Categories
IT Security

Non-Repudiation

What is Non-Repudiation?

Non-repudiation means that a user cannot deny (repudiate) having performed a transaction. Non-repudiation is a regulatory notion commonly used in cybersecurity which refers to the service that confirms the origin and integrity of data. This assures that no party can deny sending or receiving a communication using encryption and digital signatures. It also cannot contest the legitimacy of its digital signature on a document. Non-repudiation comprises authentication, auditing, and logging services, and can be accomplished through the digital signing of log data as a checksum during collection or through the use of secured digital media.

To establish complete data integrity and assurance that the data was not altered or forged, the following methods may be used:

Asymmetric encryption/public key cryptography. In order to avoid an encoded data and secret key being intercepted by a third party, cryptologists have devised a “public key” system where every user has two keys, one being a public key and the other, a private key. A sender requests their intended recipient’s public key, and then they send along their encrypted data. Upon receiving the data, the intended recipient’s private key decodes it. Since the private key is inaccessible to others, both the sender and the recipient can be confident that the data was not altered or forged.

Digital signatures. Digital signatures can be used to validate the authenticity of data while tying it to a specific user or organization and it can also provide timestamps.

Digital certificates. Public key infrastructure (PKI) must be implemented to manage the encryption system and audit logs. PKI can issue digital certificates referred to as Certification Authority (CA) to confirm the owners of each public and private key.

Non-repudiation can be used in the following areas:

Online transactions. Digital signatures in online transactions guarantee that a party cannot dispute the transaction or the legitimacy of its signature.

Cryptography. Message authentication code (MAC) is used to authenticate messages or to certify that the message originated from the specified sender and was not altered or forged en route.

Data audit logs. A digital signature suppled in a hash algorithm is computed against the log file at the time of collection; the output of this computation is a checksum that verifies the files have not been manipulated.

E-commerce. Non-repudiation is implemented to aid in conflict resolutions by giving confirmation that data was received and recognized by the receiver.

B2B transactions. Non-repudiation allows businesses to verify that they received or sent data to/from another business if the other business denies the transaction. Non-repudiation includes both non-repudiation of received or sent data and non-repudiation of receipts issues after data is received.