Non Repudiation | CompTIA Security+ 701

Preventing Unauthorized Information Disclosure

Non-repudiation is a concept in information security that focuses on preventing individuals from denying their involvement in a transaction. In simpler terms, it ensures that once a user sends a message or performs an action, they cannot later deny having done so. This helps establish trust and accountability in digital interactions.

Example:

Imagine Alice sends an important document to Bob electronically. Non-repudiation ensures that Alice cannot later deny sending the document, providing a reliable record of the transaction.

Detecting and Preventing Unauthorized Changes

Integrity ensures that data remains unchanged and unaltered during transmission or storage. In the context of digital communication, maintaining integrity is crucial to ensure that the information received is the same as what was sent, without any unauthorized modifications.

Example:

If Alice sends a message to Bob stating, "Transfer $100 to account X," integrity ensures that the message reaches Bob without any alterations, ensuring the accuracy of the transaction details.

Ensuring Data Integrity

Hash functions play a pivotal role in maintaining data integrity. A hash function takes input data and produces a fixed-size string of characters, known as a hash value. Even a slight change in the input data results in a drastically different hash value. This property makes hashes ideal for verifying the integrity of data.

Example:

Suppose Alice sends a file to Bob. Before sending, Alice calculates the hash value of the file using a hash function. She then sends both the file and the hash value to Bob. Upon receiving the file, Bob calculates its hash value. If the calculated hash matches the one sent by Alice, it ensures the file's integrity.

Verifying Authenticity

Digital signatures are cryptographic techniques that provide a way for the sender to prove both the origin and the integrity of the message. They use a combination of public and private keys to create a unique signature for each message. The sender uses their private key to sign the message, and the recipient can verify the signature using the sender's public key.

Example:

When Alice sends a digitally signed document to Bob, she uses her private key to create a signature. Bob, using Alice's public key, can verify the signature and confirm that the document is indeed from Alice, ensuring both authenticity and non-repudiation.

Facilitating Secure Communication

PKI is a framework that manages digital keys and certificates. It consists of a set of roles, policies, and procedures that facilitate secure communication. In PKI, entities use public and private key pairs for encryption, decryption, and digital signatures. Certificate Authorities (CAs) play a crucial role in PKI by issuing digital certificates, which bind public keys to specific entities.

Example:

Suppose Alice wants to securely communicate with Bob. They both have public and private key pairs. Alice obtains a digital certificate from a trusted CA, proving her identity. When she sends an encrypted message to Bob, he uses Alice's public key (obtained from the digital certificate) to decrypt the message.

1. Initiating the Communication: Alice wants to send a confidential document to Bob securely. She calculates the hash value of the document using a hash function, ensuring data integrity.
2. Digital Signature Generation: Alice signs the document using her private key, creating a digital signature. This signature serves as proof of both the document's origin and its unchanged state.
3. Secure Transmission: Alice sends the document, the hash value, and the digital signature to Bob.
4. Verification by Bob: Bob receives the packet and calculates the hash value of the received document using the same hash function. He uses Alice's public key (obtained from her digital certificate) to verify the digital signature.
5. Ensuring Non-Repudiation: If the calculated hash matches the one sent by Alice, and the digital signature is valid, Bob can be confident in the document's integrity and origin. Non-repudiation is achieved, as the digital signature prevents Alice from denying her involvement.