文档详细内容(约87页)
Authentication Peer Entity Authentication -in a connection based environment: provide confidence in the identity of a connecting entity Logging in with a password Gaining access via biological identity verification DNA identification, retinal scan, finger/hand print identification Access via audio voice identification Data Origin authentication -in a connectionless environment; provide assurance that the source of received data is as claimed Corroborates the source of the data Does not proved assurance against duplicate or modified data
11 Authentication • Peer Entity Authentication – in a connection based environment; provide confidence in the identity of a connecting entity – Logging in with a password – Gaining access via biological identity verification • DNA identification, retinal scan, finger/hand print identification – Access via audio voice identification • Data Origin Authentication – in a connectionless environment; provide assurance that the source of received data is as claimed – Corroborates the source of the data – Does not proved assurance against duplicate or modified data
Access Control This service provides protection against unauthorized use of resources accessible via osI. these may be osi or non- OSI resources accessed via osi protocols. This protection service may be applied to various types of access to a resource or to all accesses to a resource e.g., the use of a communications resource; the reading, the writing, or the deletion of an information resource the execution of a processing resource 12
12 Access Control • This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI or nonOSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a resource or to all accesses to a resource – e.g., the use of a communications resource; the reading, the writing, or the deletion of an information resource; the execution of a processing resource
Data Confidentiality Connection Confidentiality Protection of all user data on a connection Connectionless Confidentialit Protection of all data within a single data block Selective-Field Confidentiality Insure confidentiality of selected fields with within the user data on a connection or in a single data block connection Traffic- Flow Confidentiality Protection of information that might be derived by observing the traffic flow patterns
13 Data Confidentiality • Connection Confidentiality – Protection of all user data on a connection • Connectionless Confidentiality – Protection of all data within a single data block • Selective-Field Confidentiality – Insure confidentiality of selected fields with within the user data on a connection or in a single data block connection • Traffic-Flow Confidentiality – Protection of information that might be derived by observing the traffic flow patterns
Data Integrit Connection Integrity with Recovery Detect any modification of stream data or replay of data and reti Connection Integrity without Recovery Detect any modification and report it, no retry . continue on Selective-Field Connection Integrity Same except for selected fields Connectionless Integrity Detect modifications in fixed block connectionless data, may rovide replay detection and protection Selective- Field Connectionless Integrity Same, except for selected fields Total stream protection would encompass all of the above andais probably the best strategy
14 Data Integrity • Connection Integrity with Recovery – Detect any modification of stream data or replay of data and retry; • Connection Integrity without Recovery – Detect any modification and report it, no retry…continue on • Selective-Field Connection Integrity – Same except for selected fields • Connectionless Integrity – Detect modifications in fixed block connectionless data, may provide replay detection and protection • Selective-Field Connectionless Integrity – Same, except for selected fields • Total stream protection would encompass all of the above and is probably the best strategy
Nonrepudiation Nonrepudiation, Origin Proof that the message was sent by the specified party Nonrepudiation. Destination Proof that the message was received by the specified party 15
15 Nonrepudiation • Nonrepudiation, Origin – Proof that the message was sent by the specified party • Nonrepudiation, Destination – Proof that the message was received by the specified party
