Integrity (information security)
Integrity (from the Latin integritas , “intactness”, “purity”, “integrity”) is one of the three classic goals of information security , alongside availability and confidentiality . There is no uniform definition of the term integrity. In the evaluation criteria for information security of the early 1990s ( ITSEC ), integrity is defined as “preventing unauthorized modification of information”. According to the glossary of the Federal Office for Information Security , integrity refers to the “correctness (intactness) of data and the correct functioning of systems”. Various integrity states are defined for computer systems:
- Correct content
- This type of integrity exists when facts from the real world are correctly mapped. This should be ensured, for example, through integrity conditions.
- Unmodified condition
- This type of integrity exists when messages are delivered unchanged and programs and processes run as intended. It corresponds to the definition in the BSI glossary.
- Detection of modification
- This type of integrity exists when undesired modifications that cannot be prevented are at least recognized.
- Temporal correctness
- This type of integrity exists when messages are exchanged and relevant time conditions, such as sequences or maximum delay times, are observed.
In the context of electronic communication, it does not make sense to consider the integrity of the data and the authenticity of the data origin independently, since a message with modified content but a known sender is likely to be just as useless as one with unmodified content but a simulated sender.
The change of data cannot be prevented in a typical electronic data transmission due to the principle. Technical measures to ensure integrity are therefore aimed at being able to recognize incorrect data as such and, if necessary, to carry out a new data transfer.
One possibility of technical implementation to protect against transmission errors is a checksum , which is also transmitted and shows whether the data has been changed. However, this does not protect against intentional change. With a message authentication code , both transmission errors and manipulations can be detected.
Again, the above-mentioned methods do not protect against total loss of a message, unwanted duplication or a changed sequence of several messages. This can be ensured by measures such as acknowledgment messages or sequence numbers .
- Joachim Biskup: Security in Computer Systems: Challenges, Approaches and Solutions . Springer, Berlin / Heidelberg 2009, ISBN 978-3-540-78441-8 (American English: Security in Computing Systems: Challenges, Approaches and Solutions .).
- Charlie Kaufman, Radia Perlman, Mike Speciner: Network Security : Private Communication in a Public World . Prentice Hall PTR, Upper Saddle River, New Jersey 2002, ISBN 0-13-046019-2 (American English: Network security: private communication in a public world .).
- Principles of proper IT-based accounting systems (GoBS) Germany. Letter from the Federal Ministry of Finance to the highest financial authorities of the federal states dated November 7, 1995
- Information Technology Security Evaluation Criteria (ITSEC) (English, PDF, 374 KiB)
- Online glossary of the Federal Office for Information Security
- Biskup: Security in Computing Systems: Challenges, Approaches and Solutions. 2009, pp. 41-45.
- Kaufman, Perlman, Speciner: Network security: private communication in a public world. 2002, p. 513.