X.800

from Wikipedia, the free encyclopedia
This article or section needs to be revised. Details should be given on the talk page. Please help to improve it , and then remove this flag.

X.800 is a security architecture in the sense of information security for the secure connection of various open digital systems. X.800 is still not a standard, but a recommendation of the ITU (International Telecommunication Union) from 1991.

The X.800 Recommendation defines general elements of a security architecture . It expands the application field of Recommendation X.200 ( OSI model ) to include secure communication between open systems.

Recommendation X.800 fulfills the following tasks:

  • general description of security services that can be provided by the OSI reference model
  • Definition of the places in the reference model where the services and mechanisms can be used.

X.800 does not cover all security services: Security aspects in the end system that are very dependent on the application context are not covered by X.800.

Security services in X.800

The following security services are defined as part of X.800 :

  • Authentication : This service is used to check the identity of one or more communication partners or data sources. The service offered by layer N of the reference model guarantees layer (N + 1) that the communication partner at layer (N + 1) level is really who he claims to be.
  • Access control : This service provides protection against unauthorized use of resources that can be accessed using OSI protocols. Different protection modes (e.g. read, write or delete protection) can be specified.
  • Data confidentiality : This service protects data from unauthorized access. This includes the confidentiality of data that is connection-oriented or connectionless, the protection of individual fields of a data unit and the protection of information that could be obtained from the traffic flow.
  • Data integrity : This service prevents active attacks on the integrity of data in a connection on layer N. A distinction is made between the detection of an attack (integrity with recovery) and the subsequent elimination of the error (integrity without recovery). The integrity can also be monitored for connectionless traffic or only for selected fields.
  • Liability (non-repudiation): This service enables the recipient to determine the origin of the data beyond doubt (proof of origin) → The sender cannot deny having sent a package. Similarly, the sender can determine that the recipient has received a package (proof of delivery) → The recipient cannot deny having received data in order to cause a retransmission.

Security mechanisms in X.800

The following mechanisms can be used to implement these services:

  • Encryption: ensures the confidentiality of data or information about the flow of traffic (see also encryption )
  • Digital signatures: A data unit can be signed (certified) or a signed data unit verified by means of digital signatures. (see also digital signature )
  • Access control: With the help of the authenticated identity of a partner or with the help of information about the partner or characteristics of the partner, access control can be used to determine which access rights may be granted to this partner.
  • Data integrity mechanisms: Either the integrity of a single data unit (using a checksum) or the integrity of a complete stream of data units (e.g. with sequence numbers or time stamps) can be ensured.
  • Mechanisms for authentication: e.g. B. by using authentication information (passwords), cryptographic techniques or using special properties of a partner
  • Mechanisms for filling up data traffic (traffic padding): Traffic analysis can be made more difficult using traffic padding.
  • Control of route selection: By defining route restrictions, you can prevent certain subnetworks or links from being traversed. E.g. end systems can request the network provider to set up a different route if tampering is discovered.
  • Notary mechanism: With a notary mechanism, certain properties of communicating partners (e.g. integrity, origin, time and destination of the data) can be confirmed by a third party that the communication partners trust.

The following mechanisms do not relate to a specific service:

  • Trustworthy functionality
  • Security label: Resources that contain data units can be associated with security labels that indicate, for example, the degree of confidentiality.
  • Event detection: The detection of security-relevant events, e.g. special security breaches, special predefined events or the exceeding of a predefined number of certain events, can be one or more actions, e.g. local notification, notification to the opposite side of the communication, logging or recovery -Actions, trigger.
  • Audit trails: recording of security-related information to identify security problems
  • Security recovery: performs a rule-based recovery (restoration)

The X.800 services in the OSI model

The X.800 services are used on the following layers of the OSI model . Each higher layer can use the security services of the lower layers.

Layer 1: physical layer

On the physical layer, only the confidentiality of the connection and the confidentiality of the traffic flow can be offered. This is achieved by encrypting the data stream using hardware (so-called spread spectrum security, frequency spreading ). The entire physical bit stream is encoded.

Layer 2: data link layer

At the level of layer 2, the services of connection-oriented and connectionless confidentiality are offered. These services are also achieved using encryption. The data is encrypted before the regular transmission or carried out after receipt. The encryption mechanisms used therefore depend on the protocol used in this layer.

The following protocols can be used to implement Layer 2 security services:

With PPTP, PPP packets can be tunneled and thus sent over insecure IP-based networks.

Like PPTP, L2TP uses encrypted tunnels to send data. The difference is that L2TP tunnels can be set up over any packet-switched networks (IP networks, Frame Relay PVCs, X.25 VCs or ATM VCs). With L2TP it is also possible to set up several tunnels between 2 end points and to secure the tunnel itself by authenticating the tunnel end points (with PPTP only the transported data is secured).

Layer 3: Network Layer

A number of security services are offered in the network layer:

  • mutual authentication: encryption, secure exchange of passwords or signature mechanisms
  • Authentication of the data origin: can be implemented through encryption or signature mechanisms
  • Access control
  • connection-oriented confidentiality & connectionless confidentiality: are made through encryption and / or routing control
  • Traffic flow confidentiality: is guaranteed through the use of traffic padding
  • connection-oriented integrity without recovery & connectionless integrity: The integrity can either be for a single data unit, using a checksum, or for a complete stream of data units, e.g. B. with sequence numbers or time stamps can be ensured.

IPsec was developed to secure the communication paths at the network layer level . Two different protocols are used within IPsec, which can also be combined:

  • Authentication Header (AH): With AH the security services connectionless integrity, access control and authentication of the data origin are implemented. It optionally offers an anti-replay service.

It is, however, possible to intercept the communication even after using the AH protocol, since the packet's user data is not encrypted.

  • Encapsulating Security Payload (ESP): ESP provides the services of access control, connectionless integrity, authentication of the data origin and, optionally, the anti-replay service.

When using the ESP protocol, the user data of the IP packet is encrypted, but the header is not.

literature

  • Stephan Fischer, Christoph Rensing, Utz Röding: Open Internet Security . Springer-Verlag, ISBN 3-540-66814-4

Web links