Understanding IIC: Identity, Integrity, and Confidentiality

Hello again! Did I trick you with the title? I know, Let me get straight to the point. You already know about Encoding, Encryption, and Hashing but when I kept those in terms of Identity, Integrity, and Confidentiality it became a bit confusing. Isn’t it? I just wanted to talk about these techniques in terms of privacy and security. There is a high chance that you already know the things I’m about to explain. But, feel free to give it a read. I’m confident that you would know something useful by the end of this blog. Okay, let’s get into the topic. 

You must be thinking of Encoding, Encryption, and Hashing are the fundamentals of Software Engineering and why am I over pitching these. But, there are assumptions that these three are similar and any one of them can be used to secure the information but it’s wrong. There is a lot of confusion around these terminologies.

Without a proper understanding of these, A developer could ship insecure storage (or) transmission flows which are volatile to security and data breaches. Today, I will discuss the importance and applicable use cases of these three technologies.

Most of us map these terminologies to a bunch of algorithms and forget the real use cases. From a security point of view, Identity, Integrity, and Confidentiality are the keys to building software.

Identity/Authenticity
To know the origin (or) owner of the information. 
Examples:

• Knowing the sender of a message
• Caller ID of an incoming call

Integrity
To protect the information from being altered/modified.
Examples:

• Using SSL to avoid data alterations (DOS, MITM attacks)
• Server validation on incoming data ( Price validation of e-commerce checkout)

Confidentiality
Only the authorized have access to restricted information. 
Examples:

• Account access to a logged-in user
• Message access to the sender & receiverEncoding

Encoding is a process of keeping a sequence of characters into a specific format for efficient transmission or storage. As encoding uses publicly available algorithms to format, it is not for securing the information. instead, it is used to optimize the size of data transmitted and to be consumed by a different type of system safely.e.g. base64 is commonly used to encode binary data that needed to be stored or transferred in media which can process textual data.

As the information is encoded with publicly available schema all it takes to decode is the algorithm used to encode it.

Encoding

Encoding is a process of keeping a sequence of characters into a specific format for efficient transmission or storage. As encoding uses publicly available algorithms to format, it is not for securing the information. instead, it is used to optimize the size of data transmitted and to be consumed by a different type of system safely.e.g. base64 is commonly used to encode binary data that needed to be stored or transferred in media which can process textual data.

As the information is encoded with publicly available schema all it takes to decode is the algorithm used to encode it.

Examples: Base64, Unicode(UTF-8,UTF-16), ASCII, URL Encoding
Use Cases: 

•  Analog to digital: We use an encoding/decoding technique to communicate with computers. Any form of data we store/transform on(through) computer is encoded. 

Hashing

Hashing is a one-way street; data that has been hashed cannot be unhashed. Hashing ensures the integrity of data. Meaning, alteration of data would be identified as each input produces the same output always. A hash is usually a hexadecimal string of several characters.

There are hashing algorithms that are compromised which is known as hash collisions. It literally means two inputs generating the same hash. MD5(Message Digest algorithm) is one such algorithm that has been phased out from being secure.

Examples: SHA-1, SHA-2, MD5, SHA-256 etc.
Use Cases: 

• To securely store passwords: Helps to avoid storing plain passwords. Only the user who knows the password will be able to retrieve the information. 
• To Identify files: Running hashing on an entire file will always generate the same hash. This is particularly useful for the distribution of software. It helps to verify the checksum of a file while downloading to check if the file has been altered or damaged during transmission.

Encryption

Encryption guarantees confidentiality. Meaning, Information can be accessed only by those who are authorized to do so. Encryption requires a secret key to access the information.

There are two categories in Encryption.

Symmetric: Using the same key for encryption and decryptionSymmetric encryption

Examples: 

• Payment applications to protect PII(Personal Identifying Information) during transactions.
• Storing text messages (or) sensitive information on a disk.

Asymmetric: Using private & public keys. Encrypt with public and decrypt with private.

Examples: 

• HTTPS
• End-to-end message encryption (Whatsapp, Signal)

Symmetric encryption is faster compared to Asymmetric. Feel free to go through this blog for detailed information. 

Use Cases:

•  Databases: Contractual obligations, privacy laws, and data breaches are the reasons why we needed encryption on databases. Many organizations use a mixture of encryption, tokenization, and data masking to protect from potential threats. 
• Cloud Storage: Encryption has been the main data security control for cloud computing. Encrypting storage volumes associated with applications, encrypting data in object storage. 

Conclusion: 

I hope you got a bit of clarity on the terminology and use cases. It is important to keep these in mind while designing any software.

TL;DR:

•   Encoding is used for efficient data storage and transmission
•  Hashing is used to maintain the privacy
•  Encryption is used to secure data with a key

code = coffee + developer