The ISO/OSI Security Architecture
As well as defining their seven-layered model,
the ISO/OSI group also defined a range of terminologies forming their
ISO/OSI Security Architecture.
"Remote exploit + local root exploit ⇒ remote root exploit."
Olde saying handed down through the ages.
It includes the requirements:
NOTE: the core TCP/IP internetworking suite meets none of the
requirements of the ISO/OSI Security Architecture.
Support for additional services is evolving,
primarily at the Application Layer,
but changes cannot be easily made to lower layers.
- data confidentiality - protects data as it traverses the
network from being disclosed to incorrect parties.
Even the presence of particular communication sequences between parties
should not be identified.
- data integrity - protects the data from modification or
removal while in the network,
- data origin authentication - validates the sender of the data,
- data receiver authentication - validates the receiver of the data,
- peer-entity authentication - validates all network
components, such as hardware routers and peer software components through
which a data stream must travel, and
- non-repudiation - creates and verifies evidence that the
claimed sender sent the data,
that the intended receiver did receive it,
and that neither can deny that this occurred.
CITS3002 Computer Networks, Lecture 12, Cryptography's role in networking, p1, 27th May 2020.