9 hours 48 minutes
Now, of course, one of the tenants of security, the C I. A tryout, right? Confidentiality, integrity and availability. And a lot of times when we're talking about life in the cloud, we focus on availability and we focus on confidentiality. Will we also, of course, have to look at integrity as well.
Again, we're responsible for our data and the quality of our data. So our concern is that data can be modified and it could be modified in a couple of different ways. It could be modified unintentionally, just through corruption. Right files just become corrupt. It could also be maliciously modified.
An attacker could delete, could modify, could embed files, could
at malware. You know, there are a lot of potential issues or ways in which dad is integrity could be affected.
So what we want to do is we want to make sure that we provide a means to detect integrity changes. So a couple of main ways that we think about with integrity, we think about hashes and we think about digital signatures. Now, hash we generally refer to the hash is the process.
But we sometimes refer to the hash is the result as well
in either waste fun. We hash
a document to produce a hash, but we could also refer to the hash as a message digest, so hashing a document gives us a message digest. So if you want to think about that message Digest to really think about it as being on Lee, good for
unintentional modification. It's not good for malicious modification. It's just a way to detect corruption.
So just to give you an example, if you take a look at the screen and you see I've got a message over on the left side, you see it says Hello
and let's say that you and I were concerned with integrity. We're sending data across a link that's not reliable. Were concerned. Packets get dropped.
All I care about is what I send you. I want you to know that what you receive is what I sent. Okay, so I had a time. We've agreed that we would come up with the scheme and what I would do before I send you. The message is, I would figure out the numeric value for each letter of the message. So
H is the eighth letter. He's the fifth else the 12th and so on.
And then I take those numbers and Adama.
So my message Hello? I did that, you know, math and came up with the number 52. As a result,
I send that message to you. You do the same function
when you come up with the number 52 I had the number 52. You can go. Oh, it hasn't been modified. Now my disclaimer here is, of course, that is a ridiculously easy hashing method that's nowhere near the complexity that really grown up hashing algorithms use. But that's just kind of my example so that you can see,
because if when you hash the document you came up with the number 53
and I had 52 you'd say, Oh, there's something different. It's been changed, right? So that's the purpose of 1/2. But now the problem with the hash is if someone maliciously modified the message,
they'd maliciously modify the hatch as well.
So if I change that message maliciously from hello to help with the new hash would be 53. That's what you'd get on your end, and you wouldn't notice the difference. So anybody who's trying to maliciously modify can get around a hash, a message digest very basic.
So if we want not just assurance against accidental modification but against true malicious modification. That's where digital signature comes in.
Because I need an assurance of the origin of the message and that the message hasn't changed and I need those two to come together.
That's what a digital signature is. So basically a digital signature uses the sender's private key that senders Private key is unique to the center,
and that private key is used on the hash. It's not sit with the hash. I've never seen my private key somewhere as my facts. You can kind of think of it as encrypting the half.
And when you have a hash encrypted with the sender's private key, that's a digital signature. My private key guarantees it came from me. The hash guarantees integrity. The two of those together give you what we refer to is non repudiation. Okay, now p k. I does give you Maur overhead.
I'm sorry. Jump right to a P K I.
If we're using a digital signature, you will have to have a public key infrastructure in place and you can just tell by the name public key infrastructure. There's a lot that goes with that. Okay, so it's not as simple as, well. Just use a digital signature. There's a lot of work,
so in some elements, some applications use hashes.
Some use P K eyes, but ultimately either of those will give us an assurance of integrity.
Certified Cloud Security Professional (CCSP)
This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.