Current location - Quotes Website - Signature design - How to realize the non-repudiation in the goal of network information security
How to realize the non-repudiation in the goal of network information security
The traditional method is to realize the non-repudiation (non-repudiation) of information by handwritten signature and stamp. In the internet electronic environment, digital signature and time stamp can be carried out through digital certificate mechanism to ensure the non-repudiation of information.

The purpose of non-repudiation is to collect, maintain and provide irrefutable evidence related to the alleged event or behavior, so as to solve the dispute about whether the event or behavior has occurred and confirm it. Like other security services, it is undeniable that services can only be provided for specific applications in the context of specific security policies.

Extended data

Message authentication using digital signature cannot meet the non-repudiation condition. Because only digital signature can not guarantee that the sender is who they claim to be, the transmission of messages is vulnerable to attacks by malicious third parties, such as replication attacks.

For example, suppose that enterprise A sends a purchase order with digital signature to enterprise B. In addition, suppose that another malicious enterprise C obtains a copy of the order by some means. ?

If enterprise C repeatedly sends an order to enterprise B, enterprise B will regard it as another order from enterprise A (reproduction attack from enterprise C). Similarly, malicious enterprise A can also deny the second order and claim that the second order is the result of malicious reproduction attack by enterprise C, even if it is actually an order sent by enterprise A. ..

Of course, message authentication with MAC is useless for non-repudiation, because as mentioned above, no one can determine whether the message was created by the sender or the receiver.

Similarly, the sender authentication can not meet the undeniable conditions. Because there is no guarantee that the message has not been modified on the way, the malicious sender can claim that the message received by the receiver has been modified on the way, even if the message was created by the malicious sender.

Baidu Encyclopedia-Undeniable

Baidu Encyclopedia-Undeniable