Home > Articles > Security > Software Security

  • Print
  • + Share This
From the author of

Review

Cryptography and shared secret keys can be used to secure electronic files and communications. Cryptographic assurances are categorized as follows.

  • Confidentiality is assurance that only owners of a shared secret key can decrypt a computer file that has been encrypted with the identical shared secret key.

  • Authentication is assurance of the identity of the person at the other end of the line. Because Bob can't send the shared secret, Alice challenges Bob to correctly encrypt a previously unused random number with their shared secret key. Only the shared secret key will correctly encrypt the random number.

  • Integrity, or message authentication, is assurance that a file has not been changed during transit. A message and a shared secret key make a unique message authentication code (MAC), or message fingerprint. Only someone with a copy of the shared secret key can correctly reproduce the fingerprint.

  • Nonrepudiation is assurance that the sender cannot deny that a file was sent. This cannot be done using a secret key alone; it requires a mutually trusted third party or public key technology.

  • + Share This
  • 🔖 Save To Your Account