Computer Security Concept:

Computer Security, also known as Cybersecurity, refers to the protection of computer

systems and networks from threats such as unauthorized access, data breaches, malware,
and cyberattacks. Its goal is to ensure the confidentiality, integrity, and availability
(CIA) of information.

🔐 Key Concepts of Computer Security

1. Confidentiality

• Ensures that information is only accessible to authorized users.

• 🔒 Achieved through: encryption, access control, authentication.
• 📌 Example: Encrypting email messages so only the intended recipient can read them.

2. Integrity

• Ensures that data is not altered or tampered with during storage or transmission.
• 🔧 Achieved through: hashing, digital signatures, checksums.
• 📌 Example: Verifying file integrity using SHA-256 hash values.

3. Availability

• Ensures that systems and data are accessible when needed.

• 🛠 Achieved through: redundant systems, backup, anti-DDoS measures.
• 📌 Example: A banking site using load balancers to stay online during high traffic.

🧩 Other Essential Concepts

Concept Description
Authentication Verifying the identity of a user or system (e.g., password, biometrics).
Authorization Granting access to resources based on user identity or role.
Non- Ensures a user cannot deny having performed an action (e.g., digital
Repudiation signature).
Access Control Mechanisms that restrict who can access what (e.g., file permissions).
Threats Potential causes of harm to a system (e.g., hackers, viruses).
Vulnerabilities Weaknesses in a system that can be exploited.
Attacks Actions that attempt to exploit vulnerabilities (e.g., phishing, malware).
Security Policies Rules that define acceptable use and protection of data and resources.

🛡 Types of Security Controls

 Type Description Examples
Locks, CCTV, biometric
Physical Protect physical devices and infrastructure
access
Software/hardware controls to protect
Technical Firewalls, encryption, antivirus
systems
Security training, access
Administrative Policies and procedures to manage security
policies

🧪 Common Threats to Computer Security

• Malware (Viruses, Worms, Trojans, Ransomware)

• Phishing attacks
• Social engineering
• Denial of Service (DoS) attacks
• Unauthorized access (hacking)
• Insider threats

✅ Goals of Computer Security (CIA Triad)

Goal Meaning
Confidentiality Keep data secret from unauthorized users.
Integrity Keep data accurate and unaltered.
Availability Ensure systems/data are accessible when needed.

📦 Example Use Case: Online Banking

• Confidentiality: Encrypts login and transaction data.

• Integrity: Uses digital signatures to ensure data hasn’t been tampered with.
• Availability: Load balancers and backups to keep services running 24/7.
The OSI Security Architecture:

🌐 OSI Security Architecture (As per ITU-T X.800)

The OSI Security Architecture, defined by the ITU-T Recommendation X.800, provides a
structured framework for implementing security across computer networks. It aligns with
the OSI model (Open Systems Interconnection model) and identifies security
services, security mechanisms, and security attacks at various layers of communication.

🧱 Components of the OSI Security Architecture

The architecture defines three main components:

1⃣ Security Services

These are services that enhance the security of data processing and communication systems.
They correspond to what needs to be protected.

🔐 Main Security Services (from X.800):

Service Descrip3on
Authen3ca3on Verifies iden*ty of users or systems
Access Control Restricts access to resources based on permissions
Data
Prevents unauthorized disclosure of data
Confiden3ality
 Service Descrip3on
Data Integrity Ensures data is not modified in an unauthorized way
Prevents en**es from denying previous ac*ons (e.g., sending a
Non-Repudia3on
message)

2⃣ Security Mechanisms

These are tools or methods used to implement the security services.

🛠 Examples of Mechanisms:

Mechanism Purpose
Encipherment Encrypts data to ensure confiden*ality
Digital Signatures Ensures integrity and non-repudia*on
Access Control Mechanisms Enforces who can access what
Authen3ca3on Exchanges Verifies iden*ty between communica*ng par*es
Traffic Padding Obscures traffic paEerns to prevent analysis
Rou3ng Control Ensures data uses secure paths
Notariza3on Provides third-party valida*on of a transac*on

3⃣ Security A5acks

These are threats that aim to compromise the security of systems. X.800 categorizes them
into two broad types:

🚨 Types of Attacks:

Type Descrip3on Example

Passive Try to eavesdrop or monitor communica*ons Release of message
AFacks without altering data content, traffic analysis
Ac3ve Try to alter, disrupt, or inject data during Masquerade, replay,
AFacks communica*on modifica*on, DoS

📊 Relation to the OSI Model Layers

The OSI Security Architecture does not limit security to a single layer. Instead, it can be
implemented at each of the 7 OSI layers, depending on the need.

OSI Layer Security Concerns

Applica*on User authen*ca*on, data integrity
Presenta*on Encryp*on, decryp*on
 OSI Layer Security Concerns
Session Session control, authen*ca*on
Transport Secure transport (e.g., SSL/TLS)
Network Secure rou*ng, IPsec
Data Link Secure frame transmission (e.g., MACsec)
Physical Physical access control (locks, biometrics)

✅ Summary Table

Component Role
Security Service What needs to be protected (e.g., confiden*ality)
Security Mechanism How protec*on is implemented (e.g., encryp*on)
Security AFack What it protects against (e.g., tampering, spying)

📌 Example: Secure Email Communication

Component Implementa3on
Service Confiden*ality, Integrity, Non-repudia*on
Mechanism Encryp*on (PGP), Digital Signature
AFack Defended Eavesdropping, Message tampering, Forgery

The X.800 Security Services are part of the ITU-T Recommendation X.800, which defines
a framework for providing security in computer and communication systems. These services
are designed to protect data and systems from security threats and are categorized based on
the security requirements they address.
🔐 X.800 Security Services – Overview

X.800 defines five major categories of security services:

1. Authentication

Ensures that the identities of communicating parties are verified.

Types:

• Peer-entity authentication: Verifies the identity of two entities in a connection (e.g.,

login verification).
• Data-origin authentication: Verifies the source of the data (e.g., confirming a
message came from a specific sender).

Common Authentication Mechanisms:

Method Description
Basic form of authentication based on user-provided
Passwords/PINs
secrets.
 Method Description
Uses physical traits (e.g., fingerprint, face) to verify
Biometric Authentication
identity.
Temporary codes used once, sent via SMS/email or
One-Time Passwords (OTPs)
generated by app.
Digital Certificates Verifies identity using a public key infrastructure (PKI).
Multi-Factor Authentication
Combines two or more factors (e.g., password + OTP).
(MFA)
Challenge-Response Protocols Server sends a challenge, client must respond correctly.

Examples of Authentication in Practice:

Scenario Authentication Service Used

Peer-entity authentication using
Logging into email
username/password
Receiving an email with a digital
Data-origin authentication
signature
Accessing online banking MFA: password + OTP
Secure API communication Token-based authentication (e.g., OAuth, JWT)

2. Access Control

Prevents unauthorized users from accessing system resources.

Features:

• Defines who is allowed to access what.

• Can include passwords, biometrics, access control lists (ACLs), etc.

Components of Access Control:

Component Role
Subject Entity requesting access (e.g., user, device, program)
Object Resource being accessed (e.g., file, database, service)
Defines what subjects can do to which objects (e.g., read,
Access Rules (Policy)
write)
Access Control
System enforcing the policy (e.g., OS, firewall, app)
Mechanism
Access Control Mechanisms:

Type Description
Discretionary Access Control Resource owner defines access rights (e.g., file
(DAC) permissions).
Access is based on fixed rules set by the system (e.g.,
Mandatory Access Control (MAC)
military).
Role-Based Access Control
Access based on user's role (e.g., admin, user, guest).
(RBAC)
Attribute-Based Access Control
Access based on attributes (user, resource, context).
(ABAC)
Uses if-then logic or firewall rules to permit/deny
Rule-Based Access Control
access.

Examples of Access Control:

Scenario Access Control Mechanism Used

File access on a personal laptop DAC (owner grants read/write rights)
Hospital records system RBAC (doctor vs. nurse access rights)
Military defense systems MAC (classified levels and strict policies)
Cloud storage with user policies ABAC (user group, location, time of access)
Network firewall rules Rule-based (based on IP, port, protocol)

3. Data Confidentiality

Protects data from unauthorized disclosure.

Methods:

• Encryption (e.g., AES, RSA).

• Prevents eavesdropping or passive attacks like message content release.

Type Description
1. Connection
Protects all user data on a communication connection.
Confidentiality
2. Connectionless Protects individual data packets or messages (no session or
Confidentiality connection).
 Type Description
3. Selective Field Protects specific fields within a message (e.g., only the
Confidentiality content, not headers).
4. Traffic Flow Conceals the pattern and flow of communication (e.g., size,
Confidentiality frequency).

Mechanisms Used to Ensure Confidentiality:

1. Encryption Algorithms:
o Symmetric Encryption: AES, DES, ChaCha20
o Asymmetric Encryption: RSA, ECC
2. Secure Communication Protocols:
o SSL/TLS (used in HTTPS)
o IPsec (for secure IP communication)
o VPN (Virtual Private Network)
3. Key Management:
o Ensures that encryption keys are generated, stored, and exchanged securely.

Examples of Data Confidentiality in Action:

Scenario How Confidentiality is Achieved

Sending an email securely Email content is encrypted using PGP or S/MIME.
Online banking TLS encrypts all data between browser and server.
File storage on the cloud Files are encrypted client-side using AES-256.
Securing IoT device communication Messages are encrypted to prevent sniffing.

4. Data Integrity

Ensures that the data is not altered or tampered with during transmission or storage.

Techniques:

• Checksums, hash functions (e.g., SHA-256), digital signatures.

• Detects modification, insertion, deletion, or replay of data.

Type Description
1. Connection Integrity with Ensures integrity across an entire data stream and provides
Recovery recovery options (e.g., retransmission).
 Type Description
2. Connection Integrity Ensures integrity across the connection but without
without Recovery recovery mechanisms.
3. Selective Field Connection Ensures specific fields in data are protected from
Integrity tampering.
4. Connectionless Integrity Integrity of individual messages (e.g., emails, datagrams).
5. Selective Field
Integrity for specific parts of individual messages.
Connectionless Integrity

Examples of Data Confidentiality in Action:

Scenario How Confidentiality is Achieved

Sending an email securely Email content is encrypted using PGP or S/MIME.
Online banking TLS encrypts all data between browser and server.
File storage on the cloud Files are encrypted client-side using AES-256.
Securing IoT device communication Messages are encrypted to prevent sniffing.

Examples of Data Integrity in Action:

Scenario How Integrity is Ensured

Email integrity Digital signature added using sender's private key.
File download from website Site provides hash (SHA-256) to verify the file.
Secure messaging app MAC or HMAC validates that the message hasn't changed.
Blockchain transaction Uses cryptographic hashes to verify block data integrity.

5. Non-Repudiation

Prevents an entity from denying previous commitments or actions.

Types:

• Non-repudiation of origin: The sender cannot deny sending a message.

• Non-repudiation of delivery: The recipient cannot deny receiving a message.

Tools:

• Digital signatures, audit logs, secure receipts.

Mechanisms Used:
 Mechanism Role in Non-Repudiation
Binds message content to sender's identity using private
Digital Signatures
key.
Public Key Infrastructure
Issues and manages keys and certificates for users.
(PKI)
Audit Logs Keeps secure records of actions taken by users.
Timestamps Verifies the time of sending/receiving a message.
Receipts/Confirmations Acts as evidence of delivery or acceptance.

Examples of Non-Repudiation in Action:

Scenario Non-Repudiation Feature

Digital contracts (e.g., e-signing A signer’s digital certificate is used to confirm
PDF) identity.
Sender can't deny sending — recipient has verifiable
Email with digital signature
proof.
Bank transaction logs Customer cannot deny making the transaction.
Blockchain records Immutable ledger proves who made which transaction.

🧩 Summary Table

Security Service Purpose Example

Authentication Verify identity Login verification
Access Control Restrict resource usage Role-based access to databases
Data Confidentiality Prevent unauthorized data disclosure Encrypting emails
Data Integrity Detect tampering File hash comparison
Non-Repudiation Prevent denial of participation Signed contract via digital sig.

📚 Use Case Scenario

In secure email communication:

• Authentication verifies the sender’s identity.

• Access Control ensures only intended recipients read the message.
• Confidentiality encrypts the message.
• Integrity checks ensure the content hasn't changed.
• Non-repudiation binds the sender to the message sent using digital signatures.
A Model for Network Security:

(Based on OSI and ITU-T X.800 Framework)

A Network Security Model provides a conceptual structure for understanding how

to secure communications over a network, especially against threats like eavesdropping,
tampering, impersonation, and unauthorized access.

🧩 Key Elements of the Network Security Model

The model involves five essential components:

1. Sender

• The originator of the message (e.g., Alice).

• Wants to send data securely to the receiver.

2. Receiver

• The intended recipient of the message (e.g., Bob).

• Expects to receive the message unaltered and private.

3. Message (Data)
 • The information to be transmitted securely (e.g., text, files, payment info).

4. Transmission Medium (Channel)

• The path through which the message travels.

• Can be insecure (e.g., Internet, Wi-Fi).

5. Security Services & Mechanisms

• Protect the message during transit by applying confidentiality, integrity,

authentication, etc.

🔐 Model Structure (Simple Flow)

plaintext
CopyEdit
[Sender]
|
[Security Services + Mechanisms]
|
[Insecure Channel] ← (Potential Attacker)
|
[Security Services + Mechanisms]
|
[Receiver]

🛡 Security Functions in the Model

Security Goal What It Does Example Mechanism

Confidentiality Prevents unauthorized access to data Encryption (e.g., AES)
Hashing (SHA-256),
Integrity Ensures message hasn’t been changed
MAC
Authentication Verifies the identities of sender/receiver Digital signatures
Non- Prevents sender/receiver from denying
Digital certificates
repudiation communication
Access Control Restricts access to data/resources Firewalls, ACLs

👾 Threats Addressed by the Model

Attack Type Description Example

Passive Attack Eavesdropping on messages Reading emails in transit
Modifying, injecting, or replaying
Active Attack Tampering with transactions
messages
Masquerade Impersonating another user/system Fake login page
 Attack Type Description Example
Resending previously captured Replaying payment
Replay Attack
messages confirmation
Denial of Service
Disrupting service availability Flooding a server
(DoS)