Integrity (information security)

from Wikipedia, the free encyclopedia

Integrity (from the Latin integritas , “intactness”, “purity”, “integrity”) is one of the three classic goals of information security , alongside availability and confidentiality . There is no uniform definition of the term integrity. In the evaluation criteria for information security of the early 1990s ( ITSEC ), integrity is defined as “preventing unauthorized modification of information”. According to the glossary of the Federal Office for Information Security , integrity refers to the “correctness (intactness) of data and the correct functioning of systems”. Various integrity states are defined for computer systems:

Correct content
This type of integrity exists when facts from the real world are correctly mapped. This should be ensured, for example, through integrity conditions.
Unmodified condition
This type of integrity exists when messages are delivered unchanged and programs and processes run as intended. It corresponds to the definition in the BSI glossary.
Detection of modification
This type of integrity exists when undesired modifications that cannot be prevented are at least recognized.
Temporal correctness
This type of integrity exists when messages are exchanged and relevant time conditions, such as sequences or maximum delay times, are observed.

In the context of electronic communication, it does not make sense to consider the integrity of the data and the authenticity of the data origin independently, since a message with modified content but a known sender is likely to be just as useless as one with unmodified content but a simulated sender.

implementation

This article or the following section is not adequately provided with supporting documents ( e.g. individual evidence ). Information without sufficient evidence could be removed soon. Please help Wikipedia by researching the information and including good evidence.

The change of data cannot be prevented in a typical electronic data transmission due to the principle. Technical measures to ensure integrity are therefore aimed at being able to recognize incorrect data as such and, if necessary, to carry out a new data transfer.

One possibility of technical implementation to protect against transmission errors is a checksum , which is also transmitted and shows whether the data has been changed. However, this does not protect against intentional change. With a message authentication code , both transmission errors and manipulations can be detected.

Again, the above-mentioned methods do not protect against total loss of a message, unwanted duplication or a changed sequence of several messages. This can be ensured by measures such as acknowledgment messages or sequence numbers .

See also

literature

  • Joachim Biskup: Security in Computer Systems: Challenges, Approaches and Solutions . Springer, Berlin / Heidelberg 2009, ISBN 978-3-540-78441-8 (American English: Security in Computing Systems: Challenges, Approaches and Solutions .).
  • Charlie Kaufman, Radia Perlman, Mike Speciner: Network Security : Private Communication in a Public World . Prentice Hall PTR, Upper Saddle River, New Jersey 2002, ISBN 0-13-046019-2 (American English: Network security: private communication in a public world .).
  • Principles of proper IT-based accounting systems (GoBS) Germany. Letter from the Federal Ministry of Finance to the highest financial authorities of the federal states dated November 7, 1995

Individual evidence

  1. Information Technology Security Evaluation Criteria (ITSEC) (English, PDF, 374 KiB)
  2. a b Online glossary of the Federal Office for Information Security
  3. ^ Biskup: Security in Computing Systems: Challenges, Approaches and Solutions. 2009, pp. 41-45.
  4. Kaufman, Perlman, Speciner: Network security: private communication in a public world. 2002, p. 513.