I have read that a symmetric key cannot guarantee non-repudiation, but in Mark Stamp's book "Information Security: Principles and practice", he gives this strong mutual authentication protocol:
This protocol uses symmetric key, so my question is: This protocol can guarantee non-repudiation although it uses a symmetric key?
while reading the chapter it wasn't completely clear about this.
Thank you in advance for all your answers.
I think this depends on whether the sender and receiver can both be fully trusted not to reveal or misuse the key.
A secret known by more than one entity is less of a secret.
So to have a guarantee, you would need to fully trust both ends. Which kind of undermines the concept of non-repudiation rather.
I believe that ISO 13888-2 provides some workarounds for the idea of non-repudiation for symmetric key systems, I think it requires trusted 3rd parties to be involved though.
So I think that you can see that non-repudiation is generally rather more robust when using asymmetric keys.
