Repudiation
Repudiation is commonly referred to as non-repudiation, however STNIDE doesn't roll off the tongue quite as nice, so we'll stick to repudiation. The general idea with repudiation is that when a user or system performs an action, if they say they did not do it, can you prove that they did?
In network and system infrastructure when you think of repudiation you think of logs. Logging an action is only helpful if the right information is logged, and the logs are carefully protected against tampering. Repudiation also comes up frequently when sending and receiving digital messages, especially as organizations look to go paperless. When legally binding documents are involved, how do both parties guarantee that the document is in the original state when signed?
I'm going to go a slightly different direction with the topic this week, not that there aren't interesting attacks related to repudiation, but there is a potential solution that also happens to be a current buzzword. That solution is blockchain.
Blockchain is essentially a distributed ledger system. It is a decentralized system, so it does not require a central server to provide approval. The nodes that are part of the blockchain come to a consensus, the block is updated, and the resulting transaction is immutable and irreversible. The very way that blockchain works makes it impossible to repudiate the information in it.
Companies are looking to put this technology to use in a number of ways. One of the ways is a kind of enhanced digital signature. Previous methods involved using some sort of trusted third party. With the automation built in it's possible to setup a system where multiple parties are able to separately, and yet jointly, sign documents electronically. Once completed another action could kick off. A common example I saw was in real estate transactions that required multiple parties, including buyer/seller/buyers bank/sellers/bank/real estate agents/etc. When all of the necessary signatures were obtained it could automatically kick off the resulting funds transfers to each of the parties.
While it is certainly not mainstream it will be very interesting to see how rapidly this technology not only advances, but how it gets adopted for different uses.
No comments:
Post a Comment