Integrity, Non-Repudiation, and Confidentiality Introduction

Among the foundational concepts in digital identity are message integrity, non- repudiation, and confidentiality. Integrity ensures a message or transaction has not been tampered with. Non-repudiation provides evidence for the existence of a message or transaction and ensures its contents cannot be disputed once sent. Confidentiality ensures that only the people or processes authorized to view and use the contents of a message or transaction have access to those contents. In some situations, these properties are unneeded luxuries, but in others, the lack of one of these properties can lead to disaster. Understanding them, and when to use them, is crucial to a building distributed systems.

Lesson Objectives

After completing this lesson, you should be able to

1. Distinguish between private-key and public-key cryptography
2. Define what message digests and hashes and describe why they’re important and how they’re used.
3. Show how a digital signature works.
4. Describe why digital certificates and needed and distinguish between certificates and keys.
5. Explain public key infrastructures and how they’re used.

Required Reading/Viewing

• Integrity, Non-Repudiation, and Confidentiality (06 Integrity.pdf Download 06 Integrity.pdf
  )

Additional Resources

• Gnu Privacy Guard (GnuPG) Mini Howto  Links to an external site.
• Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age Links to an external site. - this book is written for a general audience and describes some of the history of the development of cryptography. I recommend it for context and because it's a good read. 
• Security Engineering: A Guide to Building Dependable Distributed Systems Links to an external site. - an engineering text that "teaches readers how to design, implement, and test systems to withstand both error and attack."
• Cryptography Engineering: Design Principles and Practical Applications Links to an external site. - the is a basic overview of cryptographic technology with exercises.
• Serious Cryptography: A Practical Introduction to Modern Encryption Links to an external site. - this is a bit deeper and includes discussions of applications the ramifications of design choices.