网络与信息安全——知识整理（1）

1. The Security Goals

 

a. Confidentiality: to protect theconfidential information and to guard against the malicious actions that will endangerthe confidentiality of information. 

b. Integrity: changes of information needto be done only by authorized entities and through authorized mechanisms. 

c. Availability: the creation and store ofinformation should be available and accessible to authorized entities.

 

2. The Security Attacks

 

a. Attacks Threatening Confidentiality (passive)

i. Snooping: unauthorized access to or interceptionof data.

ii. Traffic Analysis: Obtaining informationby monitoring online traffic.

 

b. Attacks Threatening Integrity (active)

i. Modification: the attacker interceptsthe message and changes it.

ii. Masquerading (Spoofing): the attackerimpersonates somebody else.

iii. Replaying: the attacker obtains a copyof a message and later tries to replay it.

iv. Repudiation: the sender of the message deniesthat he/she has sent the message; or the receiver of the message denies thathe/she has received the message.

 

c. Attacks Threatening Availability(active)

i. Denial of service (DoS): A kind ofattack that may slow down or totally interrupt the system service.

 

3. The Security Services

a. Data Confidentiality

The protection of data from unauthorizeddisclosure, including:

i. Connection Confidentiality: theprotection of all user data on connection.

ii. Connectionless Confidentiality: theprotection of all user data in a single data block.

iii. Selective-Field Confidentiality: theconfidentiality of selected fields within the user data on a connection or in asingle data block.

iv. Traffic Flow Confidentiality: theprotection of the information that might be derived from observation of trafficflows.

 

b. Data Integrity (including anti-changeand anti-replay)

The assurance that data received areexactly as sent by an authorized entity, including:

i. Connection Integrity with Recovery:provides for the integrity of all user data on a connection and detects anymodification, insertion, deletion, or replay of any data within an entire data sequence,with recovery attempted.

ii. Connection Integrity without Recovery:provides only detection for modification, insertion, deletion or replay,without recovery.

iii. Selective-Field Connection Integrity:provides for the integrity of selected fields within the user data of a datablock transferred over a connection and takes the form of determination ofwhether the selected fields have been modified, inserted, deleted or replayed.

iv. Connectionless Integrity: provides forthe integrity of a single connectionless data block and may take the form ofdetection of data modification, and additionally, a limited form od replaydetection may be provided.

v. Selective-Field Connectionless Integrity:provides for the integrity of selected fields within a single connectionlessdata block; takes the form of determination of whether the selected fields havebeen modified.

 

c. Authentication

The assurance that the communicating entityis the one that it claims to be, including:

i. Peer Entity Authentication: to provideconfidence of entity’s identity in association with logical connection.

ii. Data Origin Authentication: to provideassurance that the source of received data is as claimed in a connectionlesstransfer.

 

d. Nonrepudiation

Provides protection against denial byentities involved in a communication, including:

i. Nonrepudiation, Origin: proof that themessage was sent by the specified party.

ii. Nonrepudiation, Destination: proof thatthe message was received by the specified party.

 

e. Access Control

The prevention of unauthorized use of a resource.

 

4. The Security Mechanisms

a. Encipherment: the use of mathematicalalgorithm to transform data into a form that is not readily intelligible.

b. Data Integrity: mechanisms used to assurethe integrity of data units.

c. Digital Signature: data appended toprove the source and integrity of data and protect against forgery.

d. Authentication Exchange: the mechanismintended to ensure the identity of an entity by means of information exchange.

e. Traffic Padding: the insertion of bitsinto gaps in a data stream to frustrate traffic analysis attempts.

f. Routing Control: enables selection ofparticular physically secure routes for certain data and allows routingchanges.

g. Notarization: the use of a trusted thirdparty to assure certain properties of a data exchange.

h. Access Control: a variety of mechanismsthat enforce access rights to resources.

 

5. Relation between security services andsecurity mechanisms

Security Services	Security Mechanisms
Data Confidentiality	Encipherment, Routing Control
Data Integrity	Encipherment, Digital Signature, Data Integrity
Authentication	Encipherment, Digital Signature, Authentication Exchange
Nonrepudiation	Digital Signature, Data Integrity, Notarization
Access Control	Access Control

 

6. The Cryptography Techniques

Known as SECRET WRITING, it is a scienceand art of transforming message to make them secure and immune to attacks whichincluding the following techniques:

a. Symmetric-Key Encipherment

b. Asymmetric-Key Encipherment

c. Hashing

 

7. The Steganography Techniques

Steganography means COVERED WRITING whichis in contrast with cryptography. It hides message or information via othermedia.