Confidentiality and Integrity
I come across so many terms/jargons which sounds like almost same, but experts says they are different.. so confusing. Confidentiality and Integrity when we are talking about IP Security used to be one of those confusing terms.
What is Confidentiality ?
What do you imagine when somebody tells you "This is confidential information" ? In plain words, we can interpret it as "this is a secrete between you and me or secrete among only our group, you should not disclose this to anybody else".
Confidentiality in IP security is the same thing. It means 'it should not be open to anybody outside of a specified people or group'.
Then how can we guarantee (implement) the confidentiality ? If it is information verbally exchanged.. (the one that you told or heard about), the simplest way to guarantee the confidentiality is just "zip up your mouth". If it is something printed on the paper, just put it into a safe so that nobody can get access to it.
Then what about IP data ? how do you guarantee the confidentiality of IP data ?
Unfortuanately just "zip up mouth" or "put it in a safe" does not work for IP data because IP data is flow through IP network which is basically accessible to any PC or router or person.
Then how do we guarantee the confidentiality of IP data ? The most common mechanism is to encrypt the data. If you encrypt the data, any person/pc/router may capture the data but they would not figure out what it really means.
So.. when you are talking about Confidentiality of IP network, you will hear a lot of Encryption methods.
What is Integrity ?
Integrity means "This data is original data which has not be modified or corrupted in any way" (sorry, I don't have any proper way to explain 'Integrity' in plain or dailylife words. so the explanation would be a little dry). Even though you get some data delivered to you, what would be the point if it is not the same as original ?
Again.. the questions now would be "How do you gurantee(implement) the Integrity ?". A common method being used in IP data is to use "Hashing" algorithm. Overall logic is "create a specific tag which is derived from the whole contents". so you would hear of various Hashing algorithms when you are trying to study Integrity of IP data.
Why we need both Integrity and Confidentiality ?
You may think .. if you have encrypted data (if the confidentiality of the data is secured), you would think the integrity will be automatically guaranteed. You may ask how can I modify the original data without decrypting the data.
It is not true. Even though you cannot decrypt the data, you can still modify the data. Of course, you would know know the meaning of the modified data without decrypting it but you can change (corrupt) it anyway.
It means the Integrity of a confidential data (Encrypted data) can be broken. Even though you cannot decode (decrypt) the encrypt data, you can still change the data and deliver the wrong data to somebody else.