Home > Uncategorized > Confidentiality without Integrity & Vice versa

Confidentiality without Integrity & Vice versa

I came across this interesting piece by Nicholas Allen. I hadn’t though it was possible because i couldn’t come up with an example…but he seems to put it quite simply, thus i have copied this from his blog (http://blogs.msdn.com/drnick) verbatim:

“I’ve gotten several questions about how transport security works. I’m putting together a list of transport security topics to talk about over the next few months to cover this topic. Before getting to that list though, I thought I’d talk a little bit about what transport security does.

Transport security protects the transfer of a message. Security is provided on a point-to-point basis. The lifetime of the security session ends when the message arrives at an endpoint. If a message goes through multiple hops to reach its destination, the message needs to be resecured for each hop. This is different than message security, which can be used to provide end-to-end security regardless of the number of hops you’re going through. No matter what method you use though, security is providing any of the following three things.

Confidentiality. Confidentiality means that the contents of the message are kept secret from unintended listeners. An unintended listener is typically going to be someone that is trying to eavesdrop on your messages, although it’s possible for the unintended listener to come from logging or other normal network monitoring. Confidentiality protects you from spying.

Integrity. Message integrity means that you have confidence that the message you received is the same as the one that the sender sent. It’s possible to have confidentiality without integrity. Someone can hand you an encrypted message, and you can start changing bits in the message without knowing what those bits mean. Similarly, it’s possible to have integrity without confidentiality. You can transmit a message whose contents are clear, but provide a tamper-resistant envelope for the message. Any attempt to change the message will result in evidence of tampering.

Authentication. Authentication means that you have confidence that you know the identity of the other party in the communication. Confidentiality and integrity are not very useful unless the message is authentic. You can have a message that was kept secret and was not tampered with, but the author of the message is not who you thought it was. Authentication can be for the client, server, or mutually for both parties of the conversation.

Here’s the list of topics I’m thinking about so far:

  • Basics of Encryption and Hashing
  • Security Key Management
  • Basics of Security Certificates
  • How Stream Ciphers Work
  • How Block Ciphers Work
  • How RSA Works
  • How Diffie-Hellman Key Exchange Works

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: