Computer Networks: Does integrity depend on confidentiality?

Question

I'm taking the course computer networks and we currently had our second lecture. We got the following question:

What are the differences between integrity and confidentiality of a message? Is confidentiality possible without integrity? What about integrity without confidentiality? Explain.

From what I understand the main difference between confidentiality and integrity is that "confidentiality" should prevent from spying on the message / intruders. And "integrity" is to ensure that the original message hasn't been altered in any way (modification/deletion/insertion).

What I'm unsure about: Does confidentiality mean that a possible interuder can't decode the ciphertext, or does this mean he can't even intercept the cipher?

To the two questions about the dependecies of integrity and confidentiality: At first I thought: If an intruder can't intercept the message (break confidentiality), there's no way he can alter the message in any way (break integrity). But the more I think about that, the less certain I become. Especially when I think about deletion of a message.

Thanks a lot in advance for clearing things up.

P.S: I hope "confidentiality" and "integrity" are the right terms in English. We learned "Vertraulichkeit" & "Integrität" in German.

Answer 1

Confidentiality means that only the sender and receiver know the message. We ensure confidentiality by encrypting the message.

Integrity roughly means that the message being sent cannot be modified in transit. In more detail, it means that there is a way for the receiver to check that the message has not been tampered with. We ensure integrity by adding a hash or checksum to the message.

The two properties are completely independent:

• Confidentiality without integrity: Suppose I am sending you a cryptographic key, encrypted using a key we share. An attacker replaces the message with garbage having the same format. You will not notice any difference. The attacker has no way to read the original message, but they can modify it without you knowing it.

• Integrity without confidentiality: I can send you a signed message by encrypting a hash of the message using my private key. Anybody can verify that the hash matches the message using my public key, but I'm the only person who can sign it. There is no way to modify the message without invalidating the signature, but the message itself is free for all to see.