Nonrepudiation
The
security
quality subfactor,
nonrepudiation, is the degree to a party to an
interaction (e.g., message, transaction, transmission of data)
is prevented from successfully repudiating (i.e., denying) any
aspect of the interaction.
Nonrepudiation is typically measured in terms of:
- The [number/percentage] of parties that are successfully
prevented from repudiating an interaction [of a specific
type] [during a given unit of time].
See
nonrepudiation requirements.
Typical mechanisms for implementing support for
nonrepudiation include:
- Digital signatures (to identify the parties)
- Timestamps (to capture dates and times)
- Encryption and decryption (to protect the
information)
- Hash functions (to ensure that the information has not
been changed)
- Storage of records with a third-party
“nortary” system
- “Certified mail” receipt of successful
delivery of message
The following guidelines have been found to be useful with
respect to nonrepudiation:
- Nonrepudiation primarily deals with ensuring that
adequate tamper-proof records are kept. It is
not sufficient to merely make records; these records must be:
- Nonrepudiation typically involves the storage of a
significant amount of information about each interaction
including:
- The authenticated identity of all parties involved in
the transaction.
- The date and time that the interaction was sent,
received, and acknowledged (if relevant).
- The significant information that is passed during the
interaction.
- Although nonrepudiation may imply that a record is kept
of the fact that the receiver received the message from the
sender, it may (or may not) mean that the receiver has both
read and understood the message (e.g., by requiring an
explicit acknowledgement).