1. Conventional Security Services
The following are considered to be the
security services which can be provided optionally within the framework of the
OSI Reference Model. The authentication services require authentication information
comprising locally stored information and data that is transferred
(credentials) to facilitate the authentication.
Authentication
These services including peer entity
authentication and data origin authentication can provide for the authentication
of a communicating peer entity and the source of data.
Access
control
This service provides protection against
unauthorized use of resources accessible via OSI. These may be OSI or non-OSI
resources accessed via OSI protocols. This protection service may be applied to
various types of access to a resource or to all accesses to a resource.
Data
confidentiality
These services including connection
confidentiality, connectionless confidentiality, selective field
confidentiality and traffic flow confidentiality can provide for the protection
of data from unauthorized disclosure.
Data
integrity
These services including connection
integrity with recovery, connection integrity without recovery, selective field
connection integrity, connectionless integrity and selective field
connectionless integrity can counter active threats.
Non-repudiation
This service may take one or both of two
forms: non-repudiation with proof of origin and non-repudiation with proof of
delivery. Non-repudiation with proof of origin: The recipient of data is
provided with proof of the origin of data. This will protect against any
attempt by the sender to falsely deny sending the data or its contents. Non-repudiation
with proof of delivery: The sender of data is provided with proof of delivery
of data. This will protect against any subsequent attempt by the recipient to
falsely deny receiving the data or its contents.
2. Social Network Security Objectives
Three main security objectives are privacy,
integrity and availability.
Privacy
Privacy in OSNs encompasses user profile
privacy, communication privacy, message confidentiality and information
disclosure. In principle, privacy calls for the possibility to hide any
information about any user, even to the extent of hiding their participation in
the OSN in the first place. Moreover privacy has to be met by default all
information on all users and their actions has to be hidden from any other
party internal or external to the system, unless explicitly disclosed by the
users themselves. Requiring explicit disclosure leads to the need for access
control. Access to information on a user may only be granted by the user
directly the access control has to be as finegrained as the profile, and each
attribute has to be separately manageable.
Integrity
The user’s identity and data must be
protected against unauthorized modification and tampering. In addition to
conventional modification detection and message authentication, integrity in
the context of OSNs has to be extended. The authentication has to ensure the
existence of real persons behind registered OSN members.
Availability
In OSNs, this availability specifically has
to include robustness against censorship, and the seizure or hijacking of names
and other key words. Apart from availability of data access, availability has
to be ensured along with message exchange among members
3. Differences
Conventional security services also provide
the authentication, access control and non-repudiation services while OSNs do
not. OSNs provide the privacy and availability services while conventional security
services do not. And OSNs extend the integrity service.
It’s because social network contains mass
of the real information. And information or message posted to the social
network can reflect the real life of the owners. So the privacy is very
important. Majority members act on the social website every second. And some
applications whether they are third-party applications or not need the
information from the social network. So the social network should provide the
availability services. In other networks, different networks have different
demands in the security services.
4. Revise
The second
part of the blog contents was come from the lecture notes 10 (slides 6-10). The first part of the blog contents was come from the
internet. URL: http://en.wikipedia.org/wiki/Security_service_%28telecommunication%29. And the third part comes from my own ideas after the reading and
comparison between the conventional security services and OSNs.
