Chapter 13. Deployment considerations and tools 509
Confidentiality
When a packet travels across a standard network, it is possible to use a packet sniffer to
passively read the message. This means packets travelling a network can be read without
either the sender or receiver ever knowing. To overcome this, messages should be encrypted
to assure confidentiality.
Confidentiality means that the contents of the messages remain private as they pass through
the Internet. Without confidentiality, your computer broadcasts the message to the network,
similarly to shouting the information across a crowded room.
Encryption ensures
confidentiality.
Integrity
For example, you may want to know if the data received is the same as the data that was sent.
You can determine this through two possible solutions:
digital signature (or hashing) and
encryption.
The sending system calculates a hash value based on the message being sent. The hash
value is appended to the transmission. The receiving system uses the same calculation to
generate a value. The receiving system then compares the calculated value with the received
value. If the values are different, then it assumes that the data changed. To provide more
bullet proof security, the message should first be encrypted using an appropriate encryption
algorithm.
Integrity means that the messages are not altered while being transmitted. If a router or other
network device inserts, deletes, or garbles the message as it passes by, the receiver would
detect the modification. Without integrity, you have no guarantee that the message you sent
matches the message that was received. Encryption and digital signature ensure integrity.
Authenticity
Consider the scenario where you want to know who is at the other end of a Web site to test its
authenticity. One way to find out is through the use of digital certificates and digital signatures
(see Figure 13-3).
Figure 13-3 Verifying identity: Digital certificates and digital signatures
Authenticity means that you know who you are talking to and that you trust that person.
Without authenticity, you have no way to be sure that anyone is who they say they are.
Authentication through digital certificates and digital signatures ensure authenticity.
Problem - How do we know who is at the other end?
I am going to setup a fake site to
sell football tickets. No one will
ever know. I'll make millions.
This site does not have a
certificate from a trusted source. I
think I'll order some football tickets
from someone else.
Certificate
University of the Internet
Issue Date
Distinguished Name
Public Key
Expiration Date
Digital Signature of CA
Authenticity