src/HOL/Auth/OtwayRees.thy
author paulson
Tue Mar 25 10:43:01 1997 +0100 (1997-03-25)
changeset 2837 dee1c7f1f576
parent 2516 4d68fbe6378b
child 3465 e85c24717cad
permissions -rw-r--r--
Trivial renamings (for consistency with CSFW papers)
     1 (*  Title:      HOL/Auth/OtwayRees
     2     ID:         $Id$
     3     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     4     Copyright   1996  University of Cambridge
     5 
     6 Inductive relation "otway" for the Otway-Rees protocol.
     7 
     8 Version that encrypts Nonce NB
     9 
    10 From page 244 of
    11   Burrows, Abadi and Needham.  A Logic of Authentication.
    12   Proc. Royal Soc. 426 (1989)
    13 *)
    14 
    15 OtwayRees = Shared + 
    16 
    17 consts  otway   :: agent set => event list set
    18 inductive "otway lost"
    19   intrs 
    20          (*Initial trace is empty*)
    21     Nil  "[]: otway lost"
    22 
    23          (*The spy MAY say anything he CAN say.  We do not expect him to
    24            invent new nonces here, but he can also use NS1.  Common to
    25            all similar protocols.*)
    26     Fake "[| evs: otway lost;  B ~= Spy;  
    27              X: synth (analz (sees lost Spy evs)) |]
    28           ==> Says Spy B X  # evs : otway lost"
    29 
    30          (*Alice initiates a protocol run*)
    31     OR1  "[| evs: otway lost;  A ~= B;  B ~= Server;  Nonce NA ~: used evs |]
    32           ==> Says A B {|Nonce NA, Agent A, Agent B, 
    33                          Crypt (shrK A) {|Nonce NA, Agent A, Agent B|} |} 
    34                  # evs : otway lost"
    35 
    36          (*Bob's response to Alice's message.  Bob doesn't know who 
    37 	   the sender is, hence the A' in the sender field.
    38            Note that NB is encrypted.*)
    39     OR2  "[| evs: otway lost;  B ~= Server;  Nonce NB ~: used evs;
    40              Says A' B {|Nonce NA, Agent A, Agent B, X|} : set_of_list evs |]
    41           ==> Says B Server 
    42                   {|Nonce NA, Agent A, Agent B, X, 
    43                     Crypt (shrK B)
    44                       {|Nonce NA, Nonce NB, Agent A, Agent B|}|}
    45                  # evs : otway lost"
    46 
    47          (*The Server receives Bob's message and checks that the three NAs
    48            match.  Then he sends a new session key to Bob with a packet for
    49            forwarding to Alice.*)
    50     OR3  "[| evs: otway lost;  B ~= Server;  Key KAB ~: used evs;
    51              Says B' Server 
    52                   {|Nonce NA, Agent A, Agent B, 
    53                     Crypt (shrK A) {|Nonce NA, Agent A, Agent B|}, 
    54                     Crypt (shrK B) {|Nonce NA, Nonce NB, Agent A, Agent B|}|}
    55                : set_of_list evs |]
    56           ==> Says Server B 
    57                   {|Nonce NA, 
    58                     Crypt (shrK A) {|Nonce NA, Key KAB|},
    59                     Crypt (shrK B) {|Nonce NB, Key KAB|}|}
    60                  # evs : otway lost"
    61 
    62          (*Bob receives the Server's (?) message and compares the Nonces with
    63 	   those in the message he previously sent the Server.*)
    64     OR4  "[| evs: otway lost;  A ~= B;  
    65              Says B Server {|Nonce NA, Agent A, Agent B, X', 
    66                              Crypt (shrK B)
    67                                    {|Nonce NA, Nonce NB, Agent A, Agent B|}|}
    68                : set_of_list evs;
    69              Says S' B {|Nonce NA, X, Crypt (shrK B) {|Nonce NB, Key K|}|}
    70                : set_of_list evs |]
    71           ==> Says B A {|Nonce NA, X|} # evs : otway lost"
    72 
    73          (*This message models possible leaks of session keys.  The nonces
    74            identify the protocol run.*)
    75     Oops "[| evs: otway lost;  B ~= Spy;
    76              Says Server B {|Nonce NA, X, Crypt (shrK B) {|Nonce NB, Key K|}|}
    77                : set_of_list evs |]
    78           ==> Says B Spy {|Nonce NA, Nonce NB, Key K|} # evs : otway lost"
    79 
    80 end