Mechanical Proofs about a Non-repudiation Protocol
A non-repudiation protocol of Zhou and Gollmann  has been mechanically verified. A non-repudiation protocol gives each party evidence that the other party indeed participated, evidence sufficient to present to a judge in the event of a dispute. We use the theorem-prover Isabelle  and model the security protocol by an inductive definition, as described elsewhere [1,12]. We prove the protocol goals of validity of evidence and of fairness using simple strategies. A typical theorem states that a given piece of evidence can only exist if a specific event took place involving the other party.
Unable to display preview. Download preview PDF.
- 1.G. Bella. Message Reception in the Inductive Approach. Research Report 460, University of Cambridge — Computer Laboratory, 1999.Google Scholar
- 2.G. Bella. Modelling Agents’ Knowledge Inductively. In Proc. of the 7th International Workshop on Security Protocols, LNCS 1796. Springer-Verlag, 1999.Google Scholar
- 3.G. Bella. Mechanising a protocol for smart cards. In Proc. of International Conference on Research in Smart Cards (e-Smart’01), LNCS. Springer-Verlag, 2001. In Press.Google Scholar
- 4.G. Bella, F. Massacci, L.C. Paulson, and P. Tramontano. Formal Verification of Cardholder Registration in SET. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors, Proc. of the 6th European Symposium on Research in Computer Security (ESORICS 2000), LNCS 1895, pages 159–174. Springer-Verlag, 2000.Google Scholar
- 5.G. Bella and L.C. Paulson. Kerberos Version IV: Inductive Analysis of the Secrecy Goals. In J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, editors, Proc. of the 5th European Symposium on Research in Computer Security (ESORICS’98), LNCS 1485, pages 361–375. Springer-Verlag, 1998.Google Scholar
- 9.T. Okamoto and K. Ohta. How to Simultaneously Exchange Secrets by General Assumptions. In Proc. of the 2nd ACM Conference on Computer and Communication Security (CCS’94), pages 184–192, 1994.Google Scholar
- 11.L.C. Paulson. Theory for public-key protocols, 1996. http://www4.informatik.tu-muenchen.de/~isabelle/library/HOL/Auth/Public.html.
- 12.L.C. Paulson. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security, 6:85–128, 1998.Google Scholar
- 13.L.C. Paulson. Inductive Analysis of the Internet protocol TLS. ACM Transactions on Computer and System Security, 1999. In press.Google Scholar
- 14.P.Y.A. Ryan and S.A. Schneider. The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, 2000.Google Scholar
- 15.S. Schneider. Verifying Authentication Protocols with CSP. In Proc. of the 10th IEEE Computer Security Foundations Workshop, pages 3–17. IEEE Computer Society Press, 1997.Google Scholar
- 16.S. Schneider. Formal Analysis of a Non-Repudiation Protocol. In Proc. of the 11th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 1998.Google Scholar
- 17.G. Zhou and D. Gollmann. Towards Verification of Non-Repudiation Protocols. In Proc. of the 1998 International Refinement Workshop and Formal Methods Pacific, pages 370–380. Springer-Verlag, 1998.Google Scholar
- 18.J. Zhou and D. Gollmann. A Fair Non-Repudiation Protocol. In Proc. of the 15th IEEE Symposium on Security and Privacy, pages 55–61. IEEE Computer Society Press, 1996.Google Scholar
- 19.J. Zhou and D. Gollmann. An Efficient Non-Repudiation Protocol. In Proc. of the 10th IEEE Computer Security Foundations Workshop, pages 126–132. IEEE Computer Society Press, 1996.Google Scholar