17

Consider a chat application where an attacker is able to send messages in any user's name. This obviously violates the message's authenticity. But what aspect of CIA would be violated?

Integrity seems closest to me but that usually means that data must not be changed.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Fermyon
  • 173
  • 1
  • 4

4 Answers4

18

I support David's view that if you had to fit your scenario into one of the CIA categories, integrity would be the appropriate one because you're creating an unintended state thus violating integrity.

But also have a look at the Parkerian hexad which is a popular extension of the CIA triad. It consists of the attributes confidentiality, possession or control, integrity, authenticity, availability and utility. In this model, writing messages in the name of another user would fit into the authenticity category.

Also, you might want to think of the CIA triad mainly as overall security goals. But it's not necessarily a powerful tool to classify specific vulnerabilities.

Arminius
  • 43,922
  • 13
  • 140
  • 136
  • 1
    Re. your last point, the most common mnemonic (that I know of) to classify vulnerabilities is STRIDE: Spoofing, Tampering, Repudiation, Information disclosure, Denial, Escalation. The scenario proposed by the OP would fall in the Spoofing category. – A. Darwin Feb 25 '18 at 18:10
17

That would still be covered in integrity: creating or deleting data is still a violation of integrity. (This can be seen as a mutation on the overall data set.)

David
  • 15,814
  • 3
  • 48
  • 73
  • 3
    Authenticity is **not** generally considered an integrity issue. In the example of the question especially, no data is modified. – Tom Feb 25 '18 at 11:18
  • 1
    @Tom : Right, not modified. But still, untrustworthy. (That is what the word integrity refers to, after all.) The problem is modified data is that can/should not be trusted (because it is wrong); malicious data such as forgery would probably fit quite properly in this category, and certainly lean more towards this category (which can broadly be thought of as related to trustworthiness) than the other categories (which can broadly be thought of as being sufficiently hidden (from adversaries), and uptime). – TOOGAM Feb 25 '18 at 12:51
  • 1
    Integrity is a statement about the content of a message or data set. Authenticity is a statement about the **origin** of a message or **source** of data. They are not the same thing nor is one contained within the other. – Tom Feb 25 '18 at 13:47
  • @Tom Well, if you consider an application with a database of messages with sender and receiver IDs where an attacker managed to set the sender ID to an arbitrary value, the attacker is violating integrity. The problem as I see it is that the CIA triad doesn't really consider multiple entities, but is mainly applicable to a single data set that has to be confidential, unaltered and available. – Arminius Feb 25 '18 at 19:06
  • @Arminius of course you can consider meta-data as data. However, in IS the storage method is generally of less importance than attack vectors, threats and risks. That is why authenticity needs to be considered in a different light than integrity. – Tom Feb 26 '18 at 05:53
5

It doesn't fit. Authenticity and non-repudiation are common extensions to the triad. Data privacy is another one (especially in Europe).

The CIA triad, like any mnemonic, is a useful tool, not a perfect definition. It helps greatly in getting away from a single-minded approach to information security, but there are always issues that it does not cover perfectly.

A well-known extension that explicitly covers Authenticity is the Perkerian Hexad.

Tom
  • 10,124
  • 18
  • 51
2

If we consider a message in transit across the network as the "information", the most important security attributes for "information security" should be: Confidentiality, Integrity, and Authenticity (not Availability). Consider a group of users who share a common encryption key. One member can impersonate another member to create a message, encrypt it with the group key, hash it for integrity, but its authenticity is violated.

Another associate security triad would be non-repudiation, availability, and freshness, i.e. nRAF.

In summary, there are two security triads: CIA nRAF. The first group (confidentiality, integrity, and authenticity) is paramount, the second group, where Availability resides, is also important but secondary.

Bobby Yang
  • 21
  • 2