CITS3002 Computer Networks  
next CITS3002 help3002 CITS3002 schedule  

The ISO/OSI Security Architecture

"Remote exploit + local root exploit ⇒ remote root exploit." Olde saying handed down through the ages.

As well as defining their seven-layered model, the ISO/OSI group also defined a range of terminologies forming their ISO/OSI Security Architecture.
It includes the requirements:

  • data confidentiality - protects data as it traverses the network from being disclosed to incorrect parties. Even the presence of particular communication sequences between parties should not be identified.

  • data integrity - protects the data from modification or removal while in the network,

  • data origin authentication - validates the sender of the data,

  • data receiver authentication - validates the receiver of the data,

  • peer-entity authentication - validates all network components, such as hardware routers and peer software components through which a data stream must travel, and

  • non-repudiation - creates and verifies evidence that the claimed sender sent the data, that the intended receiver did receive it, and that neither can deny that this occurred.


NOTE: the core TCP/IP internetworking suite meets none of the requirements of the ISO/OSI Security Architecture. Support for additional services is evolving, primarily at the Application Layer, but changes cannot be easily made to lower layers.

CITS3002 Computer Networks, Lecture 12, Cryptography's role in networking, p1, 27th May 2020.