SecurITyCerts dot Org

       Navigating Security Certifications

Cryptography: Integrity

CISSP, GIAC GSEC, Security+ Review

Data integrity is the protection of information from damage or deliberate manipulation.

In plain language, integrity insures that data hasn't been modified.

Integrity is obviously extremely critical for any kind of business or electronic commerce. Imagine if someone could modify invoices or financial records without detection.

Hash algorithms are typically used to provide for integrity of information.
We'll discuss hashing later, but consider a hash to be like a fingerprint of the data whose integrity you want to protect. If the data is modified, even a single bit changed, the fingerprint or hash is different, and the modification detected.

The hash itself is usually encrypted. If someone could modify the data and then modify the hash to match it, the modification might go unnoticed. Encrypting the hash value prevents this.

Integrity is less resource intensive than confidentiality - full data encryption. Also, some countries legally restrict encrypted data from flowing across their borders, for example France and Israel. Of course plenty of encrypted Internet traffic does anyway, but it can be a legal concern.