Message Security

Message Security

Let us first discuss the security measures applied to each single message.

We can say that security provides four services: privacy (confidentiality), message authentication, message integrity, and nonrepudiation.

Privacy

Privacy means that the sender and the receiver expect confidentiality.

The transmitted message must make sense to only the intended receiver. To all others. the message must be unintelligible.

The concept of how to achieve privacy has not changed for thousands of years: The message must be encrypted.

That is. the message must be rendered unintelligible to unauthorized parties.

A good privacy technique guarantees to some extent that a potential intruder (eavesdropper) cannot understand the contents of the message.

Message Authentication

Message authentication means that the receiver needs to be sure of the sender's identity and that an imposter has not sent the message.

The techniques like digital signature can provide message authentication.

Integrity

Integrity means that the data must arrive at the receiver exactly as they were sent, There must be no changes during the transmission, either accidental or malicious.

As more and more monetary exchanges occur over the Internet, integrity is crucial.

For example,

it would be disastrous if a request for transferring $90 changed to a request for $9,000 or $90,000. The integrity of the message must be preserved in a secure communication.

Nonrepudiation

Nonrepudiation means that a receiver must be able to prove that a received message came from a specific sender.

The sender must not be able to deny sending a message" that he or she, in fact, did send.

The burden of proof falls on the receiver.

For example,

when a customer sends a message to transfer money from one account to another, the bank must have proof that the customer actually requested this transaction.