Nonrepudiation is a method of guaranteeing message transmission between parties via digital signature and/or encryption. It is one of the five pillars of information assurance (IA). The other four are availability, integrity, confidentiality and authentication.
Nonrepudiation is often used for digital contracts, signatures and email messages.
By using a data hash, proof of authentic identifying data and data origination can be obtained. Along with digital signatures, public keys can be a problem when it comes to nonrepudiation if the message recipient has exposed, either knowingly or unknowingly, their encrypted or secret key.
While nonrepudiation is a worthy electronic security measure, professionals in this arena caution that it may not be 100 percent effective. Phishing or man-in-the-middle (MITM) attacks can compromise data integrity. In addition, it is important to note that a digital signature is the same whether it is authentic or faked by someone who has the private key. This problem has been countered by the U.S. Department of Defense with the development of the common access card, a type of smart card designed for active duty military personnel, civilian personnel, the National Guard and others that are privy to confidential defense information.
Imagine receiving a harassing email from someone who denies sending the message. How do you determine the truth? Digital signatures prove the delivery and receipt of email transmissions, guaranteeing nonrepudiation.
Thus, nonrepudiation protects the recipient and the sender when a recipient denies receiving an email. Without nonrepudiation, an essential pillar of IA, information security would be significantly flawed.