Integrate SAP Sales Cloud and SAP Service Cloud with SAP S/4HANA

Integration Security Principles

Objectives
After completing this lesson, you will be able to:

After completing this lesson, you will be able to:

  • Explore technologies used in integration and communication security

Integration Security Principles

When sending data we need to make sure that the expected sender sends data to the expected receiver without eavesdropping, manipulation or loss of data in between.

How can we achieve this?

Symmetric Encryption

Before we concentrate on asymmetric encryption, first let's have a look at symmetric encryption to better understand the whole picture.

In order to communicate securely:

  • The sender and receiver need to exchange the key itself.
  • Must happen in a secure way.
  • Asymmetric encryption and public key cryptography are used for secure key exchange.

Public Key Cryptography

A pair of keys is generated by mathematical algorithms based on large numbers.

They are called private key and public key:

  • The private key remains with the owner and must be kept secret.
  • The public key can be shown to anyone.

Although the keys are mathematically related, it is computationally unfeasible to calculate one of the keys by just knowing the other key. That gives us interesting opportunities. The most important applications, are Asymmetric encryption and Digital Signatures.

Asymmetric Encryption

Asymmetric encryption algorithms allow a message to be encrypted with a public key and the message can only be decrypted with the matching private key.

Anyone knowing a person's public key can send encrypted messages to that person and only that person can decrypt the message.

Security depends on keeping the private key secret, otherwise a third party could decrypt the message as well. This helps ensure data confidentiality.

Digital Signature

In order to prove that a message was sent by a specific sender and that it has not been changed by someone else, the sender can sign the message.

Signing a message means that a hash is calculated over the content of a message and encrypted with the senders private key. The signature is appended to the message. They are sent together.

A hash is a mathematical one-way function where the result will completely change when the input (the message content) changes only a bit. A hash is like a bigger check sum. You cannot calculate the input from the result.

Anyone knowing the matching public key can verify the signature in 3 steps (shown in the diagram below).

  • Decrypt the hash using the public key.
  • Re-calculate the hash over the message content on their own.
  • Comparing the re-calculated hash with the decrypted hash of the received message. If they are equal, the message has been sent by this specific sender and has not been manipulated.

No one else can sign a message of the specific sender (as long as the private key of the sender is really private). This helps to assure authentication of the sender and integrity of the message.

Encrypted and Signed Communication

The most secure way of communication can be reached when using encryption and signing messages. A prerequisite of that is, that both, the sender and the receiver need the public key of each other. Then encryption and signing happens before the message is sent and decryption and verification of the signature after it has arrived at the receiver.

Save progress to your learning plan by logging in or creating an account