Central Intelligence Agency

--Originally published at Diego's Password

This blog isn’t actually about CIA the agency as the title suggests. It’s about confidentiality, integrity and  availability. I chose to write this blog post till the end cause it was’t appealing to me at the beginning. Now that I’ve made research, it relates to almost every topic I’ve written about. I’ll write very briefly what I learned during the research of all my blogposts and this specific one.

These three concepts refers to information security, so we’ll be talking about data privacy a lot. The first concept is confidentiality.

The state of keeping or being kept secret or private

Confidentiality means that data must remain secret; must be viewed only by its owner or the ones with access, pretty simple. If we want to talk about confidentiality we need to mention encryption. Encrypting a peace of data ensures that no-one else will be able to read it but you.

giphy.gif

Integrity. If I lend you a music cd, I expect it in return unmodified right? Cause modified would be worthless, For what would I need a scratch cd? Same happens with information. If you are making a transaction of 10 Mexican pesos and you receive a 10000 Mexican pesos. What would happened? First of all you became broke. But the bank service would become worthless. Similar to confidentiality, instead of preventing a file from being readied by unauthorized people, integrity prevents from being written or modified.

In order to keep integrity in data, a good and easy method would be to sign it. Just the people with the signature will be able to read and modify the file. We did a very easy example in class in which we sign files. The profesor told us that this is very useful when you want to release a peace of code  for which you don’t want any modifications.

giphy2.gif
giphy3.gif
want the users to receive exactly as you write it. How would you prevent your file from being written but at the same time keep it readable for everybody? You cannot just alter the permission cause anyone could make a copy, alter it and pretend like it was your copy from the very begging. If you signe a file, you can profe that it was yours later on if you still have access to the signature. You could publish your paper, publish your signature in an authenticated social network. Users downloads your code and prove it was exactly yours. In fact, if you change the code, but leave it as it was; it would generate the same signature. Integrity and love succeeded again.

giphy2.gif

Availability. What could availability mean?

The quality of being able to be used or obtained.

Accessing data when it’s needed; the easiest one, right? May be availability can be easier understood when its broken. Denial of service attacks break this quality. It makes a given service or data unaccessible by its users. I wrote a complete blogpost about this kind of attacks. I’ll link it here. In order to prevent an attack of this sort from happening, backup. Doing regular backups and making sure the users have complete access through different ways to these backups will ensure a high level of availability.

giphy3.gif