2 cissp ® Official Study Guide Eighth Edition

Cryptographic Basics 
199
Confi dentiality is perhaps the most widely cited goal of cryptosystems—the preservation 
of secrecy for stored information or for communications between individuals and groups. 
Two main types of cryptosystems enforce confi dentiality. 
■
Symmetric cryptosystems
use a shared secret key available to all users of the 
cryptosystem. 
■
Asymmetric cryptosystems
use individual combinations of public and private keys for 
each user of the system. Both of these concepts are explored in the section “Modern 
Cryptography” later in this chapter.
The concept of protecting data at rest and data in transit is often covered 
on the CISSP exam. You should also know that data in transit is also com-
monly called data
on the wire
, referring to the network cables that carry 
data communications.
When developing a cryptographic system for the purpose of providing confi dentiality, 
you must think about three different types of data. 
■
Data at rest
, or stored data, is that which resides in a permanent location awaiting 
access. Examples of data at rest include data stored on hard drives, backup tapes, cloud 
storage services, USB devices, and other storage media. 
■
Data in motion
, or data on the wire, is data being transmitted across a network 
between two systems. Data in motion might be traveling on a corporate network, a 
wireless network, or the public internet. 
■
Data in use
is data that is stored in the active memory of a computer system where it 
may be accessed by a process running on that system.
Each of these situations poses different types of confi dentiality risks that cryptography 
can protect against. For example, data in motion may be susceptible to eavesdropping 
attacks, whereas data at rest is more susceptible to the theft of physical devices. Data in use 
may be accessed by unauthorized processes if the operating system does not properly imple-
ment process isolation.

Download 19,3 Mb.

Do'stlaringiz bilan baham: