On the Security of the Non-Repudiation of Forwarding Service
Nowadays, digital data can be protected by several security services. For example, confidentiality can be provided using encryption mechanisms and authentication can be realized by digital signatures. However, it is usually assumed that only unauthorized users want to manipulate data or attack the system. Often the attacks committed by allegedly trusted users are neglected.
A question following secured transmissions is addressed by the non-repudiation of forwarding service: How to find the responsible person if a data leak comes up? The service provides traceability of confidential data via multiple recipients. Unique tracking data are added to the message each time it is forwarded, and these data are used to generate evidence in case of a conflict. This paper deals with the security aspects of the non-repudiation of forwarding service and explains how the tracking data are protected against targeted manipulations.
KeywordsSecurity Service Non-Repudiation Data Tracking Privacy Digital Watermarking Data Protection
Unable to display preview. Download preview PDF.
- 1.Schick, R., Ruland, C.: Document Tracking - On the Way to a New Security Service. In: Conference on Network and Information Systems Security. Conference Proceedings, pp. 89–93 (2011)Google Scholar
- 2.Schick, R., Ruland, C.: Data Leakage Tracking – Non-Repudiation of Forwarding. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds.) ICIEIS 2011, Part I. CCIS, vol. 251, pp. 163–173. Springer, Heidelberg (2011)Google Scholar
- 3.InfoWatch, Global Data Leakage Report (2011), http://infowatch.com/sites/default/files/report/InfoWatch_global_data_leakage_report_2011.pdf
- 4.International Organization for Standardization, 13888-1: Information technology - Security techniques - Non-repudiation - Part 1: General (2009)Google Scholar
- 5.International Organization for Standardization, 13888-2: Information technology - Security techniques - Non-repudiation - Part 2: Mechanisms using symmetric techniques (2010)Google Scholar
- 6.International Organization for Standardization, 13888-3: Information technology - Security techniques - Non-repudiation - Part 3: Mechanisms using asymmetric techniques (2009)Google Scholar
- 8.International Organization for Standardization, 10181-4: Information technology - Open Systems Interconnection - Security frameworks for open systems: Non-repudiation framework (1997)Google Scholar
- 9.Zhou, J., Gollmann, D.: A Fair Non-Repudiation Protocol. In: IEEE Symposium on Security and Privacy, pp. 55–61. IEEE Press (1996)Google Scholar
- 10.Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography, 2nd edn. Elsevier (2008)Google Scholar
- 11.Network Working Group, Internet X.509 Public Key Infrastructure - Time-Stamp Protocol, TSP (2001)Google Scholar
- 12.Network Working Group, Internet X.509 Public Key Infrastructure - Certificate and Certificate Revocation List (CRL) Profile (2008)Google Scholar
- 13.Schick, R., Ruland, C.: Introduction of a New Non-Repudiation Service to Protect Sensitive Private Data. In: Advances in Information and Communication Technologies, pp. 71–76. Conference Proceedings (2011)Google Scholar
- 14.Provos, N.: A universal steganographic tool (2001), http://www.outguess.org