Non-repudiation
Robin Burke
ECT 582
Midterm scores
Ave: 69
 Std. dev: 23
 Median: 75
 Max: 100
 Min: 35

Approximate grade
Mid 80s and up: As
 High 60s and to mid80s: Bs
 50s to 60s: Cs
 40s: Ds

Midterm

Answers
Law and Business

Legal systems make business possible


(sorry libertarians)
Law establishes




conditions for contract validity
venues for disinterested mediation and
dispute resolution
remedies for breach of contract
mechanisms of enforcement
Law and E-Commerce
E-Commerce also needs legal
systems
 Complexities

global scope / jurisdiction
 evolving technology landscape
 automation / liability

Evidence

Legal systems require evidence
evidentiary statutes predate digital era
 slowly catching up


Non-repudiation

maintaining digital evidence for ecommerce transactions
Legal structures

Common law


long-established precedents in US and UK
Concepts






writing
signing
notary
competence
presence
negotiability
Problems for e-commerce

Is a digital contract "written"?


Is a digital signature a "signature"?


must be qualified with respect to key
purpose, policy, etc.
Who bears liability?



digital media impermanent
private key compromise
service disruption
Who will archive and how?


digital media volatile
archives must be secure
Example

Financial services law

banks must retain canceled checks
• or facsimiles thereof (microfilm)


pre-dates digital era
If we define "digital representation"
as equivalent to physical facsimile
 then banks can store electronic scans
of canceled checks

Example

Jurisdiction
location where suit can be brought
 party must have "minimum contacts"
with a jurisdiction to be summoned
there

• US Constitutional law

Does the availability of web site
constitute "minimum contacts"?
Legal framework
US Federal

Federal law
Federal E-Sign act
 provisions

• Technology-neutral
• Electronic signatures have same status
as written ones
• limits
• applies mostly to sale and lease contracts,
will, trusts and other transactions explicitly
excluded)
Legal Framework
US State Law

Uniform Electronic Transactions Act
 More specific than Federal law
 Enacted by 43 states
 Still technology-neutral
• Doesn't mention certificates, PKI, etc.

Uniform Computer Information Transactions Act
 Extremely controversial
 Enacted by 3 states: Maryland, Virginia, Iowa
 Major concern
• imposition of onerous license terms: self-help, reverse
engineering, prevention of archiving, fair-use, etc.
UETA Provisions

Electronic Signature


Effect of Electronic Signature: A


"Means a record created, generated, sent, communicated, received, or stored
by electronic means."
Effect of Electronic Record




"signature may not be denied legal effect or enforceability solely because it
is in electronic form."
"If a law requires a signature, an electronic signature satisfies the law."
Electronic Record


"an electronic sound, symbol. or process attached to or logically associated
with a record and executed or adopted by a person with the intent to sign the
record."
A record "may not be denied legal effect or enforceability solely because it is
in electronic form."
If a law requires a record to be in writing, an electronic record satisfies the
law."
A contract may not be denied legal effect or enforceability solely because an
electronic record was used in its formation."
Effect of Electronic Agents

"The actions of machines ("electronic agents") programmed and used by
people will bind the user of the machine, regardless of whether human review
of a particular transaction has occurred."
Digital Signature Law

Utah Digital Signature Act (1995)

Very specific
• Mentions public key cryptography, certificates,
CRLs, etc.
• Licensing and regulation of CAs
• Liabilities of users and CAs


Not widely emulated
"Digital Signature Guidelines" (1999)


American Bar Association
Guidelines for the deployment of PKI
• Expectations and liability associated with CAs,
RAs, and users
International Laws

UN Model Law on Electronic
Commerce


similar to UETA
EU Directive on Digital Signatures
similar to Utah law
 specific requirements for PKI

State of law

Complex and unsettled


Different laws in different states /
countries
Catch-22
Slow adoption of PKI is tied to legal
uncertainties
 Lack of legal precedents / guidelines
due to slow adoption

Break
Non-repudiation
System property
 Protocol

provides for the retention of evidence
 that can be used to resolve disputes
 regarding transactions

Non-repudiation

Strong and substantial evidence of
the identity of the signer of a
message and of message integrity,
sufficient to prevent a party from
successfully denying the origin,
submission or delivery of the
message and the integrity of its
contents.
– ABA Digital Signature Guidelines
Disputes

"I never said that."


"I never got your message."


origin
reception
"Check's in the mail."

submission
Types needed

Non-repudiation of origin


Non-repudiation of delivery


NRO
NRD
Non-repudiation of submission

NRS
Non-repudiation of Origin

Evidence needed
Identity of originator
 Contents of message
 Time of generation

• this may matter for establishing a
negotiation sequence

Techniques
two party
 three party

Originator Digital Signature

Alice






creates message M
dates it T
and signs it S
Alice sends M + T + S to Bob
Bob uses Alice's public key certificate to
verify signature
Bob archives


M+T+S
Alice's public key certificate and CRL used to
verify it
Features
Identity and contents are protected
 Timestamping depends on the
accuracy of Alice's clock
 Alice needs digital signature capability

TTP Signature






Trusted third-party (Vicky)
Receives Alice's transaction M
 message
Generates time stamp T
Signs M + T
 creating S'
Returns to Alice
Bob gets M + T + S'
 can verify that whole transaction matches S'
 archives the message for dispute resolution
 also Vicky's certificate and CRL used to verify it
Features

Alice doesn't need to sign


she can review message before sending
Alice doesn't need a key pair
• lower PKI overhead

Timestamp


Identity less secure


Vicky's timestamp will be more reliable than
Alice's
no digital signature from Alice
Vicky has access to message contents
TTP Digest Signature





Alice doesn't want to disclose M
Same operation with hash of M using key k
 creates hash H
Sends H to Vicky
 gets back H + T + S'
Attaches M
 encrypts M + k + H + T + S'
Bob receives message
 verifies that H is a true hash of M
 verifies Vicky's signature
 archives the transaction
Features
Alice needs encryption / hashing
capability
 Confidentiality is preserved
 Identity still a problem

In-line TTP

Receives Alice's transaction M


Generates time stamp T




Signs M + T
creating S'
Archives M + T + S'
Forwards M to Bob


message
perhaps with transaction id
Bob can contact Vicky to get evidence
Features
Vicky does archiving
 Alice and Bob don't need encryption
capability
 Content and identity guarantees

TTP Token





Receives Alice's transaction M
Generates time stamp T
Creates a secure hash H of M + T using a
cryptographic key k
Returns to Alice M + T + H
Bob gets M + T + H


Bob can contact Vicky with H
Vicky verifies that H matches message
Features
Content secure
 No PKI



Ordinary symmetric encryption
sufficient
Identity less secure
Combination of methods

Originator Signature + TTP Digest
Signature



Originator Signature + In-line TTP



if we care about disclosure
and recipient can archive
if we don't care about disclosure
and we want 3rd party archiving
In-line TTP could


archive encrypted message
Bob would need private key to access
evidence
Non-repudiation of delivery

Same information needed
Identity of recipient
 Content of message
 Timestamp


Think of NRO

but the origin message is the
acknowledgement of receipt
Signed receipt


Alice sends Bob M
Bob





generates a timestamp T
computes a hash of M = H
signs H + T = S'
sends Alice a receipt message H + T + S'
Alice



checks H against her original message
validates Bob's signature
archives the receipt message
Features

Like digital signature NRO, but in reverse


Standardized part of S/MIME



message = acknowledgement
secure receipt of email
available in MS Outlook
Other variants

TTP Signature, In-Line etc.
• all the same options available
Problem
Requires that the recipient generate
the receipt
 What about the "reluctant recipient"?


reason for NRD in the first place
Trusted Delivery Agent
Alice sends message of Vicky
 Bob must contact Vicky to access
message


Vicky generates receipt
Non-repudiation of
submission

Useful when what matters is
submitting something
a bid
 acceptance


Like NDD

but with the mail system
• or the bidding engine

doing the verification
Basic idea






Parties agree to non-repudiation
mechanism
Evidence is generated during transaction
Evidence is transmitted
Evidence is verified
Evidence is archived
If necessary


Evidence is retrieved
Evidence is presented for dispute resolution
Digital evidence

Evidence will be strong if
secure chain of custody from creation
to presentation
 properties of authenticity and integrity
 policies of the CA and TTP

Secure bidding

Suppose Alice doesn't want Bob to know
the contents of her message


Additional safeguards



a bid to be unsealed later
Alice shouldn't be able to change her mind
Bob shouldn't be able to read her bid
"Commitment protocol"

Alice commits to an answer but doesn't
reveal it
Commitment protocol

Alice encrypts M with symmetric key k



Bob gets Alice's bid C



produces ciphertext C
generates the transaction based on C
he can verify identity and timestamp
gets copy of C
When bids are revealed


Alice transmits k
Bid can be read
Homework #4

Use secure email



digital signature
encryption
Get certificate from www.thawte.com



cannot use web mail
if necessary, open a new hotmail account
Use Outlook Express or Netscape
Communicator