Non-repudiation in cybersecurity is a principle that ensures a party in a digital communication or

transaction cannot deny the authenticity of their actions. It provides undeniable proof that a
specific action, such as sending an email, making a financial transaction, or signing a document,
was performed by a particular entity.
Key Aspects of Non-Repudiation
1. Authentication – Ensures that the sender or signer is verified.
2. Integrity – Guarantees that the message or transaction has not been altered.
3. Proof of Origin & Delivery – Provides evidence that a message was sent and received.
4. Digital Signatures & Encryption – Cryptographic methods used to ensure non-
repudiation.
Methods to Achieve Non-Repudiation
• Digital Signatures: Uses cryptographic keys to authenticate the sender.
• Hash Functions: Ensures data integrity by creating a unique fingerprint of the message.
• Public Key Infrastructure (PKI): Uses certificates to verify identities.
• Blockchain Technology: Provides immutable transaction records.
• Audit Logs: Maintains records of transactions for verification.
Examples of Non-Repudiation in Use
• Email Communication: Signed emails confirm the sender's identity.
• Online Banking: Digital transactions are recorded with user authentication.
• E-Commerce: Payment confirmations prevent buyers from denying purchases.
• Legal Documents: Digital contracts use electronic signatures to ensure authenticity.
Real-World Example of Non-Repudiation in Cybersecurity
Scenario: Online Banking Transaction
Imagine John logs into his bank's online portal and transfers $1,000 to his friend Mark.
How Non-Repudiation is Ensured:
1. Authentication – John logs in using his username and password, and the bank may require
multi-factor authentication (MFA), such as an OTP (One-Time Password) sent to his phone.
2. Digital Signature – The transaction is signed with John's unique digital certificate or
cryptographic key.
3. Transaction Logging – The bank records the transaction details (time, amount, recipient)
in its secure database.
4. Email/SMS Confirmation – The bank sends a confirmation message to John's registered
email or phone, confirming the transaction.
5. Immutable Records – The transaction details are stored securely in a ledger, preventing
unauthorized modifications.
Real-World Example: Digital Contract Signing
Scenario: Business Contract Between Two Companies
Company A and Company B enter into a contract for a software development project. Instead of
signing a physical document, they use an electronic signature platform like DocuSign or Adobe
Sign.
How Non-Repudiation is Ensured:
1. Authentication:
o Both companies' representatives log in using their verified accounts.
o They may use multi-factor authentication (MFA) to confirm their identity.
2. Digital Signature & Timestamping:
 o Each party signs the contract using a digital signature, which is linked to their
unique cryptographic key.
o The platform records a timestamp for when each party signed.
3. Audit Trail:
o The platform generates an audit log that tracks when the document was sent, viewed,
signed, and finalized.
o This log is stored securely and cannot be altered.
4. Document Integrity:
o A hash function is applied to the signed contract, ensuring that any modification will
invalidate the signature.
5. Final Confirmation & Copies:
o Both parties receive a confirmation email with a signed copy of the contract.
Outcome:
If Company A later denies signing the contract, Company B can provide the digital signature logs,
timestamps, and authentication records as irrefutable proof that the contract was signed. This
ensures non-repudiation, preventing either party from denying their involvement.
This method is commonly used in legal agreements, financial transactions, and corporate
deals to provide security and accountability.
Meaning of Authentication & Its Techniques
What is Authentication?
Authentication is the process of verifying the identity of a user, system, or device before granting
access to a system, network, or application. It ensures that only authorized users can access
protected resources.
Types of Authentication (Techniques of Authentication)
Authentication can be achieved through five major techniques, classified based on the type of
credentials used:
1. Knowledge-Based Authentication (what You Know)
• The user provides information that only they should know.
• Weakness: Can be guessed, stolen, or phished.
Examples:
• Passwords – A secret combination of characters known only to the user.
• PIN (Personal Identification Number) – A numeric code used in banking or secured
systems.
• Security Questions – Predefined questions answered during account setup.
Example: Logging into an email account using a password.
2. Possession-Based Authentication (what You Have)
• The user must possess a physical or digital item for authentication.
• Weakness: Can be lost, stolen, or cloned.
Examples:
• OTPs (One-Time Passwords) sent via SMS or email.
• Smart Cards (e.g., ID cards with embedded chips).
• Security Tokens (e.g., USB authentication keys like YubiKey).
• Mobile Devices (e.g., using a phone for two-factor authentication).
Example: Logging into an online bank account using an OTP sent to a mobile phone.
3. Inherence-Based Authentication (who you Are)
• Uses biological or behavioral characteristics unique to the user.
 • Weakness: Can sometimes be spoofed (e.g., deepfake for face recognition).
Examples:
• Biometric Authentication:
Fingerprint scanning (e.g., unlocking a smartphone).
Facial recognition (e.g., Apple Face ID).
Iris scanning (e.g., advanced security systems).
Voice recognition (e.g., voice-based banking authentication).
• Behavioral Biometrics:
o Typing speed and pattern
o Mouse movement patterns
Example: Unlocking a smartphone using facial recognition or a fingerprint scanner.
4. Multi-Factor Authentication (MFA) (A Combination of Two or More Factors)
Multi-Factor Authentication (MFA) – Combining Different Methods
For enhanced security, systems often require two or more authentication factors.
Examples:
• Banking Login: Password (what you know) + OTP (what you have).
• Smartphone Unlock: Fingerprint (who you are) + PIN (what you know).
• Workplace Security: ID card (what you have) + facial recognition (who you are).
Example: Logging into an email account with a password and then verifying with an OTP sent
to a mobile device.
Authentication using biometric data can be classified into two main types:
Behavioral and Physiological Authentication
1. Physiological Authentication (What You Are - Physical Traits)
Physiological authentication relies on permanent and measurable biological characteristics
unique to each person.
Examples:
• Fingerprint Recognition – Used in smartphones and biometric attendance systems.
• Facial Recognition – Unlocking devices or airport security.
• Iris Scanning – High-security access control (e.g., government facilities).
• Palm Vein Recognition – Banking authentication.
• DNA Matching – Used in forensic investigations.
Advantages:
Hard to forge or steal.
Does not require user effort after setup.
Disadvantages:
Can be expensive to implement.
Some methods (e.g., face recognition) can be fooled by deepfake technology.
2. Behavioral Authentication (What You Do - Behavior Traits)
Behavioral authentication relies on patterns of actions unique to an individual. These patterns are
difficult to replicate.
Examples:
• Typing Dynamics (Keystroke Patterns) – Speed, rhythm, and pressure while typing.
• Voice Recognition – Tone, pitch, and accent of a user’s voice.
• Gait Analysis – The way a person walks, used in security systems.
• Mouse Movement Analysis – Tracking how a user moves a cursor on a screen.
 Advantages:
Continuous authentication (can detect unauthorized users in real-time).
Does not require special hardware.
Disadvantages:
Can be affected by user conditions (e.g., voice changes due to illness).
Requires machine learning for accuracy.
Key Differences Between Physiological and Behavioral Authentication
Aspect Physiological Authentication Behavioral Authentication
Physical traits (fingerprint, face, iris, Behavioral patterns (typing speed,
Based On
etc.) voice, gait, etc.)
Can change over time (e.g., voice,
Permanence Usually permanent and unchanging
walking style)
Can be affected by external factors
Accuracy More accurate and reliable
(fatigue, illness)
Requires specialized hardware Can be implemented with software and
Implementation
(scanners, cameras) AI
Moderate (difficult but possible to
Security Level High (hard to forge or steal)
mimic)
Which is More Secure?
• Physiological authentication is more stable but requires specialized devices.
• Behavioral authentication is more adaptive and can be used for continuous
authentication (detecting intrusions in real-time).
• Best security is achieved by combining both in multi-factor authentication (e.g.,
fingerprint + typing pattern).
Keystroke Dynamics – What Is It?
Keystroke dynamics is a behavioral biometric authentication method that analyzes the way a
person types on a keyboard. It captures unique typing patterns, including:
• Typing speed (how fast you type).
• Key press duration (how long each key is held).
• Flight time (time between key presses).
• Error patterns (mistakes and corrections).
• Rhythm and cadence (flow of typing).
Since every person types uniquely, keystroke dynamics can be used for authentication, fraud
detection, and security monitoring.
Examples of Keystroke Dynamics in Real Life
1. Banking Security
o Online banking platforms can analyze typing patterns to verify users.
o If an attacker steals a password but their typing rhythm doesn’t match the real user,
access can be denied.
2. Workplace Security
o Companies use keystroke dynamics to monitor employees logging into secure
systems.
o If an unauthorized person logs in with stolen credentials but types differently, an alert
is triggered.
 3. Fraud Detection in Online Exams
o Some universities use keystroke dynamics in online exams to ensure students are
who they claim to be.
o If someone else tries to take the exam, their typing pattern will be different from the
registered student.
4. Secure Login Systems
o Websites and apps can use keystroke patterns in addition to passwords for extra
security.
o Example: If a hacker steals a password but types slower or with different keypress
patterns, access is blocked.
5. Continuous Authentication in Military and Government Systems
o Government and military agencies use keystroke biometrics to ensure ongoing
security.
o If a logged-in user’s typing changes drastically, the system may trigger a security
check.
What is an Intrusion in Cybersecurity?
An intrusion in cybersecurity refers to any unauthorized access, attack, or breach of a computer
system, network, or data. It occurs when an attacker bypasses security measures to gain access to
sensitive information or disrupt operations.
Types of Intrusions
Network Intrusions – Unauthorized access to a network, often through hacking or malware.
System Intrusions – Attackers gain access to a computer or server to steal or manipulate data.
Physical Intrusions – Unauthorized entry into a secured physical location (e.g., data centers).
Application Intrusions – Exploiting vulnerabilities in software applications (e.g., SQL
Injection, Cross-Site Scripting).
Examples of Intrusions in Real Life
1. Hacking a Social Media Account
o An attacker steals your password and logs into your account without permission.
2. Bank Account Fraud
o Cybercriminals gain access to a bank system and steal money using phishing attacks.
3. Ransomware Attacks
o Malware encrypts files on a company’s servers, demanding payment for restoration.
4. Unauthorized Access to Company Systems
o A former employee still has login credentials and accesses confidential company
data.
Enrollment Stage in Biometrics
The enrollment stage in biometrics is the initial phase where a user's unique biometric data (such
as fingerprint, face, iris, or voice) is captured, processed, and stored for future authentication.
Key Steps in the Enrollment Process
1️⃣ Biometric Data Capture
• The system records the user's biometric trait (e.g., scanning a fingerprint, taking a facial
image, recording voice).
2️⃣ Feature Extraction
• The system identifies and extracts unique characteristics from the captured data (e.g.,
fingerprint ridges, facial geometry, voice pitch).
3️⃣ Template Creation
• A digital biometric template (mathematical representation of the biometric trait) is
created.
• This template is unique and does not store raw images but rather encrypted data points.
4️⃣ Storage
• The biometric template is securely stored in a database or on a device for future
authentication.
Real-World Examples of Enrollment
✔ Smartphone Fingerprint Setup – When setting up a new phone, you scan your fingerprint
multiple times to save it for unlocking.
✔ Face Recognition in Airports – When applying for a biometric passport, the system captures
and stores your facial data.
✔ Voice Authentication in Banking – Some banks ask customers to say a phrase to register their
voiceprint for future identity verification.
✔ Iris Scan in Secure Facilities – Employees enroll their iris pattern for high-security access.
What is a Brute Force Attack?
A Brute Force Attack is a hacking technique where attackers try multiple password
combinations systematically until they guess the correct one. It relies on trial and error and is
one of the simplest but most effective hacking methods.
How Brute Force Attacks Work
1️⃣ Attackers target a login system (e.g., website, email, or server).
2️⃣ They use automated tools to guess passwords by trying thousands or even millions of
combinations.
3️⃣ If the system has weak security, the attacker eventually finds the correct password and gains
unauthorized access.
Types of Brute Force Attacks
Simple Brute Force Attack – Tries all possible password combinations (e.g., "1234",
"password", "admin123").
Dictionary Attack – Uses a pre-built list of common passwords and words.
Credential Stuffing – Uses stolen username-password pairs from previous data breaches.
Hybrid Attack – Combines dictionary words with random characters (e.g.,
"Password@123").
Reverse Brute Force Attack – Starts with a known password and tries different usernames.
Real-World Example of a Brute Force Attack
Instagram/Facebook Hacking – Hackers use brute force to guess weak passwords and gain
control of social media accounts.
Banking & Financial Systems – Attackers attempt to break into bank accounts by trying
different password combinations.
How to Prevent Brute Force Attacks
Use Strong Passwords – Long, complex passwords make brute force attacks harder.
Enable Multi-Factor Authentication (MFA) – Adds an extra security layer beyond just
passwords.
Limit Login Attempts – Lock accounts after multiple failed login attempts.
 Use CAPTCHA – Prevents automated bots from guessing passwords.
Monitor Login Activity – Detects suspicious login attempts.