Wikia

The IT Law Wiki

Nonrepudiation

Talk0
28,650pages on
this wiki

Definitions Edit

Computer security Edit

Nonrepudiation means:

the assurance that the sender is provided with proof of delivery and that the recipient is provided with proof of the sender’s identity so that neither can later deny having processed the data.[1]
[t]he use of audit trails or secure messaging techniques to ensure the origin and validity of source and destination targets (i.e., senders and recipients of information cannot deny their actions).[2]
[a] service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e., the signatory).[3]
[a] technique used to ensure that someone performing an action on a computer cannot falsely deny that they performed that action. Nonrepudiation provides undeniable proof that a user took a specific action, such as transferring money, authorizing a purchase, or sending a message.[4]

Contract law Edit

Non-repudiation means that a party to a contract cannot deny the authenticity of their signature on a document.

Data Edit

Non-repudiation is

[a] property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.[5]

Overview (Computer security) Edit

Non-repudiation provides protection against an individual falsely denying having performed a particular action. It provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. For example, non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document.

A mechanism that provides a non-repudiation service is a digital signature combining public key cryptography and a timestamp with the message to be secured.

Vulnerabilities Edit

Nonrepudiation relies on the assumption that the signer alone has access to the private key and password. However, an attacker can use malware to potentially subvert the computer on which the private key and password is stored and hijack the signing process without the knowledge or authorization of the owner of the key. In this way, the nonrepudiation mechanism can be subverted.

References Edit

  1. Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, at 73. See also National Telecomm. Info. Sys. Security Instructions (NSTISSI) 4009.
  2. Tax Information Security Guidelines For Federal, State and Local Agencies, at 154.
  3. Digital Signature Standard (DSS) 3 (FIPS 186-3) (June 2009).
  4. Privacy Technology Focus Group Final Report, App. B, at 57.
  5. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).

See also Edit

Around Wikia's network

Random Wiki