flowchart
S[Security Services]
S --> E[Entity]
S --> D[Data]
E --1--> ID[Entity Identity];
D --2--> DI[Data Integrity];
D --3--> DC[Data Confidentiality];
ID --4--> EA[Entity Authentication];
ID --5--> DOA[Data Origin Authentication];
DI --6--> DOA --7--> NR[Non-Repudiation];
- Entity Identity refers to a user or process interacting with a security service.
- Data Integrity attests whether modification of data occurred.
- Data Confidentiality, achieved primarily through encryption, generally does not provide assurance of who sent the data nor that it is correct (identity and integrity).
- Entity Authentication attests that a given entity is involved and currently active in a communication session. It requires a freshness mechanism and is used when accessing resources. It does not necessarily require the origin of any data to be checked.
- Data Origin Authentication implies proof of the Identity the data originates from.
- Data Origin Authentication implies Data Integrity, but not the other way around. If we're not sure about the origin of the data, we cannot attest to its integrity.
- Non-Repudiation cannot be provided without Data Origin Authentication (and hence Data Integrity). In other words, having the assurance that a particular event was performed by an entity, also requires assurances about the origin of the data.
References:
Martin, K.M. (2017). Everyday cryptography: Fundamental principles and applications (2nd ed.). Oxford University Press.