Which of the following scenarios BEST describes an implementation of non-repudiation?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Non-repudiation is the concept that an individual cannot deny having performed a particular action or transaction. In other words, it ensures that the sender of a message or transaction cannot deny sending it, and the recipient cannot deny receiving it. To achieve non-repudiation, a mechanism is required that can authenticate the identity of the sender, ensure the integrity of the message, and provide a non-repudiable proof of delivery.
Out of the given scenarios, the one that BEST describes an implementation of non-repudiation is C. A user sends a digitally signed email to the entire finance department about an upcoming meeting.
Digital signatures use public-key cryptography to provide non-repudiation, as only the sender possesses the private key required to sign the message. When a user sends a digitally signed email, the recipient can verify the signature using the sender's public key. This verification ensures that the email has not been tampered with since it was signed and that the sender cannot deny having sent it.
In option A, a user accessing network file shares for another department does not necessarily involve non-repudiation. It is a common action that can be authorized or unauthorized, but it does not provide any non-repudiable proof of the user's action.
Option B involves a user remotely logging into the mail server with another user's credentials, which is an unauthorized action and does not provide non-repudiation.
Option D involves a user accessing the workstation registry to make unauthorized changes, which is also an unauthorized action and does not provide non-repudiation.
Therefore, option C is the correct answer as it involves the use of digital signatures to ensure non-repudiation.