The Goals of the Security Efforts
Before you make any security concept you should be clear which goals to reach
with a security concept.
The four goals of the security efforts are:
is the shelter of your confidence. Everytime we write a letter or do a call
on the phone we are sure nobody else is listening to our communication. This
is assured by the privacy of letters and (in Germany) there is the privacy
of telephone calls given by the Telekommunikationsgesetz § 85. Only
under suspicion of a crime an examining magistrate may suspend this privacy
and intercept the communication.
Data in computer networks are easyly to be read by anyone, the privacy is not
guaranteed. Only with encryption it is possible to achieve privacy, when only
the sender and the recipient know the key for decryption.
we expect everytime when we communicate. We assume that messages between us
and our communication partner are transfered entirely and unchanged. If someone
is capable to insert a "no" into a telephonecall the message will be
falsified. This is easy to do on computer networks, messages often cross lots
of computers on their way, so called "hops". An attacker can easyly
receive a data package on a computer in this chain and send it again with
A remedy to care for this problem is checksum over the sent data which is then
sent to the recipient on a different way. The recipient can compare the received
checksum with an actually generated one. A difference reveals that the integrity
is lost, the data has been tampered with.
is missing and causing problems when something of our computer equipment
is not working as we expect it to work. This does not only mean failure
of hardware but also includes the missing of data, programs and information
when we need it. Waiting times caused by hardware failure as well as the
retyping of crashed dokuments are expensive. But the availability is also
damaged when an attacker abuses the infrastructure for other purposes and
the user is blocked by overloaded systems.
To save the availability means on one hand side to avoid the abuse of
infrastructure, on the other hand it means data security. It should be
fast and cheap to recover lost data in case of hardware failure.
Of course, data protection is a main task of an administrator to prevent
losses of availability. Virus protection is important as well, from
computer virusses data can be damaged and hardware can be affected in its
operation. To exclude abuse every legal user is identified with password
and illegal users are rejected.
last not least empowers us to process business over the internet. Only when
a company can be sure that a customer who is ordering via internet is the one
he claims to be, an electronic business becomes calculable. This is the reason
to discuss the electronic signature. This is a very complex item on which
scientists have filled books.
A "one way hash function" is used in combination with a
certificate which is generated by signing with the private key of an
unsymmetric key pair. Using the secret private key enables the recipient
to confirm with the public key if the key used for signing is fitting to
the public key. The one way hash function ensures, that a change of a document
can be detected instandly.