1. Confidentiality, Integrity, Nonrepudiation
Network Security

2. Confidentiality, Integrity, Nonrepudiation
Objectives of the Topic
After completing this topic, a student will be able to
explain data confidentiality, data integrity and nonrepudiation services.

3. Confidentiality, Integrity, Nonrepudiation
Figures and material in this topic have been
adapted from “Network Security Essentials: Applications and Standards”, 2014, by William Stallings.

4. Confidentiality, Integrity, Nonrepudiation
X.800 Service Categories:
Authentication
Access control
Data confidentiality
Data integrity
Nonrepudiation

5. Confidentiality, Integrity, Nonrepudiation
Data Confidentiality:
is the protection of transmitted data from passive attacks.
Assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).

6. Confidentiality, Integrity, Nonrepudiation
Broadest service protects all user data transmitted between two users over a period of time.
E.g. when a TCP connection is set up bet. two systems, it prevents the release of any user data transmitted.

7. Confidentiality, Integrity, Nonrepudiation
Narrower forms of service include the protection of a single message or even specific fields within a message.

8. Confidentiality, Integrity, Nonrepudiation
The other aspect is the protection of traffic flow from analysis.
This requires that an attacker not be able to observe the source and destination, length, or other characteristics of the traffic.

9. Confidentiality, Integrity, Nonrepudiation
Data Integrity:
can apply to a stream of messages, a single message, or selected fields within a message.
the most useful and straightforward approach is total stream protection.

10. Confidentiality, Integrity, Nonrepudiation
Connection-oriented integrity service deals with a stream of messages and assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays.

11. Confidentiality, Integrity, Nonrepudiation
the connection-oriented integrity service addresses both message stream modification and denial of service.

12. Confidentiality, Integrity, Nonrepudiation
A connectionless integrity service deals with individual messages without regard to any larger context, and generally provides protection against message modification only.

13. Confidentiality, Integrity, Nonrepudiation
Because the integrity service relates to active attacks, we are concerned with detection rather than prevention.
automated recovery mechanisms allow to recover from the loss of integrity of data.

14. Confidentiality, Integrity, Nonrepudiation
prevents either sender or receiver from denying a transmitted message.

15. Confidentiality, Integrity, Nonrepudiation
When a message is sent, the receiver can prove that the alleged sender in fact sent the message.
When a message is received, the sender can prove that the alleged receiver in fact received the message.

16. Confidentiality, Integrity, Nonrepudiation
Availability Service:
The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system.

17. Confidentiality, Integrity, Nonrepudiation
One that protects a system to ensure its availability.
Addresses the security concerns raised by denial-of-service attacks.
Depends on proper management and control of system resources.
End