cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
OliLue
Newcomer III

Encryption granted confidentiality and integrity?

Hi,

 

I found such question.

The sender encrypts a message with the recipient's public key. This ensures:

1 Integrity

2 Non-repudiation

3 Prof of origin

4 Confidentiality

 

I could mark more than one answer. For me it is 1 & 4.

 

unfortunately I got an incorrect for this question.

 

Do you have an idea? Clear, primar reason to use encryption is confidentiality........

12 Replies
dcontesti
Community Champion

Off the top of my head, I am going to assume that the author was going for B) Non-repudiation.

 

Typically these systems (non-repudiation) use digital signatures to ensure that one party cannot successfully dispute its authorship of a document or communication.

 

Suggest that you look at this WIKI for more explanations:

 

https://en.wikipedia.org/wiki/Public-key_cryptography

 

and

 

https://en.wikipedia.org/wiki/Non-repudiation

 

 

denbesten
Community Champion

Confidentiality is ensuring that the message is only readable by the intended parties and is best accomplished using the recipient's key pair.

 

Integrity is ensuring that the message is as intended by the sender and is best accomplished using the sender's key pair.

 

Although use of the recipient's public key prevents the message from being modified in transit, it does not attest to the identity of the sender, making 1, 2 and 3 much less correct than 4.

saurabh007
Viewer II

Hi

 

1 Integrity - this is achieved using Hash and hashing is not encryption. this only checks if data is not tampered during the exchange.

2 Non-repudiation - this will happen if the sender encrypts using his private key and then share the public key with the recipient

3 Prof of origin - this can be achieved with CA

4 Confidentiality - this is matching the question where the sender encrypts using the recipient public key but do not achieve non repudiation and integrity.

 

So will go with Option 4.

OliLue
Newcomer III

Great help.

In between I go with answer 4, based on the explanation of surabh007.

Thanks to all for your support.
Sam1u
Viewer

I would choose options 1, 2 and 4.

 

Trust all, love few, paddle your own canoe!
JohnEricsson
Newcomer I

1 Integrity

2 Non-repudiation

3 Prof of origin

4 Confidentiality

 

If the public key was treated in the same way as a private key then 1,2, and 4 would be true. 

 

However the "text book" way of describing public keys is they are shared far and wide. 

Therefore non-repudiation can not be claimed because anyone could encrypt the document.

There is an argument that it could protect integrity because no changes could be made to the encrypted  document, but I think not for the same reasons as non-repudiation. 

I COULD BE WRONG

 

I hate questions like this, because I add "yeah, but what if" or "but we dont know if" scenarios. I think you have to take questions at face value. 

 

 

JoePete
Advocate I


@JohnEricsson wrote:

I hate questions like this, because I add "yeah, but what if" or "but we dont know if" scenarios. I think you have to take questions at face value. 


Yes, I have always found the "textbook" answers a bit presumptive around cryptography. For example, I consider non-repudiation and authentication just derivatives of integrity even though they are typically presented as distinct attributes that can be delivered only through asymmetric (not symmetric) encryption. Well, that all really depends the quality of your keys and how your secure them - not really the algorithm. Further homomorphic encryption can throw integrity out the door even though it is asymmetric.

 

There's also the issue that availability is often left out as an objective of cryptography, but in the context of ransomware and digital rights management, cryptography can certainly impact the availability of resources.

 

For an exam, yes, memorize that they want, but in practice, I think it is fair to say cryptography can impact all three aspects of the CIA triad. And if you don't consider non-repudiation and authentication under the integrity umbrella, then you can take those onto CIA (CIA-NRA - how's that for an acronym?) too.

Early_Adopter
Community Champion

I think the proper answer is probably “e”, nobody knows how to read it… because we encrypt the session key we used to encrypt the message using the recipients public key.

This provides for the confidentiality of the symmetric session key that is effluent in encryption of the message and the recipient can decrypt this - at least that’s how it nomally works in S/MIME, OpenPGP etc.

1,2,3 are all incorrect and require message digest, and encryption of the same with the senders private key - a hash encrypted with a prove key is how we make digital signatures which give us authenticity, integrity and from these non-repudiation. (Check out Qualified Digital Signatures).

So the answer is 4 as the most correct but no one really does it like that because it would take too long and the standards work differently thanks to clever people.
Dinar8
Viewer II

4