2

Can anyone explain precisely the term of non-repudiation of content (eg. of email)? What sort of security requirement is used to combat this? Perhaps a digital signature?

This is how I understand the concept:

If the nurse emailed a critical information about a patient to the hospital, the hospital admin staff need to be able to prove about the content of the email in any time. This would be useful if the nurse happens to make a mistake about the condition of the patient, which results in a death of the patient.

Does this sound correct?

Best
  • 133
  • 1
  • 7

5 Answers5

8

There are 4 basic principles used in cryptography:

  1. confidentiality
  2. integrity
  3. authenticity
  4. non-repudiation.

I will not go through the mathematical aspects involved, instead I will try to offer a more general description. Confidentiality is assured by the encrypting of data, integrity and authenticity are assured by a signed digest and non-repudiation is assured by the linking of the above operations to a digital certificate.

The owner of the certificate is responsible for every action performed using that certificate.

The best example I can think of right now for non-repudiation is that of the law of digital signature. This law states that a digital signature is in every way equivalent to the signature made by hand by a person. Usually, a trusted time source is also involved, so that the time of the signing is also trusted.

All these ensure the fact that if you digitally sign the document, you cannot deny the signing, because of the fact you are the owner of the certificate and because there is a trusted time reference. It is the same as signing a contract for a loan at the bank. You cannot say you were not the one that agreed to the contract, because they have the proof (the handwritten signature).

Dinu
  • 3,166
  • 14
  • 25
  • Thanks for the clarification! My answer was mostly based in Bruce Schneier's paper, in which he criticizes the linking of the cryptographic concept of non-repudiation with the legal concept of the same name. That paper is from 2000 so the legal info might be outdated, but the fact is not every jurisdiction assumes something signed by a digital certificate is non-repudiable. I tried to reflect that in my answer, but the example might have sounded a little weird (what I meant was: even if the nurse had a certificate and the hospital received an e-mail signed by it, it might still be repudiable). – mgibsonbr Jan 11 '13 at 14:12
6

"Non-repudiation" is a legal concept which means that you cannot successfully claim not being the source of a given piece of data. Laws for that vary quite a lot around the World, and they tend to change over time, too.

One powerful tool for non-repudiation is digital signatures. Digital signatures do not provide non-repudiation immediately, no more that the wheel provides the car; yet, most modern laws which talk about non-repudiation in a computerized context are actually laws about digital signatures. These legal systems describe how a digital signature should be done in order to be considered as granting non-repudiation. The net effect of non-repudiation is that, in case of a legal dispute between a putative signer and another party, the signature would be considered binding for the signer by default, and the burden of proof would be on the signer (who claims that he did not sign it) instead of his opponent (who wants to enforce the terms of the contract which was signed).

So it is not a "threat", rather a desirable feature... in some contexts.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
3

What is Non-Repudiation of content? How can we combat it?

I'm not sure you want to combat it!

To repudiate something is to deny all knowledge of, or involvement in, a given action. In the case of an email message, you would be denying you ever sent that message with that content.

I could give a number of reasons for the email that my account sent had nothing to do with me:

  • Malware.
  • The mail server was hacked.
  • Somebody had access to my password/account without maliciously breaking in.
  • The message is a forgery.

And so on. Basically, any way you can think of sending an email from someone's account without their knowledge is a valid reason I can also use to deny I just told my manager what I think of him/her.

Non-repudiation focuses on making sure that if a message came from my account, then I sent it.

Clearly, digital signatures provide one level of defence in that assuming no hash collisions for the algorithm used, the content will not have been modified. However, there is more to it than this:

  • Proper PKI is needed. Was the key that signed the message actually issued to me? After all, in an x509 cert I can set a common name to whatever I like.
  • The security of the email account needs to be protected so that only I can use my account. This is a potentially huge job probably encompassing a lot of auditing requirements to track admin actions on the server and the extent to which they affect my account.
  • "The security of the email account needs to be protected" - why? I thought the point was that as long as you keep your private key secure, no attacker can sign a message in a way that makes it to appear like you sent it, even if they can have access to your mail account (like a malevolent mail server admin, or a security breach at your mail provider). – us2012 Jan 11 '13 at 16:48
  • @us2012 depends on whether you want to enforce non-repudiation using cryptography. I take your point, that is the usual way to enforce it. –  Jan 11 '13 at 17:02
2

An english language description of non-repudiation is: The inability to deny that an event occurred.

In the OP example: + A recipient cannot deny to the sender that they received an email.
+ A sender cannot deny that the content they sent was as received

technical solutions as per other answers - involve the appropriate signing and crypto that ensure that the message can be repudiated.

Callum Wilson
  • 2,533
  • 10
  • 15
1

In a general sense, a signature or statement is said "non-repudiable" if the maker can not later retract it (i.e. challenge the validity of that signature/statement). Most signatures are repudiable, requiring some sort of additional proof to hold upong challenge (such as forensic analysis or the employment of a notary). This expressions have different meaning in different contexts, though:

According to this paper, in the cryptographic literature "non-repudiation" means the digital-signing algorithm is not breakable, so a third-party can not forge your signature. Assuming that, in your example, the nurse digitally signed the e-mail through [cryptographically] non-repudiable means (ex.: a PKI certificate), then the hospital can be confident that the e-mail was genuine - and the nurse can not later deny having sent it. (in other words, "non-repudiation" is a desirable property of a cryptosystem)

For this to work in practice, however, other factors should be taken into account:

  • Were the keys propertly exchanged? If asymmetric encryption were used (such as RSA), the hospital must be confident that the nurse's public key is the one they have - and not someone else's key. If symmetric encryption were used (such as AES), then both should have the same key (a "shared secret") - though it's rare to implement digital signatures that way, and it's not without drawbacks.
  • Are the keys secure? How likely is it for someone to steal those keys? It doesn't matter if the algorithm is non-repudiable, if someone else had access to the nurse's key then this same person can sign messages impersonating the nurse.

On a legal sense, however, the term "non-repudiation" means something completly different: if for instance your credit card bill contains items that you didn't buy, under some circumstances you have the right to "repudiate" it - and the vendor is required to prove that you did. This distinction is important, since as the last bullet point showed, even if you use a non-repudiable algorithm to do the signing, you might still have the right to repudiate it (i.e. the nurse could claim s/he didn't wrote that e-mail, even though it was signed with his/her key).

Who would have the burden of proof in this case, that is a legal question (making non-repudiation sometimes desirable sometimes not, depending on the party involved), and that has nothing to do with IT - except in the sense that your policies should be designed with the right context in mind (should I use digital signing in the first place? how strictly should the keys be handled? etc).

Main source: this paper by C. Ellison and B. Schneier
See also the Wikipedia entry on the subject

mgibsonbr
  • 2,905
  • 2
  • 20
  • 35
  • 1
    "Assuming that, in your example, the nurse digitally signed the e-mail through non-repudiable means, then the hospital can be confident that the e-mail was genuine." I don't think this is the best explication. The email is genuine because it signed with the sender's private key and you are able to check this. – Dinu Jan 11 '13 at 09:59
  • 2
    @DinuSmădu sorry, I'm not a native speaker and I don't see any difference between what I said and what you said. Could you please clarify, or maybe suggest a better wording? Note also that I'm separating the cryptographic concern (i.e. the algorithm used for signing being breakable or not) from the IT issues (who has which key, how it is checked, etc). – mgibsonbr Jan 11 '13 at 10:26