After completing this video, the learner will understand the goals of cryptography: confidentiality, integrity, authentication and non-repudiation.
- [Voiceover] Security professionals use cryptography for several different reasons. We describe those reasons as the four goals of cryptography. First, the most common goal of cryptography is to preserve confidentiality. Confidentiality ensures that unauthorized individuals are not able to gain access to sensitive information. If Alice and Bob are communicating with each other using encryption, they want to ensure that their communication remains private, and even if a third-party intercepts their communication, she is unable to read the contents.
The second goal of cryptography is integrity. Integrity protects messages against unauthorized modification. If Alice and Bob are communicating with each other, they want to make sure that someone else is not able to tamper with a message. Bob wants to know that the message he received claiming to be from Alice, is actually the message that Alice sent. The third goal of cryptography is authentication. Many systems that verify the identity of users rely upon the use of encryption.
I won't cover those in this course, but you can learn more about them in the Security Plus Access Control and Identity Management Course. The fourth and final goal of cryptography is nonrepudiation. Nonrepudiation means that the recipient of a message can prove to an independent third-party that the message actually came from the alleged sender. For example, if Alice sends a message to Bob using an encryption algorithm that supports nonrepudiation, Bob could then show the message to Charlie and prove to Charlie that the message actually came from Alice and that Bob simply didn't forge it himself.
The technology that we use to achieve nonrepudiation is called digital signatures. We'll discuss digital signatures later in this course. Nonrepudiation is only possible with asymmetric encryption algorithms. Remember, in symmetric cryptography, the sender and receiver both know and use the same key. In this approach, it would be easy for Bob to forge a message from Alice because Bob knows the same secret key that Alice does.
If Bob receives a message encrypted with that key, he does know that it came from Alice, because she is the only other person who has the key. Bob can't, however, prove to Charlie that the message came from Alice because Bob could just as easily have created it himself.
This course is part of a six-course series on the CompTIA Security+ exam, and is useful for IT professionals who wish to learn more about information security as well as students preparing to take the Security+ exam.
We are now a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Choosing encryption algorithms
- Applying symmetric and asymmetric cryptography standards
- Implementing key management, including key exchange and key stretching
- Working with public keys, trust models, and digital certificates
- Using transport encryption protocols
- Securing wireless networks