Describe the various security services?
Security service is a service which ensures adequate security of the systems or of data transfers. The classification of security services are as follows:-
• Data confidentiality Authentication • Access control • Data integrity • Nonrepudiation • Availability service:
Confidentiality: Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties. The principle of confidentiality specifies that only the sender and the intended recipient(s) should be able to access the contents of a message. Confidentiality gets compromised if an unauthorized person is able to access a message.
Eg., printing, displaying and other forms of disclosure.
Authentication: Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false. • The recipient of the message should be sure that the message came from the source that it claims to be • All communicating parties should be sure that the connection is not interfered with by unauthorized party.
Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted information. Modification includes writing, changing status, deleting, creating and delaying or replaying of transmitted messages. Protection from active attacks It may be integrity with recovery, or Integrity without recovery (detection only)
Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny the transmission. Protection against denial by one of the entities involved in a communication of having participated in the communication.
Access control: Requires that access to information resources may be controlled by or the target system. This service controls who can have access to a resource; under what conditions access can occur; what those accessing are allowing to do. Example: in online banking a user may be allowed to see his balance, but not allowed to make any transactions for some of his accounts
Availability: Requires that computer system assets be available to authorized parties when needed.
