- Encryption – The use of mathematical algorithm to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
- Digital signature – data appended to or a cryptographic transformation of data units that allows a recipient of the data unit to prove the source and integrity of data unit and protect against forgery.
- Access Control – In the context of network security access control is the ability to limit and control the access to host system and application via communication links. To achieve this, each entity trying to gain access must first be identified or authenticated so that access rights can be tailored to the individual
- Data confidentiality – Confidentiality is a protection of transmitted data from passive attacks. The other aspect of confidentiality is the protection of a traffic flow from analysis. This requires that an attacker not be able to observe the source and destination, frequency, length or other characteristics of the traffic on a communication facility
- Data integrity – As with confidentiality integrity can be applied to a stream of messages a single message or a selected field with in a message. A connection oriented integrity service assures that messages are received as send. With no duplication in modification, reordering or replace. The destruction of data is also covered under this service. Thus the connection oriented integrity service provides protection against message stream modification and denial of service.
- Non- repudiation – Non repudiation prevents either sender or receiver from sending a transmitted message. Thus when the message is sent the receiver can prove that the alleged center in fact send the message. Similarly the sender can prove that the alleged received the message.
Non repudiation – origin – proof that the message send by specified party
Non repudiation – destination – proof that the message was received by specified party