Confidentiality involves passing a message among authorized parties without any unauthorized parties who obtain it, through eavesdropping or other techniques, being able to understand it.395 Cryptography provides confidentiality by scrambling the message before it is passed, so that even if unauthorized individuals get a copy of the scrambled message, it isnt feasible for them to figure out its original contents in ample time. Only the intended receiver of a message can decrypt it.
This works provided the key is not detected or broken. As we mentioned earlier, keys come in two flavors, secret key (symmetric encryption) or public/private key (asymmetric encryption), and either type can be used to enforce confidentiality.
To enforce confidentiality with asymmetric encryption, you would obtain the recipients public key and encrypt the message with the public key of its recipient before sending it; the recipient would decrypt it with his private key upon receipt. Since you can only encrypt a message with a single public key at a time, this allows you to send a specific confidential message to only one person at a time. If you want to communicate confidentially with multiple people using asymmetric cryptography, you have to send a separate message to each recipient, each encrypted with the receivers public key.
To enforce confidentiality with symmetric encryption, you would encrypt the message with the shared secret key, and the intended receivers would decrypt it using the same shared-secret key. Because anyone who possesses the shared secret key can decrypt the message, messages encrypted with symmetric encryption can be sent to multiple people at a time, rather than requiring a separate message per recipient, as with asymmetric methods.
395. Schlaff, Robert, Confidentiality Using Authentication, gttp://www.acm.org/crossroads/xrds5-2/confide.html
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.