Information security -- Non-repudiation

This document serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques. The ISO/IEC 13888 series provides non-repudiation mechanisms for the following phases of non-repudiation: — evidence generation; — evidence transfer, storage and retrieval; and — evidence verification. Dispute arbitration is outside the scope of the ISO/IEC 13888 series.

Sécurité de l'information -- Non-répudiation

General Information

Status
Published
Publication Date
03-Sep-2020
Current Stage
5060 - Close of voting Proof returned by Secretariat
Start Date
06-Aug-2020
Completion Date
05-Aug-2020
Ref Project

RELATIONS

Buy Standard

Standard
ISO/IEC 13888-1:2020 - Information security -- Non-repudiation
English language
20 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 13888-1
Fourth edition
2020-09
Information security — Non-
repudiation —
Part 1:
General
Sécurité de l'information — Non-répudiation —
Partie 1: Généralités
Reference number
ISO/IEC 13888-1:2020(E)
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC 13888-1:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 13888-1:2020(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Symbols and abbreviated terms ........................................................................................................................................................... 8

4.1 Symbols ......................................................................................................................................................................................................... 8

4.2 Abbreviated terms ............................................................................................................................................................................... 9

5 Document organization ................................................................................................................................................................................. 9

6 Requirements .......................................................................................................................................................................................................... 9

7 Generic non-repudiation services ...................................................................................................................................................10

7.1 Non-repudiation services ...........................................................................................................................................................10

7.2 Entities involved in the provision and verification of evidence .................................................................10

8 Trusted third party involvement ......................................................................................................................................................11

8.1 General ........................................................................................................................................................................................................11

8.2 Evidence generation phase........................................................................................................................................................11

8.3 Evidence transfer, storage and retrieval phase ........................................................................................................12

8.4 Evidence verification phase ......................................................................................................................................................12

9 Evidence generation and verification mechanisms ......................................................................................................13

9.1 General ........................................................................................................................................................................................................13

9.2 Secure envelopes ................................................................................................................................................................................13

9.3 Digital signatures ...............................................................................................................................................................................13

9.4 Evidence verification mechanism ........................................................................................................................................13

10 Non-repudiation tokens .............................................................................................................................................................................14

10.1 General ........................................................................................................................................................................................................14

10.2 Generic non-repudiation token .............................................................................................................................................14

10.3 Time-stamp token .............................................................................................................................................................................15

10.4 Notarization token ............................................................................................................................................................................15

11 Specific non-repudiation services ...................................................................................................................................................16

11.1 General ........................................................................................................................................................................................................16

11.2 Non-repudiation of origin ..........................................................................................................................................................17

11.3 Non-repudiation of delivery .....................................................................................................................................................17

11.4 Non-repudiation of submission .............................................................................................................................................17

11.5 Non-repudiation of transport..................................................................................................................................................17

12 Use of specific non-repudiation tokens in a messaging environment .......................................................18

Bibliography .............................................................................................................................................................................................................................20

© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 13888-1:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC

list of patent declarations received (see http:// patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1 Information technology,

Subcommittee SC 27, Information security, cybersecurity and privacy protection.

This fourth edition cancels and replaces the third edition (ISO/IEC 13888-1:2009), which has been

technically revised.
The main changes compared to the previous edition are as follows:
— Clause 3 has been updated;
— terminology issues have been fixed; and
— a new requirement has been introduced when using hash functions.
A list of all parts in the ISO/IEC 13888 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 13888-1:2020(E)
Introduction

The goal of a non-repudiation service is to generate, collect, maintain, make available and verify

evidence concerning a claimed event or action in order to resolve disputes about the occurrence or

non-occurrence of the event or action. This document defines a model for non-repudiation mechanisms

providing evidence based on cryptographic check values generated using symmetric or asymmetric

cryptographic techniques.

Non-repudiation services establish evidence. Evidence establishes accountability regarding a particular

event or action. The entity responsible for the action, or associated with the event, with regard to which

evidence is generated, is known as the evidence subject.

Non-repudiation mechanisms provide protocols for the exchange of non-repudiation tokens specific

to each non-repudiation service. Non-repudiation tokens consist of secure envelopes and/or digital

signatures and, optionally, additional data:

— secure envelopes are generated by an evidence generating authority using symmetric cryptographic

techniques;

— digital signatures are generated by an evidence generator or an evidence generating authority using

asymmetric techniques.

Non-repudiation tokens can be stored as non-repudiation information that can be used subsequently by

disputing parties or by an adjudicator to arbitrate in disputes.

Depending on the non-repudiation policy in effect for a specific application, and the legal environment

within which the application operates, additional information can be required to complete the non-

repudiation information, for example:
— evidence including a trusted time-stamp provided by a time-stamping authority;

— evidence provided by a notary which provides assurance about data created or the action or event

performed by one or more entities.

Non-repudiation can only be provided within the context of a clearly defined security policy for

a particular application and its legal environment. Non-repudiation policies are described in

ISO/IEC 10181-4.

Specific non-repudiation mechanisms generic to the various non-repudiation services are first

described and then applied to a selection of specific non-repudiation services such as:

— non-repudiation of origin;
— non-repudiation of delivery;
— non-repudiation of submission;
— non-repudiation of transport.
Additional non-repudiation services mentioned in this document are:
— non-repudiation of creation;
— non-repudiation of receipt;
— non-repudiation of knowledge;
— non-repudiation of sending.
© ISO/IEC 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 13888-1:2020(E)
Information security — Non-repudiation —
Part 1:
General
1 Scope

This document serves as a general model for subsequent parts specifying non-repudiation mechanisms

using cryptographic techniques.

The ISO/IEC 13888 series provides non-repudiation mechanisms for the following phases of non-

repudiation:
— evidence generation;
— evidence transfer, storage and retrieval; and
— evidence verification.
Dispute arbitration is outside the scope of the ISO/IEC 13888 series.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 18014 (all parts), Information technology — Security techniques — Time-stamping services

3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
adjudicator
entity which arbitrates disputes between parties
3.2
certificate

entity's data rendered unforgeable with the private or secret key (3.48) of a certification authority (3.3)

Note 1 to entry: Unforgeable means impossible to copy or imitate unlawfully.
© ISO/IEC 2020 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC 13888-1:2020(E)
3.3
certification authority

authority trusted by one or more entities to create and assign certificates (3.2) or digitally signed public

key certificates (3.46)

[SOURCE: ISO/IEC 9594-8:2017, 3.5.19, modified — In the definition, the initial article has been removed

and "assign certificates" has been added.]
3.4
collision-resistant hash-function

hash-function (3.18) satisfying the following property: it is computationally infeasible to find any two

distinct inputs which map to the same output

Note 1 to entry: Computational feasibility depends on the specific security requirements and environment.

[SOURCE: ISO/IEC 10118-1:2016, 2.1, modified — In Note 1 to entry, the second sentence has been

removed.]
3.5
cryptographic check function
CHK

either a MAC (3.22) function or a digital signature (3.9) function, i.e. a function that takes as an input

a message and a secret or private key (3.44) and returns a string of bits that can be used to verify the

origin and integrity of the message
3.6
cryptographic check value
output of a cryptographic check function (3.5)
3.7
data storage

means for storing information from which data is submitted for delivery, or into which data is put by

the delivery authority (3.8)
3.8
delivery authority

authority trusted by the sender (3.43) to deliver the data from the sender to the receiver, and to provide

the sender with evidence (3.11) on the submission and transport of data upon request

3.9
digital signature
SIG

data appended to, or a cryptographic transformation of, a data unit that allows the recipient (3.47) of

the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the

recipient

[SOURCE: ISO 7498-2:1989, 3.3.26 modified — The abbreviated term "SIG" has been added.]

3.10
distinguishing identifier

information which unambiguously distinguishes an entity in the non-repudiation process (3.32)

3.11
evidence
information supporting the occurrence of an event or action

Note 1 to entry: Evidence does not necessarily prove the truth or existence of something but can contribute to

the establishment of such a proof.
2 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 13888-1:2020(E)
3.12
evidence generator
entity that produces non-repudiation evidence (3.11)

[SOURCE: ISO/IEC 10181-4:1997, 3.4.4, modified — The initial article has been removed from the

definition and the Note has been deleted]
3.13
evidence user
entity that uses non-repudiation evidence (3.11)

[SOURCE: ISO/IEC 10181-4:1997, 3.4.6, modified — The initial article has been removed from the

definition.]
3.14
evidence verifier
entity that verifies non-repudiation evidence (3.11)

[SOURCE: ISO/IEC 10181-4:1997, 3.4.7, modified — The initial article has been removed from the

definition.]
3.15
evidence requester

entity that requests evidence (3.11) to be generated either by another entity or by a trusted third

party (3.55)
3.16
evidence subject

entity responsible for the action, or associated with the event, with regard to which evidence (3.11) is

generated
3.17
hash-code
string of bits that is the output of a hash-function (3.18)

[SOURCE: ISO/IEC 10118-1:2016, 3.3, modified — Note 1 to entry has been removed.]

3.18
hash-function

function which maps strings of bits of variable (but usually upper bounded) length to fixed-length

strings of bits, satisfying the following two properties:

— for a given output, it is computationally infeasible to find an input which maps to this output;

— for a given input, it is computationally infeasible to find a second input which maps to the same output

Note 1 to entry: Computational feasibility depends on the specific security requirements and environment.

Note 2 to entry: In the ISO/IEC 13888 series, hash-functions are required to be collision-resistant.

[SOURCE: ISO/IEC 10118-1:2016, 3.4, modified — In Note 1 to entry, the second sentence has been

removed and Note 2 to entry has been added.]
3.19
imprint

string of bits, either the hash-code (3.17) of a data string or the data string itself

© ISO/IEC 2020 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC 13888-1:2020(E)
3.20
key

sequence of symbols that controls the operations of a cryptographic transformation (e.g. encryption,

decryption, cryptographic check function computation, signature calculation, or signature verification)

[SOURCE: ISO/IEC 11770-3:2015, 3.17, modified — In the definition, "operation" has been replaced with

"operations".]
3.21
monitoring authority

trusted third party (3.55) that monitors actions and events, and that is trusted to provide evidence (3.11)

about actions and events that have been monitored
3.22
Message Authentication Code
MAC
string of bits which is the output of a MAC algorithm
3.23
non-repudiation of creation

service intended to protect against an entity's false denial of having created the content of a message or

the message itself (i.e. being responsible for the content of a message or the message itself)

3.24
non-repudiation of delivery

service intended to protect against a recipient's (3.47) false denial of having received a message and

its content
3.25
non-repudiation of delivery token
NRDT

data item which allows the sender (3.43) to establish non-repudiation of delivery (3.24) for a message

3.26
non-repudiation exchange

sequence of one or more transfers of non-repudiation information (3.27) for the purpose of non-

repudiation
3.27
non-repudiation information
NRI

set of information that may contain information about an event or action for which evidence (3.11) is to

be generated and verified, the evidence itself, and the non-repudiation policy (3.31) in effect

Note 1 to entry: The exact format and specifications depend on the chosen mechanism.

3.28
non-repudiation of knowledge

service intended to protect against a recipient's (3.47) false denial of having taken notice of the content

of a received message

Note 1 to entry: The exact format and specifications depend on the chosen mechanism.

3.29
non-repudiation of origin

service intended to protect against the sender's (3.43) false denial of having created the content of a

message and of having sent a message
4 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 13888-1:2020(E)
3.30
non-repudiation of origin token
NROT

data item which allows recipients (3.47) to establish non-repudiation of origin (3.29) for a message

3.31
non-repudiation policy
set of criteria for the provision of non-repudiation services

Note 1 to entry: More specifically, it is a set of rules to be applied for the generation and verification of evidence

(3.11) and for adjudication.
3.32
non-repudiation process

set of interrelated or interacting activities which provides one or more non-repudiation services

Note 1 to entry: The exact format and specifications depend on the chosen mechanism.

3.33
non-repudiation of receipt

service intended to protect against a recipient's (3.47) false denial of having received a message

3.34
non-repudiation of sending

service intended to protect against the sender's (3.43) false denial of having sent a message

3.35
non-repudiation of submission

service intended to provide evidence (3.11) that a delivery authority (3.8) has accepted a message for

transmission
3.36
non-repudiation of submission token
NRST

data item which allows either the originator (3.43) or the delivery authority (3.8) (sender) to establish

non-repudiation of submission (3.35) for a message having been submitted for transmission

Note 1 to entry: A non-repudiation of submission token is generated by the initial receiver except when the

receiver is a recipient (3.47).
3.37
non-repudiation token
NRT

special type of security token (3.51), consisting of evidence (3.11), and, optionally, of additional data

3.38
non-repudiation of transport

service intended to provide evidence (3.11) for the message sender (3.43) that a delivery authority (3.8)

has delivered a message to the intended recipient (3.47)

Note 1 to entry: A non-repudiation of transport token is generated by the initial receiver except when the receiver

is a recipient (3.47).
3.39
non-repudiation of transport token
NRTT

data item which allows either the originator (3.43) or the delivery authority (3.8) to establish non-

repudiation of transport for a message
© ISO/IEC 2020 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO/IEC 13888-1:2020(E)
3.40
notary authority

trusted third party (3.55) trusted to provide evidence (3.11) about the properties of the entities involved

and of the data stored or communicated, or to extend the lifetime of an existing token beyond its expiry

or beyond subsequent revocation
3.41
notarization

provision of evidence (3.11) by a notary about the properties of the entities involved in an action or

event, and of the data stored or communicated
Note 1 to entry: Notarization can also extend the lifetime of an existing token.
3.42
notarization token
non-repudiation token (3.37) generated by a notary
3.43
originator
sender

entity that sends a message to the recipient (3.47) or makes available a message for which non-

repudiation services are to be provided
3.44
private key

key (3.20) of an entity's asymmetric key pair which can only be used by that entity

Note 1 to entry: In the case of an asymmetric signature system, the private key defines the signature

transformation. In the case of an asymmetric encipherment system, the private key defines the decipherment

transformation.
3.45
public key
key (3.20) of an entity's asymmetric key pair which can be made public

Note 1 to entry: In the case of an asymmetric signature scheme, the public key defines the verification

transformation. In the case of an asymmetric encipherment system, the public key defines the encipherment

transformation. A key that is 'publicly known' is not necessarily globally available. The key might only be available

to all members of a pre-specified group.
3.46
public key certificate

public key (3.45) information of an entity signed by the certification authority (3.3) and thereby rendered

unforgeable
[SOURCE: ISO/IEC 11770-3:2015, 3.34]
3.47
recipient

entity that gets (receives or fetches) a message for which non-repudiation services are to be provided

3.48
secret key

key (3.20) used with symmetric cryptographic techniques and usable only by a set of specified entities

[SOURCE: ISO/IEC 11770-3:2015, 3.36, modified — In the definition, “and usable only” has been added

and “specified set of entities” has been changed to “set of specified entities”]
6 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 13888-1:2020(E)
3.49
secure envelope
SENV

set of data items which is constructed by an entity in such a way that any entity holding the secret key

(3.48) can verify their integrity and origin

Note 1 to entry: For the purpose of generating evidence (3.11), the SENV is constructed and verified by a trusted

third party (3.55) (TTP) with a secret key known only to the TTP.

Note 2 to entry: Cryptographic check functions are used to generate secure envelopes.

3.50
security policy
set of criteria for the provision of security services
3.51
security token

set of data protected by one or more security services, together with security information used in the

provision of those security services, that is transferred between communicating entities

3.52
signer
entity generating a digital signature (3.9)
3.53
time-stamp

time variant parameter which denotes a point in time with respect to a common time reference

[SOURCE: ISO/IEC 18014-1:2008, 3.12]
3.54
time-stamping authority
TSA
trusted third party (3.55) trusted to provide a time-stamping service
[SOURCE: ISO/IEC 18014-1:2008, 3.17]
3.55
trusted third party
TTP

security authority, or its agent, trusted by other entities with respect to security-related activities

Note 1 to entry: In the context of the ISO/IEC 13888 series, a trusted third party is trusted by the sender (3.43),

the recipient (3.47), and/or the delivery authority (3.8) for the purposes of non-repudiation, and by another party

such as an adjudicator (3.1).

[SOURCE: ISO/IEC 10181-1:1996, 3.3.30, modified — The abbreviated term "TTP" has been added. In

the definition, "by other entities" has been added, "security-relevant" has been changed to "security-

related" and the parentheses have been removed. Note 1 to entry has been added.]
3.56
trusted time-stamp
time-stamp (3.53) generated by a time-stamping authority (3.54)
3.57
verification key
value required to verify a MAC (3.22)
3.58
verifier
entity that verifies evidence (3.11)
© ISO/IEC 2020 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO/IEC 13888-1:2020(E)
4 Symbols and abbreviated terms
4.1 Symbols
A, B, C, D, E distinguishing identifiers

CHK (y) cryptographic check value computed on the data y using the key of entity X

DA distinguishing identifier of a delivery authority
f flag indicating the notary service
GNRT distinguishing identifier of a generic non-repudiation token

Imp(y) imprint of the data string y, either the hash-code of data string y, or the data string y

MACy() MAC computed on the data y using the key of entity X
m message for which evidence is generated
n number of sub-delivery authorities in a chain of sub-delivery authorities
NA distinguishing identifier of the notary authority
NRDT distinguishing identifier of a non-repudiation of delivery token
NRI distinguishing identifier of a non-repudiation information
NROT distinguishing identifier of a non-repudiation of origin token
NRST distinguishing identifier of a non-repudiation of submission token
NRTT distinguishing identifier of a non-repudiation of transport token
NT distinguishing identifier of a notarization token

Pol distinguishing identifier of a non-repudiation policy (or policies) which apply to evidence

Q optional data that needs to be origin/integrity protected
SENV (y) secure envelope computed on data y using the secret key of entity X
SIG (y) signed message generated on data y by entity X using its private key

S (y) signature computed on data y using a signature algorithm and the private key of entity X

text data item forming a part of the token that may contain additional information, e.g., a

key identifier and/or message identifier
T date and time the evidence was generated
NOTE The date and time are represented a
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.