Tuesday, November 11, 2008

What is nonrepudiation?

What is nonrepudiation?

To repudiate is, according to Merriam-Webster's dictionary:

  1. to divorce or separate formally from (a woman)
  2. to refuse to have anything to do with : disown
  3. a: to refuse to accept ; especially : to reject as unauthorized or as having no binding force b: to reject as untrue or unjust
  4. to refuse to acknowledge or pay
Nonrepudiation, when in comes to Security, or especially to security in a
networking environment is, according to Wikipedia:
Non-repudiation is the concept of ensuring that a party in a dispute cannot repudiate, or refute the validity of a statement or contract. Although this concept can be applied to any transmission, including television and radio, by far the most common application is in the verification and trust of signatures.
In regard to digital security, the cryptological meaning and application of non-repudiation shifts to mean:[1]

  • A service that provides proof of the integrity and origin of data.
  • An authentication that with high assurance can be asserted to be genuine.

Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash or checksum, such as MD5 or CRC, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the recipient already possesses the necessary verification information.

The most common method of asserting the digital origin of data is through digital certificates, a form of public key infrastructure to which digital signatures belong. They can also be used for encryption. It is important to note that the digital origin only means that the certified/signed data can be, with reasonable certainty, trusted to be from somebody who possesses the private key corresponding to the signing certificate. If the key is not properly safeguarded by the original owner, digital forgery can become a major concern.

No comments:

Post a Comment