data.
Example : Passwords, PINs

10. Relationship between services
and mechanisms

11. Techniques
Cryptography :
Cryptography is an important aspect when we deal with network security.
‘Crypto’ means secret or hidden.
Cryptography is the science of secret writing with the intention of keeping the
data secret.
Cryptography is classified into symmetric cryptography, asymmetric
cryptography and hashing.

13. Symmetric-key
encipherment:
It involves usage of one secret key along with encryption and decryption
algorithms which help in securing the contents of the message.
The strength of symmetric key cryptography depends upon the number of key
bits.
It is relatively faster than asymmetric key cryptography.
There arises a key distribution problem as the key has to be transferred from
the sender to receiver through a secure channel.

15. Asymmetric-key encipherment:
It is also known as public key cryptography because it involves usage of a
public key along with secret key.
It solves the problem of key distribution as both parties uses different keys
for encryption/decryption.
It is not feasible to use for decrypting bulk messages as it is very slow
compared to symmetric key cryptography.

17. Hashing:
It involves taking the plain-text and converting it to a hash value of fixed size by a
hash function.
This process ensures integrity of the message as the hash value on both,
sender’s and receiver’s side should match if the message is unaltered.

18. Steganography :
The word Steganography is derived from two Greek words- ‘stegos’ meaning
‘to cover’ and ‘grayfia’, meaning ‘writing’, thus translating to ‘covered writing’, or
‘hidden writing’.
Steganography is a method of hiding secret data, by embedding it into an
audio, video, image, or text file.
It is one of the methods employed to protect secret or sensitive data from
malicious attacks.
Cryptography makes the data unreadable, or hides the meaning of the data,
while steganography hides the existence of the data.

19. Historical use:
In china, war messages were written on silk cloth and rolled into a small ball and
swallowed by the messenger.
In Rome and Greece, messages were carved on pieces of wood and dipped into
wax to cover the writing.
Invisible inks were also used.
Null cipers were used to hide a secret message inside a message.
Secret messages were photographed and reduced to a size of a dot.

20. Modern use:
Today, any form of data can be digitized.
Possible to insert secret binary information into the data during digitization
process.
It can also be used to protect copyright, prevent tampering.
Text Cover:
The cover of secret data can be text. We can use a single space for binary 0,two
space for binary 1.

21. Image Cover:
The cover of secret data can be under a color image.
Other Cover:
The cover of secret data can be covered under audio, video.
It can also be compressed.