Security Goals

Security Goals in Cryptography and Network Security

The main Goal of  Security is to protect data or information which is being transmitted and achieve the Confidentiality Integrity & Availability of the data.

  • Following are the main goal of information security.
  1. Confidentiality
  2. Integrity
  3. Availability 




Confidentiality

Security Goals
  • Confidentiality refers to limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized ones.
  • Sensitive information should be kept secret from individuals who are not authorized to see the information.
  • The goal of confidentiality is authentication methods like user-IDs and passwords that uniquely identify a data system’s users, and supporting control methods that limit each identified user’s access to the data system’s resources.
  • Confidentiality is not only applied to storage of data but also applies to the transmission of information.
  • Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is travelling across a network.




Integrity

  • Integrity refers to the trustworthiness of information resources.
  • Integrity should not be altered without detection.
  • It includes the concept of “data integrity” namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity.
  • It also includes “origin” or “source integrity” that is, that the data actually came from the person or entity you think it did, rather than an imposter.
  • Integrity ensures that information is not changed or altered in transit. Under certain attack models, an adversary may not have to power to impersonate an authenticated party or understand a confidential communication but may have the ability to change the information being transmitted.
  • On a more restrictive view, however, the integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.




Availability

  • Availability refers, to the availability of information resources. An information system that is not available when you need it is at least as bad as none at all.
  • Availability means that people who are authorized to use information are not prevented from doing so. It may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure.
  • Almost all modern organizations are highly dependent on functioning information systems. Many literally could not operate without them.
  • Availability, like other aspects of security, may be affected by purely technical issues (e.g. a malfunctioning part of a computer or communications device), natural phenomena (e.g. wind or %voter), or human causes (accidental or deliberate).





For example, an object or service is thought to be available if

  1.   It is present in a usable form.
  2. It has capacity enough to meet the services needs.
  3. The service is completed an acceptable period of time.
  • By combining these goals, we can construct the availability. The data item, service or system is available if
  1. There is a timely response to our request.
  2. The service and system can be used easily.
  3. Concurrency is Controlled.
  4. It follows the fault tolerance.
  5. Resources are allocated fairly.

 

Akhil Trivedi