Non-Repudiation
Contents
Full Title or Meme
Non-Repudiation is easy to say but hard to do in practice.
Context
- Early in the life os secure electronic mail Non-Repudiation was touted as a feature.
- Security checks typically showed the the deployed systems could be easily hacked and the term fell out of favor.
Attempted Definitons
- Evan Wheeler, in Security Risk Management, 2011
Nonrepudiation provides an assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data. Further, this concept can apply to any activity, not just the sending and receiving of data; in a more general sense, it is a mechanism to prove that an activity was performed and by whom. Nonrepudiation is typically comprised of authentication, auditing/logging, and cryptography services. A common application of this service would be digital signing of e-mail messages to prove that the message received was actually sent by the purported sende. Since access control and nonrepudiation share so many common components, they are frequently implemented together in controls or else closely interrelated. For example, once an access control function has been performed, it may provide sufficient data to facilitate nonrepudiation or at least partial nonrepudiation data.
Future
Plausible Deniability
Releasing full data records is one of the most challenging problems in data privacy. On the one hand, many of the popular techniques such as data de-identification are problematic because of their dependence on the background knowledge of adversaries. On the other hand, rigorous methods such as the exponential mechanism for differential privacy are often computationally impractical to use for releasing high dimensional data or cannot preserve high utility of original data due to their extensive data perturbation. This paper presents a criterion called plausible deniability that provides a formal privacy guarantee, notably for releasing sensitive datasets: an output record can be released only if a certain amount of input records are indistinguishable, up to a privacy parameter. This notion does not depend on the background knowledge of an adversary. Also, it can efficiently be checked by privacy tests. We present mechanisms to generate synthetic datasets with similar statistical properties to the input data and the same format. We study this technique both theoretically and experimentally. A key theoretical result shows that, with proper randomization, the plausible deniability mechanism generates differentially private synthetic data. We demonstrate the efficiency of this generative technique on a large dataset; it is shown to preserve the utility of original data with respect to various statistical analysis and machine learning measures. [1]
References
- ↑ Vincent Bindschaedler, Reza Shokri, Carl A. Gunter, Plausible Deniability for Privacy-Preserving Data Synthesis (2017-98-27) https://arxiv.org/abs/1708.07975
Other Material
- Time stamping solves some of the problems with non-repudiation with time-stamping, for example this site provides that service.