The CIA Triad: Confidentiality, Integrity, and Availability Explained
The CIA triad is the foundational framework of information security. Not the agency - the acronym: Confidentiality, Integrity, and Availability. Every security control that exists in any system is ultimately protecting one or more of these three properties. Every attack is ultimately violating one or more of them.
graph TD
subgraph "CIA Triad"
C["Confidentiality
(Prevent unauthorized
disclosure)"]
I["Integrity
(Prevent unauthorized
modification)"]
A["Availability
(Ensure authorized
access)"]
end
subgraph "Wireless Attacks on Confidentiality"
C1["Rogue AP / Evil Twin"]
C2["WPA2 Handshake Capture"]
C3["Evil Portal Credential Theft"]
C4["Passive WiFi Sniffing"]
end
subgraph "Wireless Attacks on Integrity"
I1["Packet Injection"]
I2["DNS Hijacking"]
I3["SSL Stripping"]
I4["Firmware Tampering"]
end
subgraph "Wireless Attacks on Availability"
A1["Deauth Attacks"]
A2["Beacon Flooding / AP Spam"]
A3["BLE Spam"]
A4["RF Jamming"]
end
C --- C1 & C2 & C3 & C4
I --- I1 & I2 & I3 & I4
A --- A1 & A2 & A3 & A4
The CIA triad mapped to common wireless attack vectors - every security finding maps to one or more pillars
Confidentiality
Confidentiality is the property that information is accessible only to those who are authorized to see it.
In wireless security, confidentiality attacks look like: man-in-the-middle via rogue AP, passive WiFi sniffing, WPA2 handshake capture and cracking, and evil portal credential capture.
The canonical confidentiality control is encryption. End-to-end encryption ensures that even if the transport layer is compromised, the data itself isn't readable. HTTPS, WPA2/WPA3, and VPNs are all confidentiality controls.
Integrity
Integrity is the property that information has not been modified by unauthorized parties.
Wireless integrity attacks look like: packet injection, DNS hijacking in captive portals, SSL stripping, and firmware tampering.
Cryptographic controls protect integrity: message authentication codes, digital signatures, and hashing. The BLEShark Nano's OTA update system uses hash verification before applying firmware updates.
Availability
Availability is the property that systems and data are accessible to authorized users when they need them.
Wireless availability attacks are some of the most straightforward to execute: deauth attacks, beacon frame flooding (AP spam), BLESpam, and jamming.
Deauth attacks use unauthenticated 802.11 management frames. 802.11w (Protected Management Frames) exists specifically to address this - making deauth frames cryptographically authenticated. The BLEShark Nano can test whether PMF is enabled. Note: On EU-region BLEShark Nano devices, the deauth transmit function is disabled per RED regulations.
The Triad in Practice: Evaluating a Finding
One of the most useful applications of the CIA triad is in report writing. When you find a vulnerability in a wireless assessment, you should be able to clearly state which pillar(s) it attacks.
graph LR
subgraph "Confidentiality Controls"
ENC["Encryption
(WPA3, HTTPS, VPN)"]
ACL["Access Control
(802.1X, RADIUS)"]
SEG["Network Segmentation
(VLANs, firewall rules)"]
end
subgraph "Integrity Controls"
HASH["Hash Verification
(firmware updates, files)"]
SIG["Digital Signatures
(code signing, certs)"]
MAC_CTRL["Message Auth Codes
(HMAC, CCMP)"]
end
subgraph "Availability Controls"
PMF["Protected Mgmt Frames
(802.11w)"]
RED["Redundancy
(failover APs, links)"]
MON["Monitoring
(WIDS/WIPS, alerts)"]
end
subgraph "BLEShark Nano Testing"
BN["BLEShark Nano"]
end
BN -.->|"Scan and
passive monitor"| ENC
BN -.->|"Handshake
capture"| ACL
BN -.->|"Portal
testing"| SEG
BN -.->|"OTA hash
verification"| HASH
BN -.->|"Deauth test
(non-EU)"| PMF
BN -.->|"AP spam
test"| MON
Security controls mapped to each CIA pillar, with BLEShark Nano testing capabilities indicated
Example: WPS is enabled on the corporate AP.
- Confidentiality impact: An attacker who recovers the WPS PIN gets the WiFi PSK, enabling network access and potentially reaching sensitive internal systems.
- Integrity impact: Once on the network, ARP poisoning or DNS manipulation becomes possible.
- Availability impact: In most configurations, minor.
stateDiagram-v2
[*] --> WPS_Enabled: WPS left enabled on corporate AP
state "Confidentiality Impact" as CI {
WPS_PIN --> PSK_Exposed: Recovers WiFi password
PSK_Exposed --> Network_Access: Joins internal network
Network_Access --> Data_Exposure: Accesses sensitive systems
}
state "Integrity Impact" as II {
On_Network --> ARP_Poison: ARP poisoning
ARP_Poison --> DNS_Manip: DNS manipulation
DNS_Manip --> Traffic_Redirect: Redirects traffic
}
state "Availability Impact" as AI {
Low_Impact --> Minimal: Limited direct effect
}
WPS_Enabled --> WPS_PIN: Brute force 11000 combinations
WPS_Enabled --> On_Network: Once on network
WPS_Enabled --> Low_Impact: Minimal availability effect
CIA impact analysis of a WPS vulnerability - confidentiality and integrity severely impacted, availability minimally
Where CIA Breaks Down
The triad is a simplification. Privacy is related to but not identical to confidentiality. Non-repudiation isn't cleanly captured by any of the three. For most practical security work, the core triad is sufficient as a communication tool even if it's not a complete taxonomy.
The BLEShark Nano is a tool for testing all three pillars in a wireless environment. Scanning and passive monitoring tools test confidentiality controls. Injection and frame analysis tests integrity controls. Deauth testing tests availability controls.