Information Nature

In everyday routine, we exchange information, or data almost everyday in business or in personal transactions. Hence, it is important for us to learn the basic about information nature in order to protect them as we make transactions. Not only it benefits you from self-protecting your own information, it also allows you to sniff out potential scams and threats as well.

This section guides you on the basic of what is information/data nature and how we approach these aspects while performing information/data transactions.

Basic Information Nature Aspects

Before we look at various ways to approach information tranctions, let take a look at the basic data nature aspects.

Aspect Structures

There are a lot of data nature aspects. However, to keep things simple, ZORALab uses the following basic 2 types of data information nature:

Data In Transit Icon Data At Rest Icon

Both Data aspect structures has the following similiarity:

  1. Vector Aspect - Is the data at rest or data in transit?
  2. Confidentiality Aspect - Is the data safely obscured from being readable?
  3. Integrity Aspect -Is the data trustworthy?
  4. Availability Aspect - How and where can we source this data given a circumstances?

These aspects work hand-in-hand together. This is our ZORALab combined information nature V-CIA model integrated from the basic CIA model.

Vector - At Rest or Data In Transit

As we make information transactions, we must consider the travel vector. Different vector travelling across different channels has its own unique ways to protect the information.

The analytics part of vector can be quite complicated since there are a lot of factors to weight in. To keep things simple, we should simplify only 2 main points:

  1. DATA AT REST - means data that are stored in disk, not being read, copy, or move around.
  2. DATA IN TRANSIT - means data being transmitted in a channel from point A to point B.

Confidentiality - Tri-Level Secrecy

Confidentiality is the aspect of keeping the information obscured, making it a secret between the transmitter and the receiver(s). The goal is to hide information.

This is the part where any organizations defines its own level of confidentiality. To keep things simple, ZORALab uses the tri-level secrecy:

  1. RED - top secret. It has the impact of killing, causing national security, or destroy an organization immediately.
  2. ORANGE - restrictive secret. It can cause major damages or losses to the organization but will not destroy it.
  3. BLUE - confidential. It is meant to keep secret for internal use only. Leaking it will cause panics or discomfort but will not create major damages or losses.

In any cases where you are unsure about the level of confidentiality, you should always assume it to RED level.

FOR YOUR INFORMATION: Once an information leaks out to unintended receipient, it is no longer recoverable. Hence, it is always the best practice to counter-leak during unknown situations.

Integrity - Zero Trust Policy

Integrity is the aspect of keeping the information testable and able to prove its origin. The goal is to keep information integrity clean and authentic.

There are various methods and mechanisms to ensure the information is always having its purest integrity. Some relies on secret phrases or pattern in practices to authenticate the information.

In ZORALab, we relies on mathematical and physics approach such as cryptography signing, upto the point having our receivers not to trust the messenger but verify on his/her own by her side. This practice is called Zero Trust Policy.

FOR YOUR INFORMATION: ZORALab uses Zero Trust Policy mainly due to most of our products are open-source software and our practices of open data. We prefer earning trust based on our performance and allow our customers to verify the presented information on their own.

Availability - Decentralized and Backup

Availability is the aspect of making the information source-able using a particular procedures. The goal is to make the information available.

This is mainly about how we make the information available to the right person, at the right time, via which channel, while not compromising its confidentiality and integrity.

In ZORALab, since the team is constantly facing many types of information and data with different aspects of vector, confidentiality, and integrity, we always practice:

  1. Distribution Flexibility Principle before anything else.
  2. Backup 1-2-3 Principle for information retention.

Distribution Flexibility Principle allows us to operate in both chokepoint access control for sensitive information distribution or large scale open distribution that requires mass system duplication and redundancy.

Backup 1-2-3 Principle allows us to retain information safely across punishment of time. We employ different technologies and measures to make sure we can do achieve the highest possible result from time to time.

Protecting Information

When it comes protecting various types of information, ZORALab uses the following measures.

Encrypted Disk Volumes At Rest

For all computing devices used in ZORALab businesses, ZORALab encrypts all long term storage devices by default using detached key or passphrase. This way, should any of the storage devices went missing, we can safely know that it is encrypted in nature and only focus on finding the target individuals.

Among the cryptography module we used is:

  1. Linux Unified Key Setup

The cryptography choice commonly used is:

  1. AES-XTS mode.
Encrypted At Rest

Encrypted Communications Channels

When communicating with ZORALab agents, you often will be requested to use certain qualified techologies. This is because it is our policy stricly set us to use encrypted channel to exchange information. That also means:

  1. Enforced Industrial Standards TLS/SSL encryption for web and port interfaces.
  2. Secure Shell for internal terminal controls and communications.
  3. On-site services if required to prevent information from getting out of premise.

Among the encryption modules we use are:

  1. NaCl Cryptography Library
  2. AES Cryptography Library
  3. RSA4096 OpenSSL Standards
Encrypted In Transit

Cryptographic Signature Authentication

In the world today where people are highly equipped with data manipulation technologies such as Gimp image editor, Deepfake AI, etc, there is a need to cryptographically sign the information to ensure its integrity at a particular time, ensuring its authenticity and origin are always verifiable.

This is usually applied to official statements or files that always come with an .asc certificate. This certificate is able to sniff anyone trying temper with the original file even though it looks untouched.

ZORALab uses single key PGP or GnuPG cryptography identity to manage our integrity management. The cryptography module ZORALab commonly used are:

  1. NaCl Cryptography Library
  2. RSA4096 OpenSSL Standards
Authentic Signature

Multiple and Proper Storage Locations

ZORALab uses proper storage locations in multiple sites not limited to:

  1. Cloud storage service - for redundancy and remote connection
  2. Encrypted cloud storage - for keeping sensitive credentials
  3. Local offline storage - for local use.

Both local offline and cloud storage are always in-sync with one another while the encrypted cloud storage are handled carefully and manually.

The data, whenever possible are always version controlled in-case of accidental deletion.

Multiple Storage locations.