Appendix. Information security refresher

 

In this appendix, we’ll review the basics of information security that will help you understand how security in the cloud works. We’ll cover six topics:

  • Secret communications
  • Keys
  • Shared-key cryptography
  • Public-key cryptography
  • XML Signature
  • XML Encryption

These topics are relevant because cloud providers, having based their services on web services, all use these security technologies in their everyday operations. As you’ll see, keys are issued the moment you sign up for cloud services. The APIs used to create and control machine instances all use one or more of these means to keep your operations secret and secure. Let’s begin with the concept of secret communications.

Secret communications

Keeping communication secret is the heart of security. The science of keeping messages secret is called cryptography. You may think of cryptography as being used to scramble and unscramble messages to keep prying eyes from seeing your secrets. But that is never enough: you also need to know who is sending and receiving the message and whether they’re authorized to do so.

Keys

Shared key cryptography

Public-key cryptography

XML Signature

XML Encryption