jump to navigation

Email, Meta Data and Non Repudation (“It wasn’t me!”…Shaggy) January 9, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

SilverStarThis is a simple primer on email, authentication and ‘non repudiation.  To understand ‘non repudation’ as it applies to information security, it is important to understand repudiation. Repudiation is simply the act of denying or renouncing something.  A suspect stating that they did not commit a crime is repudiating the crime.  Non-repudiation is a concept in which a “..a party in a dispute cannot repudiate, or refute the validity of a statement or contract”  Within information security this means that a person cannot dispute that he or she was the origin of an action.  We will use email as an example.

Suppose a person (person A) sends an email to another person (person B) in 2011 in which they attach a document including claims to military heroics which resulted in the awarding of some honor..say a Bronze Star.  Later, after it was discovered that person A was not awarded the bronze star and people began to question them Person A decided to disavow any association with said email or reference to the Bronze Star. In short, they have repudiated the claim that they sent the email and created the document.  Person A goes a step further and claims that the document and the email were “forgeries” intended to sully their (Person’ A’s) good name.  Is it possible to demonstrate with a high degree of confidence (or even certainty) that Person A was indeed the originator of the email and the author of the document? YES!  This is where ‘non repudiation’ or the ability to prevent someone from disputing the action is important.

To understand how this can be achieved, there are a few concepts related to email that should be discussed.

1) Authentication– Authentication is is described on wikipedia as:the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true”.  You can read more in an earlier blog post titled Security 101; Authentication.  Authentication is an important part of access control and email.  Email access control is managed by two components.  1) the user who is assigned a username and 2) the password or other authentication mechanism used to ‘authenticate’ to the system.  By using the correct password that is only known to the user, the system ‘authenticates’ their access and allows them to access the email. The rigor of the authentication provides greater confidence that the person is the originator of the email.  While ‘multi factor’ authentication provides the greatest confidence, a password also provides very strong non-repudiation for most purposes.  (more…)

“There I was bro!”…a rant about Military Fakers, Poseurs, and Frauds June 7, 2012

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
add a comment

Sometimes I hear a story that compels me to comment on this blog even thought it is not related to risk or security.  America’s Got Talent contestant Timmy Poe stuttered his way through his interview and brought tears to many eyes with his claims of being ‘wounded’ in combat and being a decorated war veteran with a Bronze Star.  Well, wasn’t it a surprise to learn he has apparently lied about his combat experience, wounds, and decoration?  In short..no combat, no Purple Heart and no Bronze Star.  C’mon man!  There is no shame in service of any sort.  If you are a cook…own it.  If you are a cop…own it.  If you were a medic…OWN IT.

I have now worked for two different people who claimed military honors that they fabricated. (more…)

POPSatire…my ‘other blog’…;) March 13, 2012

Posted by Chris Mark in Industry News, Uncategorized.
Tags: , , , ,
add a comment

On GlobalRiskInfo.com I try to keep the discussion professional, timely, and on topic.  A few readers know that I maintain a less “sophisticated” blog called POPSatire.  Upon request of a couple of readers, I am putting a link to POPSatire on this blog.  On POPSatire, I take shots at POP culture, POPular people, soda POP, and generally anything that merits a rant for the day.  In truth, my primary topics are around those who lie about their military service and a few other things.  As a ‘chrome dome’ myself (bald headed man), I even take a shot at the bad comb-over.  If you want to see my acerbic wit in action (look…I am edumecated 😉 then take a spin through www.POPSatire.com.

%d bloggers like this: