Data integrity
The data integrity service detects whether there has been unauthorized modification of data.
There are two ways in which data might be altered: accidentally, through hardware and transmission errors, or because of a deliberate attack. Many hardware products and transmission protocols have mechanisms to detect and correct hardware and transmission errors. The purpose of the data integrity service is to detect a deliberate attack.
The data integrity service aims only to detect whether data has been modified. It does not aim to restore data to its original state if it has been modified.
Access control mechanisms can contribute to data integrity insofar as data cannot be modified if access is denied. But, as with confidentiality, access control mechanisms are not effective in a networking environment.
Data integrity in IBM MQ
- You can use TLS to detect whether the contents of a message have been deliberately modified
while it was being transmitted over a network. In TLS, the message digest algorithm provides
detection of modified messages in transit.
All IBM MQ CipherSpecs provide a message digest algorithm, except for TLS_RSA_WITH_NULL_NULL, which does not provide message data integrity.
IBM MQ detects modified messages upon receiving them; on receiving a modified message, IBM MQ an AMQ9661 error message is written to the error log and the channel stops.
- While messages are stored on a local queue, the access control mechanisms
provided by IBM MQ might be considered sufficient to
prevent deliberate modification of the contents of the messages.
However, for a greater level of security, you can use Advanced Message Security to detect whether the contents of a message have been deliberately modified between the time the message was put on the queue and the time it was retrieved from the queue.
If a modified message is detected, the application attempting to receive the message receives a MQRC_SECURITY_ERROR (2063) return code. If the application is using an MQGET call, the message is also moved to the SYSTEM.PROTECTION.ERROR.QUEUE queue.