|
Confidentiality and Integrity
I come across so many terms/jargons which sounds like almost same, but experts says they are different.. so confusing. Confidentiality and Integrity when we are talking about IP Security used to be one of those confusing terms.
What is Confidentiality ?
What do you imagine when somebody tells you "This is confidential information" ? In plain words, we can interpret it as "this is a secrete between you and me or secrete among only our group, you should not disclose this to anybody else".
Confidentiality in IP security is the same thing. It means 'it should not be open to anybody outside of a specified people or group'.
Then how can we guarantee (implement) the confidentiality ? If it is information verbally exchanged.. (the one that you told or heard about), the simplest way to guarantee the confidentiality is just "zip up your mouth". If it is something printed on the paper, just put it into a safe so that nobody can get access to it.
Then what about IP data ? how do you guarantee the confidentiality of IP data ?
Unfortuanately just "zip up mouth" or "put it in a safe" does not work for IP data because IP data is flow through IP network which is basically accessible to any PC or router or person.
Then how do we guarantee the confidentiality of IP data ? The most common mechanism is to encrypt the data. If you encrypt the data, any person/pc/router may capture the data but they would not figure out what it really means.
So.. when you are talking about Confidentiality of IP network, you will hear a lot of Encryption methods.
Followings are a list of common algorithms that can be better associated with Confidentiality
- Advanced Encryption Standard (AES): This is a widely used symmetric encryption algorithm that is considered very secure. It is often used to encrypt data in transit, such as email or chat messages.
- Secure Sockets Layer (SSL) / Transport Layer Security (TLS): These are protocols used to secure web traffic. They work by encrypting data in transit between a user's web browser and a web server.
- Internet Protocol Security (IPsec): This is a protocol suite used to secure IP communications by encrypting data in transit. It is commonly used to create Virtual Private Networks (VPNs).
- Pretty Good Privacy (PGP): This is a popular encryption program used to secure email communications. It uses public key encryption to ensure confidentiality.
- Blowfish: This is another symmetric encryption algorithm that is commonly used to secure data in transit.
- Rivest-Shamir-Adleman (RSA): This is a public-key encryption algorithm that is widely used to secure communications. It is often used to secure web traffic and email communications.
- Diffie-Hellman: This is a key exchange algorithm used to securely exchange keys between two parties. It is often used in conjunction with other encryption algorithms, such as AES or RSA.
- Secure Shell (SSH): This is a protocol used to securely connect to remote servers. It uses encryption to protect data in transit and also provides secure authentication mechanisms.
What is Integrity ?
Integrity means "This data is original data which has not be modified or corrupted in any way" (sorry, I don't have any proper way to explain 'Integrity' in plain or dailylife words. so the explanation would be a little dry). Even though you get some data delivered to you, what would be the point if it is not the same as original ?
Again.. the questions now would be "How do you gurantee(implement) the Integrity ?". A common method being used in IP data is to use "Hashing" algorithm. Overall logic is "create a specific tag which is derived from the whole contents". so you would hear of various Hashing algorithms when
you are trying to study Integrity of IP data.
Followings are a list of common algorithms that can be better associated with Integrity
- Hash functions: A hash function is a mathematical algorithm that takes in data of arbitrary size and produces a fixed-size output, called a hash. This hash can be used to verify the integrity of the original data. Examples of commonly used hash functions include SHA-1, SHA-2, and SHA-3.
- Message Authentication Code (MAC): A MAC is a cryptographic algorithm that uses a secret key to authenticate a message. The sender computes a MAC on the message using the key, and sends both the message and the MAC to the receiver. The receiver then recomputes the MAC using the same key and checks if it matches the one sent by the sender.
- Digital Signatures: Digital signatures provide a way to ensure the authenticity and integrity of a message. They are created using a private key that only the sender possesses. The receiver can verify the signature using the corresponding public key.
- Public Key Infrastructure (PKI): PKI is a system for managing digital certificates and public-private key pairs. It is commonly used to establish trust in a communication system, by allowing users to verify the identity of other users and ensure the integrity of messages.
- Transport Layer Security (TLS): In addition to providing encryption, TLS also includes mechanisms for verifying the integrity of data in transit. This is achieved through the use of message authentication codes (MACs) and digital signatures.
- Secure Hash Algorithm (SHA): This is a family of hash functions that are commonly used to ensure data integrity. They produce fixed-length output hashes that can be used to verify the integrity of a message or file.
- Advanced Encryption Standard (AES): While primarily used for encryption, AES can also be used to ensure data integrity. This is achieved by encrypting a message with a key, and then hashing the resulting ciphertext
Difference between Confidentiality and Integrity
|
Aspect
|
Confidentiality
|
Integrity
|
| Definition |
Protecting sensitive information from unauthorized access or disclosure |
Protecting information from unauthorized modification or tampering |
| Focus |
Maintaining secrecy and privacy of information |
Maintaining accuracy and consistency of information |
| Measures |
Encryption, access controls, data classification |
Checksums, digital signatures, data backups |
| Application |
Situations where unauthorized disclosure could have serious consequences |
Situations where accuracy and reliability of information are critical |
Why we need both Integrity and Confidentiality ?
You may think .. if you have encrypted data (if the confidentiality of the data is secured), you would think the integrity will be automatically guaranteed. You may ask how can I modify the original data without decrypting the data.
It is not true. Even though you cannot decrypt the data, you can still modify the data. Of course, you would know know the meaning of the modified data without decrypting it but you can change (corrupt) it anyway.
It means the Integrity of a confidential data (Encrypted data) can be broken. Even though you cannot decode (decrypt) the encrypt data, you can still change the data and deliver the wrong data to somebody else.
|