The value of Confidentiality, Integrity, and Availability
According to Wikipedia, “A blockchain, originally block chain, is a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree).”
What is the CIA Triad?
Before we get into the details of how blockchain can improve information security, let’s talk about the CIA triad. No, not the government agency, but the one related to Confidentiality, Integrity, and Availability. These three are the key attributes when it comes to information security and determining the impact of an attack involving some data, as well as the controls required for its protection.
C is for Confidentiality.
Confidentiality is about keeping sensitive data inaccessible to unauthorized parties and is typically achieved through methods such as encryption, hashing, masking, or access control.
I is for Integrity.
Specifically, integrity is about assurance that data has not been modified by unauthorized parties. This can be achieved by using signatures or Message Authentication Codes (MAC).
A is for Availability.
Last but not least, availability is about having the data available at all times when required, and the resulting impact from lack of such availability. A Denial of Service (DoS) attack often impacts this attribute. Having back-ups, redundancy, and a disaster recovery plan can help mitigate threats that impact availability.
Each of these CIA attributes should be considered when assessing the impact of an attack on a given piece of information.
CIA in action
For example, let’s say you own a retail store, and have your address listed on your public web site. Since this information is public, there is no confidentiality requirement or impact of exposure.
However, you do not want an unauthorized user to edit that address to direct your customers to a competitor. In this case, there would be a high level of impact to your business due to compromise of integrity of the address.
Availability is also a concern, since some of your customers who cannot find your address if your web site is down may shop at an alternate store. However, this does not apply to all customers, some of which will visit your site at a later time and continue to shop with you. Based on this, the impact due to lack of availability is moderate.
Which brings us to the impact of blockchain, which we’ll explain in the next post.