IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [non-repudiation]

Non-repudiation is the ability to prevent an identified individual from repudiating a specific action or communication associated with that individual.

43 questions
3
votes
3 answers

Authenticity of PDF document printed from Word

My MS Word Add-In generates PDF preview of DOCX file on client PC and uploads both files to server. I cannot generate PDF on server. Is there any way to make sure that the PDF is the printed version created by the plugin from the actual DOCX? I need…
bretik
  • 1,840
  • 13
  • 22
3
votes
2 answers

HMAC and non-repudiation

This was a question on an exam: Two persons are using a one way communication channel and the HMAC functionality (concretely HMAC-SHA1). Choose the correct statement below: 1) We can prove who the sender is, because HMAC-SHA1 uses a shared secret,…
RunoTheDog
  • 177
  • 1
  • 7
3
votes
2 answers

Does Non Repudiation offer proof of receipt ?

I understand that non repudiation intends to provide a mechanism that reliably proves that the sender of a message cannot deny sending the message. But does it also provide similar mechanisms to ensure the recipient of the message cannot deny…
user1720897
  • 603
  • 2
  • 10
  • 18
3
votes
2 answers

Does SMIME differ from TLS, PGP, DMARC signature, or a Portal Encrypted email message in terms of legal non-repudiation?

I'm interested in protecting email messages from NSA-style snooping, but don't want to incur additional legal risk in doing so. In other words, does SMIME encryption and/or signing cause a given email message to have more legal "power" than a…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
3
votes
1 answer

How online document signing services guarantee non-repudiation?

There is a number of services online like RightSignature or SignHub that will let you sign online legally binding documents. I understand how documents can be signed digitally and this can guarantee that they were not altered, but I do not…
Dan
  • 163
  • 4
3
votes
1 answer

How does choosing where a password is stored affect non-repudiation? (or private key storage)

Password managers, and numerous tools have been created to store end-user secrets over the years. This proliferation has resulted in a hazy mix of opportunities to improve security. In short, I think this could be broken into the following groups.…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
3
votes
3 answers

Is there a way to prove authorship in a shared repository?

Say, we have a number of people working on some kind of collaborative effort (such as a research paper or a software project) that is committed into a shared repository. However, a certain subset of these people are also conspiring against the rest…
user22260
2
votes
3 answers

How can Alice and Bob prove that they share a file?

Carl asks Alice and Bob if they have a file f such that for a secure cryptographic hash function h, h(f) = K. Both claim to have f, but they can't show the file. Carl doesn't believe them. He can ask further questions to Alice and Bob, although…
user70561
  • 21
  • 2
2
votes
3 answers

Doesn't Authentication logically imply Non-repudiation?

If it is confirmed that Alice is the source of a message (authentication), then shouldn't she be unable to deny that the message is from her (non-repudiation)? Is there an example where authentication happens without non-repudiation?
explorer
  • 121
  • 3
2
votes
1 answer

Sign a document as created with an authorized software build

I'm creating some software that essentially enforces a specific process for creating specific documents, which protects them from being challenged later. Afterwards, the file is signed with the user's key (USB token not related to the software).…
ZOMVID-21
  • 2,450
  • 11
  • 17
2
votes
1 answer

How to implement a digital signature for 21 CFR Part 11 for non repudiation

I would like to know what is the best way to implement a digital signature to achive Non-Repudation to acomplish 21-CFR-Part11-SubpartC-11.100.part-c. Anybody has implemented this for 21 CFR 11? Non repudiation means that if a users sign the…
Ekaitz Hernandez Troyas
  • 121
  • 2
2
votes
1 answer

Can I guarantee non-repudiation with this authentication protocol?

I have read that a symmetric key cannot guarantee non-repudiation, but in Mark Stamp's book "Information Security: Principles and practice", he gives this strong mutual authentication protocol: This protocol uses symmetric key, so my question is:…
Luz A
  • 31
  • 6
2
votes
2 answers

Can CA certificate be spoofed on the browser level?

Can a certificate be spoofed at the browser level? Meaning I go click the LOCK image in my url bar and it shows a valid certificate from VeriSign but somehow the attacker spoofed that information. I'm not sure how they could do it and that's what…
IEnjoyEatingVegetables
  • 150
  • 7
2
votes
1 answer

what is worth a digital signature based on email address only?

I have noticed that most digital signature providers do not try to certify anything but an e-mail address, while it is quite easy to create an email address without disclosing any personal information. Thus, I may know the e-mail address of a…
Pierre ALBARÈDE
  • 121
  • 3
1
vote
3 answers

Non-Repudiation that can Never be Proven

I understand that non-repudiation is based upon public key cryptography and the principle of only the sender knowing their own private key. However, what is a condition, if any, of non-repudiation that can never be proven through digital analysis?…
larrylampco
  • 123
  • 5
1
2
3