54

I'm new to infosec and doing some reading. Not surprisingly one starting point was wikipedia. In this article, authenticity and non-repudiation are listed as 2 separate 'Basic concepts'. My understanding is that you cannot achieve non-repudiation by not knowing which parties are involved, which requires authenticity to be in place. In that sense, I see authenticity as a sub component of non-repudiation.

Have you got examples backing up the approach that these 2 concepts are fundamentally separate?

Max
  • 642
  • 1
  • 6
  • 8
  • on the crypto stack: [What are the differences between a digital signature, a MAC and a hash?](https://crypto.stackexchange.com/questions/5646/what-are-the-differences-between-a-digital-signature-a-mac-and-a-hash) – martin Feb 26 '18 at 07:59

5 Answers5

55

Authenticity is about one party (say, Alice) interacting with another (Bob) to convince Bob that some data really comes from Alice.

Non-repudiation is about Alice showing to Bob a proof that some data really comes from Alice, such that not only Bob is convinced, but Bob also gets the assurance that he could show the same proof to Charlie, and Charlie would be convinced, too, even if Charlie does not trust Bob.

Therefore, a protocol which provides non-repudiation necessarily provides authenticity as a byproduct; in a way, authenticity is a sub-concept of non-repudiation. However, there are ways to provide authenticity (only) which are vastly more efficient than known methods to achieve signatures (authenticity can be obtained with a Message Authentication Code whereas non-repudiation requires a Digital Signature with much more involved mathematics). For this reason, it makes sense to use "authenticity" as a separate concept.

SSL/TLS is a tunneling protocol which provides authenticity (the client is sure to talk to the intended server) but not non-repudiation (the client cannot record the session and show it as proof, in case of a legal dispute with the server, because it would be easy to build a totally fake session record).

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • 8
    I guess the bottom line is: you can do authenticity only, but you can't do non-repudiation without authenticity. – Max Aug 31 '11 at 11:26
  • 1
    Another example: OTR (http://www.cypherpunks.ca/otr/) is designed specifically to provide authentication but no repudiation -- deniability is an explicit design goal. – Misha Aug 31 '11 at 11:42
  • Contrary to the claims in this answer (and to widespread beliefs of many others as well), [digital signatures do not provide non-repudiation in practice](http://security.stackexchange.com/questions/1786/how-to-achieve-non-repudiation/6108#6108). Non-repudiation is a legal problem, not one that can be solved through crypto-mathematics alone. – D.W. Sep 01 '11 at 20:08
  • To add to this, digital signatures often have to be issued with the aid of a crypto token to enhance the legal non repudiation requirement. – Michael Chourdakis Aug 31 '18 at 08:04
22

Authentication and non-repudiation are two different sorts of concepts.

  • Authentication is a technical concept: e.g., it can be solved through cryptography.

  • Non-repudiation is a legal concept: e.g., it can only be solved through legal and social processes (possibly aided by technology).

Some people have been taught that non-repudiation can be provided through crypto-mathematics alone. However, that is not correct.

Community
  • 1
D.W.
  • 98,420
  • 30
  • 267
  • 572
  • 5
    non-repudiation **is** routinely used in an infosec context, and means a **technical** proof of authorship. – Tom Mar 03 '16 at 12:48
  • 3
    @Tom, you might want to read the link at the end of the answer. – D.W. Mar 03 '16 at 18:40
  • 1
    I did, and I disagree. Maybe if you end up in a criminal court with the death penalty at stake, the difference between a legally sufficient proof and a technical proof is important. In most circumstances, however, a technical proof is quite sufficient. – Tom Mar 08 '16 at 12:53
  • 1
    @Tom That is to assume the court can correct identify technical aspect of things, which is simply false. Recall DNA identification? Or polygraph? – Voile Feb 28 '19 at 06:40
  • 1
    @Voile mistakes happen, technical or otherwise. People are also misidentified by witnesses. As for the technical capabilities of the court - that is what expert testimonies are for. The court will call on someone with the necessary technical knowledge and ask them to evaluate the evidence. – Tom Feb 28 '19 at 08:41
  • I think what you're saying is that just because I have a public/private key pair, send you my public key, and then send you a digitally signed document, that's not legal non-repudiation. However suppose I have a comprehensive PKI program for my organization with a legally binding set of policies which govern the issuance of certificates based on a high bar of proven identity, and proper technical controls to protect the integrity of the infrastructure - do you think digital signatures created under a set of policies like this could meet the legal non-repudiation requirement? – Blackhawk Sep 18 '20 at 14:53
  • @Blackhawk, I'm not a lawyer, so I can't answer questions about whether it meets legal requirements. I can say that the gotchas are not completely addressed by those measures you list. See the link in my answer. The mechanisms you list don't seem to me to address the primary issues raised in that link. – D.W. Sep 18 '20 at 22:04
7

Why would you want authentication?

To know that an e-mail, piece of software, web site, or other item originated from a specific person, computer system, or company. Generally you are using the identity of origin as part of a decision about trust.

If an e-mail comes from your bank and you authenticate the e-mail, you place a certain amount of trust in the contents. If an e-mail comes from an adversary, but claims to come from your back, and you are unable to authenticate the e-mail, you distrust the contents of the e-mail.

Authentication is used to verify identity. Identity is the claim that an individual is a specific person. Authentication is an attempt to verify a claim about identity. I can claim to be Margaret Thatcher, but since I am not Margaret Thatcher I should not be able to authenticate my claim.

Why would you want non-repudiation?

To prove that a person said a particular sentence, typed a specific phrase, or performed a specific action. To repudiate is to claim that whatever was said, typed, communicated, or performed was not done by you (or the person in question).

If someone claims that George Carlin used swear words, and George Carlin attempts to repudiate the claim, it is easy to prove that he has used swear words. There is evidence that George Carlin has used swear words. If George Carlin cannot repudiate the claim about swear words, the evidence provides non-repudiation.

Non-repudiation is an active attempt to creat artifacts which may be used against an identified person who is denying that they are the origin of a communication or action. The artifacts are identity, authentication of the identity, and something connecting a communication or action to the identity.

In the George Carlin example there are legal documents that record the testomy of many witnesses who identifed and authenticated George Carlin and witnessesed him using swear words. This is a passive and accidental production of artifacts connecting an action to an identity.

In security we want active purposeful production of artifacts that may assist in a non-repudiation argument. In order to do that we must identify an entity, authenticate the identity and connect the identified entity to a specific action or communication.

Some people use public/private key certificates to sign their email. By using their e-mail address they are providing identification. Their use of a private key (to sign the e-mail) provides authentication as long as the private key is known only by the individual. When they sign an e-mail with their digital signature they are connecting the content of the e-mail to the identity authenticated by the certificate. These artifacts may assist in preventing an individual from repudiating the contents of the e-mail; "I never sent that e-mail." However, to repudiate the e-mail a sender may claim that their private key was stolen (known by another party) and the thief sent the e-mail.

this.josh
  • 8,843
  • 2
  • 29
  • 51
  • 2
    Contrary to the claims in this answer (and to widespread beliefs of many others as well), [public-key cryptography does not provide non-repudiation in practice](http://security.stackexchange.com/questions/1786/how-to-achieve-non-repudiation/6108#6108). Non-repudiation is a legal problem, not one that can be solved through crypto-mathematics alone. – D.W. Sep 01 '11 at 20:07
  • Ok, I made some slight adjustments. I did try to provide human examples to illustrate repudiation and non-repudiation, but I suppose that was not quite clear enough. – this.josh Sep 01 '11 at 22:42
0

Authenticity: Generally ascertained by the intended recipient and implemented using message authentication codes(MAC) or Keyed Hashes(a digest that incorporates a key during the digest). The basis is that the sender and the recipient will have a common shared key(somehow shared). The sender will use a MAC algorithm which takes in the shared key and content and compute a MAC. This MAC is sent over to the recipient along with the message. On receiving, the recipient will do the same thing, use the MAC algorithm on the shared key and content to compute a MAC at her end. If the MAC received matches the one computed, two things are verified, the message was not tampered and the message was sent by the expected sender.

Non repudiation: Anyone can validate the authenticity of a message as well as the source of the message. It is based on Digital Signatures(Public Key Cryptography) where everyone has access to the public key of a signer who computed a digital signature on some content(may be produced by her or someone else) using her private key. And the rest of the world has the signers public key, so they can run some mathematics on signer's public key, the content which was signed and the signature they have to verify that indeed, the signer signed the content and the content has not been tampered with. If this is validated, then the signer can not refute to have not signed the content, hence, non-repudiation.

Hope this helps.

user2237777
  • 1
  • 2
    Are these definitions copied from somewhere? If so, add the source. –  Nov 28 '18 at 08:33
  • cant paste my neurons friend :), but it is what I could figure out trying to understand cryptography, please do correct me if they seem wrong. – user2237777 Dec 23 '18 at 16:40
  • actually as soon as anyone becomes capable of validating the authenticity of something, it becomes a fact, a global proof. hence non-repudiation. – user2237777 Jan 02 '19 at 10:54
-1

The X.800 Recommendation clearly defines both autentication and non-repudiation as security services, as you can read in paragraph 5.2 of the following document: http://www.itu.int/rec/T-REC-X.800-199103-I/en

Security services are the basic requirements in security and are implemented using security mechanisms.

So, both authentication and non-repudiation are the same kind of concept and the difference between the two is clearly explained in the document cited above.

Gio
  • 1