Security Goals

So from my last post (https://medium.com/the-fun-of-cryptography/why-crypto-b71dea18c717) (and by the way you should really try following the order), we get that every system has a vulnerability and that message transmission systems are no different. Our goal now is to make passing messages more secure.

Well we need to first understand what we want to achieve here and determine what it means for a message to be more secure. An analogy would describe it better.

Suppose you have 2 good friends, Alice and Bob, who are also good friends with each other. Alice lives in America, you live in Canada and Bob lives in India.

But Alice and Bob had a fight over something silly and haven’t been talking for a day now.

Alice and Bob

Alice realizes that the fight was her fault and decides to apologize to Bob. Of course her ego gets in the way so she asks you to get the message to Bob.

Think about what Alice would not want to happen.

Well, she is going to want to tell you and you alone. Not someone who claims to be you/ speak for you, not some person whose Instagram ID is almost the same as you. So she is going to want to make sure the person she tells is authentic and not a phony in any way.

She also trusts you, so she’s hoping you aren’t going to go and tell someone else, say her rival Eve. Neither does she want you to leave your phone outside and allow everyone else to see it. She’s hoping whatever she tells you stays confidential.

She probably doesn’t want you to add stuff to what she says. That could potentially ruin her message and all chances of ever patching things with Bob. So she’s depending on your integrity to take the exact message to Bob.

There are other concerns, but these 3 are the broadly accepted goals of security.

So to end our hypothetical scenario and get back to cryptography, there are 3 broad security goals, which are :

1. Authentication : Being able to make sure that the sender/receiver is known to you.
2. Confidentiality : Making sure the contents of the message are only seen by the sender and receiver.
3. Integrity : Making sure that the message transmitted by the sender is delivered as is to the receiver without any modification/loss whatsoever.

That would sum it up for the security goals. Cryptography has always been about fulfilling them and we’ll see how it’s done in further posts.

Note :

1. Usually confidentiality is put above authentication but I believe it’s more important to confirm the identity of the receiver before worrying about messages getting leaked to a third party. However cryptography has been historically oriented towards achieving confidentiality before authentication, so we have to study ciphers which only look at confidentiality before getting to more complicated ones.
2. The catch in the example is that you, the third party, really are getting access to the message Alice is sending. In reality we all do depend on a third party, the communication channel. We try to make it as reliable as possible but in reality communicating through a channel is always unsafe. There are ways to make those safer and for the most part, email or WhatsApp should do the job well, but you can never really let go of the suspicion that someone is reading what you say over there. For 99% of conversation though it doesn’t matter.