Question

According to the X.800 recommendation from the ITU-T website, please explain:

1- Connectionless Entity

2- Data Origin Authentication.

3- Authentication Exchange Mechanism

4- Routing Control Mechanism

Answer 1

1-Connectionless Entity:

Data Confidentiality:

Connectionless Confidentiality:

This service provides for the confidentiality of all (N)-user-data in a single connectionless (N)-SDU.

Data Integrity:

Connectionless Integrity :Provide connectionless integrity of the single Data blcok and provide detection of the modification.

2- Data Origin Authentication:

The data origin authentication service provides the corroboration of the source of a data unit. The service does not provide protection against duplication or modification of data units.

This service, when provided by the (N)-layer, provides corroboration to an (N + 1)-entity that the source of the data is the claimed peer (N + 1)-entity.

3- Authentication Exchange Mechanism :

        A mechanism intended to ensure the identity of an entity by means of information exchange.

3.1 Some of the techniques which may be applied to authentication exchanges are: a) use of authentication information, such as passwords supplied by a sending entity and checked by the receiving entity; b) cryptographic techniques; and c) use of characteristics and/or possessions of the entity.

3.2 The mechanisms may be incorporated into the (N)-layer in order to provide peer entity authentication. If the mechanism does not succeed in authenticating the entity, this will result in rejection or termination of the connection and may also cause an entry in the security audit trail and/or a report to a security management centre.

3.3 When cryptographic techniques are used, they may be combined with ―handshaking‖ protocols to protect against replay (i.e. to ensure liveness).

3.4 The choices of authentication exchange techniques will depend upon the circumstances in which they will need to be used with: a) time stamping and synchronized clocks; b) two and three way handshakes (for unilateral and mutual authentication respectively); and c) non-repudiation services achieved by digital signature and/or notarization mechanisms.

4. Routing Control Mechanism:

        The application of rules during the process of routing so as to chose or avoid specific networks, links or relays

       

4.1. Routes can be chosen either dynamically or by prearrangement so as to use only physically secure subnetworks, relays or links

4.2 End-systems may, on detection of persistent manipulation attacks, wish to instruct the network service provider to establish a connection via a different route.

4.3 Data carrying certain security labels may be forbidden by the security policy to pass through certain subnetworks, relays or links. Also the initiator of a connection (or the sender of a connectionless data unit) may specify routing caveats which request that specific sub-networks, links or relays be avoided.