Mechanical Proofs about a Non-repudiation Protocol

  • Giampaolo Bella
  • Lawrence C. Paulson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2152)


A non-repudiation protocol of Zhou and Gollmann [18] has been mechanically verified. A non-repudiation protocol gives each party evidence that the other party indeed participated, evidence sufficient to present to a judge in the event of a dispute. We use the theorem-prover Isabelle [10] and model the security protocol by an inductive definition, as described elsewhere [1,12]. We prove the protocol goals of validity of evidence and of fairness using simple strategies. A typical theorem states that a given piece of evidence can only exist if a specific event took place involving the other party.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    G. Bella. Message Reception in the Inductive Approach. Research Report 460, University of Cambridge — Computer Laboratory, 1999.Google Scholar
  2. 2.
    G. Bella. Modelling Agents’ Knowledge Inductively. In Proc. of the 7th International Workshop on Security Protocols, LNCS 1796. Springer-Verlag, 1999.Google Scholar
  3. 3.
    G. Bella. Mechanising a protocol for smart cards. In Proc. of International Conference on Research in Smart Cards (e-Smart’01), LNCS. Springer-Verlag, 2001. In Press.Google Scholar
  4. 4.
    G. Bella, F. Massacci, L.C. Paulson, and P. Tramontano. Formal Verification of Cardholder Registration in SET. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors, Proc. of the 6th European Symposium on Research in Computer Security (ESORICS 2000), LNCS 1895, pages 159–174. Springer-Verlag, 2000.Google Scholar
  5. 5.
    G. Bella and L.C. Paulson. Kerberos Version IV: Inductive Analysis of the Secrecy Goals. In J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, editors, Proc. of the 5th European Symposium on Research in Computer Security (ESORICS’98), LNCS 1485, pages 361–375. Springer-Verlag, 1998.Google Scholar
  6. 6.
    G. Bella and L.C. Paulson. Mechanising BAN Kerberos by the Inductive Method. In A. J. Hu and M. Y. Vardi, editors, Proc. of the International Conference on Computer-Aided Verification (CAV’98), LNCS 1427, pages 416–427. Springer-Verlag, 1998.CrossRefGoogle Scholar
  7. 7.
    M. Ben-Or, O. Goldreich, S. Micali, and R. Rivest. A Fair Protocol for Signing Contracts. IEEE Transactions on Information Theory, 36(1):40–46, 1990.CrossRefGoogle Scholar
  8. 8.
    C.A. Meadows. The NRL Protocol Analyzer: An Overview. Journal of Logic Programming, 26(2):113–131, 1996.zbMATHCrossRefGoogle Scholar
  9. 9.
    T. Okamoto and K. Ohta. How to Simultaneously Exchange Secrets by General Assumptions. In Proc. of the 2nd ACM Conference on Computer and Communication Security (CCS’94), pages 184–192, 1994.Google Scholar
  10. 10.
    L.C. Paulson. Isabelle: A Generic Theorem Prover. LNCS 828. Springer-Verlag, 1994.zbMATHGoogle Scholar
  11. 11.
    L.C. Paulson. Theory for public-key protocols, 1996.
  12. 12.
    L.C. Paulson. The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security, 6:85–128, 1998.Google Scholar
  13. 13.
    L.C. Paulson. Inductive Analysis of the Internet protocol TLS. ACM Transactions on Computer and System Security, 1999. In press.Google Scholar
  14. 14.
    P.Y.A. Ryan and S.A. Schneider. The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, 2000.Google Scholar
  15. 15.
    S. Schneider. Verifying Authentication Protocols with CSP. In Proc. of the 10th IEEE Computer Security Foundations Workshop, pages 3–17. IEEE Computer Society Press, 1997.Google Scholar
  16. 16.
    S. Schneider. Formal Analysis of a Non-Repudiation Protocol. In Proc. of the 11th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 1998.Google Scholar
  17. 17.
    G. Zhou and D. Gollmann. Towards Verification of Non-Repudiation Protocols. In Proc. of the 1998 International Refinement Workshop and Formal Methods Pacific, pages 370–380. Springer-Verlag, 1998.Google Scholar
  18. 18.
    J. Zhou and D. Gollmann. A Fair Non-Repudiation Protocol. In Proc. of the 15th IEEE Symposium on Security and Privacy, pages 55–61. IEEE Computer Society Press, 1996.Google Scholar
  19. 19.
    J. Zhou and D. Gollmann. An Efficient Non-Repudiation Protocol. In Proc. of the 10th IEEE Computer Security Foundations Workshop, pages 126–132. IEEE Computer Society Press, 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Giampaolo Bella
    • 1
    • 2
  • Lawrence C. Paulson
    • 1
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK
  2. 2.Dipartimento di Matematica e InformaticaUniversità di CataniaCataniaItaly

Personalised recommendations