Aspects of Data Security – P A I N

The data security involves four aspects namely Privacy, Authentication, Integrity and Non Repudiation, in a word PAIN.

Privacy refers to the confidentiality of transmitted data. More precisely privacy is needed to ensure that a data is intelligible only to the intended receiver. Privacy can be achieved by encrypting the data which can only be decrypted by the authenticated receivers. There are two different categories to encrypt or decrypt a data: the secret key method and the public key method. The secret key can be viewed as a lock having exactly one key, used for both locking and unlocking. So, one key be used by both sender and receiver while the key be used to encrypt the data by the sender and the receiver decrypt it by the same key only. As both the sender and receiver keep the key secret, it is called secret key. The secret key procedure takes less time to encrypt or decrypt the data as the key is generally small and it is the reason that this method be used to encrypt or decrypt long messages. Whereas the public key can be viewed as a lock having two keys, one public key for locking and one private key for unlocking. In this method one key is announced to the public which be used to encrypt the data or messages and another one is kept secret by the receiver for decryption. It efficient for mass communication as the number of needed keys is lesser than secret key procedure.

Authentication, another aspect of data security, is subject to authenticate the transmitted data. It ensures the receiver that the message or data was sent by a true or expected sender. Authentication can be achieved by user authorization method where the identity of the sender be checked before receiving data. Like encryption/decryption user authorization also is checked using private key method and public key method.

Data Integrity means that the data, received by the receiver, is exactly identical to the sent data. No changes should occur during the transmission, either accidental or malicious. Integrity is subject to the data that has a complete or whole structure. Data integrity ensured by three types of integrity constraints: entity integrity, referential integrity and domain integrity.

Non Repudiation means that the receiver must be able to prove that the received data came from a specific sender. This aspect is important in the business point of view. For example, if a customer sends a request for a product to a vendor, the vendor must be able to prove that.



Source by Saurav S Roy

Popular Posts

Leave a Reply