Security Goals

Security Goals in Cryptography and Network Security

The main Goal of  Security is to protect data or information which is being transmitted and achieve the Confidentiality Integrity & Availability of the data.

  • Following are the main goal of information security.
  1. Confidentiality
  2. Integrity
  3. Availability 




Confidentiality

Security Goals
  • Confidentiality refers to limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized ones.
  • Sensitive information should be kept secret from individuals who are not authorized to see the information.
  • The goal of confidentiality is authentication methods like user-IDs and passwords that uniquely identify a data system’s users, and supporting control methods that limit each identified user’s access to the data system’s resources.
  • Confidentiality is not only applied to storage of data but also applies to the transmission of information.
  • Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is travelling across a network.




Integrity

  • Integrity refers to the trustworthiness of information resources.
  • Integrity should not be altered without detection.
  • It includes the concept of “data integrity” namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity.
  • It also includes “origin” or “source integrity” that is, that the data actually came from the person or entity you think it did, rather than an imposter.
  • Integrity ensures that information is not changed or altered in transit. Under certain attack models, an adversary may not have to power to impersonate an authenticated party or understand a confidential communication but may have the ability to change the information being transmitted.
  • On a more restrictive view, however, the integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.




Availability

  • Availability refers, to the availability of information resources. An information system that is not available when you need it is at least as bad as none at all.
  • Availability means that people who are authorized to use information are not prevented from doing so. It may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure.
  • Almost all modern organizations are highly dependent on functioning information systems. Many literally could not operate without them.
  • Availability, like other aspects of security, may be affected by purely technical issues (e.g. a malfunctioning part of a computer or communications device), natural phenomena (e.g. wind or %voter), or human causes (accidental or deliberate).





For example, an object or service is thought to be available if

  1.   It is present in a usable form.
  2. It has capacity enough to meet the services needs.
  3. The service is completed an acceptable period of time.
  • By combining these goals, we can construct the availability. The data item, service or system is available if
  1. There is a timely response to our request.
  2. The service and system can be used easily.
  3. Concurrency is Controlled.
  4. It follows the fault tolerance.
  5. Resources are allocated fairly.