Non-Repudiation and Irrevocability

April 22, 2017 | Views: 3684

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Definitions of the pertinent concepts used in this article:

Authenticity: Property that ensures that an identity of a subject or resource is, in fact, the real identity claimed. It applies to individuals (users), but also to other entity (applications, processes, systems, etc.).

Integrity: Methods of ensuring that data is real, accurate, consistent and safeguarded from unauthorized modification.

Non-Repudiation: To repudiate means to deny. Therefore, non-repudiation refers to the assurance that someone cannot deny something.

Irrevocability: Something done in such a way that it cannot be undone, revoked, repealed or annulled. In the case of IT security, it can be translated as keeping a record of all things done on a network.


Firstly, let’s talk about authenticity. the whole concept revolves around the ability of people or any other entities to prove who they claimed to be. As of today, authentication takes form with one or many of these methods:

  • To know something (Ex.: password)
  • To possess something (Ex.: token)
  • To be someone/something (Ex.: biometrics)
  • To do Something (Ex.: swipe pattern)
  • To be somewhere (Ex.: geolocation)

This is where strong authentication comes in place. With multi-factor authentication, we can increase the certainty at which authentication is claimed by the right entity. The “Era” when all the people in a company were using the same credentials to access the network is gone, and now we need to ensure that one account is bound to one entity. This is essential for non-repudiation, but not enough to provide it entirely. We still need another piece of information in order to accomplish Non-Repudiation…

Secondly, time to talk about integrity. How can we be sure that data is real? To answer the question, tools and methods have been created to help provide it. The use of digital signatures, hashes, back-ups and products/solutions like Tripwire can ensure data integrity.

If we have the certainty of both the Authenticity of an entity and the Integrity of the data in question, we then have achieved Non-Repudiation. Thus, we can conclude that:
–> Authenticity AND Integrity => Non-Repudiation

Now, irrevocability should also be implemented as a means to IT security (and even global company security). It is a must to keep records of all actions, like file creation, access, update, and deletion, as well as outside action taken towards the network. These records should be audited and reviewed to ensure that no malicious actions took place…

Audit of privilege accounts is of great importance, but effectively auditing crucial files operation is also important. I heard about someone who works in the health department of some country (kept private). The person accessed the medical file and thus accessed information about a celebrity (kept private). But, of course, there is a label system that lights up an alarm as soon as the person accessed the file. So, with the irrevocability of the file access history and the non-repudiation assuring the agency that the person cannot deny having accessed the file, there has been actions taken against the employee, and disciplinary steps have been taken as well.

This is why charting irrevocably all actions performed on the network, and audit of chartings is so important. Plus, having achieved non-repudiation assures that the entity who has done something cannot deny having done so.

Thanks for reading and please comment about your experiences as well 🙂

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
  1. Thank you, that’s what I am taking course about

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 295 / December 14, 2019
How do I Get MTA Certified?
Views: 893 / December 12, 2019
How much does your PAM software really cost?
Views: 1344 / December 10, 2019
How Do I Get into Android Development?
Views: 1723 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel