Describe services and mechanisms in CSS

Security services
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. These services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. Following are the five categories of these services:

1. Authentication: The assurance that the communicating entity is the one that it claims to be.
   • Peer Entity Authentication: Used in association with a logical connection to provide confidence in the identity of the entities connected.
   • Data-Origin Authentication: In a connectionless transfer, provides assurance that the source of received data is as claimed.
2. Data Confidentiality: Protects data from unauthorized disclosure.
3. Access Control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).
4. Data Integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).
5. Non-repudiation: Protects against denial by one of the entities involved in a communication of having participated in all or part of the communication.
   • Proof of Origin: Proof that the message was sent by the specified party.
   • Proof of Delivery: Proof that the message was received by the specified party.

Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. The mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol.

1. Encipherment: Hiding or covering data and can provide confidentiality. It makes use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Cryptography and Steganography techniques are used for enciphering.
2. Data integrity: The data integrity mechanism appends a short check value to the data which is created by a specific process from the data itself. The receiver receives the data and the check value. The receiver then creates a new check value from the received data and compares the newly created check value with the one received. If the two check values match, the integrity of data is being preserved.
3. Digital Signature: A digital signature is a way by which the sender can electronically sign the data and the receiver can electronically verify it. The sender uses a process in which the sender owns a private key related to the public key that he or she has announced publicly. The receiver uses the sender’s public key to prove the message is indeed signed by the sender who claims to have sent the message.
4. Authentication exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. The two entities exchange some messages to prove their identity to each other. For example, the three-way handshake in TCP.
5. Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
6. Routing control: Enables selection of particular physically secure routes for certain data and allows routing changes which means selecting and continuously changing different available routes between the sender and the receiver to prevent the attacker from traffic analysis on a particular route.
7. Notarization: The use of a trusted third party to control the communication between the two parties. It prevents repudiation. The receiver involves a trusted third party to store the request to prevent the sender from later denying that he or she has made such a request.
8. Access Control: A variety of mechanisms are used to enforce access rights to resources/data owned by a system, for example, PINS, and passwords.