7

Let's say you downloaded a file from a certain website, and later the website claims that it didn't made that file available, is there any way to prove that the website is lying?

Example 1: You download a youtube video and the channel later delete the video and claim that the video was never there.

Example 2: A website post a certain content and later you find that the link is broken, the website doesn't have the content anymore, but you still have the content and want to prove that the content was available there at a specific time.

Any ideas on how to do that?

TimestampQuestion
  • 71
  • 1
  • 2

5 Answers5

12

This is possible, but only with the co-operation of the website. Whatever the downloaded file is, along with the associate metadata such as time and server identity, can be cryptographically hashed to a small but computationally unique value. One can then request the website to sign this hash value with their certified signing key which is guaranteed by the website's certificate. If the website agrees to do this, the association between the download plus metadata and the website identity should be computationally hard to forge.

Note that the non-repudiation property is not a priori guaranteed for downloads secured by https nor sftp. The Applicability Statement (AS) specification includes message signing as an option.

There is a lack of forward security here. If the signing key used by the website (or other signatures in the certification chain) is subsequently compromised (either by future computational ability or cyber-attack) then forgeries will become possible. In these circumstances the website could deny the download by stating that all of their website's past traffic could be forged and no such guarantees should be trusted.

Daniel S
  • 29,316
  • 1
  • 33
  • 73
12

Daniel S explains what is needed to provide repudiation for file downloads, so I'll explain why you cannot prove a file was downloaded in the typical situation when using regular TLS.

When a server establishes a TLS session with a client, a master secret is exchanged. This secret is used to derive a key that is used for encryption as well as a key used for integrity. To provide integrity, the encrypted data is hashed using an algorithm called a MAC. Unlike most cryptographic hashes, a MAC hash is keyed. Even for the same message, the digest will be different if the key is different.

Before data is transmitted, the MAC is keyed and is used to hash the ciphertext. The hash is then transmitted along with the ciphertext as a tag. The receiver then uses the same MAC key to hash the ciphertext it receives and compares it against the tag. If it differs, the data may have been tampered with and the session will be torn down.

Even though you, as the client, know the master secret and thus also the MAC key, you cannot prove to anyone that the session that you have recorded is legitimate even if you also prove that the master secret itself is legitimate. This is because you could change the data and re-hash it with the MAC without ever calling into question the authenticity of the master secret. At most, you could prove that a given handshake occurred and that it was authentic, but you can't prove what happened afterwards.

See also Does a trace of SSL packets provide a proof of data authenticity?.

forest
  • 15,626
  • 2
  • 49
  • 103
4

  1. You can have witnesses watch you download the file to attest to the fact. I'm not sure how many witnesses you would need, but I'm sure the more the merrier.

  2. On the day that you download the file, when it is available, you can have archive.org (or a similar archiving site) make an archive of it (and the page that offers it). I'm not sure how well it would hold up in court, but archive.org has no reason to falsify its results for random people. This only works if you don't have to log in to download the file. (Woops, I guess someone already mentioned this.)

It could be good to make a detached signature for the file to prove when you downloaded it by. This won't tell where you downloaded it from, but knowing when you downloaded it could be useful to show that the company is lying in some cases. However, maybe you could set your computer to a false time to falsify this; so, you might need witnesses to give their signatures, too.

Better yet, if you can make the company itself your witness, then, yeah. On the day you download the file, maybe email them about it and ask questions (if they respond and talk about it, then there you go).

Brōtsyorfuzthrāx
  • 151
  • 6
3

Two variants of an idea. First, submit a request to Internet Archive/Wayback Machine to have them mirror the page in question. Note, however, that a particular site might not allow them to mirror it or might retroactively request the page to be taken down.

Second, ask an authoritative third party (notary, lawyer) to perform the download--ideally on a system you do not control--and record the result for posterity.

Taking a screenshot is not unusual (and then print and mail it to yourself but do not open), but offers only epsilon evidence over your unsubstantiated claim for those who know better.

These are obviously proactive steps. For the specific instance of YouTube, I imagine you can file a lawsuit and then have the judge issue discovery against Google who will know the truth. (IANAL).

Seth Robertson
  • 131
  • 2
1

Since you asked this on Cryptography, not Law, the answer is simple: you cannot. The TLS protocol (arguably very intentionally at this point, although originally it may have been unintentional) does not provide non-repudiation. This is very different from some other cryptographic communication contexts like DKIM on email that does serve as cryptographic proof of where the content originated from, which ends up being a perpetual source of liability in breaches.

This answer on sister site Security goes into some of the details.

R.. GitHub STOP HELPING ICE
  • 404
  • 2
  • 10