1.1 Security triad (CIA triad)
Confidentiality
Confidentiality measures are designed to prevent disclosure of information from unauthorised intended or unintended access attempts. The information is access only by authorised individuals or entities. Confidentiality can be achieved through encryption, access controls, authentication mechanisms, and data classification.
Integrity
The consistency, accuracy and trustworthiness of data must be maintained over its entire lifecycle. The modification to the data are not made by unauthorised personnel or processes. Unauthorised modifications are not made to data by authorised personnel or processes. The data is consistent among all sub-entities and the internal information is consistent with the real-world. Integrity mechanisms such as hash algorithms, checksums, digital signatures, and access controls help verify the authenticity and reliability of data.
Availability
Information should be consistently and readily accessible for authorised parties. This involves maintaining hardware and technical infrastructure and systems that hold and display the information. Measures such as redundancy, backups, disaster recovery plans, and resilient network architectures are employed to maintain availability and mitigate the impact of attacks or system failures.
Other security aspects
Authenticity
Authorisation
1.2 Kerckhoffs principle
A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
The Kerckhoffs Principle is a fundamental concept in cryptography. The principle states that the security of a cryptographic system should not rely on the secrecy of the algorithm but rather on the secrecy of the key.
Why security should not solely rely on the algorithms? Algorithms may become known over time due to various reasons such as reverse engineering, accidental disclosure, etc. Once an algorithm is exposed, the security of the system would rely solely on the secrecy of the key.
Secret key
Key is short string, easier to hide; but strong enough to be unguessable.
By relying on the secrecy of the key to provide security, the key can be changed or rotated as needed for further enhance the security. To construct a robust key, the key has to have the following characteristics:
- Unpredictable
- Random
These involve the concept of hashing and random key generator.
Back to parent page: Cyber Security and Security Engineering
Reference: