Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation.
In order to let different devices to communicate data in a standardized way, communication protocols had been defined. The ITU-T organization published a large set of protocols. The general architecture of these protocols is defined in recommendation X.200. The different means and ways to communicate are called a communication network. Security requirements are applicable to the information sent over the network. The discipline dealing with security over a network is called Network security. The X.800 Recommendation:
provides a general description of security services and related mechanisms, which may be provided by the Reference Model; and
defines the positions within the Reference Model where the services and mechanisms may be provided.
This Recommendation extends the field of application of Recommendation X.200, to cover secure communications between open systems. According to X.200 Recommendation, in the so-called OSI Reference model there are 7 layers, each one is generically called N layer. The N+1 entity ask for transmission services to the N entity. At each level two entities interact by means of the protocol by transmitting Protocol Data Units. Service Data Unit is a specific unit of data that has been passed down from an OSI layer, to a lower layer, and has not yet been encapsulated into a PDU, by the lower layer. It is a set of data that is sent by a user of the services of a given layer, and is transmitted semantically unchanged to a peer service user. The PDU at any given layer, layer 'n', is the SDU of the layer below, layer 'n-1'. In effect the SDU is the 'payload' of a given PDU. That is, the process of changing a SDU to a PDU, consists of an encapsulation process, performed by the lower layer. All the data contained in the SDU becomes encapsulated within the PDU. The layer n-1 adds headers or footers, or both, to the SDU, transforming it into a PDU of layer n-1. The added headers or footers are part of the process used to make it possible to get data from a source to a destination.
OSI security services description
The following are considered to be the security services which can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred to facilitate the authentication: ;Authentication ;Access control ;Data confidentiality ; Data integrity ; Non-repudiation
Specific security mechanisms
The security services may be provided by means of security mechanism:
The table1/X.800 shows the relationships between services and mechanisms Some of them can be applied to connection oriented protocols, other to connectionless protocols or both. The table 2/X.800 illustrates the relationship of security services and layers:
