Nama : Nurmahendra Harahap

Nim

:147034007

Security Services (X.800)

X.800 Security Architecture for OSI identifies 5 types of service
1. Authentication
authenticate communicating peer & data sources
2. Access control
protect against unauthorized use of resources
3. Data confidentiality protect data from unauthorized disclosure
4. Data integrity
counter active threats to data's integrity
5. Non-repudiation
protect against false denials of handling data
Authentication covers two security services
Peer entity authentication
corroborate its claimed entity
Data origin authentication
corroborate its claimed data source
Access control is X.800 service in its own right that controls
1. who can access a resource
2. conditions under which access occurs
3. operations that may be performed on resource
Data confidentiality covers four security services
Connection confidentiality
ensure secrecy on a connection
Connectionless confidentiality ensure secrecy of a message
Selective field confidentiality
ensure secrecy of some data fields in data on a connection
or in a message
Traffic flow confidentiality
protection of information that might be derived from
observation of traffic flows

Security Mechanisms (X.800)

Network security mechanisms are either
1. specific to network protocol layers
2. pervasive
Specific security mechanisms cover
1. Encipherment
encoding making data unreadable without key
2. Digital signature
signing process uses data confidential to signer
verification shows if signature made with data
3. Access control
using authenticated identity or data about user to
determine and enforce his access rights
4. Data integrity
using supplementary data that is function of data to
determine if data has been modified
5. Authentication exchange
data exchanged to ensure identity of user
6. Traffic padding
adding data to messages to stop traffic analysis
7. Routing control
rerouting data on secure paths to stop attacks
8. Notarization
using trusted 3rd party to assure security
Pervasive security mechanisms cover
1. Trusted functionality
using functions trusted by security policy
2. Security labels
marking of data by its security attributes
3. Event detection
detection of security related events like violations
4. Security audit trail
recording security data so audit is possible
5. Security recovery
recovery in response to event handling and
management functions

Symmetric Encryption
Symmetric encryption is a way to encrypt or hide the contents of material where the
sender and receiver both use the same secret key. Note that symmetric encryption is
not sufficient for most applications because it only provides secrecy but not authenticity.
That means an attacker cant see the message but an attacker can create bogus
messages and force the application to decrypt them.

Symmetric Chiper Model

1. A symmetric encryption scheme has five ingredients (see figure below):

2. Plaintext:This is the original intelligible message or data that is fed into the
algorithm as input.
3. Encryption algorithm:The encryption algorithm performs various substitu-tions
and transformations on the plaintext.
4. Secret key:The secret key is also input to the encryption algorithm. The key is a
value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the specific key being used at the time.
The exact substitutions and transformations performed by the algorithm depend
on the key.
5. Ciphertext:This is the scrambled message produced as output. It depends on the
plaintext and the secret key. For a given message, two different keys will produce
two different ciphertexts. The ciphertext is an apparently random stream of data
and, as it stands, is unintelligible.
6. Decryption algorithm:This is essentially the encryption algorithm run in reverse. It
takes the ciphertext and the secret key and produces the original plaintext.

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the

algorithm to be such that an opponent who knows the algorithm and has access
to one or more ciphertexts would be unable to decipher the ciphertext or figure
out the key. This requirement is usually stated in a stronger form: The opponent
should be unable to decrypt ciphertext or discover the key even if he or she is in
possession of a number of ciphertexts together with the plaintext that produced
each ciphertext.
2. Sender and receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure. If someone can discover the key and
knows the algorithm, all communication using this key is readable.

Cryptography
Cryptographic systems are characterized along three independent dimensions:
1. The type of operations used for transforming plaintext to ciphertext
2. The number of keys used
3. The way in which the plaintext is processed.

Cryptanalysis and Brute-Force Attack

1. Cryptanalysis:Cryptanalytic attacks rely on the nature of the algorithm plus
perhaps some knowledge of the general characteristics of the plaintext or even
some sample plaintextciphertext pairs. This type of attack exploits the
characteristics of the algorithm to attempt to deduce a specific plaintext or to
deduce the key being used.
2. Brute-force attack:The attacker tries every possible key on a piece of cipher-text
until an intelligible translation into plaintext is obtained. On average, half of all
possible keys must be tried to achieve success