Repudiation : R in STRIDE

Disclaimer: The views expressed in this writeup are solely my opinions and do not reflect the opinions of their current or past employers.

The R in STRIDE stands for Repudiation. Interestingly, however, the actual property we want to enforce is non-repudiation. In plain English, repudiation refers to denying having performed an action or refusing responsibility for it after the fact.

The most recommended security control to ensure non-repudiation is the use of audit trails or timestamps. However, if you are building something sensitive or critical, additional mitigations exist, particularly those based on symmetric cryptography or asymmetric/Public Key Infrastructure (PKI).

Let’s look at few examples of systems that use cryptography in interesting ways to mitigate the risk of repudiation.

AWS IAM and API calls

The Amazon Web Service (AWS) IAM requires all the API calls to be signed with a symmetric key when sent from the AWS CLI or similar clients. When setting up the AWS CLI, the user must either configuration a secret key or setup an IAM role which will be used for invoking API calls.

If you read through the AWS SigV4 documentation, you can see which fields are signed when sending a request to AWS endpoints. Generally a signature is calculated using the secret key belonging to a user as key material. Since the API request going out from a CLI is signed with a shared secret key, the receiver can attest that only this specific sender (because they possess this specific secret key) could have sent this message.

Additionally, since multiple important headers in the request are signed, this mechanism also provides protections against tampering, replay protection (with nonce), and authenticity.

Message Signatures RFC

If you're interested in learning more about implementing a system similar to AWS, there's an RFC that explains how to generate a signature for an HTTP message in a way that is not specific to AWS.

Payments and Digital Signatures

Assume you are a big bank and want to send massive amount of money to some other financial institution. Since the amount can be massive, we just don’t want to rely on something like audit logs to say I Bank1 sent (or did not send) XYZ amount to Bank 2.

This is an ideal case for using Digital Signatures. Bank 1 and Bank 2 can partner and create a Public Key Cryptography (PKI) system both of them trust. Under this scheme, both the banks will create a public and private key pairs, and get the public key signed through a trusted Certificate Authority (CA).

When sending any amount of money, Bank1 can sign a message with its private key. Once the Bank 2 receives the payment, it can send a confirmation message back signed with its private key. Since both parties trust each others public keys, they can verify the contents of the message. Additionally, since only Bank1 should know the private key associated with the public key for Bank1, everyone can safely attest that only Bank1 could have sent this payment. This way we get a much stronger non-repudiation property than just relying on audit logs or timestamps.

VISA

In fact Visa the leading payment network uses a similar PKI system for sharing sensitive information. However, VISA recommends that the message itself containing payment information should be encrypted with AES GCM. And this encryption key for AES GCM is then eventually encrypted with RSA OAEP with the help of PKI system.

Document Signing

Docusign uses the PKI system for ensuring there is thorough logs of who is signing which document. Docusign has described their signature process on their website linked here. As we can see the private key provides us with many security guarantees including non-repudiation.

Conclusion

Cryptographic primitives such as Digital Signatures or HMAC in symmetric crypto, can provide the most effective mitigation against the threat of repudiation. And if you are threat modeling a system which requires high levels of security assurance/guarantee, you should definitely think about utilizing these crypto primitives for protections against repudiation.