In my understanding, encryption is a measure that protects the message from being read by an unintended recipient.
It can have more than one purpose.
Often, "secure" is a mix of three completely separate concepts:
- Privacy – the information is secure from observation by others
- Authenticity – the information is from a trusted party
- Integrity - the information was not modified or constructed by an untrusted party
Message authentication codes (MACs) do the third, and can also do the second if requirements are met. Unless the message also contains an unique value, a
nonce, included in the authenticated part of the message, the same message can be replayed by an outsider and therefore break authenticity (without breaking integrity).
If the nonce is observable to outsiders, being able to see all messages in order, an attacker who knows the method of generating the nonces, can use each message to exclude a small part of the vast numeric phase space, making brute-force attack the more feasible there is data observed, and eventually break the integrity and authenticity.
Message privacy is a two-sided blade. On one hand, by making the messages private, the
nonce is not visible to the outsiders, and it can help keep the information authentic even when privacy itself is not a particular goal. On the other hand, by making
predictable data private, one can significantly hinder the security of the cryptographic algorithms, because the predictable data (especially at the beginning) can make it very cheap to exclude significant fractions of the (admittedly vast) numeric phase space for the algorithm, making it possible to brute-force the encryption open.
The simplest, and arguably most powerful form, of symmetric encryption is exclusive-ORing the message bits with a cryptographically secure, unpredictable sequence of bits (
keystream) that both ends can generate, but outsiders cannot guess or derive even when they see all messages passed. This itself is quite lightweight, as you can imagine; it is the establishment of such keystreams between parties when outsiders can see all messages passed that is the hard part (and nowadays typically involves public key cryptography, which is quite slow/computation-intensive).
For things like intravehicular buses, in cars and aeroplanes and such, privacy is typically not an important goal; it is the authenticity and integrity that makes encryption desirable. Professional developers in this field also use the privacy as a social tool for those not versed in cryptography or secure design in general, because laymen intuitively associate secrecy with security. In computer systems the picture is much more complicated, so making things private/secret even they really don't need to be, is often a secondary goal with basis in human policies instead of information security per se.
As nfmax wrote above, military flight data on the other hand is something you do want to keep private/secret especially after a plane crash, so encryption is an absolute must there.
Edit: WTF? The editor adds an unnecessary close-list tag at the end of my post. Post-Edit: Oooh, at some point it added one at the beginning too, so now it works as expected. Weird.
Home
Help
Search
Login
Register
