World Library  
Flag as Inappropriate
Email this Article


Article Id: WHEBN0000052491
Reproduction Date:

Title: Non-repudiation  
Author: World Heritage Encyclopedia
Language: English
Subject: Public-key cryptography, Information security, Digital signature, Computer security, Information assurance
Publisher: World Heritage Encyclopedia


Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".

In security

In a general sense non-repudiation involves associating actions or changes to a unique individual. For a secure area, for example, it may be desirable to implement a key card access system. Non-repudiation would be violated if it were not also a strictly enforced policy to prohibit sharing of the key cards and to immediately report lost or stolen cards. Otherwise determining who performed the action of opening the door cannot be trivially determined. Similarly, for computer accounts, the individual owner of the account must not allow others to use that account, especially, for instance, by giving away their account's password, and a policy should be implemented to enforce this. This prevents the owner of the account from denying actions performed by the account.[1]

In digital security

Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:[2]

  • A service that provides proof of the integrity and origin of data.
  • An authentication that can be asserted to be genuine with high assurance.

Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash, such as SHA2, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the recipient already possesses the necessary verification information.

The most common method of asserting the digital origin of data is through digital certificates, a form of public key infrastructure, to which digital signatures belong. Note that the public key scheme is not used for encryption in this form, confidentiality is not achieved by signing a message with a private key (since anyone can obtain the public key to reverse the signature). Verifying the digital origin means that the certified/signed data can be, with reasonable certainty, trusted to be from somebody who possesses the private key corresponding to the signing certificate. If the key is not properly safeguarded by the original owner, digital forgery can become a major concern.

Trusted third parties (TTPs)

The ways in which a party may attempt to repudiate a signature present a challenge to the trustworthiness of the signatures themselves. The standard approach to mitigating these risks is to involve a trusted third party.

The two most common TTPs are forensic analysts and notaries. A forensic analyst specializing in handwriting can look at a signature, compare it to a known valid signature, and make a reasonable assessment of the legitimacy of the first signature. A notary provides a witness whose job is to verify the identity of an individual by checking other credentials and affixing their certification that the party signing is who they claim to be. Further, a notary provides the extra benefit of maintaining independent logs of their transactions, complete with the type of credential checked and another signature that can independently be verified by the preceding forensic analyst. For this double security, notaries are the preferred form of verification.

On the digital side, the only TTP is the repository for public key certificates. This provides the recipient with the ability to verify the origin of an item even if no direct exchange of the public information has ever been made. The digital signature, however, is forensically identical in both legitimate and forged uses - if someone possesses the private key they can create a "real" signature. The protection of the private key is the idea behind the United States Department of Defense's Common Access Card (CAC), which never allows the key to leave the card and therefore necessitates the possession of the card in addition to the personal identification number (PIN) code necessary to unlock the card for permission to use it for encryption and digital signatures.

See also


  1. ^ Negus, Christopher (2012). Linux Bible. Contributions by Christine Bresnahan. John Wiley & Sons. p. 580.  
  2. ^ Non-Repudiation in the Digital Environment (Adrian McCullagh)

External links

  • "Non-repudiation in Electronic Commerce" (Jianying Zhou), Artech House, 2001
  • 'Non-repudiation' taken from Stephen Mason, Electronic Signatures in Law (3rd edn, Cambridge University Press, 2012)
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.