Technical University of Mombasa

Session 3: Cybersecurity Principles

Objectives:
We will focus on the following principles or goals of cybersecurity:
 Confidentiality,
 Integrity,
 Availability
 Authentication
 Non-repudiation

3.1 Introduction
Authentication and non-repudiation are tools that system designers can use to
maintain system security with respect to confidentiality, integrity, and availability
(called CIA triad). Understanding each of these six concepts and how they relate to one
another helps security professionals design and implement secure systems. Each
component is critical to overall security, with the failure of any one component
resulting in potential system compromise.

There are three key concepts, known as the CIA triad, which anyone who protects
an information system must understand: confidentiality, integrity, and availability.
Information security professionals are dedicated to ensuring the protection of these
principals for each system they protect. Additionally, there are three key concepts that
security professionals must understand to enforce the CIA principles properly:
authentication, authorization, and nonrepudiation. In this section, we explain each of
these concepts and how they relate to each other in the digital security realm.

3.2 Cybersecurity Principles

i) Confidentiality
- Is the assurance that information is not disclosed to unauthorized individuals,
processes, or devices.

Assuring that unauthorized parties do not have access to a piece of information is a

complex task. It is easiest to understand when broken down into three major steps.
- First, the information must have protections capable of preventing some users
from accessing it.
- Second, limitations must be in place to restrict access to the information to only
those who have the authorization to view it.
- Third, an authentication system must be in place to verify the identity of those
with access to the data. Authentication and authorization, described earlier in
this section, are vital to maintaining confidentiality, but the concept of
confidentiality primarily focuses on concealing or protecting the information.

TUM is ISO 9001:2015 Certified

1
One way to protect information is by storing it in a private location or on a private
network that is limited to those who have legitimate access to the information. If a
system must transmit the data over a public network, organizations should use a key
that only authorized parties know to encrypt the data. For information traveling over
the Internet, this protection could mean using a virtual private network (VPN), which
encrypts all traffic between endpoints, or using encrypted e-mail systems, which restrict
viewing of a message to the intended recipient. If confidential information is
physically leaving its protected location (as when employees transport backup tapes
between facilities), organizations should encrypt the data in case it falls into the hands
of unauthorized users.

Confidentiality of digital information also requires controls in the real world.

Shoulder surfing, the practice of looking over a person’s shoulder while at his or her
computer screen, is a nontechnical way for an attacker to gather confidential
information.

Physical threats, such as simple theft, also threaten confidentiality. The consequences
of a breach of confidentiality vary depending on the sensitivity of the protected data.
A breach in credit card numbers, as in the case of the Payment Systems processing
system, could result in lawsuits with payouts well into the millions of dollars.

Confidentiality: This term covers two related concepts:

- Data1 confidentiality: Assures that private or confidential information is not
made available or disclosed to unauthorized individuals.
- Privacy: Assures that individuals control or influence what information related
to them may be collected and stored and by whom and to whom that
information may be disclosed.

ii) Integrity
- Is the quality of an IS (Information System) reflecting the logical correctness and
reliability of the operating system; the logical completeness of the hardware and
software implementing the protection mechanisms; and the consistency of the
data structures and occurrence of the stored data. Note that, in a formal security
mode, integrity is interpreted more narrowly to mean protection against
unauthorized modification or destruction of information.

In the cybersecurity (information security) realm, integrity normally refers to data

integrity, or ensuring that stored data are accurate and contain no unauthorized
modifications.

This principal, which relies on authentication, authorization, and nonrepudiation as

the keys to maintaining integrity, is preventing those without authorization from
modifying data. By bypassing an authentication system or escalating privileges
beyond those normally granted to them, an attacker can threaten the integrity of data.
Software flaws and vulnerabilities can lead to accidental losses in data integrity and
can open a system to unauthorized modification. Programs typically tightly control

2
when a user has read-to-write access to particular data, but a software vulnerability
might make it possible to circumvent that control. For example, an attacker can exploit
a Structured Query Language (SQL) injection vulnerability to extract, alter, or add
information to a database.
Disrupting the integrity of data at rest or in a message in transit can have serious
consequences. If it were possible to modify a funds transfer message passing between
a user and his or her online banking website, an attacker could use that privilege to
his or her advantage. The attacker could hijack the transfer and steal the transferred
funds by altering the account number of the recipient of the funds listed in the
message to the attacker’s own bank account number. Ensuring the integrity of this
type of message is vital to any secure system.

Integrity covers two related concepts:

- Data integrity: Assures that information and programs are changed only in a
specified and authorized manner.
- System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.

iii) Authentication
Authentication is a security measure designed to establish the validity of a
transmission, message, or originator, or a means of verifying an individual’s
authorization to receive specific categories of information. Authentication is
important to any secure system, as it is the key to verifying the source of a message or
that an individual is whom he or she claims.

There are four general means of authenticating a user’s identity, which can be used
alone or in combination:
FACTOR EXAMPLES
Something You Information the system assumes others do not know; this
Know information may be
secret, like a password or PIN code, or simply a piece of
information that most people do not know, such as a user’s
mother’s maiden name (or answers to a prearranged set of
questions).
Something You Something the user possesses that only he or she holds;
Have or cryptographic keys, a Radio Frequency ID (RFID) badge,
possesses electronic keycards, smart cards One-Time-Password (OTP)
generating Token, or a physical key
Something You A person’s fingerprint, voice print, or retinal scan—factors
Are (static known as biometrics
biometrics)
• Something You Recognition by voice pattern, handwriting characteristics, and
do (dynamic typing rhythm.
biometrics)

3
All of these methods, properly implemented and used, can provide secure user
authentication. However, each method has problems.
- An adversary may be able to guess or steal a password.
- Similarly, an adversary may be able to forge or steal a token.
- A user may forget a password or lose a token. Furthermore, there is a significant
administrative overhead for managing password and token information on
systems and securing such information on systems.
- With respect to biometric authenticators, there are a variety of problems,
including: dealing with false positives and false negatives, user acceptance,
cost, and convenience.
- For network-based user authentication, the most important methods involve
cryptographic keys and something the individual knows, such as a password.

iv) Availability
- Is the timely, reliable access to data and information services for authorized users.
Availability assures that systems work promptly and service is not denied to
authorized users.

Information systems (hence Cyberspace) must be accessible to users for these systems
to provide any value. If a system is down or responding too slowly, it cannot provide
the service it should. Attacks on availability are somewhat different from those on
integrity and confidentiality. The best-known attack on availability is a denial of
service (DoS) attack.

A DoS can come in many forms, but each form disrupts a system in a way that
prevents legitimate users from accessing it:
- One form of DoS is resource exhaustion, whereby an attacker overloads a
system to the point that it no longer responds to legitimate requests. The
resources in question may be memory, central processing unit (CPU) time,
network bandwidth, and/or any other component that an attacker can
influence. One example of a DoS attack is network flooding, during which the
attacker sends so much network traffic to the targeted system that the traffic
saturates the network and no legitimate request can get through.

Understanding the components of the CIA triad and the concepts behind how to
protect these principals is important for every security professional. Each component
acts like a pillar that holds up the security of a system. If an attacker breaches any of
the pillars, the security of the system will fall. Authentication, authorization, and
nonrepudiation are tools that system designers can use to maintain these pillars.
Understanding how all of these concepts interact with each other is necessary to use
them effectively.

v) Non-repudiation
- Is assurance the sender of data is provided with proof of delivery and the recipient
is provided with proof of the sender’s identity, so neither can later deny having
processed the data.

4
Non-repudiation provides protection against denial by one of the entities involved in
a communication of having participated in all or part of the communication.
Two types of Non-repudiation are:
- Non-repudiation, Origin – Proof that the message was sent by the specified
party.
- Non-repudiation, Destination – Proof that the message was received by the
specified party.

Imagine a scenario wherein Alice is purchasing a car from Bob and signs a contract
stating that she will pay $20,000 for the car and will take ownership of it on Thursday.
If Alice later decides not to buy the car, she might claim that someone forged her
signature and that she is not responsible for the contract. To refute her claim, Bob
could show that a notary public verified Alice’s identity and stamped the document
to indicate this verification. In this case, the notary’s stamp has given the contract the
property of non-repudiation.

In the world of digital communications, no notary can stamp each transmitted

message, but nonrepudiation is still necessary. To meet this requirement, secure
systems normally rely on asymmetric (or public key) cryptography. While symmetric
key systems use a single key to encrypt and decrypt data, asymmetric systems use a
key pair. These systems use one key (private) for signing data and use the other key
(public) for verifying data. If the same key can both sign and verify the content of a
message, the sender can claim that anyone who has access to the key could easily have
forged it.
Non-repudiation in the information security context refers to one of the properties of
cryptographic digital signatures that offers the possibility of proving whether a
particular message has been digitally signed by the holder of a particular digital
signature’s private key.

Non-repudiation is a somewhat controversial subject, partly because it is an important

one in this day and age of electronic commerce, and because it does not provide an
absolute guarantee:
A digital signature owner, who may like to repudiate a transaction
maliciously, may always claim that his or her digital signature key was
stolen by someone and that someone actually signed the digital transaction
in question, thus repudiating the transaction.

The following types of non-repudiation services are defined in international standard

ISO 14516:2002, Guidelines for the use and management of trusted third-party
services.

Approval Non-repudiation of approval provides proof of who is responsible for

approval of the contents of a message.

Sending Non-repudiation of sending provides proof of who sent the message.

5
Origin Non-repudiation of origin is a combination of approval and sending.

Submission Non-repudiation of submission provides proof that a delivery agent has

accepted the message for transmission.

Transport Non-repudiation of transport provides proof for the message originator

that a delivery agent has delivered the message to the intended recipient.

Receipt Non-repudiation of receipt provides proof that the recipient received the
message.

Knowledge Non-repudiation of knowledge provides proof that the recipient

recognized the content of the received message.

Delivery Non-repudiation of delivery is a combination of receipt and knowledge, as

it provides proof that the recipient received and recognized the content of the
message.

There is also a difference between the legal concept of non-repudiation and non-
repudiation as an information security/cryptographic concept.

In the legal sense, an alleged signatory to a paper document is always able to repudiate
a signature that has been attributed to him or her by claiming any one of the following:
- Signature is forged
- Signature is a result of fraud by a third party
- Signature was unconscionable conduct by a party to transaction
- Signature was obtained using undue influence by a third party

Activity: State the properties of a digital signature

In the information security context, one should keep in mind that the cryptographic
concept of non-repudiation may, and often does, differ from its legal counterpart.
Moreover, in some countries there is a trend of moving the burden of proof from the
party relying on the signature (which is applicable to regular on-paper signatures) to
the alleged signatory party, who would have to prove that he or she did not sign
something. Chapter 11 of this book looks at cryptography in more detail.

3.3 REAL LIFE EXAMPLES

Confidentiality Student grade information is an asset whose confidentiality is
considered to be highly important by students. In the Technical University of
Mombasa (TUM), the release of such information is regulated by the Senate. Grade
information should only be available to students, and employees that require the
information to do their job. Student enrolment information may have a moderate
confidentiality rating. This information is seen by more people on a daily basis, is less
likely to be targeted than grade information, and results in less damage if disclosed.
Directory information, such as lists of students or faculty or departmental lists, may

6
be assigned a low confidentiality rating or indeed no rating. This information is
typically freely available to the public and published on a TUM’s Web site.

Integrity Several aspects of integrity are illustrated by the example of a hospital

patient’s allergy information stored in a database. The doctor should be able to trust
that the information is correct and current. Now suppose that an employee (e.g., a
nurse) who is authorized to view and update this information deliberately falsifies the
data to cause harm to the hospital. The database needs to be restored to a trusted basis
quickly, and it should be possible to trace the error back to the person responsible.
Patient allergy information is an example of an asset with a high requirement for
integrity. Inaccurate information could result in serious harm or death to a patient and
expose the hospital to massive liability.

An example of an asset that may be assigned a moderate level of integrity requirement

is a Web site that offers a forum to registered users to discuss some specific topic.
Either a registered user or a hacker could falsify some entries or deface the Web site.
If the forum exists only for the enjoyment of the users, brings in little or no advertising
revenue, and is not used for something important such as research, then potential
damage is not severe. The Web master may experience some data, financial, and time
loss.
An example of a low integrity requirement is an anonymous online poll. Many Web
sites, such as news organizations, offer these polls to their users with very few
safeguards. However, the inaccuracy and unscientific nature of such polls is well
understood.

Availability The more critical a component or service, the higher is the level of
availability required. Consider a system that provides authentication services for
critical systems, applications, and devices. An interruption of service results in the
inability for customers to access computing resources and staff to access the resources
they need to perform critical tasks. The loss of the service translates into a large
financial loss in lost employee productivity and potential customer loss.
An example of an asset that would typically be rated as having a moderate availability
requirement is a public Web site for a university; the Web site provides information
for current and prospective students and donors. Such a site is not a critical component
of the university’s information system, but its unavailability will cause some
embarrassment.
An online telephone directory lookup application would be classified as a low
availability requirement. Although the temporary loss of the application may be an
annoyance, there are other ways to access the information, such as a hardcopy
directory or the operator.

3.5 Purpose of Cybersecurity principles

The purpose of the cyber security principles is to provide strategic guidance on how
organizations can protect their systems and information from cyber threats. The
cybersecurity principles are grouped into four key activities: govern, protect, detect
and respond.

7
 • Govern: Identifying and managing security risks.
• Protect: Implementing security controls to reduce security risks.
• Detect: Detecting and understanding cyber security events.
• Respond: Responding to and recovering from cyber security incidents.

Implementing the cyber security principles using maturity modelling

When implementing the cyber security principles, organisations can use the following
maturity model to assess the implementation of either individual principles, groups
of principles or the cyber security principles as a whole. The five levels in the maturity
model are:
• 1. Incomplete: The cyber security principles are either partially implemented
or not implemented.
• 2. Initial: The cyber security principles are implemented, but in a poor or ad
hoc manner.
• 3. Developing: The cyber security principles are sufficiently implemented, but
on a project-by-project basis.
• 4. Managing: The cyber security principles are established as standard business
practices and robustly implemented throughout the organisation.
• 5. Optimising: A deliberate focus on optimisation and continual improvement
exists for the implementation of the cyber security principles throughout the
organisation.

3.6 Student Activity

1. Explain the following principles cybersecurity:
 Confidentiality,
 Integrity,
 Availability
 Authentication
 Non-repudiation
2. Explain the following types of Integrity: Data Integrity and System Integrity
3. Explain four types of authentication
4. Explain four properties of digital signature
5. Explain the term “Denial of Service (DoS)”