Accountability Issues in Multihop Message Communication

Abstract

Accountability (aka. Non-repudiation, or NRP) is a key component of information systems security, and it is a stated need in the Orange Book guidelines for security level classifications. This report presents a framework of the "accountability" needs of a message communication system. In particular, we demonstrate that the traditional approach of Digital Signature (DS) based solutions to the accountability needs of a message k communication system is only one part of the overall problem. In a multihop message delivery system, there can be other aspects of accountability that may not be addressed using DS techniques. We identify a specific problem, namely the Sender's Ambiguity Problem (SAP), that remains to be solved if a comprehensive treatment to accountability could be developed. The SAP problem is introduced and demonstrated in this report, and its relevance to multihop (where the hops could be physically separated routers, or logically distinct multiple software modules) message communication system is shown. We show that various application domains, including messaging systems and document distribution systems, are vulnerable to the SAP issue, and therefore, this research may have practical significance. The primary focus of this report is to identify the SAP problem (and, hence, raise a point that DS alone cannot completely solve the accountability problem). Then we present an outline of our research in SAP framework. The framework includes NRP categories, NRP types of services, NRP levels of certification. Finally, we present a set of metrics that can potentially be used to asses the SAP problem, and its existence severance, in a networked or distributed system. Follow on research is required to elaborate the SAP framework.

Document Details

Document Type

Technical Report

Publication Date

Dec 01, 1998

Accession Number

ADA358527

Entities

Tags