Integrity

Let's examine what integrity is and how we can achieve it.

We'll cover the following

Integrity refers to the process of preserving the accuracy and completeness of data over its entire lifecycle so that it cannot be modified in an unauthorized or undetected manner. This modification can happen maliciously (e.g., by an intermediary in the network) or inadvertently (e.g., because of a software or hardware failure).

Achieving integrity

Note: We have discussed in the previous chapter some techniques that can protect against accidental modifications, such as checksums and cyclic redundancy checks, so here we will focus on malicious modification that is more relevant in the context of security.

Hash value

A simple approach to protect the integrity of data is to calculate the hash value for a piece of data and send both the data and the hash, as shown in the following illustration:

Any malicious entity could modify the data, but we can detect some malicious entity attacks if that malicious entity could not figure out the correct hash function, as shown in the following illustration.

However, this approach suffers from an obvious problem:

  • Suppose if we send the hash alongside the data, any malicious actor that can modify the data might be able to figure out the hash function used and adjust the hash accordingly. As a result we would be unable to detect the modified data.

Consequently, we usually need a combination of integrity and authentication, i.e., be certain that the hash corresponds to the data and that the sender has calculated the hash and not someone else.

We can achieve this with similar techniques to the ones described previously. Following are some techniques that provide both integrity and authentication.

Techniques that provide both integrity and authentication

We will consider two techniques for ensuring integrity and authentication.

Message authentication codes

Message authentication codes make use of a shared secret key in order to generate a tag for a message that can then be verified against the data using the shared key. It is shown in the following illustration.

This technique suffers from similar problems as symmetric encryption.

Digital signature

Digital signatures use asymmetric cryptography, where an algorithm generates a public and a private key.

The private key is only known to the sender of the message, who can use it to sign a message producing a digital signature.

The recipients can then make use of the shared public key in order to verify that the digital signature is valid and was generated by the sender.

This is shown in the following illustration.

Similar to asymmetric encryption, digital signatures can be used to protect the integrity and authenticity of data transmitted through a network or stored in a system.

Get hands-on with 1400+ tech skills courses.