CIA Triad is the most popular reference model for Information Security and Information Assurance that stands for Confidentiality, Integrity, and Availability. Sometimes affectionately referred to as the Holy Trinity of Data Security, the CIA Triad is also called the AIC triad (Availability, Integrity, Confidentiality) by some InfoSec experts to avoid confusion with the Central Intelligence Agency.In this model, confidentiality stands for a set of directives that prevents the exposure of data to unauthorized parties by governing and limiting access to it. Integrity describes the rules that preserve the trustworthiness and healthiness of data and prevent unauthorized users from tampering with it.
And availability promotes a state where authorized people are guaranteed to have reliable access to the information.ConfidentialityIn the general context, confidentiality is all about preventing the disclosure of data to unauthorized parties. But in rigorous terms, it also tries to keep the identity of authorized parties involved in sharing data private and anonymous. Keeping the involved parties identity confidential adds to the overall CIA triad, since malicious actors can’t reliably identify and compromise a target’s integrity or availability. Attackers have to randomly target participants of the network, something that gets increasinly Standard measures taken to establish confidentiality include but are not limited to encryption, passwords, two-factor authentication, biometric verification, security tokens, and more.Some of the challenges that could compromise confidentiality are:Encryption crackingMan-in-the-middle attacks on plain text dataInsider leaks where the data is not end-to-end encryptedDoxxing private information of data holdersYobicash manages and ensures confidentiality by using a IntegrityIntegrity preserves the authenticity of data over its whole life cycle by making sure unauthorized parties are not able to tamper with it.
It also ensures that data is not corrupted due to unintentional software or hardware malfunction.Standard measures to guarantee integrity include access controls, cryptographic checksums, and backups.Some of the challenges that could endanger integrity are:Tampering plain text data on the fly in a man-in-the-middle attackCompromising a cloud server where end-to-end-encryption is not usedAvailabilityAvailability of information promotes the state where authorized parties are able to access the information whenever needed.Information unavailability can occur due to malicious actors like DDoS attacks or hardware/software malfunctions or insufficiency. Some standard measures to guarantee availability include failover, redundancy, RAID and high availability clusters, adequate communication bandwidths, firewalls and proxy servers, and comprehensive disaster recovery plans.
Some of the challenges that could endanger availability are:DDoS (Distributed Denial of Service attacks) on servers preventing authorized parties from retrieving itRansomware attacks encrypting data on servers preventing authorized parties from viewing itDisrupting server room’s power supplyConclusionsWith the internet becoming ubiquitous in our everyday lives, data security plays an increasingly vital role. Since every open network is subject to externalities, the security of services is interdependent. Unfortunately, market dynamics disincentivize network participants to invest in their security, as the marginal benefits of investing in a participant’s network resource is way lower than its marginal benefits. Consumers generally tend to buy services at the lower end price range without realizing that in the long run, they will pay more due to security breaches.
Yobicash aims to put an end to this dilemma, by changing the landscape of information storage and sharing economy. By design, Yobicash’s intentionally simple architecture reduces its attack surface and Yobicash incentivizes network participants to invest in their security upfront, while increasing the costs for failing to do so. Malevolent nodesWhile the whole CIA triad must be rigorously implemented to provide for a network’s information security and information assurance needs, every service faces a dilemma of giving more weight to one or another of the three pillars, when time comes to implement the model.To secure proprietary assets like software, confidentiality is key, while integrity has more importance when securing banking data. On the other hand publicly accessible data like websites need to provide for availability above all else.Yobicash’s data storage and sharing model helps services like