It’s important to recognize that these basic security services are all essentially different, even though on first encounter they may seem similar.

Data origin versus data integrity

Data origin authentication is a stronger notion than data integrity.

In other words, if we have data origin authentication, then we must also have data integrity (but not necessarily the other way around). To understand why data origin authentication would be meaningless without data integrity, suppose Alice has sent us some data. If we have no data integrity, then we cannot be sure that the data received hasn’t been changed by an attacker in transit. The actual data we received might therefore have come from the attacker and not from Alice.

How could we possibly claim to have data origin authentication from Alice in this case? We have thus tied ourselves in a logical knot. Therefore, data origin authentication can only be provided if data integrity is also provided.

It can be helpful to think of data origin authentication as a stronger version of data integrity. More precisely, data origin authentication is data integrity with the extra property of assurance of the identity of the original source of the data.

Get hands-on with 1200+ tech skills courses.