In our first series, we covered the following 5 articles:
If you are new to the field of cybersecurity, taking our Inro to Cybersecurity (free self-paced) course is highly recommended. Also, if you are already familiar with cybersecurity, taking our Intro to Blockchain Cybersecurity course is highly recommended.
In this article, we will be covering the fundamental approach to arranging the components of a native blockchain and Hyperledger in the form of the Confidentiality, Integrity, and Availability (CIA) security triad model. This triad model is one of the oldest and most popular security frameworks connected with the blockchain structure. The CIA triad model is a model that helps organizations structure their security posture. We will understand how these three core elements impact the blockchain technology and how we can organize the optimal use of blockchain with this security model.
In this article, we will cover the following topics:
CIA is a framework/model that's used to arrange a list of security controls and systems used by the information security (infosec) team. It is also sometimes referred to as the Availability, Integrity, and Confidentiality (AIC) security triad. The purpose of the triad is to deliver a standard framework to evaluate and deploy information security policies, independent of the underlying technology, network, or system.
Confidentiality is a way to keep information hidden from unauthorized people. When information that has to be secret remains a secret, you achieve confidentiality. In this current era of digital connectivity, everyone is aggressive enough to know that information that has been kept a secret. Security agencies are a prime example of a company breaking confidentiality so that they can perform forensics and use surveillance footage. Financially motivated cyber criminals do their best to break into security systems and gather confidential documents that will benefit their business adversaries.
There is a never-ending race between adversaries and defenders. Organizations are spending millions of dollars every year to achieve full-stack confidentiality with cryptography and access control systems. Several methods are tested every day to protect data at rest and data in motion.
Integrity is a way to protect the unauthorized tampering of information. It is a mandatory compliance for every infosec body. It is also a method to maintain the consistency, accuracy, and trustworthiness of the respective data over its entire life cycle. There has to be complete security for the data, and any unauthorized access to it should be prohibited. Certain measures that aid this include file permission and user access controls.
Availability refers to on-time and reliable access to data. The path from data to information and information to value means that the value will be illegitimate if the information is not available at the right time. Distributed Denial-of-Service (DDoS) and ransomware attacks are some of the most powerful weapons in the hands of malicious actors, and they use these attacks to keep information away from people who have authorized and legitimate access. Organizations make attempts to combat these attacks, including web application firewalls, DDoS protection, content delivery network (CDN), and even disaster recovery.
Every digitally connected technology comes with the cost of security challenges, and these challenges can be about privacy exposure, confidentiality breaches, identity theft, and much more. Blockchain technology is a computing technology that runs over a digital ecosystem and hence it becomes important to pay attention to its fundamental security challenges. Every size of business connected globally allocates an annual budget for cybersecurity so that they can keep their information and critical assets confidential. Let's understand the extent of confidentiality in the current blockchain model and its future roadmap.
As we already know, blockchain technology was introduced with Bitcoin. However, it was never made to be restrictive in nature, as anyone with client software can participate in the block generation process, or mining in the case of Bitcoin. Confidentiality with respect to the blockchain is simply about hiding transaction information from unwanted participants in the network. However, because of the open and permissionless nature of a public blockchain such as Bitcoin, achieving a better confidentiality rank can be extremely difficult.
When it is about business, confidentiality becomes a critical pillar in the cybersecurity space to achieve better trust between customers and other stakeholders. The permissioned blockchain has gained a great appreciation as it allows only pre-selected participants to access the data in the distributed ledger network. When a business interacts with another business, it is not just about how much information to share, it is also about who should have access to which information under what conditions. While considering Hyperledger Fabric, IBM suggests that certain points should be kept in mind:
Hyperledger Fabric provides features to achieve confidentiality with the ease of calling a set of library files:
Even with more money being spent on cybersecurity, many organizations are still reluctant to use public cloud solutions. It is a common practice to apply encryption to the data going to the cloud, but encryption can only provide solid confidentiality against internal attacks; it can't protect data from corruption caused by configuration errors, software bugs, or espionage attempts. Although blockchain technology has its own solid approach to achieving immutability with the hashing algorithm and the Merkle tree model for integrity, we have to try and understand how it would practically work with real-world applications and Hyperledger Fabric.
Integrity is a way of avoiding any tampering with the data. Blockchain uses cryptographic hashing to ensure that the ledger remains tamper-proof. One of the key characteristics of this hashing function is that it is always one-way, which means it is logically impossible to get the data back from the hash result or from the message digest. It is also difficult to analyze the pattern of the message digest and predict the original data, as even a slight change in the actual message can result in a big difference. All flavors of blockchain use hashing extensively, as follows:
As we already saw, each node stores the ledger in the form of connected blocks, and the creation of a new block depends on the hash of the previous block. This stops malicious attempts to disturb, alter, or delete any blocks in the ledger. This helps organizations achieve a new level of cybersecurity integrity and provides a platform on which you can develop a tamper-proof business application.
Although Hyperledger Fabric is one more flavor of distributed ledger technology, there are several key properties that separate it from the others. Committing a peer always validates the new block before adding it to the ledger. A situation where a peer is hacked means that the block may get compromised from the ledger. To avoid such a situation, there are certain methods to correct the way a block gets added in the ledger.
In this method, each peer periodically validates its blockchain and asks the peer to recheck whether a broken block is detected. A function named CheckChainIntegrity() has to be called to keep the integrity check running.
Business applications are accessible through networks (public or private), and these applications are sets of code that have value until they are accessible, which is when they are needed. Blockchain is a software application running on the cloud that keeps its value until it is not broken or disturbed. For users, the face of blockchain is simply a decentralized application (dApp), and in order to keep it available all of the time, both the frontend and the backend of the system should run seamlessly.
On-time and reliable access to information resembles availability. Cyberattacks such as DDoS cause huge disruption to internet services and result in websites becoming inaccessible, which costs businesses a lot of money. The decentralized nature of blockchain makes it harder to disrupt these applications.
Even if one node in the blockchain goes down, the information can be accessed and used by the rest of the nodes in the network. As all of the nodes keep an exact copy of the ledger, it will always be up-to-date. All of the nodes in the network are logically decentralized from their ledger, and there is zero probability of system failure.
When it comes to the blockchain, its availability is determined by valid and successful transactions. For every business, keeping a record of all transactions is a core function, and these transactions could be the entries of business activities, asset entries, supply chain management records, and many more.
In this article, we have studied the impact of the CIA security triad on blockchain technology. Although the Bitcoin blockchain is strong enough to fulfill the CIA security framework, as a blockchain, it is appreciated and adopted by several organizations, and several flavors of blockchain are coming to the market to fulfill specific business models. We have seen how Hyperledger Fabric fits into the CIA security triad and what makes the Hyperledger Fabric system a business-friendly solution.
If you are interested in exploring more complex yet novel topics on blockchain security, you can read our below articles. If you are new to blockchain technology, taking our Intro to Blockchain Technology (self-paced) course is highly recommended.
Here is the list of our free webinars that are highly recommended:
Here is the list of our 10 free self-paced courses that are highly recommended:
If you like to learn more about Hyperledger Fabric, Hyperledger Sawtooth, Ethereum or Corda, taking the following self-paced classes is highly recommended:
If you want to master Hyperledger Fabric, Ethereum or Corda, taking the following live classes is highly recommended:
If you like to learn more about blockchain, reading the following articles and tutorials is highly recommended:
We offer private custom tutoring classes both online and in DC, MD and VA for almost all of our courses or bootcamps. Give us a call or email us to discuss your needs.
$50 Limited OfferREGISTER NOW