No, Dr. Franklin: safety IS liberty.

Mapping Security Concepts to Control

For each key concept in security, I’ll outline a basic definition, and give “Old World” (pre-information-age) and “New World” examples. The OWEs are often still relevant, but in some cases have been superceded; the NWEs seem to change every day.

  1. Authorization: control over action
  2. Authentication: control over identity
  3. Authenticity: control over reproduction
  4. Restricted delivery: control over reading of content
  5. Fingerprinting: control over altering content
  6. Connectivity: control over delivery

Authorization

Authorization allows control over action. Authorization is a way of saying “I grant that this action can be done by these people, and not by these other people”. It lets you select who may perform some action on your behalf.

Authentication

Authentication allows control over identity. By agreeing on an authentication mechanism, you and another party can agree on how you can prove you are you. This lets you retain control over your identity; without this, other people could impersonate you, and there would be no agreed-on way to disambiguate. (“No! Shoot him! He’s the evil twin!”)

Authenticity

Authenticity allows control over who is allowed to reproduce something. The canonical example is hard currency: the physical entities are created in a way which is hard to counterfeit. Because of this, the token itself is proof of authentication: the bill is therefore “backed by the full faith and credit, …” A Gucci logo provides authenticity to a handbag, providing trust in the consumer that the handbag is of a certain quality.

Restricted Delivery

Restricted Delivery allows control over reading of content. Only the designated recipient is given the right to read the contents.

Fingerprinting

Fingerprinting allows control over the integrity of content. (You might think of it as “write permissions” for content.) It ensures that if the content is tampered with, the tampering is evident.

Connectivity

Connectivity allows control over the guarantee of, and speed of, delivery[4]. Because no system provides infinite connectivity, absolute control is also impossible; but most situations allow some control.

In Summary

This was a fun mental exercise to try to figure out how to explain various security-related concepts.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Feinman

Alex Feinman

235 Followers

Obligate infovore. All posts made with 100% recycled electrons, sustainably crafted by artisanal artisans. He/him/his.