June 2010 Edition
Computer Science Department, University of Cape Town
| MSc-IT Study Material June 2010 Edition Computer Science Department, University of Cape Town |
Table of Contents
When information transmitted over the Internet, not only does the data have reach its destination, but it needs to arrive intact and uncorrupted (integrity), and other people should be prevented from seeing it (confidentiality).
The nature of the Internet makes directing information to reach its destination relatively trivial, but ensuring its integrity and confidentiality is more difficult. Fortunately, encryption algorithms have made both integrity and confidentiality feasible.
Additionally, users like to know that the information they receive is genuine (authentication) and that the sender of the information cannot deny that they sent it (non-repudiation).
The following four key words are essential. Make sure that you understand what they mean, as they will be used throughout this unit.
Integrity
Confidentiality
Authentication
Non-repudiation
The Internet is a packet-passing network, and so information sent from one machine to another passes through many intermediate machines as the data is routed towards its destination.
These intermediate machines can see all the packets routed through them, as well as keep copies of the packets and possibly change their data content before passing them on. Information on a network or internetwork is clearly not confidential by nature.
It also means that the information's receiver cannot be sure that the information has been unchanged: in other words, there are doubts about the information's integrity.
As any intermediate machine may have changed the data, the data can also not be authenticated, and the original source can deny that they originally sent the data (they can repudiate the data).
While some of these problems are alleviated due to the nature of the Internet (since the various packets containing the data may go via different routes), they cannot be eliminated.
While a large portion of information on the Internet is meant to be widely shared (such as a company's website), there is also important information transmitted over the Internet that is meant to be private and secure.
Consider the needs of e-commerce, where private information, such as credit card details, are transmitted online.
When consumers purchase goods via credit card, they do not want any intermediate people to know their credit details.
Generally, any important information sent over the Internet should be secured in some way. There are obviously different types of information, and some need more security than others.
The important issues around obtaining a credit card number from a customer are:
If the transmission of the credit card details isn't confidential, customers are open to credit card fraud.
If the data's integrity isn't assured, then their credit details, or their purchase information, may be invalid.
If the communication details cannot be authenticated, then there is no guarantee that the purchased products are being sent to the right person.
If there is no non-repudiation, the customer can deny that they ordered the product once they have received it, and cancel the credit card payment.
How would you go about trying to make messages secure? Consider the realm of popular books and movies, can you think of any examples where information is made secure? What were the means used to secure information in your examples?
You can find a discussion of this exercise at the end of the chapter.