exposure of data | Confidentiality | - ability to keep information unavaliable and private to unathorized / cryptography is a tool to achieve confidentiality / not only content but also meta data(phonecall content <-> records) is important |
tempering with data | Intergrity 무결성 | ascertain that imformation has not been subject to addition·deletion·modification·undue delay / e.g. SHA, MAC / intentional or accidental data changes should be detectable |
Impersonation | Authentication 인증 | ascertain the indentity of others / e.g. digital signiture |
사기..?오리발? | Non-Repudiation | prevent an authorized party from denying the existence or contes of a communication session (일이 일어났다는 사실을 부정하는거 막음) / e.g. Digital signature+notarization(from third party) |
exposure of personal information | Privacy | 어디까지 오픈할건지 degree to which entity(user, device) is willing to share info about itself / vs Auth. non-repudiation / the right of entity acting in its own behalf / e.g. encryption |
Identification of individual | Anonymity | Being not identifiable within a set / diffrent with privacy (anonymity : action may be public, but actor's indentity remain privacy) / e.g. randomization, k-anonymity, I-diversity, TOR |
Denial of service | Availability | prevent an unauthorized entity from making resources unavaliable / resource(computing, networking..) / e.g. prevent DoS attack / Cryptography isn't enough to deal with Dos Attack -> also other techniques(backup, redundancy, redirection ,,,) |
Forbidden access | Authorization(Access control) | verify proper privileges to access resorce (접근권한) / authentication(e.g. ID) -> authentication / relate : Access control (IEE 802.1X, firewall...) |