1. CC Security
  2. 4. Secure communication in cloud
  3. 4.2. Introduction to secure communication
  4. 4.2.2. Security concepts for data in network / in cloud

4.2.2. Security concepts for data in network / in cloud

Goal 1/4

So far we have been informally presenting problems that need to be addressed when dealing with data transmission over a computer network, such as the Internet. Now, we give more precise definitions of concepts related to security of data.

Data confidentiality 2/4

Data confidentiality

The problem of data confidentiality is that of protecting sensitive data from being eavesdropped (taken over) by a third party that has no legitimate use of it.

In case of communication, the confidentiality deals with:

  • data transmitted over the network (payload);
  • meta-information attributed to the payload, such as origin and source, time of generation, transmission path, round-trip, packet count and size, etc.
While some meta-information cannot be effectively protected due to their nature (eg. destination address of a TCP packet must be given in plaintext in order to enable its proper routing), the payload can effectively be protected from eavesdropping by means of encryption.

Data integrity 3/4

Data integrity

By integrity of transmitted data one understands such condition that, upon receiving the data, the receiving party can:

  • ascertain that it originated from the sender, who is the other, previously established, party of the communication protocol;
  • determine that it has not been changed on its way;
  • (optionally) determine time of creation (sending) of the data.
This is achieved by means of message digests (or, to some extent, checksums) and signatures.

Note that integrity of data can be broken by corruption resulting from other causes than malicious behaviour of other users, i.e. can have its roots not related to security. This is the case of transmission errors, lost packets, etc. that have physical causes. We will focus on preventing corruption resulting from malicious abuse, and let other mechanisms deal with physical errors (see section on ISO-OSI model).

Data authenticity 4/4

Data authenticity

Alternatively called source authentication, data authenticity is a concept by which the receiving party can determine the identity and legitimity of the source.

According to this idea, each entity in a network should (must) have its own identity, i.e. a set of unique properties that can be verified beyond doubt as pertaining to this and only this entity. To that end, certificates are widely used, bringing along the concept of hierarchical tree of certificates. Namely, a given set of features uniquely identifying given entity must be confirmed by some other entity, who must be

  • trusted: it must be widely accepted that it has powers to determine the uniqueness of this set and attribute it to the certified entity;
  • authenticated: it must show its credentials, prooving its identity.
Naturaly, this is a problem of who authenticates the first authenticator, but one can see that such a tree of dependencies can be constructed.



PREV
NEXT

Projekt Cloud Computing – nowe technologie w ofercie dydaktycznej Politechniki Wrocławskiej (UDA.POKL.04.03.00-00-135/12)jest realizowany w ramach Programu Operacyjnego Kapitał Ludzki, Priorytet IV. Szkolnictwo wyższe i nauka, Działanie 4.3. Wzmocnienie potencjału dydaktycznego uczelni w obszarach kluczowych w kontekście celów Strategii Europa 2020, współfinansowanego ze środków Europejskiego Funduszu Społecznego i budżetu Państwa