Information Security Concepts: Integrity

Integrity is the next of four core concepts of information security examined in this series. Integrity, in Information Technology terms, means that data remains unchanged while stored or transmitted. Once in place, changes should only be possible to data if the change is authorized. In modern business, enormous amounts of information are created, transmitted, and stored daily. We almost always make the assumption that entries on a web form, e-mails we send, or documents saved will have and retain the data we intended. But how valid is this assumption? Why do we make it? You say: "Clemmer, what are you talking about? Of course that data's not going to change!" But it can change, by accident, mistake, or malice.

Accidents happen, so not all integrity failures are due to malice. Integrity failure could be caused by noise or transmission errors, bad sectors or hard disk crashes, or errors in data entry or capture. Tape media are subject to data degradation, EMF erasure, and wear. Optical media can be scratched. Mistakes can be made by users, customers, or administrators.

We must also beware of malicious changes to data. Such changes may be harder to detect. They may be plausible and otherwise contextually valid. An example might be a "shifted decimal point" in a payment, where $100.00 becomes $10,000. These sorts of attacks on data integrity are often imagined to originate with wily hackers, but could surely come from a disgruntled employee as well. Of course malicious changes also include damage done to programs by viruses, trojans, or worms.

Computational techniques for verifying data integrity include: comparisons, checksums, message authentication & integrity codes (MAC/MIC), and message digests such as MD5 or SHA-1 hashes. For example, the Message Digest 5 (MD5) hash is a mathematical algorithm which produces a unique 128 bit number (a hash) created from the data input. If even one bit of data changes, the hash value will change. An example of this in use: most open source programs and packages are distributed along with an MD5 hash. Before installing, the recipient can generate the MD5 hash, and compare it with the (known good) hash provided by the source. If the generated and provided hashes are not the same, the program or package has been changed.

Simpler checksum techniques such as cyclic redundancy checks (CRC) are built-in to hard drives. Modern hard drives also have additional Integrity protection, as they may contain error correction technology, automatically reconstructing data in failing sectors and moving it to new sectors to preserve it.

Modern information systems are far more reliable today than ten or twenty years ago, but failures still happen. Sound operational policies and practices can help minimize the risks of accidental and mistake-based integrity failures. As computational costs have decreased, and requirements for secure data more prevalent, built-in integrity solutions have become more common.

Next we will examine Availability, because data's not of much use if you can't get it when you need it.