Cryptography Reference
In-Depth Information
cryptographic mechanisms, however, we will also indicate where issues of cost
may arise. Hopefully you will then be able to make up your own mind.
A
security service
is a specific security goal that we may wish to achieve. We
now introduce the main security services that we will be concerned with in this
topic. Note that while security services sometimes relate directly to human beings,
more often they relate to computers or other devices (often operating on behalf
of human beings). While this potential difference is an important issue that can
have important security implications (see also Section 8.3), we will normally avoid
concerning ourselves with it directly and use the generic terms
user
and
entity
in an interchangeable way to mean whoever, or whatever, is taking part in the
processing of data in an information system.
1.3.1
Basic definitions
Confidentiality
is the assurance that data cannot be viewed by an unauthorised
user. It is sometimes referred to as
secrecy
. Confidentiality is the 'classical'
security service that can be provided by cryptography and is the one
implemented by most historical applications. While it remains an important
security service, there are many modern applications of cryptography that
do not require the provision of confidentiality. Even when confidentiality is
wanted, it is rare for it to be the only security service that is required.
Data integrity
is the assurance that data has not been altered in an unauthorised
(which includes accidental) manner. This assurance applies from the time
that the data was last created, transmitted or stored by an authorised user.
Data integrity is not concerned with the
prevention
of alteration of data,
but provides a means for
detecting
whether data has been manipulated in
an unauthorised way.
Data origin authentication
is the assurance that a given entity was the
original
source
of received data. In other words, if a technique provides data origin
authentication that some data came fromAlice then thismeans that the receiver
Bob can be sure that the data did originally come fromAlice at some time in the
past. Bob does not necessarily care exactly
when
she sent it, but he does care that
Alice is the source of the data. Nor does he care from which immediate source
he obtained the data, since Alice could have passed the data to an intermediary
for forwarding (as is the case when data is passed over the Internet, where the
immediate source of data may be a web server or router). For this reason, data
origin authentication is sometimes referred to as
message authentication
since
it is primarily concerned with the authentication of the data (message) and not
who we are communicating with at the time the data is received.
