Security can be taken as achieving a goal given an adversary.
Three ‘classical’ goals of security: confidentiality, integrity, availability. Today probably authenticity is most important?
Principal: an entity that participates in a security system. Can be a subject, a person, a role, a piece of equipment.
Identity: a correspondence between the names of two principals signifying that they refer to the same person or equipment. ‘Bob doing the dishes’ is the same Bob as in ‘Bob mowing the lawn’.
A trusted entity is one which if it were to fail would break the security policy. A trustworthy entity is one which won’t fail.
Secrecy: effect of a mechanism that limits the number of principals with access to information. The effect is a secret.
Confidentiality: an obligation to protect others’ secrets.
Privacy is the ability and/or right to protect your own personal secrets. Concerns individuals and families rather than legal entities like
corporations.
Privacy is secrecy for the benefit of the individual, confidentiality secrecy for the benefit of an organization.
Integrity = no change of state.
Authenticity. Academic definition is integrity plus freshness. Military definition is identity of principals and the orders they give.
In order for Alice and Bob to communicate confidentially, they need some information that no other party has, else that party could read their messages. Mathematics of cryptography provides rich (and sometimes unintuitive) structure for how such information arises (and leaks).
Open cryptographic systems: design is open to anyone. Protection against attacker is temporary variable called a ‘key’.