Non-Repudiation: Increasing Security Measures for Information Systems

Enhancing Non-Repudiation: Implementing Appropriate Capabilities

Prev Question Next Question

Question

An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application.

After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient.

Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

D.

The information system owner has requested increased non-repudiation within the application, indicating that they want to ensure that users cannot deny their actions within the system. This means that the owner wants to have stronger evidence that a particular user performed a particular action within the system.

Out of the given options, the most appropriate capability to consider implementing in response to this requirement is D. Digital signatures.

A digital signature is a cryptographic mechanism that provides non-repudiation by ensuring that a message or document has not been altered since it was signed by the sender. It provides a method to verify that the sender of a message is who they claim to be and that the message has not been tampered with.

Digital signatures use asymmetric cryptography, which involves the use of a private key to sign a message and a public key to verify the signature. The sender signs the message with their private key, which is only known to them. The receiver can then verify the signature using the sender's public key, which is widely distributed. If the signature is valid, the receiver can be sure that the message has not been altered since it was signed by the sender.

Two-factor authentication (C) and one-time passwords (E) are also useful security mechanisms, but they do not provide non-repudiation. Two-factor authentication requires users to provide two different types of authentication factors, such as a password and a biometric, to access a system. One-time passwords are temporary passwords that are generated for a single use and then expire. While these mechanisms can increase the security of a system, they do not provide evidence that a particular user performed a particular action within the system.

Symmetric encryption (B) is a method of encrypting data using a single shared key, which can provide confidentiality for data, but it does not provide non-repudiation.

Transitive trust (A) is a concept used in public key infrastructure (PKI) to establish trust between two parties who do not directly trust each other. While this is a useful capability for PKI, it does not provide non-repudiation on its own.

In summary, the most appropriate capability to consider implementing in response to the information system owner's requirement for increased non-repudiation within the application is digital signatures (D).