fbpx
Wikipedia

Non-repudiation

March 15, 2023

Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract.[1] The term is often seen in a legal setting when the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".[citation needed]

For example, Mallory buys a cell phone for $100, writes a paper cheque as payment, and signs the cheque with a pen. Later, she finds that she can't afford it, and claims that the cheque is a forgery. The signature guarantees that only Mallory could have signed the cheque, and so Mallory's bank must pay the cheque. This is non-repudiation; Mallory cannot repudiate the cheque. In practice, pen-and-paper signatures aren't hard to forge, but digital signatures can be very hard to break.

In security

In general, non-repudiation involves associating actions or changes with a unique individual. For example, a secure area may use a key card access system where non-repudiation would be violated if key cards were shared or if lost and stolen cards were not immediately reported. Similarly, the owner of a computer account must not allow others to use it, such as by giving away their password, and a policy should be implemented to enforce this.[2]

In digital security

In digital security, non-repudiation means:[3]

  • A service that provides proof of the integrity and origin of data.
  • An authentication that can be said to be genuine with high confidence.
  • An authentication that the data is available under specific circumstances, or for a period of time: data availability.[4]

Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash such as SHA2 usually ensures that the data will not be changed undetectably. Even with this safeguard, it is possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Because of this, data integrity is best asserted when the recipient already possesses the necessary verification information, such as after being mutually authenticated.[5]

The common method to provide non-repudiation in the context of digital communications or storage is Digital Signatures, a more powerful tool that provides non-repudiation in a publicly verifiable manner.[6] Message Authentication Codes (MAC), useful when the communicating parties have arranged to use a shared secret that they both possess, does not give non-repudiation. A misconception is that encrypting, per se, provides authentication "If the message decrypts properly then it is authentic" - Wrong! MAC can be subject to several types of attacks, like: message reordering, block substitution, block repetition, .... Thus just providing message integrity and authentication, but not non-repudiation. To achieve non-repudiation one must trust a service (a certificate generated by a trusted third party (TTP) called certificate authority (CA)) which prevents an entity from denying previous commitments or actions (e.g. sending message A to B). The difference between MAC and Digital Signatures, one uses symmetric keys and the other asymmetric keys (provided by the CA). Note that the goal is not to achieve confidentiality: in both cases (MAC or digital signature), one simply appends a tag to the otherwise plaintext, visible message. If confidentiality is also required, then an encryption scheme can be combined with the digital signature, or some form of authenticated encryption could be used. Verifying the digital origin means that the certified/signed data likely came from someone who possesses the private key corresponding to the signing certificate. If the key used to digitally sign a message is not properly safeguarded by the original owner, digital forgery can occur.[7][8][9]

Trusted third parties (TTPs)

To mitigate the risk of people repudiating their own signatures, the standard approach is to involve a trusted third party.[10]

The two most common TTPs are forensic analysts and notaries. A forensic analyst specializing in handwriting can compare some signature to a known valid signature and assess its legitimacy. A notary is a witness who verifies an individual's identity by checking other credentials and affixing their certification that the person signing is who they claim to be. A notary provides the extra benefit of maintaining independent logs of their transactions, complete with the types of credentials checked, and another signature that can be verified by the forensic analyst. This double security makes notaries the preferred form of verification.[citation needed]

For digital information, the most commonly employed TTP is a certificate authority, which issues public key certificates. A public key certificate can be used by anyone to verify digital signatures without a shared secret between the signer and the verifier. The role of the certificate authority is to authoritatively state to whom the certificate belongs, meaning that this person or entity possesses the corresponding private key. However, a digital signature is forensically identical in both legitimate and forged uses. Someone who possesses the private key can create a valid digital signature. Protecting the private key is the idea behind some smart cards such as the United States Department of Defense's Common Access Card (CAC), which never lets the key leave the card. That means that to use the card for encryption and digital signatures, a person needs the personal identification number (PIN) code necessary to unlock it.[citation needed]

See also

References

  1. ^ Li, Zhaozheng; Lei, Weimin; Hu, Hanyun; Zhang, Wei (2019). "A Blockchain-based Communication Non-repudiation System for Conversational Service". 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID). pp. 6–10. doi:10.1109/ICASID.2019.8924991. ISBN 978-1-7281-2458-2. S2CID 209320279.
  2. ^ Christopher Negus (2012). Linux Bible. Wiley. p. 580. ISBN 978-1-118-28690-6.
  3. ^ Non-Repudiation in the Digital Environment (Adrian McCullagh)
  4. ^ Yu, Mingchao; Sahraei, Saeid; Nixon, Mark; Han, Song (18 July 2020). "Coded Merkle Tree: Solving Data Availability Attacks in Blockchains". FC 2020: Financial Cryptography and Data Security: 114–134. doi:10.1145/3318041.3355457. S2CID 204749727.
  5. ^ Chen, Chin-Ling; Chiang, Mao-Lun; Hsieh, Hui-Ching; Liu, Ching-Cheng; Deng, Yong-Yuan (July 2020). "A Lightweight Mutual Authentication with Wearable Device in Location-Based Mobile Edge Computing". Wireless Personal Communications. 113 (1): 575–598. doi:10.1007/s11277-020-07240-2. S2CID 218934756.
  6. ^ Chia, Jason; Chin, Ji-Jian; Yip, Sook-Chin (2021-09-16). "Digital signature schemes with strong existential unforgeability". F1000Research. 10: 931. doi:10.12688/f1000research.72910.1. PMC 9925878. PMID 36798451.
  7. ^ Wu, Wei; Zhou, Jianying; Xiang, Yang; Xu, Li (December 2013). "How to achieve non-repudiation of origin with privacy protection in cloud computing". Journal of Computer and System Sciences. 79 (8): 1200–1213. doi:10.1016/j.jcss.2013.03.001.
  8. ^ "What are the differences between a digital signature, a MAC and a hash?".
  9. ^ Sosin, Artur (2018). "How to increase the information assurance in the information age". Journal of Defense Resources Management. 9 (1): 45–57. ProQuest 2178518357.
  10. ^ Zhou, Jianying; Gollmann, Dieter (1996). Kim, Kwangjo; Matsumoto, Tsutomu (eds.). "Observations on non-repudiation". Advances in Cryptology — ASIACRYPT '96. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer. 1163: 133–144. doi:10.1007/BFb0034842. ISBN 978-3-540-70707-3.

External links

  • "Non-repudiation in Electronic Commerce" (Jianying Zhou), Artech House, 2001
  • 'Non-repudiation' taken from Stephen Mason, Electronic Signatures in Law (3rd edn, Cambridge University Press, 2012)
  • 'Non-repudiation' in the legal context in Stephen Mason, Electronic Signatures in Law (4th edn, Institute of Advanced Legal Studies for the SAS Humanities Digital Library, School of Advanced Study, University of London, 2016) now open source

March 15, 2023
repudiation, refers, situation, where, statement, author, cannot, successfully, dispute, authorship, validity, associated, contract, term, often, seen, legal, setting, when, authenticity, signature, being, challenged, such, instance, authenticity, being, repud. Non repudiation refers to a situation where a statement s author cannot successfully dispute its authorship or the validity of an associated contract 1 The term is often seen in a legal setting when the authenticity of a signature is being challenged In such an instance the authenticity is being repudiated citation needed For example Mallory buys a cell phone for 100 writes a paper cheque as payment and signs the cheque with a pen Later she finds that she can t afford it and claims that the cheque is a forgery The signature guarantees that only Mallory could have signed the cheque and so Mallory s bank must pay the cheque This is non repudiation Mallory cannot repudiate the cheque In practice pen and paper signatures aren t hard to forge but digital signatures can be very hard to break Contents 1 In security 1 1 In digital security 2 Trusted third parties TTPs 3 See also 4 References 5 External linksIn security EditIn general non repudiation involves associating actions or changes with a unique individual For example a secure area may use a key card access system where non repudiation would be violated if key cards were shared or if lost and stolen cards were not immediately reported Similarly the owner of a computer account must not allow others to use it such as by giving away their password and a policy should be implemented to enforce this 2 In digital security Edit In digital security non repudiation means 3 A service that provides proof of the integrity and origin of data An authentication that can be said to be genuine with high confidence An authentication that the data is available under specific circumstances or for a period of time data availability 4 Proof of data integrity is typically the easiest of these requirements to accomplish A data hash such as SHA2 usually ensures that the data will not be changed undetectably Even with this safeguard it is possible to tamper with data in transit either through a man in the middle attack or phishing Because of this data integrity is best asserted when the recipient already possesses the necessary verification information such as after being mutually authenticated 5 The common method to provide non repudiation in the context of digital communications or storage is Digital Signatures a more powerful tool that provides non repudiation in a publicly verifiable manner 6 Message Authentication Codes MAC useful when the communicating parties have arranged to use a shared secret that they both possess does not give non repudiation A misconception is that encrypting per se provides authentication If the message decrypts properly then it is authentic Wrong MAC can be subject to several types of attacks like message reordering block substitution block repetition Thus just providing message integrity and authentication but not non repudiation To achieve non repudiation one must trust a service a certificate generated by a trusted third party TTP called certificate authority CA which prevents an entity from denying previous commitments or actions e g sending message A to B The difference between MAC and Digital Signatures one uses symmetric keys and the other asymmetric keys provided by the CA Note that the goal is not to achieve confidentiality in both cases MAC or digital signature one simply appends a tag to the otherwise plaintext visible message If confidentiality is also required then an encryption scheme can be combined with the digital signature or some form of authenticated encryption could be used Verifying the digital origin means that the certified signed data likely came from someone who possesses the private key corresponding to the signing certificate If the key used to digitally sign a message is not properly safeguarded by the original owner digital forgery can occur 7 8 9 Trusted third parties TTPs EditTo mitigate the risk of people repudiating their own signatures the standard approach is to involve a trusted third party 10 The two most common TTPs are forensic analysts and notaries A forensic analyst specializing in handwriting can compare some signature to a known valid signature and assess its legitimacy A notary is a witness who verifies an individual s identity by checking other credentials and affixing their certification that the person signing is who they claim to be A notary provides the extra benefit of maintaining independent logs of their transactions complete with the types of credentials checked and another signature that can be verified by the forensic analyst This double security makes notaries the preferred form of verification citation needed For digital information the most commonly employed TTP is a certificate authority which issues public key certificates A public key certificate can be used by anyone to verify digital signatures without a shared secret between the signer and the verifier The role of the certificate authority is to authoritatively state to whom the certificate belongs meaning that this person or entity possesses the corresponding private key However a digital signature is forensically identical in both legitimate and forged uses Someone who possesses the private key can create a valid digital signature Protecting the private key is the idea behind some smart cards such as the United States Department of Defense s Common Access Card CAC which never lets the key leave the card That means that to use the card for encryption and digital signatures a person needs the personal identification number PIN code necessary to unlock it citation needed See also EditPlausible deniability Shaggy defense Designated verifier signature Information security Undeniable signatureReferences Edit Li Zhaozheng Lei Weimin Hu Hanyun Zhang Wei 2019 A Blockchain based Communication Non repudiation System for Conversational Service 2019 IEEE 13th International Conference on Anti counterfeiting Security and Identification ASID pp 6 10 doi 10 1109 ICASID 2019 8924991 ISBN 978 1 7281 2458 2 S2CID 209320279 Christopher Negus 2012 Linux Bible Wiley p 580 ISBN 978 1 118 28690 6 Non Repudiation in the Digital Environment Adrian McCullagh Yu Mingchao Sahraei Saeid Nixon Mark Han Song 18 July 2020 Coded Merkle Tree Solving Data Availability Attacks in Blockchains FC 2020 Financial Cryptography and Data Security 114 134 doi 10 1145 3318041 3355457 S2CID 204749727 Chen Chin Ling Chiang Mao Lun Hsieh Hui Ching Liu Ching Cheng Deng Yong Yuan July 2020 A Lightweight Mutual Authentication with Wearable Device in Location Based Mobile Edge Computing Wireless Personal Communications 113 1 575 598 doi 10 1007 s11277 020 07240 2 S2CID 218934756 Chia Jason Chin Ji Jian Yip Sook Chin 2021 09 16 Digital signature schemes with strong existential unforgeability F1000Research 10 931 doi 10 12688 f1000research 72910 1 PMC 9925878 PMID 36798451 Wu Wei Zhou Jianying Xiang Yang Xu Li December 2013 How to achieve non repudiation of origin with privacy protection in cloud computing Journal of Computer and System Sciences 79 8 1200 1213 doi 10 1016 j jcss 2013 03 001 What are the differences between a digital signature a MAC and a hash Sosin Artur 2018 How to increase the information assurance in the information age Journal of Defense Resources Management 9 1 45 57 ProQuest 2178518357 Zhou Jianying Gollmann Dieter 1996 Kim Kwangjo Matsumoto Tsutomu eds Observations on non repudiation Advances in Cryptology ASIACRYPT 96 Lecture Notes in Computer Science Berlin Heidelberg Springer 1163 133 144 doi 10 1007 BFb0034842 ISBN 978 3 540 70707 3 External links Edit Non repudiation in Electronic Commerce Jianying Zhou Artech House 2001 Non repudiation taken from Stephen Mason Electronic Signatures in Law 3rd edn Cambridge University Press 2012 Non repudiation in the legal context in Stephen Mason Electronic Signatures in Law 4th edn Institute of Advanced Legal Studies for the SAS Humanities Digital Library School of Advanced Study University of London 2016 now open source Retrieved from https en wikipedia org w index php title Non repudiation amp oldid 1140412284 In digital security, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.