CIA Triad: Confidentiality, Integrity, Availability

By Ambadi MP |

What is the CIA triad? No, CIA in this case is not referring to the Central Intelligence Agency. CIA refers to Confidentiality, Integrity and Availability. Confidentiality of information, integrity of information and availability of information. Many security measures are designed to protect one or more facets of the CIA triad.

The CIA triad of Information Technology

The CIA (Confidentiality, Integrity, and Availability) triad of information security is an information security benchmark model used to evaluate the information security of an organization. The CIA triad of information security implements security using three key areas related to information systems including confidentiality, integrity, and availability.

Why Was it Created?

The CIA triad of information security was created to provide a baseline standard for evaluating and implementing information security regardless of the underlying system and/or organization. The three core goals have distinct requirements and processes within each other.

Confidentiality

When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties. Information has value, especially in today’s world. Bank account statements, personal information, credit card numbers, trade secrets, government documents. Everyone has information they wish to keep a secret. Protecting such information is a major part of information security. A very key component of protecting information confidentiality would be encryption. Encryption ensures that only the right people (people who knows the key) can read the information. Encryption is VERY widespread in today’s environment and can be found in almost every major protocol in use. A very prominent example will be SSL/TLS, a security protocol developed for communications over the internet that has been used in conjunction with a large number of internet protocols to ensure security. Other ways to ensure information confidentiality include enforcing file permissions and access control lists to restrict access to sensitive information.

Integrity

Integrity of information refers to protecting information from being modified by unauthorized parties. Information only has value if it is correct. Information that has been tampered with could prove costly. For example, if you were sending an online money transfer for $100, but the information was tampered in such a way that you sent $10,000, it could prove to be very costly for you. As with data confidentiality, cryptography plays a very major role in ensuring data integrity. Commonly used methods to protect data integrity includes hashing the data you receive and comparing it with the hash of the original message. However, this means that the hash of the original data must be provided to you in a secure fashion. More convenient methods would be to use existing schemes such as GPG to digitally sign the data.

Availability

Availability of information refers to ensuring that authorized parties are able to access the information when needed. Information only has value if the right people can access it at the right times. Denying access to information has become a very common attack nowadays. Almost every week you can find news about high profile websites being taken down by Distributed Denial of Service (DDoS) attacks. The primary aim of DDoS attacks is to deny users of the website access to the resources of the website. Such downtime can be very costly. Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods. How does one ensure data availability? Backup is key. Regularly doing off-site backups can limit the damage caused to hard drives by natural disasters. For information services that is overly critical, redundancy might be appropriate. Having an off-site location ready to restore services in case anything happens to your primary data centers will heavily reduce the downtime in case of anything happens. So, the CIA Triad is three concepts which have vast goals (if no end goals) in Information Security but with new types of attacks like insider threats, new challenges posed by IoT, etc. it now becomes even more difficult to limit and scope these 3 principles properly.


How does the CIA Triad for with CSI Linux?

Confidentiality

Within the environment, there are several options that you can use to encrypt and secure your cases and evidence. There are also mechanisms you can use to communicate with team members or informants through encryption. Here is a list of capabilities CSI Linux offers for encryption.

Encryption for Data at Rest

  • CCrypt is a tool for encrypting and decrypting files and streams
  • GnuPG (GNU Privacy Guard) is an open source variant of PGP
  • GPA (The GNU Privacy Assistant) is a graphical user interface for the GnuPG
  • KeePassXC stores your account information or sock puppet account information within an encrypted container
  • OnionShare lets you securely and anonymously share files, host websites, and chat using the Tor network
  • OpenSSL allows you to use asymmetric cryptography to encrypt messages or files alone with digitally sign messages
  • Veracrypt allows you to create an encrypted volume to store your evidence in if you need some extra security
  • ZuluCrypt focuses on hard drives encryption, and it can manage PLAIN dm-crypt volumes, LUKS encrypted volumes, TrueCrypt encrypted volumes, VeraCrypt encrypted volumes and Microsoft’s BitLocker volumes along with files

Hide and encrypt with Steganography

  • OutGuess is a steganographic software for hiding data in a graphic
  • Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files
  • Stegosuite is a graphical steganography tool to easily hide information in image files using AES encryption

Tunneling for Encryption for Data in Transit

  • I2P, like a VPN, protects your traffic until it leaves Tor. You can also connect to or set up your own hidden service and ALL communications are encrypted point-to-point
  • OnionShare lets you securely and anonymously share files, host websites, and chat using the Tor network
  • Tor, like a VPN, protects your traffic until it leaves Tor. You can also connect to or set up your own hidden service and ALL communications are encrypted point-to-point

Secure Messenger Applications

  • qTox (End-to-End encryption)
  • Signal (End-to-End encryption)
  • Slack (Stored on the server)
  • Telegram (End-to-End encryption for “secrets chats”)
  • Tox (End-to-End encryption)

Integrity

After collecting evidence, preserving evidence is one of the most important items on an investigator’s check list. Whether it is from an OSINT investigation or a computer forensics case, you need to ensure that and be able to verify that the evidence was not tampered with. The following list covers tools to help you hash or digitally sign data.

  • CSI Case Management hashes the evidence you collected within the Cases folder every time you are done with the application
  • GPA (The GNU Privacy Assistant) is a graphical user interface for the GnuPG (GNU Privacy Guard)
  • GPG GNU Privacy Guard) is an open source variant of PGP
  • MD5sum/SHAsum are command line hashing utilities.
  • OpenSSL allows you to use asymmetric cryptography to encrypt messages or files alone with digitally sign messages

Availability

In the event something goes wrong with the system or the evidence, we have added some backup capability to the Case Management system and options for the virtual appliance. It’s always good to backup, and backup often

  • CSI Case Management archives the evidence you collected within the Cases folder every time you are done with the application and stores those archives in the ~/Cases/Archive folder
  • You can make snapshots or backup the CSI Linux virtual appliance through VirtualBox or whatever virtualization hypervisor you are using

References

Image credit: jamestyson.co.uk

csilinuxlogo

Get the latest articles on your email