Accountability issues in multihop message communication

Accountability (aka non-repudiation, or NRP) is a key component of information systems security, and it is a stated need in the Orange Book guidelines for security level classifications. This paper presents a framework of the "accountability" needs of a message communication system. In particular, we demonstrate that the traditional approach of digital signature (DS) based solutions to the accountability needs of a message communication system is only one part of the overall problem. In a multihop message delivery system (where the hops could be physically separated routers. Or logically distinct multiple software modules), there can be other aspects of accountability that may not be addressed using DS techniques. We identify a specific problem, namely the sender's ambiguity problem (SAP), that remains to be solved if a comprehensive treatment to accountability could be developed. The primary focus of this paper is to identify the SAP problem (and, hence, raise a point that DS alone cannot completely solve the accountability problem). Then we present an outline of our research in SAP framework. The framework includes NRP categories, NRP types of services, NRP levels of certification. Finally, we present a set of metrics that can potentially be used to assess the SAP problem, and its existence severance, in a networked or distributed system. Follow on research is required to elaborate the SAP framework.