The discipline of cryptography, necessary for a variety of security applications, is no stranger to the arms race found in all other security disciplines. While modern cryptography aims to create mechanisms that protect information through the application of mathematical principles and computer science, cryptanalysis, by contrast, aims to defeat such mechanisms in order to obtain illegitimate access to the information.
This arms race between cryptography and cryptanalysis has incentivized the creation of stronger algorithms through the ages — from ancient Greece and Rome to our digital age and beyond. Some algorithms fall out of use due to flaws uncovered through cryptanalysis; others, simply due to advances in computation which render them ineffective when facing state-of-the-art technology.
In this post, we’ll define the security pillars of cryptography: confidentiality, integrity, and authenticity. We’ll then compare and contrast encryption, hashing, encoding, and obfuscation, showing which of these operations provide which of the security properties.
Confidentiality is about protecting information from being accessed by unauthorized parties or, in other words, is about making sure that only those who are authorized have access to restricted data. Integrity refers to protecting information from being altered, and authenticity has to do with identifying the owner of the information.
As an example, personal medical data needs to be confidential, meaning that only doctors or medical personnel should access it. Its integrity must also be protected because tampering with such data can result in a wrong diagnosis or treatment with possible health risks for the patient. Authenticity is this example means that patient data should be tied to an identified individual, and that, when a doctor modifies the data — because they authorized to do so — it’s of vital importance to know which doctor did it in a way that they can’t repudiate.
We’ll now define what is encryption, hashing, encoding and obfuscation focusing mostly on identifying which of the three cryptographic properties (confidentiality, integrity, authenticity) hold true for each of them.