Ensuring Integrity is an Art

Integrity ensures that data remains unchanged and trustworthy. It is therefore an art to maintain the design, implementation and usage of any system that stores, processes, or transmits data. 

How do we create a digital signature? A code signing is a method of verifying code integrity. Digital signatures and certificates incorporates the data integrity controls to provide users a way of verifying the authenticity of messages and documents.

The the step by step process for creating a digital signature must take the following steps.

  1. The message and message digest are created.
  2. The digest and private key of the sender are encrypted.
  3. The message, encrypted message digest, and public key are bundled to create the signed document.

Hashing is a method to ensure integrity and ensures that the data is not changed. So for example a user has created a new program and wants to distribute it to everyone. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. The user can ensure that the program has not changed when downloaded by hashing. The hashing function can be applied when IPsec is being used (i.e. for inbound external connections) this is how VPN (virtual private network), operate, when routing authentication is enabled, in challenge responses within protocols such as PPP CHAP ( Challenge-Handshake Authentication Protocol). HMAC provides the additional feature of a secret key to ensure integrity and authentication.

  • Within digitally signed contracts and PKI certificates

Two common methods of cracking hashes are dictionary and brute force. Given time, the brute force method will always crack a password.

Salting prevents someone from using a dictionary attack to guess a password. A password is stored as a combination of both a hash and a salt. Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is one way (and the best way) to generate salt. Salting needs to be unique and not reused. Having the opposite will cause passwords to be cracked easily.

The key elements needed to implement HMAC (keyed-hash message authentication code) are a secret key and message digest. 

There are three major database integrity requirements that the database administrator of a company should be aware of and design: entity, referential, and domain integrity. The entity integrity rule states that every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not null.  A well-controlled and well-defined data integrity system increases the stability, performance, and maintainability of a database system.

Comments