What is the purpose of nonrepudiation techniques?

Highlights

•

We define two security goals of the non-repudiation of origin: NRO-I and NRO-II.

We show that the (strongly) existential unforgeability of digital signatures is not sufficient to provide NRO-II.

We define the privacy of message sender in communication protocols with non-repudiation of origin.

We describe a communication protocol where the non-repudiation of origin and the privacy of message originator co-exist.

Abstract

This paper studies a security issue in cloud computing: non-repudiation of origin (NRO) with privacy protection on message originator. We first define two concrete goals of NRO: NRO-I and NRO-II. Both notions are inspired by the non-repudiation service we can have by using traditional handwritten signatures as the evidence of origin. Then we show that existentially unforgeable digital signatures can provide NRO-I but not always NRO-II, by giving a counterexample. Another contribution of this paper is a communication protocol accommodating non-repudiation of origin and privacy of message originator. Our protocol satisfies NRO-I and NRO-II, and the recipient is unable to convince any other entities about the identity of message originator. The essence of our protocol is a designated verifier signature scheme with unforgeability against the designated verifier.

Keywords

Security

Non-repudiation

Privacy

Protocol

Copyright © 2013 Elsevier Inc. All rights reserved.

The non-repudiation principle is the assumption that the owner of a signature key pair that is capable of generating the signature for certain data does not be able convincingly deny signing it.

what is non repudiation in network security - Related Questions

What is non-repudiation with example?You agree not to repudiate a contract when you make it nonrepudiable. If you sign a (legal) contract using a pen, you are using a nonrepudiation device because you will never be able to later disagree with the terms of the contract or deny ever taking part in it.

What is repudiation in security?In a repudiation attack, an application or system is incapable of properly tracking and logging its user's actions, which leads to malicious manipulations or forged actions being identified. In such cases, log files may contain inaccurate or misleading data.

What is the purpose of non-repudiation techniques?This allows data to be proved reliable, authentic, and unaltered. Senders can be assured that their messages have been delivered, and recipients can be assured that their identities were verified. no one can claim to have been misleading about a message's delivery, reception, or processing.

How do you provide non-repudiation?For example, the signature and accompanying documents of registered mail can be non-repudiation methods (in which the recipient cannot claim he has not received the court summons from the utility company), or the presence of witnesses at a signing ceremony.

Which security mechanism assures the non-repudiation?With nonrepudiation you can have authentication, auditing, and logging. They are all achieved through cryptography, like digital signatures. Digital signatures entail the protection of parties from later denying the legitimacy of their signings or denigrating the authenticity of information they have sent on the Internet.

Does TLS provide non-repudiation?TLS, on the other hand, does not provide non-repudiation for the exchanged messages - because the Message Authentication Codes are generated with the help of a shared, symmetric key, a sender of the message can certainly deny sending the message.

What is the meaning of non-repudiation?A guarantee that the sender of information has proof of delivery, and the receiver of the information has proof of its source, so neither can claim on the spot that the information was sent.

What is non-repudiation attack?A non-repudiation statement is one in which an author cannot effectively dispute his or her authorship. The term is often used in a legal context when attempting to prove the authenticity of a signature. It is a rejection of authenticity in such a case.

What is repudiation in cyber security?The description. In a repudiation attack, an application or system is incapable of properly tracking and logging its user's actions, which leads to malicious manipulations or forged actions being identified.

What is the difference between non-repudiation and authenticity?While there are mechanisms to gain authenticity (only), these are vastly more efficient than the known methods to obtain signatures (authenticity can be achieved with a Message Authentication Code, while non-repudiation requires a Digital Signature with a wealth of mathematics and algorithms).

Which are repudiation threat?An apology. Threats of repudiation usually occur when users deny any actions they have performed, but otherwise have no way of proving otherwise - such as when a user performs an illegal operation without being able to trace it.

Why is non-repudiation so important?A nonrepudiation agreement assures the sender of data that a proof of delivery and proof of identity will be provided to the recipient, so neither party can dispute the data's processing. (adsbygoogle = window.adsbygoogle || []).push({});

What is the difference between non-repudiation and authentication?It is important to distinguish between authentication and non-repudiation. Technically, authentication is a concept. As an example, cryptography can be used to solve it. The non-repudiation of an agreement is a legal concept. Legal and social processes (with the help of technology, perhaps) are the only ways to resolve them, e.g.

How can we avoid non-repudiation?Digital signatures and secure envelopes are both methods used to generate nonrepudiation evidence. With a secure envelope, you can assure that your messages are secure and are not intercepted based on a shared secret key between communications.

What is non-repudiation in cyber security?When a digital signature is applied correctly, it can offer certain services. The non-repudiation principle is the assumption that the owner of a signature key pair that is capable of generating the signature for certain data does not be able convincingly deny signing it.

Why is the issue of repudiation so important in e business?a key aspect of mobile business and mobile commerce, as it enables sufficient evidence for parties to prove that their involvement in a transaction was genuine. Based on this analysis, we can determine which mobile signature solutions can be considered legal equivalents to handwriting.

Why non-repudiation integrity and confidentiality is important?Messages and transactions are only deemed to be safe when they have been maintained in their integrity. When non-repudiation is in place, each message or transaction is confirmed and cannot be disputed once it has been transmitted.

What is the non-repudiation service?A non-repudiation is an assurance that you can't deny the validity of a statement. This is a legal concept that can be found in information security and relates to a service that provides proof of the origin of information and its integrity.

What is non-repudiation example?You agree not to repudiate a contract when you make it nonrepudiable. Specifically, ute responsibility. A signature serves as proof of nonrepudiation, such as when you sign a contract with a pen.

Which key provides non-repudiation?The use of digital signatures ensures non-repudiation of transactions. A private key can be stolen, compromising security. So it's important to store private keys on smart cards to minimize the risk of theft.

[starbox]