Difference Between Privacy and Security

The difference between privacy and security can be a bit confusing as security and privacy are two interrelated terms. In information technology world, providing security means providing three security services: confidentiality, integrity, and availability. Confidentiality or privacy in one of them. So, privacy is just one part of security. Privacy or confidentiality means keeping something secret where the secret is known by only the intended parties. The most used technique for providing confidentiality is encryption. To provide other security services techniques such as hash functions, firewalls are used.

What is Security?

The word security with respect to information technology refers to providing the three security services confidentiality, integrity, and availability. Confidentiality is concealing information from unauthorized parties. Integrity means preventing any unauthorized tampering or modification of data. Availability means providing the service for the authorized parties without any disruption. Attacks such as snooping, where the attacker eavesdrop a message sent by a person to another, causes threats to the confidentiality. Techniques such as encryption is used to provide security against such attacks. In encryption, the original message is changed based on a key and without the key an attacker won’t be able to read the message. Only the intended parties are given the key using a secure channel so that they can only read. AES, DES, RSA and Blowfish are some most famous encryption algorithms out there.

Attacks like modification, masquerading, replaying, and repudiation are some attacks that threaten integrity. For example, say someone sends an online request to a bank and someone taps the message on the way, modifies it and sends to the bank. A technique called hashing is used to provide security against such attacks. Here a hash value is calculated based on the content of the message using a hashing algorithm like MD5 or SHA and sent with the message. If someone does even a tiny modification to the original message then the hash value will change and so can detect such a change. Attacks such as denial of service attack threaten availability. For example, say a situation where millions of false requests are sent to a web server until it is down or the response time becomes too high. Techniques such as firewalls are used to prevent such attacks. So security means providing the three service confidentiality, integrity and availability using various technologies such as encryption and hash functions.

What is Privacy?

Privacy is a similar term for confidentiality. Here only intended or authorized parties should be able to share secrets while unauthorized parties cannot be able to find out the secrets. Privacy is one of the most important and critical things when providing security. If there is a breach in privacy, security is affected. So privacy is part of security. Security involves providing services such as confidentiality (privacy), integrity, and availability while privacy is one such service that comes under security. Say, in a certain company a head office communicates with the branch office over the internet. If some hacker can acquire sensitive information, then the privacy is lost. So techniques such as encryption is used to protect the privacy. Now the employees on both sides know a secret key that only they know and any communication can be decoded only using that key. Now a hacker cannot gain access to information without the key. Here, the privacy depends on keeping the key secret. Privacy can be with respect to a single person as well. An individual can have data which he needs to keep private for himself. So, in such situation also, encryption can help to provide that privacy.

What is the difference between Privacy and Security?

• Security refers to providing three services confidentiality, integrity, and availability. Privacy or confidentiality is one of those security services. So, security is an umbrella term where privacy is a part of it.

• Providing security can be costlier than providing just privacy as security involves services other than privacy as well.

• A breach of privacy means a breach of security as well. But a breach of security does not always mean a breach of privacy.

Summary:

Privacy vs Security

Security is a broad field where confidentiality or privacy is a part of it. Apart from providing privacy, providing security means providing two other services namely integrity and availability as well. To provide privacy the most used technique is encryption. Privacy means that something is kept secret among only the authorized people. If the secret is leaked that is a breach of privacy and in return a breach of security as well.

 

Images Courtesy:

  1. Information Security Attributes by  JohnManuel (CC BY-SA 3.0)