Which option is a mechanism to ensure non-repudiation?
Non-repudiation is proving who uploaded and downloaded a file, and whether or not the received file is identical to the one sent. Verifying that a file has been sent and received without being modified by a man-in-the-middle attack is critical for many different business processes, such as in healthcare, finance, or logistics. Show What is Non-Repudiation in File Transfers Built On?There are a few building blocks that help define a secure end-to-end file transfer process. Broadly speaking, these building blocks are:
Verification of Senders and Receivers This authentication piece is primarily built around the idea of certificates and signatures. Before uploading a file to send, the certificate is examined to verify that the endpoint is indeed the correct location. Conversely, when the recipient is downloading the file, the digital signature of the sending party is checked to verify that they are who they say they are. This process works like so:
With this time-tested process, the sender and file can be validated as correct. To authenticate the sender and recipient, a system may implement a login system that ideally incorporates multi-factor authentication best practices. Data File Encryption Files are typically encrypted using one of several different protocols. These protocols should be FIPS-validated encryption protocols such as 3DES or AES. These are purely data encryption protocols and although 3DES is included, it is an older protocol. The current gold-standard is to use AES-256. Unfortunately, certain file transfer solutions such as the AS2 and AS3 systems are limited to 3DES. Secure Transport Securely transporting data is typically done over a TLS encrypted link and not SSL. This link will be validated by server-level certificates and utilize TLS 1.2 or the newer TLS 1.3 protocol. File Receipt Verification and Validation Just because a file is encrypted, and we have digital signatures for the sender and receiver, does not necessarily mean the file was not tampered with in transport. To verify that the file is correct, the best practice is to use a mechanism known as an HMAC (Keyed-Hashing for Message Authentication). There are several HMAC algorithms, such as HMAC-MD5, HMAC-SHA1, or HMAC-SHA256. This hashing algorithm employs both a hash of the file and a shared secret key. This allows the exchanging parties the ability to establish the authenticity of the message. Common Systems for Managed File TransfersTaking all of the building blocks together, what are the available solutions and common protocols for secure and managed file transfers? There are a few protocols and systems that help to facilitate this process. The three most commonly used protocols and technologies are:
AS1-4 Family One of the best-known EDI protocols is the AS1-4 family of protocols. AS2 is one of the most commonly deployed versions of this protocol, but AS3 has added security by building on the FTP/SSL protocol which adds authentication into the mix. AS4 has further enhanced interoperability with modern network infrastructures by being built on SOAP and Web Services. OFTP2 The original Odette File Transfer Protocol was developed in the mid-’80s to assist in EDI data exchanges. In 2007 the updated version, OFTP2, was introduced with enhanced security and compression features over its predecessor. HTTPS (TLS 1.2+), AES-256, HMAC-SHA256, SFTP, Multi-Factor Authentication Though the above combination of technologies is a bit of a handful to say, many modern managed file transfer solutions are built on the above set of technologies. Systems that utilize TLS for secure transport, AES-256 for data encryption, HMAC-SHA246 for data integrity, SFTP as a secure endpoint, and multi-factor authentication to verify senders and receivers, ensures that transferred data is accurate according to non-repudiation standards. ConclusionIn today’s world, validating that a received file is tamper-free and from a trusted sender is more important than ever. Utilizing non-repudiation techniques in file transfers helps to secure data transfers that are core to many business processes. Using known secure techniques and products serves to provide the peace of mind that is needed when transferring sensitive data. READ NEXT
What is nonDefinition(s):
Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the information.
Which of the following is the best method for ensuring nondigital signatures. Explanation: Digital signatures use a private and public key pair, authenticating both parties.
Which of the following are examples of non5 Examples of Non-repudiation. Notary. It is common for the signing of legal documents to be witnessed by a licensed notary. ... . Forensic Science. A handwriting expert may be used by a legal service as a means of non-repudiation of signatures.. Authentication. ... . Audit Trail. ... . Digital Signatures.. What should be used to ensure nonDigital signatures supports non-repudiation; where the sender can not refute sending the message.
|