The core principles of modern-day cryptography include:
Let’s go over each one by one.
Data Confidentiality ensures that the data is limited to those who are authorized to view it. The data should only be visible to those who possess some critical information, like the decryption key, for example.
Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium like the internet, data integrity ensures us that a message wasn’t tampered with or accidentally altered.
Let’s use the example of military orders. We’re at war and an army general needs to send an order of retreat to his troops across the sea. Without a guarantee of data integrity, a hacker could intercept the message, change the order, and send it on its way. The army might receive an order to advance and walk right into a trap the general knew about.
Non-Repudiation assures that no one can deny the validity of the data in question, and is actually a legal term used in cyber security. Non-Repudiation is typically accomplished by the use of a service that provides proof of the origin and integrity of the information. It makes it nearly impossible to successfully deny who or where a message came from.
Non-repudiation is similar to data integrity, but it has more to do with knowing who sent the information, and less with whether or not it was changed along the way. In the military example from above, even if we could guarantee that the retreat order was never tampered with, non-repudiation would be a way to ensure it was the general who gave the order in the first place, and not some enemy spy.
There are two kinds of authentication typically used in cryptography.
- Integrity authentication like a MAC or HMAC ensures that data hasn’t been tampered with.
- Source authentication, like an SSL certificate, can be used to verify the identity of who created the information. Every time you connect to a website over HTTPS, your browser ensures that you’re connected to the site you think you are by checking the SSL certificate.