Security Goals
Main goal of security is to protect data or information which is being transmitted and achieve the confidentiality, integrity and availability of the data. Following are the main goal of information security: Confidentiality, Integrity, Availability.
 |
| Figure: CIA Traingle |
Confidentiality:
Principle of security, which ensure that only the sender & the receiver of a message come to know about the content of message. For example, in military application information from one higher authority is sending to another higher authority. During this transmission process when third unknown person is trying to get this confidential information. This type of information leakage caused because of interception of third person. Here it means loss of message confidentiality. The attack threatening the confidentiality is traffic analysis.
Integrity:
Principle of security, which ensure that the content of message must not be altered/modified during its transmission from sender to receiver. In this case change in the information need to be done by authorized person and through authorized mechanisms only. Integrity gives assurance that data received exactly as sent by an authorized sender. The attack threatening integrity is modification of message.
Availability:
Principle of security, which ensures that a resources/computer system is available for authorized users only. Information of bank account stored in bank server; student’s information stored in university. All this information needs to be available to all authorized users only. Imagine the situation arise, if all above information is not available to authorized users. This is only one attack which threatening principle of availability called denial of services.
Authentication:
Data
authentication allows user or receiver to check whether that data really was
sent by the actual sender or not. In the two-party communication this mechanism
is achieved through symmetric cryptography. The sender and receiver share a
secret key to calculate a message authentication code of all communication
data. Receiver knows that the data is
send by exact or actual sender, if and only if message will accept by the
receiver. The attack threatening integrity is masquerade.
 |
Figure: CIA Traignle Compromised |
Non-repudiation:
It
prevents either sender or the receiver from denying that participated in all or
part of the communication.
Non-repudiation,
Origin: Proof that the message was sent by the specified party.
Non-repudiation,
destination: Proof that the message was received by the
specified party.
To learn more about Security Goals in cryptography, Click here
Useful blog, keep sharing with us.
ReplyDeleteCyber Security Goals
Fundamental Objectives of Cyber Security
Thank u so much.... Please follow my blog and share with others....
DeleteSubscribe my channel: Chirag Bhalodia
Home security without hassle home automation systems
ReplyDeleteIn Cyber Security Projects for Final Year and Information Security Projects , cryptography plays a vital role in protecting data and ensuring secure communication. The core security goals are often summarized as CIAAN: Confidentiality, Integrity, Availability, Authentication, and Non-Repudiation. These principles form the foundation of secure systems and guide the design of security mechanisms.
ReplyDeleteConfidentiality ensures that sensitive information is accessible only to authorized users. It is achieved using encryption techniques that prevent unauthorized access to data. Integrity guarantees that data remains accurate and unaltered during storage or transmission; hashing and digital signatures are commonly used to detect any changes. Availability ensures that systems and data are accessible when needed, which involves protection against attacks like Denial of Service (DoS) and ensuring reliable system performance.
Authentication verifies the identity of users or systems before granting access. This can be implemented using passwords, biometrics, or multi-factor authentication methods. Non-Repudiation ensures that a sender cannot deny sending a message or performing an action, typically achieved through digital signatures and logging mechanisms. Together, these goals provide a comprehensive framework for securing information and maintaining trust in digital systems.