C-I-A Security Triad

Bill Barge (2002)

 

Online security is a growing issue as consumers make more purchases and transactions over the Internet.  The same technology that allows these transactions to take place also provides a means for others to tamper with or steal information.  In light of these concerns, e-commerce companies need to make an effort to protect data and information accessible from their website.

 

The classic security triad is based on three tenants: confidentiality, integrity, and availability. Each of these tenants offer some level of protection, but the combination of these tenants allows an e-commerce company to keep data secret, insure data has not been corrupted, and keep the systems up and running. (Integrity: The Forgotten Leg…) 

 

Confidentiality.  To hide the details of a transaction and provide confidentiality, encryption can be used.  Encryption is the process of scrambling data into an unreadable form.  This scrambling is based on algorithms that use various forms of substitution or transposition to encrypt the message. The type of algorithm and key lengths determines the strength of the encryption method.  Using encryption to hide the contents of the data can increase security of data and information, such as customer credit card numbers.

 

There are three basic types of encryption: symmetric, asymmetric, and hybrid.

 

With symmetric encryption, both the sender and receiver use and know the private key.  The process is as follows: the sender encrypts some data using a key.  The data is treated as bits (binary digits) and is manipulated as bits.  The recipient then uses the same key to decrypt the data.  This type of encryption provides a fast and efficient method for hiding large amounts of data.

 

The current Digital Encryption Standard (DES) uses a 64-bit key to build the key table.  That gives 1.8 x 10¹⁹ possibilities for the encryption.  Even though this is an unimaginable number of combinations, in 1999, at the RSA Conference, the DES key was broken in less than 24 hours. (RSA, p. 47).  One replacement is Triple DES, which performs the DES algorithm three times in sequence.  The message is encrypted using DES, then the encrypted message is encrypted, and then that message is encrypted.  Although it would seem logical to conclude this encryption could be broken in less than 72 hours ( or 3 x 24 hours), even if the first key is broken, the result is still an encrypted message, which generally hampers the progress because the hacker does not know he has broken the first key. (RSA, p. 47)  

 

One problem is that the sender and receiver must know and use the same key.  In an e-commerce system where the seller may not have a previous relationship with a buyer, how can this encryption key be shared? In an Internet purchase, some other secure method is needed to pass the key.  And if an alternate secure method already exists, why would the symmetric encryption be needed? Symmetric encryption has very real limits in its practical use for e-commerce. However, symmetric encryption has a big advantage -- it is a very fast encryption method. 

 

Asymmetric encryption solves the problem of both parties in the transaction needing to know the same key.  With asymmetric encryption, the receiver has published (in some form) a public key.  Anyone wanting to send data will use this public key to encrypt the data.  The receiver then uses some private key to open and decrypt the data.  Two keys are used for every exchange -- a public key, which is freely distributed, and a private key, which is kept secret.

 

With any encryption, the data is treated as numbers and the encryption "plays" with those numbers.  Just as math is a one-way operation (meaning that given a solution it is hard to come up with the exact problem that gave you that solution), encryption is also a one-way operation, only with a built-in "trap door" – the key to decrypt the data.  In symmetric encryption, both parties know both keys.  In asymmetric encryption, the decryption key is not shared.  And just as it is not easy to determine what two numbers have a product of a third, for example, 256, it is not easy to determine the original unencrypted data with knowing the key.  This added complexity increases security, but also can slow the encryption/decryption process down by as much as 50%. (Surviving Security, p. 84)

 

How does it work?  One method is to use Linear Algebra.  The public key algorithm converts the data or message to bytes.  These bytes are then formed into a matrix.  This converted message is multiplied by a public key matrix.  To decrypt the message, the encrypted message is multiplied by the private key matrix, which happens to be the inverse of the public key matrix.  Since the key-matrix may be a 64 x 64 matrix, finding the inverse is not a trivial task!  (Applications of Linear Algebra) 

 

Asymmetric encryption is more practical for e-commerce applications, but the increased processing time does not make as practical an alternative to use all of the time.  Hybrid encryption methods combine the speed of symmetric key processing and the security of asymmetric key exchange by combining the two methods.  Although there are many configurations of hybrid methods, most web browsers help facilitate a hybrid method where asymmetric encryption is used by the e-commerce site to pass a symmetric key to the buyer’s web browser.  The e-commerce site in this case uses the inverse of a matrix as a public key, which is sent to the buyer.  The symmetric key is encrypted using a private key matrix.  The rest of the transaction can then be conducted using symmetric key encryption.  To increase security of the data being transmitted between the buyer and seller, the encryption key may be changed multiple times during the transaction by alternating between the two different encryption methods.

 

Why go through this process?  Sending unencrypted information sent through the Internet is like sending a postcard through the U. S. Mail. (Discovering Computers)  Encryption can be used to protect the customer’s information from people who have no legitimate reason to see it.

 

Integrity.  E-commerce security not only involves keeping the data secret, but also must provide a method for insuring the data or messages did not change or get corrupted.  Hashing functions are one method that can help prove data integrity.

 

A hash algorithm uses the data as an input and outputs a fixed-length number.  The output is the same size regardless of the size of the input data.  A hashing function has three properties:

 

1.       It must be infeasible to determine the input data based on the output.

2.       It must be impossible to find an arbitrary data that has a desired output.

3.       It should be computationally infeasible to find two different samples of data that have the same output.

 

Just like encryption, hashing functions are one-way functions.  However, once the data is "crunched" through the hash algorithm, you should not be able to get back the original data.

 

A collision happens when two dissimilar samples of data hash to the same value.  Based on the properties listed above, a hash function that causes a collision is not a good algorithm.

 

Hashing functions are used to prove that the data has not been altered.  Two possible uses to insure integrity in an e-commerce site are to indicate that data has been altered during a transmission and to indicate a problem in the website itself. 

 

To help insure the integrity of data that is transmitted, the sender not only sends the data (which could also be encrypted) but also sends a hash of the data.  The receiver then calculates a hash value of the data received.  If the hash sent and the newly calculated hash are the same, then the receiver has proved the data has not been altered. 

 

For example, when a customer places an order on the e-commerce site, the credit card information can be encrypted and the application can create a hash value of the information.  The encrypted order and hash are then transmitted through the Internet. When the order data is received by the back-end application, a comparison of hash values verifies that there were not transmission problems that corrupted the data. 

 

In a similar way, the integrity of the website itself can be validated by using a hash value.  After the webpage has been coded, a hash value is computed.  After the page is posted to the Internet and at some regular interval, a new hash value can be computed of the page.  These two hash values can be compared.  If the hash values are different, there is a good chance that someone has hacked into the system and changed the webpage.   

 

Availability.   The purpose of the third leg of the triad is to keep the system “up and running at all times.” (Integrity: The Forgotten Leg…)  From an e-commerce perspective, if the system is not available for the customer to use, the company cannot make any sales and cannot make any money.  Availability can be increased by the use of redundancy, disaster recovery, transaction logging, and intrusion detection.

 

Redundancy, from an availability perspective, allows a company to quickly and easily move operations to another computer system.  This may be done during periods of unusual activity or it may be to guarantee that the system will be available to the customer or user.  No matter the reason, the company would need to process each transaction through all of the multiple systems to keep all of the systems in sync.  If order activity is high on an e-commerce site, the application can direct different customers to different systems, all of which look identical.  But by spreading the load among multiple systems, the speed of transactions is not affected as it would if too many customers tried to use the same system. 

 

In the case of a problem with the primary system, processing can be moved to an alternate system and the affected system can be taken offline, without the customer’s knowledge.  In the integrity example where the website was changed, the offensive site can be moved offline and replaced with an uncorrupted copy. 

 

Using the same example, but on the same system, keeping a redundant clean copy of each web page allows the system to automatically replace the corrupted page with a clean version.

 

A disaster recovery plan can minimize the time an e-commerce website may be unavailable.  While redundant systems help keep the website available, if all of the systems are in one general area, such as the seller’s premises, a disaster, such as tornado or fire, may take out all of the systems.  But by planning ahead, a company can quickly get the website back up and running. 

 

A disaster recovery plan will have three parts – backup plan, recovery plan, and a test plan.  Backup is copying data at set intervals.  This copy of the data should then be stored offsite, so if a disaster happens, the data and the copy are not both lost.  However, a plan is also needed to restore the data in the case of a disaster.  If the data is copied, but there is no plan to restore the data and restart the system, there will be an interruption of service and possible lost revenue. (Systems Analysis & Design, p. 9.30)  To prove that the recovery plan will work, it should be tested by simulating a disaster.  During the test, tasks that are missing from the recovery plan, or needed data that has not been backed up, will be identified and should be added to the backup and recovery plans.

 

Transaction logging involves saving information of each transaction.  By keeping detailed records on who performed what actions at what time, a damaged system may be rebuilt, assuming the transaction log is not affected by the cause of the overall system failure.  For example, if a system creates a backup once an hour, an hour of transactions may be lost if the main database is corrupted.  The transaction log can be used to minimize the gap of lost data. (Systems Analysis & Design, p. 9.31)

 

Intrusion detection in the e-commerce system will help prevent the system being unavailable due to attacks.  A type of attack that may shut down the website is called a Denial of Service, or DoS attack.  In this type of attack, the e-commerce system is bombarded with hits in an attempt to overload the system.  A successful attack creates so much activity that the system will be virtually unavailable to legitimate customers.  By planning for this type of attack by installing router filters, backing up data, and having redundant systems, the impact of the attack can be lessened or eliminated.  (Denial of Service Attacks)  One survey found that the average loss from an outside intrusion was $60,000 (Insider Attacks)

 

Each of the three C-I-A tenants by themselves will not guarantee system security, but by using a combination of these services, e-commerce systems and transactions can be much more secure.

 

 

 

Sources:

 

 

Andress, Mandy. Surviving Security. Indianapolis: SAMS. 2002. Chapter 4.

 

Burnett, Steve and Stephen Paine. RSA Security’s Official Guide to Cryptography. New York: Osborne/McGraw-Hill. 2001.  Chapters 1-4.

 

Chuvakin, Anton. “Insider Attacks: The Doom of the Information Security Methods to Thwart Inside Attacks”.  http://www.sinc.sunysb.edu/Stu/achuvaki/internal-attacks.html

 

“Denial of Service Attacks”. Software Engineering Institute, Carnegie Mellon University. http://www.cert.org/tech_tips/denial_of_service.html

 

“Disaster Recovery Finds Prominence”. InfoWorld. http://www.infoworld.com/article/03/02/14/07dr_1.html

 

Gregory, Scott. “Application of Linear Algebra Data Encryption”. http://www.math.washington.edu/~king/coursedir/m308a01/Projects/m308a01-pdf/gregory.pdf

 

“How Encryption and Digital Signatures Work”, http://www.tatanka.com/doc/technote/tn0035.htm

 

Naccache, David and Jacques Stern. “A New Public-Key Cryptosystem”. http://www.gemplus.com/smart/r_d/publi_crypto/pdf/NS97pkcs.pdf

 

Parker, Donn. “Tired Triad”. Information Security. http://www.infosecuritymag.com/2002/feb/viewpoint.shtml

 

Schwartau, Winn. “Integrity: The Forgotten Leg of Security”.  Interpact Security Awareness. http://www.interpactinc.com/articles/integrity.html

 

Schwartau, Winn.  “What Happened to Availability?”, Network World. 01/06/03. http://www.nwfusion.com/columnists/2003/0106schwartau.html

 

Shelly, Gary B., Thomas J. Cashman, and Harry J. Rosenblatt.  Systems Analysis & Design, 5^th ed.  Boston: Course Technology, 2003.

 

Shelly, Gary B., Thomas J. Cashman, and Misty E. Vermaat. Discovering Computers 2002. Boston: Course Technology, 2001.