Time
10 hours 28 minutes
Difficulty
Advanced
CEU/CPE
15

Video Description

This lesson discusses integrity which is the concept of detecting modifications to a network, be it intentional or unintentional (e.g. a file of corrupted across a link). Hashes are the tools used to detect unintentional modifications, also called a message digest. To detect intentional modification, Message Access Codes (or MACs) are used. The strongest method of detecting an intentional modification is with a digital signature.

Video Transcription

00:04
all right, so we talked about privacy. Also Norma's confidentiality and are three main threats to privacy. Social engineering, media re use and eavesdropping.
00:14
And when people talk about cryptography, that's what most people associate with it.
00:19
However,
00:20
other surfaces that cryptography can provide integrity, authenticity, non repudiation.
00:26
So let's talk about integrity for a moment.
00:29
And when we talk about integrity, what we want to be able to do is to detect modification.
00:35
Now modification can happen in several different ways. Modification could be unintentional or accidental, meaning that maybe a file is corrupted across a link.
00:45
Ah, integrity can be maliciously modified as well. Maybe an attacker intercepts communication. Modifies it. RETRANSMITS
00:54
so when we're talking about intentional versus unintentional, we have different ways that we deal with.
01:00
So, for instance, if we are concerned with intentional modification, actually, let's start with accidental modification.
01:08
What we use for accidental modification to detect that is a hash
01:15
and another word for a hash is a message digest,
01:19
and they'll be used interchangeably. A hash means message digest message. I just means a hash. We won't differentiate between the two,
01:26
but hashes and message digests are just there to detect accidental modification again, something like corruption on the line if we want to detect malicious modification, something that's done intentionally than their two elements that can do protection against intentional modification.
01:46
The first is called a map
01:48
message authentication code, and Mac is one of those fun acronyms. It's gonna mean lots of different things this week. If you've done in the reading ahead, you may be came across a mandatory access control or media access control. Well, today's meaning of the acronym Mac is message authentication code,
02:07
and a digital signature would also be able to detect intentional modification. But it does require an infrastructure. Now we're going to get into this and much more depth in just a little bit. But for now, I just want you to have this information hashes air good to detect against accidental modification.
02:25
Max and digital signatures
02:28
would be used to detect intentional modification, so they all essentially do the same thing. It's just that they implemented a little bit differently. The whole purpose with integrity is I want to be able to create a baseline image of the file. It's almost like if I have a class full of students
02:47
and I say
02:49
that I don't want anybody to move.
02:52
Okay, so I'm gonna take a picture of my class. I'll step outside. When I come back in, I'll take another picture. I compare the two pictures, and if they look the same, I know nobody's moved.
03:01
That's what a hash of the Mac and a digital signature do force in relation to integrity.
03:07
They produce a digital representation of a file,
03:10
and I'll put a hash on the file before I send it to you. So I'm gonna hash to file, come up with a digital representation, send it to you. You do the same process that I did. If your image matches my image, we know there hasn't been a modification,
03:25
and they all do these differently. But ultimately, that's the very nature of integrity. Checking now
03:34
with integrity, checking and digital signatures. Digital signatures actually go a step beyond integrity checking, and they give me authenticity. So with authenticity, we want to be able to verify the origin of a message.
03:50
And additional signature gives me that, as does a Mac. They just do it a little bit different.
03:57
So
03:59
we get a little authenticity with a Mac we get a little authenticity with a digital signature,
04:06
and I'm not asking that, you know, these terms yet other than just have a sense I want you to have heard them before. We haven't defined what a Mac is. We haven't defined the digital signature or even how a hash works. All of thes things will talk about very shortly. So for now, I just kind of want you to have some notes
04:25
on how we address the C I. A. Confidentiality, integrity and authenticity.
04:30
Ah, but don't feel bad if you're not familiar with them or how they're created.
04:34
All right Now
04:36
for integrity, hashes Max and Digital signatures,
04:42
Max and digital signatures go a step further than a hash because they give us authenticity.
04:48
Now, non repudiation is a combination of integrity and strong authenticity.
04:56
That's what non repudiation is that a sender can't dispute having sent a message nor the contents of a message.
05:05
So I can't say, Oh, that e mail didn't come from me.
05:09
Ah, or I can't say Yeah, the email came from me, but somebody must have modified it in transit. Non repudiation means that I can't dispute having sent a message nor the contents of the message. And the only way we get non repudiation
05:25
is through a digital signature.
05:29
Okay, now a digital signature takes things further than a hash. It even takes things further than a map
05:35
because it adds some uniqueness information that absolutely guarantees, at least to the degree that we can guarantee that the message came from me and we'll see how that works in the next section. So I want you to have integrity
05:49
for accidental modification is a hash. If it's intentional, you can detect that with the macro digital signature, but you don't get true. Stand up in court non repudiation unless you're using a digital signature.
06:04
So these are the main elements that cryptography gives us. And as a matter of fact, a lot of times when I talk about them,
06:14
I talk about them in relation to privacy,
06:16
authenticity, integrity,
06:23
non repudiation
06:27
and I always tell people to remember
06:29
the pain of cryptography. And that's how you could remember the four Security service's because again, most people zero in on privacy and Seo cryptography is all about keeping secrets, and it does provide that service. But also you can't forget authenticity verifying the origin of a message.
06:47
Integrity being able to detect changes and non repudiation binding, a message and its contents to an individual. So, in all seriousness, if you'll remember pain, those are the four service is that cryptography can provide.

Up Next

CompTIA CASP

In our online CompTIA CASP training, you will learn how to integrate advanced authentication, how to manage risk in the enterprise, how to conduct vulnerability assessments and how to analyze network security concepts and components.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor