Integrity

Integrity in the context of information security refers to the quality of the information, meaning the information, once generated, should not be tampered with by any unauthorized entities. For example, if a person sends X amount of money to his friend using online banking, and his friend receives exactly X amount in his account, then the integrity of the transaction is said to be intact. If the transaction gets tampered at all in between, and the friend either receives X + (n) or X - (n) amount, then the integrity is assumed to have been tampered with during the transaction.

Common attacks on integrity include:

• Salami attacks: When a single attack is divided or broken into multiple small attacks in order to avoid detection, it is known as a salami attack
• Data diddling attacks: This involves unauthorized modification of data before or during its input into the system
• Trust relationship attacks: The attacker takes benefit of the trust relationship between the entities to gain unauthorized access
• Man-in-the-middle attacks: The attacker hooks himself to the communication channel, intercepts the traffic, and tampers with the data
• Session hijacking: Using the man-in-the-middle attack, the attacker can hijack a legitimate active session which is already established between the entities