Integrity in Information Security
Integrity is the second pillar of the CIA Triad. It ensures that information assets are accurate, complete, and reliable, and that data has not been altered, destroyed, or fabricated in an unauthorized manner.
1. Goal of Integrity
The main goal is to ensure that data is trustworthy and remains in the state it was intended to be, without being manipulated or corrupted at any point.
- Example:
- Preventing the alteration of transaction amounts during a bank transfer.
- Ensuring that system files or application code stored on a server have not been tampered with by an attacker.
- Maintaining data consistency in a database.
2. Key Technologies and Measures for Integrity
Measures to achieve integrity are primarily split into change prevention and change verification.
① Change Verification: Hashing
Hashing is the most fundamental technique to detect if data has been modified.
- Principle: Converts data (file, message) into a unique, fixed-length string (Hash Value). If even a single bit of the data is changed, the resulting hash value will be entirely different, immediately indicating tampering.
- Example: Comparing the provided SHA-256 hash value of a downloaded file against the hash calculated locally.
- Digital Signatures: Hashing is used as part of digital signatures to guarantee message integrity as well as sender authenticity.
② Access Control
Strictly limiting which entities have the permission to modify the data.
- Principle of Least Privilege (PoLP): Users are only granted the minimum permissions necessary to perform their duties. (e.g., general users can only Read, administrators can Write/Delete).
- SQLi Prevention: Protecting the database from unauthorized manipulation via SQL Injection attacks.
③ Procedural Protection
- Data Backup and Recovery: Ensuring that original data can be safely restored in case of corruption.
- Transaction Management: In databases, ensuring that operations (transactions) either succeed entirely or are completely rolled back to maintain data consistency.