Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Assurance that data was not altered in transit, verified with hashes, HMACs, or digital signatures; a core CIA-triad property distinct from confidentiality.
Message Integrity Definition: Assurance that data was not altered in transit, verified with hashes, HMACs, or digital signatures; a core CIA-triad property distinct from confidentiality.
Message Integrity is the assurance that data has not been altered, corrupted, or tampered with between sender and recipient. It guarantees that what arrives is exactly what was sent, preserving accuracy and trustworthiness. Integrity is one of the three pillars of the CIA triad (confidentiality, integrity, availability) and is achieved with cryptographic mechanisms, not encryption alone.
It works by computing a fixed-length value over the message and verifying it on receipt. A cryptographic hash function (such as SHA-256) detects accidental changes, but a plain hash does not stop an attacker who can modify both the message and its hash. To resist deliberate tampering, systems use a Message Authentication Code, typically an HMAC, which mixes a shared secret key into the hash so only parties holding the key can produce a valid tag. Digital signatures go further, using asymmetric keys to provide integrity plus authentication and non-repudiation. The recipient recomputes the value and compares; any mismatch means the message was altered.
Message integrity matters because confidentiality without integrity is incomplete: encrypted data can still be tampered with or replayed, and an attacker who alters a financial transaction, software update, or command can cause serious harm even without reading the contents. Integrity verification underpins secure protocols (TLS, IPsec), signed software updates, and secure messaging. Notably, encryption does not by itself guarantee integrity, which is why authenticated encryption modes like AES-GCM combine both.
For example, a software vendor publishes an installer along with an HMAC or digital signature. When a user downloads it, their system recomputes the value and checks it against the published one. If an attacker performing a man-in-the-middle attack injected malware into the download, the recomputed value would not match the signature, and the system would reject the file, preventing a compromised installer from running.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →