2. ๏ Non-repudiation is the assurance that someone cannot deny the
validity of something. Non-repudiation is a legal concept that is
widely used in information security and refers to a service, which
provides proof of the origin of data and the integrity of the data. In
other words, non-repudiation makes it very difficult to successfully
deny who/where a message came from as well as the authenticity
and integrity of that message.
3. NON-
REPUDIATION
PRINCIPLES
Non-repudiation requires the creation of artifacts which may be
used to dispute the claims of an entity or organization that denies
being the originator of an action or communication.These artifacts
consist of:
๏ An identity
๏ The authentication of that identity
๏ Tangible evidence connecting the identified party to a particular
communication or action
4. REPUDIATION
ATTACK
๏ When a system or application doesnโt include protocols or controls
for tracking and logging the actions of its users, the system may
be manipulated by malicious intruders, who can forge the
identifying credentials of new actions, which canโt be denied with
certainty.
๏ In a repudiation attack of this type, erroneous data may be fed
into log files, the authoring information of actions on the system
may be altered, and general data manipulation or spoofing may
occur.
5. DIGITAL
SIGNATURES
๏ A digital signature is used to introduce the qualities of uniqueness
and non-deniability to internet communications. Each certificate
is digitally signed by a trusted Certificate Authority or CA, and its
hash value is encrypted with a private key also held by that same
trusted CA.
๏ The sender of a message can use a private key to encrypt the hash
of the document โ giving its digital signature, which is attached to
the document as itโs sent. At the other end, the recipient may
decrypt the digital signature using a public key. By calculating the
hash value of the document and comparing it with the documentโs
decrypted digital signature (which is also the hash value of the
document), the two may be compared to confirm that they
match.
6. ๏ With this match established, the recipient is able to confirm who
the sender of the message actually is, and which particular
message was actually sent. Digital signatures ensure that a
document or message has actually been signed by the person who
claims to have signed it. In addition, a digital signature can only be
created by one person โ so that person canโt later deny having
been the originator of the transmission.