Cryptography Reference
In-Depth Information
Figure 4.5
Non-repudiation and the corresponding threat of denial of commitments. Image
courtesy of Dr. Warwick Ford.
introducing the concept of “repudiation”: “A signature scheme provides a
way for each user to sign messages so that the signatures can later be veri-
ied by anyone else. The verifier can convince himself that the message
contents have not been altered since the message was signed. Also, the
signer cannot later repudiate having signed the message, since no-one but
the signer possesses his private key.” 23
The concept of non-repudiation as a well-defined property of technical
systems seems to have originated with the ISO/IEC 1388 standard series
for security in open systems. Published in the mid-1990s, the standard
defines non-repudiation of origin as “protection against the originator's false
denial of having created the content of a message and of having sent a
message.” 24 This protection comes from cryptographic signatures' ability
to provide “irrefutable evidence to support the resolution of any such
disagreement.” 25 The demonstration of this evidence occurs through the
signature verification process (see figure 4.6). By the power of the mathe-
matics of public-key cryptography, when a signature is verified, all parties
to the process (signer, recipient, judge, etc.) can conclude only that the
signer's private key has been used to sign the document (authentication)
Search WWH ::




Custom Search