本文继续讨论 Non-repudiation 不可否认性威胁类型,Nr.1 - Nr.1.2。
Non-repudiation 不可否认性
见前文。
Nr.1 Attributable data evidence 可归因数据证据
见前文。
Nr.1.2 Signed data 签名数据
Signed data can prevent deniability. Digital signatures by an individual or a trusted third party provide a strong source of evidence that prevents deniability claims as third parties can independently verify these signatures.
签名数据会阻止可否认性。个人或受信任的第三方的数字签名提供了强有力的证据来源,可阻止可否认性主张,因为第三方可以独立验证这些签名。
Criteria 辨识要素
-
Digitally signed
数字签名- Is the data digitally signed?
数据是否被数字签名?
- Is the data digitally signed?
-
Signing keys
签名密钥- Which keys are used for signing? Who has access to these keys to verify signatures?
哪些密钥用于签名?谁有权访问这些密钥来验证签名?
- Which keys are used for signing? Who has access to these keys to verify signatures?
Examples 示例
-
Digital signatures
数字签名- Digital signatures attached to emails provide a strong form of evidence of the user having written the email message, thereby removing their plausible deniability about having written it.
附在电子邮件上的数字签名提供了有力证据,证实电子邮件消息是该用户所写的,从而使他们无法否认该行为。
- Digital signatures attached to emails provide a strong form of evidence of the user having written the email message, thereby removing their plausible deniability about having written it.
-
DKIM:
- A common spam countermeasure (DKIM) involves signing outgoing emails, this prevents users from denying the authenticity of leaked or stolen emails.
一种常见的垃圾邮件对策(DKIM)涉及对发出的电子邮件进行签名,这可以防止用户否认泄露或被盗的电子邮件的真实性。 - DKIM stands for ‘DomainKeys Identified Mail’ and is a common countermeasure in the fight against spam. DKIM works by having an email provider, such as GMail, sign all outgoing emails to provide proof that they were sent from their servers, and publishing the signing key in a DNS record to enable anyone to verify the legitimacy of a sent emails. However, as a side-effect, this mechanism builds strong evidence (a digital signature by the E-mail provider) and links this evidence to the individual having sent the message (represented by the sender E-mail address in the signed message). This thus reduces plausible deniability of having sent an email.
DKIM代表“域名密钥识别邮件”,是打击垃圾邮件的常用对策。DKIM的工作原理是让一家电子邮件提供商(如GMail)对所有发出的电子邮件进行签名,以证明它们是从其服务器发出的,并在DNS记录中发布签名密钥,使任何人都可以验证所发电子邮件的合法性。但是,作为副作用,这种机制建立了强有力的证据(电子邮件提供商的数字签名),并将该证据与发送邮件的个人(由签名邮件中的发件人电子邮件地址表示)联系起来。因此,这阻碍了对发送电子邮件的合理否认权。
- A common spam countermeasure (DKIM) involves signing outgoing emails, this prevents users from denying the authenticity of leaked or stolen emails.
-
Blockchain storage
区块链存储- Data stored on a blockchain cannot be modified, this prevents deniability of claims regarding this data.
存储在区块链上的数据不能被修改,这阻止了关于该数据的主张的可否认性。 - Distributed ledgers, such as blockchains, prevent modifications of data on the chain. This provides a strong historic record which cannot be altered and thus prevents future deniability claims.
分布式账本(如区块链)防止链上数据的修改。这就提供了无法更改的强大历史记录,从而阻止了未来的否认性主张。
- Data stored on a blockchain cannot be modified, this prevents deniability of claims regarding this data.
Impact 影响
-
Prevent deniability
阻止可否认性- Signatures provide strong non-repudiation, as they can also be verified by third parties.
签名提供了强大的不可否认性,因为它们也可以由第三方验证。
- Signatures provide strong non-repudiation, as they can also be verified by third parties.
-
append-only storage
仅追加存储- Append-only storage systems make it impossible for the data subject to later remove their personal data.:
仅追加存储系统使数据主体以后无法删除他们的个人数据。
- Append-only storage systems make it impossible for the data subject to later remove their personal data.:
Additional information 额外信息
-
Requests
请求- Signed data applies not only to messages, but also to documents, requests, etc.
签名数据不仅适用于消息,还适用于文档、请求等。
- Signed data applies not only to messages, but also to documents, requests, etc.
