Questions tagged [non-repudiation]
Non-repudiation is the ability to prevent an identified individual from repudiating a specific action or communication associated with that individual.
44 questions
1
vote
0
answers
23
views
Improve non-repudiation implementation for electronic signatures
Our company provides software to small businesses and includes an electronic signature system for them to let their customers sign agreements/documents online.
The current system's claims to non-...
- 111
-1
votes
2
answers
615
views
How to check the authenticity of an outlook email attachment (.msg)?
let's say that someone sends me a business email on Microsoft outlook 365.
I save the email as an attachment (email.msg)
How a third person can make sure that the email attachment is not edited (...
1
vote
3
answers
217
views
Verifiable alternative to screenshots for web browsers
Screenshots are generally held to be dubious evidence when presented in court because they are susceptible to alteration, especially when it comes to pages rendered in web browsers. You can use the ...
- 1,351
1
vote
2
answers
121
views
Non-repudiation of customer data
For our web application we are maintaining some data, pertaining to our subscribers, on our server. Some of this data is sensitive and we would like to implement some "security measures" ...
- 111
1
vote
2
answers
247
views
Premeditated substitution of ECDSA-signed message by the signer
If I understand correctly section 4.2 in Jacques Stern, David Pointcheval, John Malone-Lee, and Nigel P. Smart's Flaws in Applying Proof Methodologies to Signature Schemes, in proceedings of Crypto ...
- 1,275
0
votes
0
answers
33
views
Validate that CA really signed certificate [duplicate]
What is the process of validating that a ssl certificate I try to validate is really signed by CA I trust?
What is the part of the certificate (The one I try to validate) is the one cant be faked?
...
1
vote
1
answer
164
views
Can a client prove to a third party that they sent a message to another client in a P2P network?
Let's say Alice sends a message to Bob in their P2P chat app asking him to complete some work. Bob is lazy, so he deletes the message off his machine, does not complete the work, and just claims that ...
- 135
1
vote
1
answer
149
views
Proving authenticity of a message from a message app in case of deletion
Say you want to prove that you received a certain message from someone.
This can be difficult because many messaging apps (like facebook messenger) allow the sender to delete messages on the recipient'...
- 111
19
votes
5
answers
4k
views
Why does HTTPS not support non-repudiation?
I stumbled into this recently for a specific project I had in mind. I thought HTTPS would prove that a given content actually came from the origin, by having its contents always signed before transfer....
- 301
3
votes
3
answers
917
views
Doesn't Authentication logically imply Non-repudiation? [duplicate]
If it is confirmed that Alice is the source of a message (authentication), then shouldn't she be unable to deny that the message is from her (non-repudiation)?
Is there an example where ...
- 131
2
votes
1
answer
175
views
Sign a document as created with an authorized software build
I'm creating some software that essentially enforces a specific process for creating specific documents, which protects them from being challenged later.
Afterwards, the file is signed with the user'...
- 2,780
2
votes
1
answer
295
views
2fa attestation object for non-repudiation
I am reading on digital signatures:
A valid digital signature gives a recipient reason to believe that the
message was created by a known sender (authentication), that the
sender cannot deny ...
- 123
2
votes
1
answer
3k
views
Why is it recommended to use GCP service accounts vs user accounts?
I've recently started some work on Google Cloud Platform (GCP) and while developing the auth strategy for my company, I've repeatedly come across the recommendation to use service accounts for ...
- 1,351
4
votes
4
answers
3k
views
Are there any reasons to add a payload signature to a REST API with mutual TLS?
We have a B2B REST API with Client Certificate authentication.
Are there any reasons to add also a payload signature check to this API?
I'm seeing many service providers which add a digital signature ...
- 335
6
votes
2
answers
2k
views
Difference between non-repudiation and plausible deniability
I've read in some books the 'goals of information security', which includes non-repudiation.
My understanding of non-repudiation is that if Alice sends a message to Bob, Bob is not only convinced ...
0
votes
1
answer
1k
views
If non-repudiation is impossible why do digital signature exist
Since non-repudiation is impossible to achieve purely by software
why do digital signature exists?
Let me clarify a bit (this part is from eschaefe book pg 64):
1. When B connects to website A he ...
- 109
2
votes
1
answer
434
views
How to implement a digital signature for 21 CFR Part 11 for non repudiation
I would like to know what is the best way to implement a digital signature to achive Non-Repudation to acomplish 21-CFR-Part11-SubpartC-11.100.part-c. Anybody has implemented this for 21 CFR 11?
Non ...
2
votes
1
answer
605
views
Can I guarantee non-repudiation with this authentication protocol?
I have read that a symmetric key cannot guarantee non-repudiation, but in Mark Stamp's book "Information Security: Principles and practice", he gives this strong mutual authentication protocol:
This ...
- 31
39
votes
2
answers
3k
views
How to prove that a file was not created in advance
Sometimes we need to prove that a file was not created in advance - a good example is warrant canaries. The person releasing them may have been forced to sign the file with a future timestamp. For ...
2
votes
2
answers
353
views
Can CA certificate be spoofed on the browser level?
Can a certificate be spoofed at the browser level?
Meaning I go click the LOCK image in my url bar and it shows a valid certificate from VeriSign but somehow the attacker spoofed that information. I'm ...
0
votes
1
answer
2k
views
Difference between interception, spoofing, falsification and repudiation [closed]
In very layman's terms AFAIK security threats are classified into four broad categories namely
Interception or Snooping or Sniffing
Spoofing
Falsification
and
Repudiation
I could get few related ...
- 111
4
votes
3
answers
2k
views
How can HelloSign be secure without any authentication? [duplicate]
[Note: This is not a duplicate of Are documents truly "signed" by DocuSign?. That page does not have an answer to the specific question I am asking in the final paragraph, below. This page, ...
- 296
4
votes
1
answer
465
views
How does choosing where a password is stored affect non-repudiation? (or private key storage)
Password managers, and numerous tools have been created to store end-user secrets over the years. This proliferation has resulted in a hazy mix of opportunities to improve security.
In short, I ...
- 51.1k
3
votes
3
answers
233
views
Is there a way to prove authorship in a shared repository?
Say, we have a number of people working on some kind of collaborative effort (such as a research paper or a software project) that is committed into a shared repository. However, a certain subset of ...
user22260
69
votes
10
answers
38k
views
Proving creation time/date of a screenshot
I have to produce a screenshot of a web page, and want to make sure others will know without any doubt that this screenshot has been produced today. That is, I would like to embed today's date in the ...
- 793
2
votes
1
answer
172
views
what is worth a digital signature based on email address only? [closed]
I have noticed that most digital signature providers do not try to certify anything but an e-mail address, while it is quite easy to create an email address without disclosing any personal information....
- 121
6
votes
2
answers
11k
views
Does SSL/TLS provide non-repudiation service?
I understand that SSL/TLS provides confidentiality and integrity.
But does it provide non-repudiation? I read in one book it does not. But I wonder why? What does it mean?
If it means Alice can ...
- 315
3
votes
3
answers
349
views
Authenticity of PDF document printed from Word
My MS Word Add-In generates PDF preview of DOCX file on client PC and uploads both files to server. I cannot generate PDF on server.
Is there any way to make sure that the PDF is the printed version ...
- 1,870
2
votes
3
answers
445
views
How can Alice and Bob prove that they share a file?
Carl asks Alice and Bob if they have a file f such that for a secure cryptographic
hash function h, h(f) = K.
Both claim to have f, but they can't show the file.
Carl doesn't believe them. He can ...
- 21
3
votes
2
answers
3k
views
HMAC and non-repudiation
This was a question on an exam:
Two persons are using a one way communication channel and the HMAC functionality (concretely HMAC-SHA1). Choose the correct statement below:
1) We can prove who the ...
- 177
7
votes
2
answers
702
views
How do I release a self made program without it being tracked back to me?
For clarification, I am looking for the best way to release this program anonymously, not how to remain anonymous and such in general life (that is a different -already answered- question).
I've ...
- 71
3
votes
2
answers
773
views
Does Non Repudiation offer proof of receipt ?
I understand that non repudiation intends to provide a mechanism that reliably proves that the sender of a message cannot deny sending the message. But does it also provide similar mechanisms to ...
- 673
3
votes
2
answers
839
views
Does SMIME differ from TLS, PGP, DMARC signature, or a Portal Encrypted email message in terms of legal non-repudiation?
I'm interested in protecting email messages from NSA-style snooping, but don't want to incur additional legal risk in doing so.
In other words, does SMIME encryption and/or signing cause a given ...
- 51.1k
1
vote
3
answers
730
views
Non-Repudiation that can Never be Proven
I understand that non-repudiation is based upon public key cryptography and the principle of only the sender knowing their own private key. However, what is a condition, if any, of non-repudiation ...
- 123
5
votes
2
answers
1k
views
TLS with non-repudiation; what happened with 'TLS Sign'?
TLS Sign was proposed as an IETF Draft in June 2007.
I have not found further information, besides that the draft expired in November 2007. Can someone tell me what happened with this extension or can ...
- 51
3
votes
1
answer
537
views
How online document signing services guarantee non-repudiation?
There is a number of services online like RightSignature or SignHub that will let you sign online legally binding documents. I understand how documents can be signed digitally and this can guarantee ...
- 163
1
vote
1
answer
2k
views
Secure API access over SSL using oauth token
On the project that i'm currently working, we authenticate the
clients by username and password. In this system each user has a key which is calculated from his password.
However, we want to provide ...
- 129
10
votes
3
answers
6k
views
Is "non-repudiation" automatically proven, given the other three tenets of info security?
Just to say it, the four tenets are:
Confidentiality - The message the recipient gets can be proven not to have been read by anyone else since it was encoded.
Integrity - The message the recipient ...
- 6,818
6
votes
2
answers
2k
views
What security standards and regulations are in place for bank ATM?
Are there any international or US mandated standards and regulations that apply to communications between automatic teller machines and bank's central office? Are banks or ATM operators subjected to ...
- 2,053
1
vote
1
answer
231
views
Ciphertext for email vs Ciphertext for database
Let's say Bob wants to send a message to Alice. This communication requires to achieve confidentiality, integrity, proof of origin, non-repudiation. Therefore we can use this cipher-text:
ciphertext =...
- 133
10
votes
2
answers
21k
views
When using symmetric key encryption, do we need to sign?
Say we're using a shared key between two parties, that has been distributed using public key encryption, is it still necessary to sign any data that's encrypted using the shared key? Or is it enough ...
- 101
57
votes
5
answers
80k
views
What is the difference between authenticity and non-repudiation?
I'm new to infosec and doing some reading. Not surprisingly one starting point was wikipedia. In this article, authenticity and non-repudiation are listed as 2 separate 'Basic concepts'. My ...
- 672
5
votes
4
answers
2k
views
Non-repudiation in Exchange/Outlook without Digital Signatures
Scenario: Acme Corp. needs to collect evidence to support their side of a case in court. Part of this evidence may include e-mail messages. Certain employees who do not have administrative access ...
- 27.2k
51
votes
4
answers
53k
views
How to achieve non-repudiation?
If I have a message that I need to send to another person, how do I achieve non repudiation ?
Is digitally signing the message sufficient ?
- 1,797