Confidentiality refers to the process of protecting information from being accessed by unauthorized parties.

Achieving confidentiality

The main technique to achieve confidentiality is encryption.

Encryption

Encryption is the process of converting the original representation of some information, known as plaintext, into an alternative form, known as ciphertext. The ciphertext can be converted back to the original plaintext only by specific authorized parties, and any other parties should not be able to infer anything about the plaintext by looking at the corresponding ciphertext.

For technical reasons, encryption is typically achieved through the use of a pseudo-random encryption key, where decryption is achieved through the use of the corresponding decryption key.

There are two main encryption schemes: symmetric and asymmetric.

Symmetric encryption

Symmetric encryption is the simplest kind of encryption, where there is a single key that can be used both as the encryption and decryption key, as shown in the following illustration:

Asymmetric encryption

Asymmetric encryption uses two separate keys, an encryption key and a decryption key, as shown in the following illustration:

  • The encryption key is a public key shared with everyone who needs to send encrypted messages to an entity.

  • The decryption key is a private key and it is used only by this entity to decrypt incoming messages.

Comparison between symmetric and asymmetric encryption

Symmetric encryption is generally faster than asymmetric encryption, but it suffers from a bootstrapping problem because one needs to find a secure way to exchange the symmetric key in the first place.

As a result, many protocols initially use asymmetric encryption to exchange a symmetric key, and then it is used for symmetric encryption for the remaining communication.

Use cases of encryption

There are two main use cases of encryption, known as encryption in transit and encryption at rest.

Encryption in transit

Encryption in transit is used to encrypt data transferred through a network, which protects the disclosure of this data to intermediaries in this transfer.

Encryption at rest

Encryption at rest is used to encrypt data stored on computers and storage devices, which protects this data if other security measures fail and malicious actors gain access to the systems where the data is stored.

Get hands-on with 1400+ tech skills courses.