Fundamental Security Concepts

In the physical world, signing a document creates lasting evidence of agreement. Your handwritten signature is difficult to forge, and experts can verify its authenticity. But in the digital realm, how do we create similar undeniable evidence? How do we prove that a specific person sent a message, approved a transaction, or signed a contract—proof so strong they cannot later deny it?

This is the challenge of non-repudiation: ensuring that parties to a communication or transaction cannot deny their participation. It transforms digital interactions from ephemeral exchanges into accountable, legally binding actions.

Non-repudiation extends beyond mere authentication. Authentication proves identity at a moment in time, but an authenticated user can still claim "That wasn't me" or "My account was compromised" after the fact. Non-repudiation creates evidence that makes such denials futile—cryptographic proof that binds actions to identities in ways that resist technical and legal challenges.

Formal Definition

Non-repudiation provides irrefutable proof that a specific entity performed a specific action. It ensures that:

• The sender cannot deny sending a message (non-repudiation of origin)
• The recipient cannot deny receiving a message (non-repudiation of receipt)
• The action cannot be falsely attributed to someone who didn't perform it
• The content cannot be denied—what was signed is what was agreed

Types of Non-repudiation

Non-repudiation of Origin: Proof that a message was sent by a specific entity. The sender cannot later claim they didn't send it. Implemented through digital signatures where only the sender possesses the signing key.

Non-repudiation of Delivery: Proof that a message was received by the intended recipient. The recipient cannot later claim they never received it. Implemented through signed acknowledgments and delivery receipts.

Non-repudiation of Submission: Proof that a message was submitted to a delivery system (e.g., email server). The sender can prove they handed off the message, regardless of ultimate delivery.

Non-repudiation of Approval: Proof that an entity approved or authorized a transaction. Critical for financial transactions, contract signing, and regulatory compliance.

Digital signatures provide the cryptographic foundation for non-repudiation. Unlike symmetric authentication (HMAC) where both parties share a secret, digital signatures use asymmetric cryptography where only the signer possesses the private key.

How Digital Signatures Work

Key Generation:

1. Generate asymmetric key pair: private key (kept secret) + public key (distributed)
2. Public key registered in a certificate signed by a trusted authority
3. Private key protected in secure storage (HSM, smart card, secure enclave)

Signing Process:

1. Calculate cryptographic hash of the message (e.g., SHA-256)
2. Encrypt hash with signer's private key → signature
3. Attach signature to message

Verification Process:

1. Calculate hash of received message
2. Decrypt signature using signer's public key → original hash
3. Compare calculated hash with decrypted hash
4. If equal, signature is valid; message unchanged since signing

Why Signatures Provide Non-repudiation

The critical property: Only the private key holder can create valid signatures.

• If a signature verifies with Alice's public key, it was created with Alice's private key
• If Alice's private key is secure, only Alice could have signed
• Alice cannot claim she didn't sign—absent key compromise, the signature proves participation

Signature Algorithms

Different algorithms provide varying security properties:

Algorithm Selection Considerations:

• Long-term signatures require larger keys (cryptographic advances over time)
• Performance matters for high-volume signing (ECDSA typically faster than RSA)
• Compatibility with existing systems and standards
• Regulatory requirements may mandate specific algorithms

Digital signatures prove WHO signed, but not WHEN. Timestamping adds temporal non-repudiation—proof that a signature existed at a specific point in time.

Why Timestamps Matter

Scenario: Contract Dispute

Alice signs a contract and later claims her certificate was revoked before she signed. Without trusted timestamps:

• We know Alice's key signed the document
• We don't know whether this occurred before or after revocation
• Alice may successfully repudiate

With trusted timestamps:

• Timestamp proves signature existed at a specific time
• If timestamp predates revocation, signature was valid
• Alice cannot repudiate based on later revocation

Trusted Timestamping Authority (TSA)

A TSA is a trusted third party that attests to the existence of data at a specific time:

Timestamping Process:

1. Client creates hash of signed document
2. Client sends hash to TSA (document content not revealed)
3. TSA combines hash with current time
4. TSA signs the combination
5. Client receives timestamp token

Timestamp Token Structure:
{
  "version": 1,
  "hash_algorithm": "SHA-256",
  "hashed_message": "sha256(document)",
  "timestamp": "2024-01-15T10:30:00Z",
  "accuracy": "1 second",
  "serial_number": 12345678,
  "tsa_certificate": "CN=TrustedTime TSA, O=TimeStamp Authority",
  "signature": "Base64(TSA_signature)"
}

RFC 3161: Time-Stamp Protocol

The standard protocol for requesting trusted timestamps:

Request (Client → TSA):

TimeStampReq {
  version: INTEGER { v1(1) },
  messageImprint: {
    hashAlgorithm: sha256,
    hashedMessage: OCTET STRING (32 bytes)
  },
  nonce: INTEGER (optional, replay protection),
  certReq: BOOLEAN (include TSA cert in response?)
}

Response (TSA → Client):

TimeStampResp {
  status: PKIStatusInfo { status: granted },
  timeStampToken: ContentInfo {
    -- Signed data containing timestamp
    contentType: signedData,
    content: SignedData {
      encapContentInfo: TSTInfo {
        version: INTEGER,
        policy: OBJECT IDENTIFIER,
        messageImprint: --original hash--,
        serialNumber: INTEGER,
        genTime: GeneralizedTime,
        accuracy: Accuracy (optional),
        nonce: --echo from request--
      },
      signerInfos: --TSA signature--
    }
  }
}

Blockchain-Based Timestamping

Blockchains provide an alternative timestamping mechanism:

• Hash of document published to blockchain transaction
• Blockchain's consensus mechanism proves hash existed at block time
• No central authority required (decentralized trust)
• Bitcoin, Ethereum provide publicly verifiable timestamps

Limitations:

• Block confirmation time (minutes to hours)
• Cost per timestamp (transaction fees)
• Long-term blockchain availability assumptions

While digital signatures provide cryptographic non-repudiation for specific actions, audit logs provide broader non-repudiation across system activities. Comprehensive, tamper-evident logs create an irrefutable record of who did what, when.

Audit Log Requirements for Non-repudiation

Completeness:

• Log all security-relevant events
• Capture sufficient context for reconstruction
• Include failed attempts, not just successes

Integrity:

• Logs cannot be modified after writing
• Deletion is detectable
• Tampering attempts leave evidence

Authenticity:

• Log entries attributable to specific sources
• Timestamps from trusted sources
• Chain of custody documented

Availability:

• Logs accessible for investigation
• Retained for required time periods
• Surviving system failures

Tamper-Evident Logging

Standard log files can be modified. Tamper-evident logs resist undetected modification:

Hash Chains:

Entry 1: { data: "...", hash: H1 = hash(data) }
Entry 2: { data: "...", hash: H2 = hash(data || H1) }
Entry 3: { data: "...", hash: H3 = hash(data || H2) }
...

Each entry includes hash of previous entry. Modifying any entry breaks the chain—modification is detectable by re-computing hashes.

Write-Once Storage

For highest assurance, logs should be stored on write-once media:

WORM (Write Once, Read Many) Storage:

• Optical media (archival DVDs, Blu-ray)
• WORM tape storage
• Cloud storage with legal hold / retention lock
• Immutable storage tiers (AWS S3 Object Lock, Azure Immutable Blob)

Centralized Log Aggregation:

• Forward logs to separate security information system
• Attackers compromising application servers can't modify forwarded logs
• Use TLS for transport integrity
• Sign log batches for authenticity

Technical non-repudiation mechanisms only matter if legal systems recognize them. Electronic signature laws establish when digital signatures carry the same weight as handwritten signatures.

United States: ESIGN and UETA

Electronic Signatures in Global and National Commerce Act (ESIGN, 2000):

• Electronic signatures are legally valid for commerce
• Consumer consent required for electronic delivery
• Applies to interstate and foreign commerce

Uniform Electronic Transactions Act (UETA):

• State-level adoption (47 states)
• Electronic records and signatures given same legal effect as paper
• Defines "electronic signature" broadly: "electronic sound, symbol, or process"

European Union: eIDAS

Electronic Identification and Trust Services Regulation (eIDAS, 2014/910/EU):

Defines three levels of electronic signatures:

1. Simple Electronic Signature (SES):

   • Any data in electronic form attached to or associated with other data
   • Lowest level; email signature, checkbox, typed name
   • Legal effect depends on member state law

2. Advanced Electronic Signature (AES):

   • Uniquely linked to and identifies signatory
   • Created using data under signatory's sole control
   • Detects any subsequent changes to signed data
   • Stronger legal presumption; typically using digital certificates

3. Qualified Electronic Signature (QES):

   • AES created using qualified certificate and secure device
   • Issued by EU-recognized Trust Service Provider
   • Equivalent to handwritten signature across all EU member states
   • Highest legal standing

Other Jurisdictions

United Kingdom (post-Brexit):

• UK eIDAS mirrors EU regulation
• QES remains highest level
• Mutual recognition negotiations ongoing

Canada:

• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Provincial laws (BC, Ontario, Quebec)
• Secure electronic signatures have same force as manual signatures

Asia-Pacific:

• Singapore: Electronic Transactions Act
• Japan: Act on Electronic Signatures and Certification Business
• Australia: Electronic Transactions Act 1999

Industry-Specific Requirements

Healthcare (HIPAA):

• Electronic signatures must include unique user identification
• Audit trails required for all transactions
• Document integrity must be verifiable

Financial Services:

• SEC, FINRA rules on electronic records retention
• Sarbanes-Oxley requirements for financial document authenticity
• Basel requirements for trading record integrity

Government Contracting:

• Federal agencies may require specific signature standards
• PKI certificates from approved providers
• Specific retention periods (6+ years typical)

Implementing non-repudiation requires careful architecture that integrates multiple components while maintaining security and usability.

Core Components

1. Key Management Infrastructure:

• Key generation in secure environments (HSM)
• Key lifecycle management (creation, rotation, revocation)
• Escrow and recovery procedures
• Archive of historical keys for long-term verification

2. Certificate Authority (CA):

• Issues certificates binding identities to public keys
• Maintains revocation information (CRL, OCSP)
• Operates under Certificate Practice Statement (CPS)
• May be internal (enterprise) or external (public CA)

3. Timestamping Authority (TSA):

• Provides trusted timestamps for signatures
• Time synchronized to authoritative sources
• Operates HSM-protected signing keys
• Maintains timestamp logs for verification

4. Signature/Document Service:

• User-facing signing workflows
• Document preparation and presentation
• Signature embedding in appropriate formats
• Signed document delivery and storage

5. Evidence Archive:

• Long-term storage of signatures, timestamps, certificates
• Integrity-protected, tamper-evident storage
• Periodic re-timestamping for algorithm agility
• Compliance with retention requirements

Signature Formats

PDF Signatures (PAdES):

• Signatures embedded in PDF documents
• Visible signature appearance (optional)
• LTV (Long-Term Validation) extensions for archival
• Wide tool support (Adobe, browsers, PDF libraries)

XML Signatures (XAdES):

• Signatures for XML documents and data
• Detached, enveloped, or enveloping signature placement
• Supports long-term signature extensions
• Common in government and enterprise integrations

CMS Signatures (CAdES):

• General-purpose cryptographic message format
• Any binary data can be signed
• Basis for S/MIME email signatures
• Long-term extensions standardized

JSON Signatures (JWS/JAdES):

• Modern web-native signature format
• Compact representation for APIs
• JAdES adds XAdES-equivalent extensions
• Growing adoption in web applications

Non-repudiation systems face practical challenges that must be addressed for real-world effectiveness.

Key Compromise

If a signing key is compromised, non-repudiation breaks down:

Mitigation Strategies:

• HSM protection makes key extraction extremely difficult
• Revocation certificates invalidate signatures after compromise
• Timestamps prove signatures predated compromise
• Key escrow and recovery for legitimate access
• Multi-party signing for high-value transactions

Repudiation Attacks

Users may attempt to repudiate despite valid signatures:

"My key was stolen":

• Strong key protection reduces plausibility
• Audit logs show signing from expected locations/devices
• MFA requirements at signing time

"The system was compromised":

• Security certifications attest to control effectiveness
• Third-party audits validate claims
• Independent TSA provides external verification

"I didn't understand what I signed":

• Clear presentation of document before signing
• Audit trail of user interaction
• Multi-step confirmation for significant transactions

Long-term Validity

Signatures must remain verifiable long after creation:

Algorithm Aging:

• Cryptographic algorithms weaken over time
• SHA-1 signatures from 2010 are now questionable
• Re-timestamp before algorithms are compromised
• Archive sufficient evidence for long-term verification

Certificate Expiration:

• Signing certificates have limited validity (1-3 years typical)
• Timestamp proves signature was created when certificate was valid
• Revocation information must be preserved

Infrastructure Changes:

• TSAs may cease operation
• Root CAs may be retired
• Preserve all necessary evidence at signing time
• Maintain chain of trust to currently-trusted roots

Non-repudiation ensures entities cannot deny their actions—the foundation of accountability in digital systems. Through digital signatures, trusted timestamps, and comprehensive audit logging, we create irrefutable evidence of who did what, when. Let's consolidate the key concepts:

What's Next:

With the CIA Triad and its supporting concepts (authentication, authorization, non-repudiation) established, we conclude this module by examining Security Goals—the overarching objectives that integrate these concepts into a coherent security strategy, including defense in depth, risk management, and security governance frameworks.