Data Integrity Recap
• We’ve looked at a lot of concepts so far that build on top of each other (and we’re not done yet).
• Before we proceed, let’s take a minute to digest (pun intended) how the concepts we seen so far are
related:
- To ensure that only certain people can read our data, we can encrypt the data.
-- Otherwise --
1) To ensure that plaintext data hasn’t been tampered with, we generate a message digest.
2) To ensure that the message hasn’t been replaced (and given a new digest), we will encrypt the message
digest (which is a digital signature).
3) To ensure that the digital signature is authentic, we get a digital certificate (validating the key used to
decrypt the signature and the key owner).
4) To ensure that the digital certificate is not given to us by an imposter, we check with a certificate
authority (who vouches for the validity of the certificate).
5) To ensure that the certificate authority is not a fraud, we can have certificates provided by certificate
authorities validated by another certificate authority (certificate chaining).
Authentication and Authorization
• For our next section, recall our security cycle from the beginning of the chapter:
• Authentication ties in and overlaps with some of the concepts we covered already.
• However, authentication primarily deals with two things:
- Identity (who is being authenticated?)
- Proof of identity (is the person really who they say they are?)
• Authentication has a circular relationship with data integrity:
- In order to authenticate someone, we need to be assured that the proof of identity is valid – which relies
on data integrity.
- Data integrity relies on digital signatures, certificates and authorities for proof of authenticity.
• Lastly, there is authorization
• Of the three main topics in the security cycle, authorization is the trickiest.
- There is no standard for authorization – it is application specific.
- We need to ask, “Who is given authorization to what?”
- On a related note, we also need to ask, “Who is giving the authorization?” (in other words, “Who’s
checking authorization?”)
• However, by authorizing users (meaning that the user has been authenticated), this exposes our data.
- This can compromise data integrity.
- By looking at our security cycle, we can see how this can trickle through and cause a lot of damage.
- On the other hand, the entire cycle has certain checks and balances to protect the rest of the cycle (even
if one piece is compromised).
• We’ve looked at a lot of concepts so far that build on top of each other (and we’re not done yet).
• Before we proceed, let’s take a minute to digest (pun intended) how the concepts we seen so far are
related:
- To ensure that only certain people can read our data, we can encrypt the data.
-- Otherwise --
1) To ensure that plaintext data hasn’t been tampered with, we generate a message digest.
2) To ensure that the message hasn’t been replaced (and given a new digest), we will encrypt the message
digest (which is a digital signature).
3) To ensure that the digital signature is authentic, we get a digital certificate (validating the key used to
decrypt the signature and the key owner).
4) To ensure that the digital certificate is not given to us by an imposter, we check with a certificate
authority (who vouches for the validity of the certificate).
5) To ensure that the certificate authority is not a fraud, we can have certificates provided by certificate
authorities validated by another certificate authority (certificate chaining).
Authentication and Authorization
• For our next section, recall our security cycle from the beginning of the chapter:
• Authentication ties in and overlaps with some of the concepts we covered already.
• However, authentication primarily deals with two things:
- Identity (who is being authenticated?)
- Proof of identity (is the person really who they say they are?)
• Authentication has a circular relationship with data integrity:
- In order to authenticate someone, we need to be assured that the proof of identity is valid – which relies
on data integrity.
- Data integrity relies on digital signatures, certificates and authorities for proof of authenticity.
• Lastly, there is authorization
• Of the three main topics in the security cycle, authorization is the trickiest.
- There is no standard for authorization – it is application specific.
- We need to ask, “Who is given authorization to what?”
- On a related note, we also need to ask, “Who is giving the authorization?” (in other words, “Who’s
checking authorization?”)
• However, by authorizing users (meaning that the user has been authenticated), this exposes our data.
- This can compromise data integrity.
- By looking at our security cycle, we can see how this can trickle through and cause a lot of damage.
- On the other hand, the entire cycle has certain checks and balances to protect the rest of the cycle (even
if one piece is compromised).
Data Integrity
Table of Contents
Copyright (c) 2008. Intertech, Inc. All Rights Reserved. This information is to be used exclusively as an
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
online learning aid. Any attempts to copy, reproduce, or use for training is strictly prohibited.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Courseware
Training Resources
Tutorials