What is the difference between authenticity and non-repudiation?

  • I'm new to infosec and doing some reading. Not surprisingly one starting point was wikipedia. In this article, authenticity and non-repudiation are listed as 2 separate 'Basic concepts'. My understanding is that you cannot achieve non-repudiation by not knowing which parties are involved, which requires authenticity to be in place. In that sense, I see authenticity as a sub component of non-repudiation.

    Have you got examples backing up the approach that these 2 concepts are fundamentally separate?

  • Authenticity is about one party (say, Alice) interacting with another (Bob) to convince Bob that some data really comes from Alice.

    Non-repudiation is about Alice showing to Bob a proof that some data really comes from Alice, such that not only Bob is convinced, but Bob also gets the assurance that he could show the same proof to Charlie, and Charlie would be convinced, too, even if Charlie does not trust Bob.

    Therefore, a protocol which provides non-repudiation necessarily provides authenticity as a byproduct; in a way, authenticity is a sub-concept of non-repudiation. However, there are ways to provide authenticity (only) which are vastly more efficient than known methods to achieve signatures (authenticity can be obtained with a Message Authentication Code whereas non-repudiation requires a Digital Signature with much more involved mathematics). For this reason, it makes sense to use "authenticity" as a separate concept.

    SSL/TLS is a tunneling protocol which provides authenticity (the client is sure to talk to the intended server) but not non-repudiation (the client cannot record the session and show it as proof, in case of a legal dispute with the server, because it would be easy to build a totally fake session record).

    I guess the bottom line is: you can do authenticity only, but you can't do non-repudiation without authenticity.

    Another example: OTR (http://www.cypherpunks.ca/otr/) is designed specifically to provide authentication but no repudiation -- deniability is an explicit design goal.

    Contrary to the claims in this answer (and to widespread beliefs of many others as well), digital signatures do not provide non-repudiation in practice. Non-repudiation is a legal problem, not one that can be solved through crypto-mathematics alone.

    To add to this, digital signatures often have to be issued with the aid of a crypto token to enhance the legal non repudiation requirement.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM