Chapter 5

The Art of Ensuring Integrity

Types of Data Integrity Controls: Hashing Algorithms

 Hashing is a tool that ensures data integrity by taking binary data (the message) and producing a
fixed-length representation called the hash value or message digest.

 Hashing is a one-way mathematical function that is relatively easy to compute, but significantly
harder to reverse. Grinding coffee beans is a good analogy of a one-way function. It is easy to
grind coffee beans, but it is almost impossible to put all of the tiny pieces back together to
rebuild the original beans.

A cryptographic hash function has the following properties:

• The input can be any length.

• The output has a fixed length.

• The hash function is one way and is not reversible.

• Two different input values will always result in different hash values.

There are many modern hashing algorithms widely used today. Two of the most popular are MD5 and
SHA.

 Message Digest 5 (MD5) Algorithm - is a hash algorithm developed by Ron Rivest that produces
a 128-bit hash value.

 Secure Hash Algorithm (SHA) – was developed by the U.S. National Institute of Standards and
Technology (NIST) and can be implemented in different strengths:

 SHA-224 (224 bit)

 SHA-256 (256 bit)

 SHA-384 (384 bit)

 SHA-512 (512 bit)

Types of Data Integrity Controls: Salting

 Salting is used to make hashing more secure. If two users have the same password, they will also
have the same password hashes. A salt, which is a random string of characters, is an additional
input to the password before hashing.

 This creates a different hash result for the two passwords as shown in the figure. A database
stores both the hash and the salt.

Types of Data Integrity Controls: HMAC

 HMACs strengthens hashing algorithms by using an additional secret key as input to the hash
function.

 The use of HMAC goes a step further than just integrity assurance by adding authentication.

 An HMAC uses a specific algorithm that combines a cryptographic hash function with a secret
key, as shown in the figure.
Digital Signatures

Signatures and the Law

• Digital signatures provide the same functionality as handwritten signatures for electronic
documents.

• A digital signature is used to determine if someone edits a document after the user signs it.

• A digital signature is a mathematical method used to check the authenticity and integrity of a
message, digital document, or software.

• In many countries, digital signatures have the same legal importance as a manually signed
document.

• Digital signatures also provide repudiation.

How Digital Signature Technology Works

Asymmetric cryptography is the basis for digital signatures. A public key algorithm like RSA generates
two keys: one private and the other public. The keys are mathematically related.

Certificates

The Basics of Digital Certicates

 A digital certificate is equivalent to an electronic passport.

 Digital certificates enable users, hosts, and organizations to exchange information securely over
the Internet.

 A digital certificate authenticates and verifies that users sending a message are who they claim
to be.

 Digital certificates can also provide confidentiality for the receiver with the means to encrypt a
reply.

 Constructing a Digital Certificate

Digital certificate must follow a standard structure so that any entity can read and understand it
regardless of the issuer.

 TheX.509 is the standard for construction of digital certificates and the public key infrastructure
(PKI) used to manage digital certificates.

 PKI is the policies, roles, and procedures required to create, manage, distribute, use, store, and
revoke digital certificates.
Database Integrity Enforcement

 Databases provide an efficient way to store, retrieve, and analyze data.

 As data collection increases and data becomes more sensitive, it is important for cybersecurity
professionals to protect the growing number of databases.

 Data integrity refers to the accuracy, consistency, and reliability of data stored in a database.

The four database integrity rules or constraints are as follows:

 Entity Integrity: All rows must have a unique identifier called a Primary Key.

 Domain Integrity: All data stored in a column must follow the same format and definition.

 Referential Integrity: Table relationships must remain consistent. Therefore, a user cannot
delete a record which is related to another one.

 User-defined Integrity: A set of rules defined by a user which does not belong to one of the
other categories. For example, a customer places a new order. The user first checks to see if this
is a new customer. If it is, the user adds the new customer to the customers table.

Database Integrity Enforcement: Database Validation

A validation rule checks that data falls within the parameters defined by the database designer. A
validation rule helps to ensure the completeness, accuracy and consistency of data. The criteria used
in a validation rule include the following:

 Size – checks the number of characters in a data item

 Format – checks that the data conforms to a specified format

 Consistency – checks for the consistency of codes in related data items

 Range – checks that data lies within a minimum and maximum value

 Check digit – provides for an extra calculation to generate a check digit for error detection.
Database Integrity Requirements

 Maintaining proper filing is critical in maintaining the trustworthiness and usefulness of the data
within the database.

 Tables, records, fields, and data within each field make up a database.

 In order to maintain the integrity of the database filing system, users must follow certain rules.

 Entity integrity is an integrity rule, which states that every table must have a primary key and
that the column or columns chosen to be the primary key must be unique and not NULL.

 Null in a database signifies missing or unknown values. Entity integrity enables proper
organization of data for that record.
 Another important integrity check is referential integrity which deals with foreign keys. A foreign
key in one table references a primary key in a second table. The primary key for a table uniquely
identifies entities (rows) in the table. Referential integrity maintains the integrity of foreign keys.

 Domain integrity ensures that all the data items in a column fall within a defined set of valid
values. Each column in a table has a defined set of values, such as the set of all numbers for
credit card numbers, social security numbers, or email addresses. Limiting the value assigned to
an instance of that column (an attribute) enforces domain integrity. Domain integrity
enforcement can be as simple as choosing the correct data type, length and or format for a
column.