Security Goals in Cryptography and Network Security
The main Goal of Security is to protect data or information which is being transmitted and achieve the Confidentiality Integrity & Availability of the data.
- Following are the main goal of information security.
- Confidentiality refers to limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized ones.
- Sensitive information should be kept secret from individuals who are not authorized to see the information.
- The goal of confidentiality is authentication methods like user-IDs and passwords that uniquely identify a data system’s users, and supporting control methods that limit each identified user’s access to the data system’s resources.
- Confidentiality is not only applied to storage of data but also applies to the transmission of information.
- Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is travelling across a network.
- Integrity refers to the trustworthiness of information resources.
- Integrity should not be altered without detection.
- It includes the concept of “data integrity” namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity.
- It also includes “origin” or “source integrity” that is, that the data actually came from the person or entity you think it did, rather than an imposter.
- Integrity ensures that information is not changed or altered in transit. Under certain attack models, an adversary may not have to power to impersonate an authenticated party or understand a confidential communication but may have the ability to change the information being transmitted.
- On a more restrictive view, however, the integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.
- Availability refers, to the availability of information resources. An information system that is not available when you need it is at least as bad as none at all.
- Availability means that people who are authorized to use information are not prevented from doing so. It may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure.
- Almost all modern organizations are highly dependent on functioning information systems. Many literally could not operate without them.
- Availability, like other aspects of security, may be affected by purely technical issues (e.g. a malfunctioning part of a computer or communications device), natural phenomena (e.g. wind or %voter), or human causes (accidental or deliberate).
For example, an object or service is thought to be available if
- It is present in a usable form.
- It has capacity enough to meet the services needs.
- The service is completed an acceptable period of time.
- By combining these goals, we can construct the availability. The data item, service or system is available if
- There is a timely response to our request.
- The service and system can be used easily.
- Concurrency is Controlled.
- It follows the fault tolerance.
- Resources are allocated fairly.