Data Integrity is a #Security Mechanism that used to ensure the Integrity# of a data unit or stream of data units.
Data Integrity
- Security Mechanism
-
Message Authentication Code (MAC)
MAC is a technique generates a small fixed-size block of data, using a secret key shared between sender and receiver(Symmetric Cryptography#), that will append to the message. It provides Security Services# such as Data Integrity# and data origin authentication# (whether the message is sent by the claimed sender).
-
Integrity
Integrity is a measure on whether how complete (remained unaltered) the received message itself is, as it would be the same or highly similar as the one that being sent. By further utilising encryption#, Digital Signature# and Data Integrity#, it could be used to counter Replay Attack# and Modification#
-
IP Security (IPsec)
The data encapsulation is done by two extension headers (append to the IP header): Authentication Header (AH) and Encapsulating Security Payload (ESP), defined by RFC 4303 and RFC 4302 respectively. AH provides Access Control#, Authentication# (including the IP Address#) and Connectionless Data Integrity# services using Message Authentication Code (MAC# /HMAC) where both parties must share secret key. It guards against address spoofing attacks and Replay Attack. ESP provides Confidentiality# services over message contents and traffic flow (but limited) and optionally support Access Control# services like in AH using MAC. It can also guard against Replay Attack#. The users can design which kind of ciphers, modes, and padding to be used in ESP. The IPsec could be set up to have AH only or ESP only or both.
-
Availability
Availability is the ability of the loss or a reduction in accessibility of elements of a distributed system. By proper use of Data Integrity# and Authentication Exchange#, it could counter Denial of Service (DoS)#.