Cryptographic Tasks
Arranged by :
Fajar Nugraha
Wahyu (11140910000013)
JURUSAN TEKNIK INFORMATIKA
FAKULTAS SAINS DAN TEKNOLOGI
UIN SYARIFHIDAYATULLAH
JAKARTA
2017
1. What is the OSI security
architecture?
The OSI Security Architecture is a framework that
provides a systematic way of defining the requirements for security and
characterizing the approaches to satisfying those requirements. The document
defines security attacks, mechanisms, and services, and the relationships among
these categories.
2.
What
is the difference between passive and active security threats?
Passive attacks have to do with
eavesdropping on, or monitoring, transmissions. Electronic mail, file
transfers, and client/server exchanges are examples of transmissions that can
be monitored.
Active attacks include the modification
of transmitted data and attempts to gain unauthorized access to computer
systems.
3.
List
and briefly define categories of passive and active security attacks.
Passive attacks : release of message contents and
traffic analysis. Active attacks : masquerade, replay, modification of
messages, and denial of service.
4.
List
and briefly define categories of security services.
Authentication:
The assurance that the communicating entity is the one that it claims to be.
Access
control: The prevention of unauthorized use of a resource
(i.e., this service controls who can have access to a resource, under what
conditions access can occur, and what those accessing the resource are allowed
to do).
Data
confidentiality: The protection of data from unauthorized
disclosure.
Data
integrity: The assurance that data received are exactly as sent
by an authorized entity (i.e., contain no modification, insertion, deletion, or
replay).
Nonrepudiation:
Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
Availability
service: The property of a system or a system resource being
accessible and usable upon demand by an authorized system entity, according to
performance specifications for the system (i.e., a system is available if it
provides services according to the system design whenever users request them).
5.
List
and briefly define categories of security mechanisms.
Encipherment
The use of mathematical algorithms to transform data into
a form that is not readily intelligible. The transformation and subsequent
recovery of the data depend on an algorithm and zero or more encryption keys.
Digital Signature
Data appended to, or a cryptographic transformation of, a
data unit that allows a recipient of the data unit to prove the source and
integrity of the data unit and protect against forgery (e.g., by the
recipient).
Access Control
A variety of mechanisms that enforce access rights to
resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a
data unit or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of an entity
by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to
frustrate traffic analysis attempts.
Routing Control
Enables selection of particular physically secure routes
for certain data and allows routing changes, especially when a breach of security
is suspected.
Notarization
The use of a trusted third party to assure certain
properties of a data exchange.
Trusted Functionality
That which is perceived to be correct with respect to
some criteria (e.g., as established by a security policy).
Security Label
The marking bound to a resource (which may be a data
unit) that names or designates the security attributes of that resource.
Event Detection
Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a
security audit, which is an independent review and examination of system
records and activities.
Security Recovery
Deals with requests from mechanisms, such as event
handling and management functions, and takes recovery actions.
Problems
1.1 Draw a matrix similar to Table 1.4
that shows the relationship between security services and attacks.
|
Attack
|
||||||
|
Service
|
Release of Message
|
Traffic Analysis
|
Masquerade
|
Replay
|
Modification of Message
|
Denial of Service
|
|
Peer entity authentication
|
|
|
Y
|
|
|
|
|
Data origin authentication
|
|
|
Y
|
|
|
|
|
Access control
|
|
|
Y
|
|
|
|
|
Confidentiality
|
Y
|
|
|
|
|
|
|
Traffic flow confidentiality
|
|
Y
|
|
|
|
|
|
Data integrity
|
|
|
|
Y
|
Y
|
|
|
Nonrepudiation
|
|
|
Y
|
|
|
|
|
Availability
|
|
|
|
|
|
Y
|
1.2 Draw a matrix similar to Table 1.4
that shows the relationship between security mechanisms and attacks.
|
Attack
|
||||||
|
Service
|
Release of Message
|
Traffic Analysis
|
Masquerade
|
Replay
|
Modification of Message
|
Denial of Service
|
|
Encipherment
|
Y
|
|
|
|
|
|
|
Digital Signature
|
|
|
Y
|
Y
|
Y
|
|
|
Access Control
|
Y
|
Y
|
Y
|
Y
|
|
Y
|
|
Data Integrity
|
|
|
|
Y
|
Y
|
|
|
Authentication Exchange
|
Y
|
|
Y
|
Y
|
|
Y
|
|
Traffic Padding
|
|
Y
|
|
|
|
|
|
Routing Control
|
Y
|
Y
|
|
|
|
Y
|
|
Notarization
|
|
|
Y
|
Y
|
Y
|
|
No comments:
Post a Comment