From the course: Threat Modeling: Tampering in Depth
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Channels and messages
From the course: Threat Modeling: Tampering in Depth
Channels and messages
- [Instructor] Data flows are made up of messages and channels. Messages flow along channels and either the messages themselves or the channel, can be tampered with. Let me explain. We'll use email as an example. A message, like an email, flows through an SMTP channel. I can secure the message using a cryptographic tool like PGP or S/MIME and I can secure the channel using something like StartTLS. Each protects integrity. The first protects the integrity of the message. The second protects the integrity of the channel. Both are useful. By the way, both also provide confidentiality for the data as it flows over a network and PGP or S/MIME can provide confidentiality to the message while it's stored on disk. The two layers are complimentary because not every message has to be signed. Back to message and channel integrity, they do slightly different things. I can have a message where there's no integrity…