cloud computing trends

All you need to know about OSI Security Architecture in a fingertip!

written by HB Nadun Udara
On Mar 19, 2023


“Don`t you think it is a duty of organizations to ensure Safety and security of user data in this cyber world of never ending cybercrimes? ” Exactly.

It is indeed important to ensure the integrity, confidentiality and availability of data by ensuring a proper system. And that’s what the OSI Security Architecture does!

It is a globally accepted architecture designed to systematically approach the two pillars of cyber technology, Safety and security, of data transmitted over the network in each of its seven layers of the OSI model by providing security services and security mechanisms.

This architecture ensures to provide safety in an organization by focusing on concepts such as;

  • Security Attacks.
  • Security Services.
  • Security Mechanism (Mechanism to protect the system/device/network from security threats).

These concepts put the safety of an organization at risk.

Classification of OSI Security Architecture


Classification of OSI Security Architecture

Security Attacks.

This occurs when the security of the system/network/ or device is disturbed by an attacker (a person or entity) to disrupt or compromise its security. These attacks are of two types, namely passive and active.

A. Passive Attack.

In these attacks the attacker doesn`t disrupt or make changes to the data transmitted between the receiver and sender, the intruder only tries to access the data by keeping a close watch on the transmitted data by monitoring the system/ network or device by means of eavesdropping and traffic analysis.

These attacks primarily focus on collecting information or intelligence by third parties. As there is no deviation of data transmission and hence no unusual behavior there is no means of identification of these kinds of passive attacks by the receiver or sender, hence its riskier than active attacks.

To protect against passive attacks important information can be encrypted during transmission therefore even though the third parties can access the information it will not be understandable to them.

Based on behavior passive attacks can be classified into two, namely eavesdropping and traffic analysis.

  • Eavesdropping: This is the involvement of techniques such as ‘packet sniffing’ or ‘man in the middle attacks’ used to be performed to intercept or listen to communications between senders and receivers without their knowledge and consent.
  • Traffic analysis: Techniques such as network flow analysis, or protocol analysis allows the intruder to understand the pattern and length of encryption but deny them from reading the message. In this scenario the attacker analyzes the network traffic patterns and metadata to collect information about the system, network, or device

B. Active Attacks.

Active attacks involve the attacker to make changes or actively disrupt the data transmitted between the sender and the receiver, so that the receiver doesn’t know the modified information he/she received wasn’t from the actual sender, but from the attacker.

The attacker alters the system, network, or device activity. Unlike passive attacks the intruder`s focus is to modify the communicated data rather than gathering information or intelligence.

In addition, data shows deviations and unusual behaviors after active attacks. Since there is no information provided of the attack and the receiver is not aware of the modification of the data/ message, active attacks are dangerous.

Active attacks are further divided into four parts based on their behavior:

  • Replay – The transmitted message is intercepted by the intruder through a passive channel before maliciously or fraudulently replaying or delaying it.
  • Masquerade – is a type of attack in which the attacker uses stolen or forged credentials, or manipulating authentication or authorization controls to gain unauthorized access to the system pretending to be an authenticated sender.
  • Modification of Message – This type of attacks focus on modifying the message into a form that looks unsafe and of no meaning to the receiver in order to manipulate the content of the message or to disrupt the communication process.
  • Denial of service (DoS) – attacks involve making the system, network or device unavailable to the users by the attacker overloading it with large volumes of traffic.


Security Mechanism.

Security Mechanism is the mechanism that identifies any breach of security or attack on the organization.


Security Mechanisms are responsible for protecting a system, network, or device against unauthorized access, tampering, or other security threats and providing confidentiality, integrity and availability of data.

These mechanisms are implemented at different levels within a system or network. Encipherment, Digital signature, Traffic padding and Routing control are some examples of security mechanisms.

  • Encipherment (Encryption) – Encryption can be used to protect data transmitted over a network, or stored on a device. The information is encrypted using algorithms in a way that only the person with the appropriate decryption key can convert it into a readable form.
  • Digital signature is a security mechanism that is used to ensure the authenticity and integrity of the document or message by the use of cryptographic techniques to create a unique, verifiable identifier for a digital document or message.
  • Traffic padding- is a method of adding extra data to a network traffic stream to obscure the true content of the traffic and to make it complex to analyze the transmitted data.
  • Routing control – When a gap in security is suspected this mechanism allows to select specific physically secure routes for specific data transmission and also enables routing changes.

Security Services.

These services maintain the security and safety of an organization by preventing any potential risks to security. Security services are of 5 types namely;

  • Authentication is the process that allows or rejects access to the system by verifying the identity of a user or device.
  • Access control determines access to specific resources within a system according to policies and procedures.
  • Data Confidentiality protects information from being accessed or disclosed by unauthorized parties.
  • Data integrity prevents data from being tampered or altered during transmission or storage by usage of certain techniques.
  • Non- repudiation used to prevent the sender from denying that they sent the message by creating a verifiable record of the origin and transmission of a message.

Benefits of OSI Architecture

Below listed are the benefits of OSI Architecture in an organization:

1. Providing Security:

  • OSI Architecture provide security and safety for the organization by preventing potential threats and risks.
  • A trouble-free security maintenance is achieved through OSI Architecture allowing managers to monitor security.

2. Organizing Task:

  • Based on strong security principles the OSI architecture enables managers to easily build security model for the organization.
  • Provides opportunities for managers to organize tasks in an organization effectively.

3. Meets International Standards:

  • Security services are defined and recognized internationally for meeting international standards.
  • The standard definition of requirements defined using OSI Architecture is globally accepted.

Related Posts

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Comments

6 Comments

  1. Avatar

    I was recommended this website by my cousin I am not sure whether this post is written by him as nobody else know such detailed about my difficulty You are wonderful Thanks

    Reply
  2. Avatar

    Hello my loved one I want to say that this post is amazing great written and include almost all significant infos I would like to look extra posts like this

    Reply
  3. Avatar

    I was recommended this website by my cousin I am not sure whether this post is written by him as nobody else know such detailed about my difficulty You are wonderful Thanks

    Reply
  4. Avatar

    What i do not realize is in fact how you are no longer actually much more wellfavored than you might be right now Youre very intelligent You recognize thus considerably in relation to this topic made me in my view believe it from numerous numerous angles Its like men and women are not fascinated until it is one thing to do with Lady gaga Your own stuffs excellent All the time handle it up

    Reply
  5. Avatar

    Wonderful web site Lots of useful info here Im sending it to a few friends ans additionally sharing in delicious And obviously thanks to your effort

    Reply
  6. Avatar

    I loved as much as you will receive carried out right here The sketch is attractive your authored material stylish nonetheless you command get got an impatience over that you wish be delivering the following unwell unquestionably come more formerly again since exactly the same nearly a lot often inside case you shield this hike

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *