Full Title or Meme
Non-Repudiation is easy to say but hard to do in practice.
- Early in the life os secure electronic mail Non-Repudiation was touted as a feature.
- Security checks typically showed the the deployed systems could be easily hacked and the term fell out of favor.
- Evan Wheeler, in Security Risk Management, 2011
Nonrepudiation provides an assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data. Further, this concept can apply to any activity, not just the sending and receiving of data; in a more general sense, it is a mechanism to prove that an activity was performed and by whom. Nonrepudiation is typically comprised of authentication, auditing/logging, and cryptography services. A common application of this service would be digital signing of e-mail messages to prove that the message received was actually sent by the purported sende. Since access control and nonrepudiation share so many common components, they are frequently implemented together in controls or else closely interrelated. For example, once an access control function has been performed, it may provide sufficient data to facilitate nonrepudiation or at least partial nonrepudiation data.