In present day scenario security of the system is the sole priority of any organisation. The main aim of any organisation is to protect their data from attackers. In cryptography, attacks are of two types such as Passive attacks and Active attacks.
Passive attacks are those that retrieve information from the system without affecting the system resources while active attacks are those that retrieve system information and make changes to the system resources and their operations.
The Principles of Security can be classified as follows:
The degree of confidentiality determines the secrecy of the information. The principle specifies that only the sender and receiver will be able to access the information shared between them. Confidentiality compromises if an unauthorized person is able to access a message.
For example, let us consider sender A wants to share some confidential information with receiver B and the information gets intercepted by the attacker C. Now the confidential information is in the hands of an intruder C.
Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the person trying to access the information. The authentication is mostly secured by using username and password. The authorized person whose identity is preregistered can prove his/her identity and can access the sensitive information.
Integrity gives the assurance that the information received is exact and accurate. If the content of the message is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity of the message is lost.
Non-repudiation is a mechanism that prevents the denial of the message content sent through a network. In some cases the sender sends the message and later denies it. But the non-repudiation does not allow the sender to refuse the receiver.
- Access control:
The principle of access control is determined by role management and rule management. Role management determines who should access the data while rule management determines up to what extent one can access the data. The information displayed is dependent on the person who is accessing it.
The principle of availability states that the resources will be available to authorize party at all times. Information will not be useful if it is not available to be accessed. Systems should have sufficient availability of information to satisfy the user request.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
- Classical Cryptography and Quantum Cryptography
- Custom Building Cryptography Algorithms (Hybrid Cryptography)
- Difference between Network Security and Cyber Security
- Difference between Information Security and Network Security
- Difference between Cyber Security and Information Security
- How Security System Should Evolve to Handle Cyber Security Threats and Vulnerabilities?
- Principal of Information System Security : Security System Development Life Cycle
- Difference between Security Group and Network ACL in AWS
- Port Security in Computer Network
- Network Security
- Voice Biometric Technique in Network Security
- A Model for Network Security
- Protection Methods for Network Security
- Security Environment in Computer Network
- Pivoting - Moving Inside a Network (Cyber Security)
- Block Cipher Design Principles
- Differences between Classical and Quantum Cryptography
- Difference between Steganography and Cryptography
- Cryptography and its Types
- Difference between Cryptography and Cryptology
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.
Improved By : Ritu Mehrotra