|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Also available: 300-question Security+ practice test!|
|Get It Here!|
Non-Repudiation is a stronger
variation on authentication which allows the senders identity
to be verified by a third party, and is used to prove that a message
was not forged that the person who supposedly sent the message
really did. This also means that the sender cannot deny he sent a particular
message. In the paper world this is accomplished via a Notary Public
who verifies the signers identity, witnesses the signing and puts
their seal on the document, indicating that they witnessed the signing.
In the digital world, this is accomplished with a verified digital
Non-Repudiation cannot be achieved
with a symmetrical, secret-key algorithm. Why? By definition, more
than one person knows the shared secret key, so while its possible
to narrow down the list of possible senders, its not possible
to reliably determine which one of the individuals possessing the key,
sent the message.
If you think about how public/private
key encryption works, it might occur to you that you can prove the
origin of a message by encrypting the entire message with the senders
private key, and allowing it to be decrypted by the senders public
key. If the senders public key decrypts the message, then
you know that the senders private key (known only to that individual)
was used to encrypt it. The down side to this is that if the message
contents need confidentiality as well as non-repudiation, the message
contents are encrypted twice with both the senders private
key and the receivers public key which is computationally
Non-repudiation is a stronger variation on authentication. It allows the senders identity to be verified by a third party, to prove that the message was not forged. Because proof of sender comes from a third party, the sender cannot deny he/she sent the message.
You can prove the origin of a message by encrypting the entire message or its hash value with the senders private key, and decrypting it with the senders public key.