Nonrepudiation

1
Non-repudiation
2
Non-repudiation

• And they heard the voice of the Lord God walking
  in the garden in the cool of the day and Adam
  and his wife hid themselves from the presence of
  the trees of the garden. And the Lord God called
  unto Adam, and said unto him, Where art thou?
• Adam, the first man who attempted to repudiate in
  front of the God

3
Non-repudiation

• An attribute of a communication which protects
  against a party to the communication denying that
  it occurred
• Has legal and practical effect
• Electronic commerce cannot be considered truly
  secure without effective non-repudiation

4
Types of Non-Repudiation

• Non-repudiation of origin
• Non-repudiation of delivery
• Non-repudiation of submission

5
Non-repudiation in the digital environment

• Will we have enough non-repudiation to persuade
  the third party (e.g. judge, jury, or arbitrator)
  that is the ultimate authority in the applicable
  dispute resolution process?
• More than just authentication and data integrity
• The ability to prove to a third party and after
  the fact that a specific communication originated
  with, was submitted by, or was delivered to a
  certain person

6
Comparison between authentication, integrity, and
non-repudiation

• Traditional signed writing delivered via postal
  mail signature, sealed envelop, postmark.
• Unprotected digital message with a symbolic
  signature
• Digitally signed message

7
Non-repudiation of origin

• Protect recipients by providing proof sufficient
  to resolve the dispute of whether a particular
  party originated a particular data item at a
  particular time
• Nola received an order from Fred through email.
• Nola shipped the order on the same day
• Fred returned the shipment and denied that he had
  sent an order
• The evidence Nola needs to achieve
  non-repudiation is

8
Non-repudiation of delivery

• Protect senders by providing proof sufficient to
  resolve the dispute of whether a particular party
  received a particular data item at particular
  time
• Vera place an order on Garys web site for an
  incredible price
• Vera did not receive shipment in two weeks
• Gary claimed he did not receive any order from
  Vera.
• What evidence Vera needs to get from Gary?

9
Non-repudiation of submission

• Prevents or resolves disagreement as to whether a
  particular party submitted a particular data item
  on particular time.
• When timing is significant to its legal effect
• A variant of non-repudiation of delivery

10
Non-repudiation services

• Service request
• Evidence generation
• Evidence transfer
• Evidence verification
• Evidence retention

11
Service request

• One or more parties involved must somehow agree,
  prior to its origination and delivery, to utilize
  non-repudiation services and to generate the
  necessary evidence for non-repudiation
• Who should be the service requestor?

12
Evidence generation

• Evidence generation documents the transaction or
  receipt of a primary communication in conjunction
  with its actual transmission or receipt.
• Who should be the evidence generator?

13
Evidence transfer

• The evidence generator must transfer the evidence
  to the party who may ultimately need to use it.
• The principal participants may utilize trusted
  third parties to receive evidence.

14
Evidence verification

• The service requestor must verify that the
  evidence supplied is sufficient to provide
  support for non-repudiation in the event a
  dispute arises.
• Normal process rather than a consequence of a
  dispute

15
Evidence retention

• The evidence should be retained by service
  requestor or a trusted third party

16
Non-repudiation of origin

• Originators digital signature
• Digital signature of a trusted third party
• Digital signature of a trusted third party on
  digest
• Trusted third-party token
• In-line trusted third party
• Mechanism combinations

17
Originators digital signature
18
Trusted Third party signature
19
Trusted Third Party Token
20
In-line Trusted Third Party Evidence stored
21
In-line Trusted Third Party Evidence Forwarded
22
Non-repudiation of delivery

• Recipient acknowledgment with signature
• Recipient acknowledgment with token
• Trusted delivery agent
• Progressive delivery reports

23
Non-repudiation Delivery -Recipients signature
24
Non-repudiation of submission

• Applies when messages are transported by a third
  party
• USA Immigration Lottery - Registration
  AuthorityLive and work in USA. Instant online
  registration for Green Card Lottery. Applications
  processed all year. Free information, simple
  application, professional service, low fees.
  Apply now!URL http//www.usa-green-card.com
  (Cost to Advertiser 0.60)

25
Trusted Third Parties

• Atrusted third party is an independent, unbiased
  party that contributes to the ultimate security
  and trustworthiness of computer-based information
  transfers
• Public-key certification
• Identity confirmation
• Time-stamping
• Evidence retention
• Delivery intermediation
• Disputer resolution

26
Required attributes of trusted third parties

• Independence
• Neutrality
• Reliability
• Acceptance by all participants

27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
(No Transcript)
32
Timestemped log
33
(No Transcript)
34
(No Transcript)
35
Notaries

• Notaries may not technology-based
• Taking an acknowledgement
• Taking a verification
• Witnessing or attesting a signature
• Certifying or attesting a copy of a document
• Making a protest

36
Complexity and difficulty

• While non-repudiation seems simple to explain and
  understand, in reality providing a full and
  complete non-repudiation service is a complex and
  difficult undertaking even for the most seasoned
  security professional.
• Full non-repudiation is a two-way street.Both
  parties in the transaction must be protected by
  the non-repudiation services.

37
Full non-repudiation for both parties

• All parties must be identified and authenticated
• All parties must be authorized to perform the
  functions required
• The integrity of the transaction content must be
  intact throughout the entire process
• Certain transaction information needs to be
  confidential for authorized users only
• All transactions must be fully audited"

38
Dispute Resolution

• Retrieval of the non-repudiation evidence
• Presentation of the evidence to the parties
• Presentation of the matter before the arbiter of
  the dispute
• Decision

39
Dispute Resolution

• Technology-based evidencepublic key technology
  helps to reduce the burden of proof
• Expert testimony regarding technology-based
  evidence

40
Online dispute resolution services

• Nova Forum
• Square Trade
• Internet Neutral
• Online Resolution
• All Settle
• Smart Settle

41
NovaForum
42
Square Trade
43
Internet Neutral
44
Online Resolution
45
Neutrals List
46
Mediator
47
A Resolution Room
48
Smart Settle
49
Application problems

• Non-repudiation in auction
• Non-repudiation in election
• Agreement though mouse click

50
(No Transcript)