19

I first thought all these terms were synonyms, but I sometimes see those terms used in the same document. For instance, on MSDN:

data origin authentication, which enables the recipient to verify that messages have not been tampered with in transit (data integrity) and that they originate from the expected sender (authenticity).

I don't completely understand how is integrity different from authenticity.

How could it be possible to ensure only authenticity of the sender without data integrity? If an attacker is able to modify the content, how can we trust the sender field to be correct?

Similarly, what does it mean to know that some data has integrity, but not knowing the sender?

To me, it's just a matter of including or not the "Sender" field of the header in the part of the message that's checked for integrity (or authenticity, I'm confused now)

As far as I know, digital signatures solve both integrity an authenticity, maybe that's why I can't see the difference between the two.

Jacques
  • 565
  • 1
  • 5
  • 12

3 Answers3

29

Integrity is about making sure that some piece of data has not been altered from some "reference version". Authenticity is a special case of integrity, where the "reference version" is defined as "whatever it was when it was under control of a specific entity". Authentication is about making sure that a given entity (with whom you are interacting) is who you believe it to be.

In that sense, you get authenticity when integrity and authentication are joined together. If you prefer, authenticity is authentication applied to a piece of data through integrity.

For instance, consider that you use your browser to connect to some https:// Web site. This means SSL. There is authentication during the initial handshake: the server sends its certificate and uses its private key, and the server's certificate contains the server's name; your browser checks that the server's name matches what was expected (the server name part in the URL). Then all the exchanged data is sent as "records" which are encrypted and protected against alteration: this is integrity. Since your browser receives data that is guaranteed unmodified from what it was when it was sent by a duly authenticated server, the data can be said to be "authentic".

Don't overthink things. The terminology is at least half traditional, meaning that it is not necessarily practical. We like to talk about the triad "Confidentiality - Integrity - Authenticity" mostly because it makes the acronym "CIA", which looks cool.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • 6
    Oh OK. But I thought the A stands for availability – Jacques Jul 07 '15 at 13:51
  • 3
    The "triad" has been repurposed several times, depending on who is talking about it. – Thomas Pornin Jul 07 '15 at 14:06
  • 1
    @ThomasPornin: Whether before or after I read your answer, it didn't seem to me like it was possible to have either of these without the other -- meaning that, as far as I can tell, they're synonyms. Like, how can you simultaneously be convinced a message wasn't tampered with after being authored (integrity) if you're unable to certify the identity of its author (authenticity)? Could you give an example of data that has integrity but lacks authenticity? (or vice versa if that's even possible?) – user541686 May 04 '19 at 07:00
  • 2
    Note that "authenticity" is sometimes also referred to as "message authentication" compared to "entity authentication". – Maarten Bodewes Oct 29 '19 at 12:24
  • @user541686 Data that has integrity but lacks authenticity: _any_ trust-on-first-use ("ToFU") publickey cryptosystem! Real-world example: if you blindly accept the public key for an SSH server or self-signed HTTPS server, you _will_ still be protected from tampering by **unthinking acts of God** [integrity] (lightning strike, [bad network hardware](https://dylanbeattie.net/2016/10/25/the-mystery-of-chinese-junk.html), etc.), but you will _not_ be protected from tampering by **intelligent adversaries** [authenticity] who are capable of attaching valid checksums to their fake messages. – JamesTheAwesomeDude Jun 21 '22 at 20:34
0

Looks like there is a good answer already, but let me elaborate on availability versus authentication in the CIA triad. What the "A" stands for changes with context.

Authentication is used if we talk about hardware-based embedded security. When we discuss the crypto primitive functions of a secure element or a full TPM, the "A" stands for "authentication".

Availability is a cybersecurity/information-security(IS) construct. "Available" systems aim to remain available to users at all times, preventing or mitigating service disruptions due to power outages (power backup), hardware failures (redundancy), system upgrades and denial of service attacks.

Embedded security offers information to cybersecurity, which then decides how to act on that information, but any impact on availability from embedded security is, at very best, indirect. Therefore, talking about availability when discussing hardware-based functions, like IPsec, is incorrect.

Dan Ujvari
  • 19
  • 1
  • Although I like the fact that you put in "availability", I don't agree that authentication is only used for hardware based embedded security", and your answer seems to suggest that. The answer also fails to address the problem of entity authentication vs message authentication. Furthermore, *services* that provide e.g. IPSec may definitely be available or not, and I don't see why you can blanket forbid us to talk about it. – Maarten Bodewes Oct 29 '19 at 12:28
0

I will try to answer 'digital signatures solve both integrity and authenticity'.

Digital signatures carry the digital certificate of the sender, which usually is issued to the sender from a certificate authority (CA). The digital certificate validates the identity of the sender, which essentially is ensuring authenticity.

Next, the digital signature associated with the document that is sent contains the hash value of the data. Comparing the received hash value and the calculated hash value proves data integrity. The actual data that is sent, however, goes in an unencrypted form, so it doesn't address confidentiality.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Akhilesh Gupta
  • 163
  • 9