isabelle: src/HOL/Auth/KerberosIV.ML@04d0f732e24e (annotated)

6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1	(* Title: HOL/Auth/KerberosIV
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	2	ID: $Id$
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	3	Author: Giampaolo Bella, Cambridge University Computer Laboratory
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	4	Copyright 1998 University of Cambridge
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	5
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	6	The Kerberos protocol, version IV.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	7	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	8
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	9	Pretty.setdepth 20;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	10	proof_timing:=true;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	11
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	12	AddIffs [AuthLife_LB, ServLife_LB, AutcLife_LB, RespLife_LB, Tgs_not_bad];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	13
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	14
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	15	( Reversed traces )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	16
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	17	Goal "spies (evs @ [Says A B X]) = insert X (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	18	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	19	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	20	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	21	qed "spies_Says_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	22
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	23	Goal "spies (evs @ [Gets A X]) = spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	24	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	25	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	26	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	27	qed "spies_Gets_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	28
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	29	Goal "spies (evs @ [Notes A X]) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	30	\ (if A:bad then insert X (spies evs) else spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	31	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	32	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	33	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	34	qed "spies_Notes_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	35
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	36	Goal "spies evs = spies (rev evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	37	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	38	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	39	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	40	(asm_simp_tac (simpset() addsimps [spies_Says_rev, spies_Gets_rev,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	41	spies_Notes_rev])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	42	qed "spies_evs_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	43	bind_thm ("parts_spies_evs_revD2", spies_evs_rev RS equalityD2 RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	44
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	45	Goal "spies (takeWhile P evs) <= spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	46	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	47	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	48	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	49	(* Resembles "used_subset_append" in Event.ML*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	50	qed "spies_takeWhile";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	51	bind_thm ("parts_spies_takeWhile_mono", spies_takeWhile RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	52
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	53	Goal "~P(x) --> takeWhile P (xs @ [x]) = takeWhile P xs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	54	by (induct_tac "xs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	55	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	56	qed "takeWhile_tail";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	57
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	58
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	59	(***************LEMMAS ABOUT AuthKeys**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	60
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	61	Goalw [AuthKeys_def] "AuthKeys [] = {}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	62	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	63	qed "AuthKeys_empty";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	64
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	65	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	66	"(ALL A Tk akey Peer. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	67	\ ev ~= Says Kas A (Crypt (shrK A) {\|akey, Agent Peer, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	68	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, akey, Tk\|})\|}))\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	69	\ ==> AuthKeys (ev # evs) = AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	70	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	71	qed "AuthKeys_not_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	72
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	73	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	74	"AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	75	\ (Says Kas A (Crypt (shrK A) {\|Key K, Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	76	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K, Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	77	\ = insert K (AuthKeys evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	78	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	79	qed "AuthKeys_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	80
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	81	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	82	"K : AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	83	\ (Says Kas A (Crypt (shrK A) {\|Key K', Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	84	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K', Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	85	\ ==> K = K' \| K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	86	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	87	qed "AuthKeys_simp";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	88
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	89	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	90	"Says Kas A (Crypt (shrK A) {\|Key K, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	91	\ (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key K, Number Tk\|})\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	92	\ ==> K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	93	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	94	qed "AuthKeysI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	95
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	96	Goalw [AuthKeys_def] "K : AuthKeys evs ==> Key K : used evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	97	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	98	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	99	qed "AuthKeys_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	100
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	101
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	102	(** FORWARDING LEMMAS **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	103
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	104	(--For reasoning about the encrypted portion of message K3--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	105	Goal "Says Kas' A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	106	\ : set evs ==> AuthTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	107	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	108	qed "K3_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	109
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	110	Goal "Says Kas A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	111	\ : set evs ==> AuthKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	112	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	113	qed "Oops_parts_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	114
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	115	Goal "[\| Says Kas A (Crypt KeyA {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	116	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	117	\ evs : kerberos \|] ==> AuthKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	118	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	119	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	120	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	121	qed "Oops_range_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	122
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	123	(--For reasoning about the encrypted portion of message K5--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	124	Goal "Says Tgs' A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	125	\ : set evs ==> ServTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	126	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	127	qed "K5_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	128
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	129	Goal "Says Tgs A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	130	\ : set evs ==> ServKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	131	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	132	qed "Oops_parts_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	133
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	134	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	135	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	136	\ evs : kerberos \|] ==> ServKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	137	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	138	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	139	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	140	qed "Oops_range_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	141
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	142	Goal "Says S A (Crypt K {\|SesKey, B, TimeStamp, Ticket\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	143	\ ==> Ticket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	144	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	145	qed "Says_ticket_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	146	(Replaces both K3_msg_in_parts_spies and K5_msg_in_parts_spies)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	147
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	148	fun parts_induct_tac i =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	149	etac kerberos.induct i THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	150	REPEAT (FIRSTGOAL analz_mono_contra_tac) THEN
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	151	ftac K3_msg_in_parts_spies (i+4) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	152	ftac K5_msg_in_parts_spies (i+6) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	153	ftac Oops_parts_spies1 (i+8) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	154	ftac Oops_parts_spies2 (i+9) THEN
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	155	prove_simple_subgoals_tac 1;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	156
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	157
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	158	(Spy never sees another agent's shared key! (unless it's lost at start))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	159	Goal "evs : kerberos ==> (Key (shrK A) : parts (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	160	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	161	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	162	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	163	qed "Spy_see_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	164	Addsimps [Spy_see_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	165
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	166	Goal "evs : kerberos ==> (Key (shrK A) : analz (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	167	by (auto_tac (claset() addDs [impOfSubs analz_subset_parts], simpset()));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	168	qed "Spy_analz_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	169	Addsimps [Spy_analz_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	170
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	171	Goal "[\| Key (shrK A) : parts (spies evs); evs : kerberos \|] ==> A:bad";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	172	by (blast_tac (claset() addDs [Spy_see_shrK]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	173	qed "Spy_see_shrK_D";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	174	bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	175	AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	176
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	177	(Nobody can have used non-existent keys!)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	178	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	179	\ Key K ~: used evs --> K ~: keysFor (parts (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	180	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	181	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	182	by (best_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	183	(claset() addSDs [impOfSubs (parts_insert_subset_Un RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	184	addIs [impOfSubs analz_subset_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	185	addDs [impOfSubs (analz_subset_parts RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	186	addss (simpset())) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	187	(Others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	188	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	189	qed_spec_mp "new_keys_not_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	190
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	191	bind_thm ("new_keys_not_analzd",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	192	[analz_subset_parts RS keysFor_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	193	new_keys_not_used] MRS contra_subsetD);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	194
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	195	Addsimps [new_keys_not_used, new_keys_not_analzd];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	196
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	197
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	198	(********************* REGULARITY LEMMAS *********************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	199	(* concerning the form of items passed in messages *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	200	(*****************************************************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	201
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	202	(Describes the form of AuthKey, AuthTicket, and K sent by Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	203	Goal "[\| Says Kas A (Crypt K {\|Key AuthKey, Agent Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	204	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	205	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	206	\ ==> AuthKey ~: range shrK & AuthKey : AuthKeys evs & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	207	\ AuthTicket = (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} ) &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	208	\ K = shrK A & Peer = Tgs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	209	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	210	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	211	by (ALLGOALS (simp_tac (simpset() addsimps [AuthKeys_def, AuthKeys_insert])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	212	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	213	qed "Says_Kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	214
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	215	(*This lemma is essential for proving Says_Tgs_message_form:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	216
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	217	the session key AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	218	supplied by Kas in the authentication ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	219	cannot be a long-term key!
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	220
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	221	Generalised to any session keys (both AuthKey and ServKey).
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	222	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	223	Goal "[\| Crypt (shrK Tgs_B) {\|Agent A, Agent Tgs_B, Key SesKey, Number T\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	224	\ : parts (spies evs); Tgs_B ~: bad;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	225	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	226	\ ==> SesKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	227	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	228	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	229	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	230	qed "SesKey_is_session_key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	231
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	232	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	233	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	234	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	235	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	236	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	237	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	238	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	239	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	240	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	241	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	242	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	243	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	244	qed "A_trusts_AuthTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	245
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	246	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	247	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	248	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	249	\ ==> AuthKey : AuthKeys evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	250	by (ftac A_trusts_AuthTicket 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	251	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	252	by (simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	253	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	254	qed "AuthTicket_crypt_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	255
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	256	(Describes the form of ServKey, ServTicket and AuthKey sent by Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	257	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	258	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	259	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	260	\ ==> B ~= Tgs & ServKey ~: range shrK & ServKey ~: AuthKeys evs &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	261	\ ServTicket = (Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} ) & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	262	\ AuthKey ~: range shrK & AuthKey : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	263	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	264	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	265	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	266	(asm_full_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	267	(simpset() addsimps [AuthKeys_insert, AuthKeys_not_insert,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	268	AuthKeys_empty, AuthKeys_simp])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	269	by (blast_tac (claset() addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	270	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	271	by (blast_tac (claset() addSDs [AuthKeys_used, Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	272	by (blast_tac (claset() addSDs [SesKey_is_session_key]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	273	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	274	by (blast_tac (claset() addDs [AuthTicket_crypt_AuthKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	275	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	276	qed "Says_Tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	277
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	278	(If a certain encrypted message appears then it originated with Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	279	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	280	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	281	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	282	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	283	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	284	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	285	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	286	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	287	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	288	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	289	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	290	A_trusts_AuthTicket RS Says_Kas_message_form])
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	291	1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	292	qed "A_trusts_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	293
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	294
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	295	(If a certain encrypted message appears then it originated with Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	296	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	297	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	298	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	299	\ AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	300	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	301	\==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	302	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	303	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	304	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	305	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	306	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	307	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	308	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	309	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	310	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	311	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	312	qed "A_trusts_K4";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	313
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	314	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	315	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	316	\ A ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	317	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	318	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	319	\ AuthTicket = Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	320	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	321	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	322	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	323	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	324	qed "AuthTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	325
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	326	(* This form holds also over an AuthTicket, but is not needed below. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	327	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	328	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	329	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	330	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	331	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	332	\ (EX A. ServTicket = Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|})";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	333	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	334	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	335	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	336	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	337	qed "ServTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	338
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	339	Goal "[\| Says Kas' A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	340	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	341	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	342	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	343	\ AuthTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	344	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	345	\ \| AuthTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	346	by (case_tac "A : bad" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	347	by (force_tac (claset() addSDs [Says_imp_spies RS analz.Inj], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	348	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	349	by (blast_tac (claset() addSDs [AuthTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	350	qed "Says_kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	351	(* Essentially the same as AuthTicket_form *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	352
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	353	Goal "[\| Says Tgs' A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	354	\ {\|Key ServKey, Agent B, Tt, ServTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	355	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	356	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	357	\ (EX A. ServTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	358	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	359	\ \| ServTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	360	by (case_tac "Key AuthKey : analz (spies evs)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	361	by (force_tac (claset() addSDs [Says_imp_spies RS analz.Inj], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	362	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	363	by (blast_tac (claset() addSDs [ServTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	364	qed "Says_tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	365	(* This form MUST be used in analz_sees_tac below *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	366
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	367
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	368	(***************UNICITY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	369
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	370	(* The session key, if secure, uniquely identifies the Ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	371	whether AuthTicket or ServTicket. As a matter of fact, one can read
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	372	also Tgs in the place of B. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	373	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	374	\ Key SesKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	375	\ (EX A B T. ALL A' B' T'. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	376	\ Crypt (shrK B') {\|Agent A', Agent B', Key SesKey, T'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	377	\ : parts (spies evs) --> A'=A & B'=B & T'=T)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	378	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	379	by (REPEAT (etac (exI RSN (2,exE)) 1) (stripping EXs makes proof faster)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	380	THEN Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	381	by (asm_simp_tac (simpset() addsimps [all_conj_distrib]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	382	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	383	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	384	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	385	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	386	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	387
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	388	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key SesKey, T\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	389	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	390	\ Crypt (shrK B') {\|Agent A', Agent B', Key SesKey, T'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	391	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	392	\ evs : kerberos; Key SesKey ~: analz (spies evs) \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	393	\ ==> A=A' & B=B' & T=T'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	394	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	395	qed "unique_CryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	396
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	397	Goal "evs : kerberos \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	398	\ ==> Key SesKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	399	\ (EX K' B' T' Ticket'. ALL K B T Ticket. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	400	\ Crypt K {\|Key SesKey, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	401	\ : parts (spies evs) --> K=K' & B=B' & T=T' & Ticket=Ticket')";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	402	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	403	by (REPEAT (etac (exI RSN (2,exE)) 1) THEN Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	404	by (asm_simp_tac (simpset() addsimps [all_conj_distrib]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	405	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	406	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	407	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	408	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	409	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	410
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	411	(*An AuthKey is encrypted by one and only one Shared key.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	412	A ServKey is encrypted by one and only one AuthKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	413	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	414	Goal "[\| Crypt K {\|Key SesKey, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	415	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	416	\ Crypt K' {\|Key SesKey, Agent B', T', Ticket'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	417	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	418	\ evs : kerberos; Key SesKey ~: analz (spies evs) \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	419	\ ==> K=K' & B=B' & T=T' & Ticket=Ticket'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	420	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	421	qed "Key_unique_SesKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	422
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	423
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	424	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	425	At reception of any message mentioning A, Kas associates shrK A with
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	426	a new AuthKey. Realistic, as the user gets a new AuthKey at each login.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	427	Similarly, at reception of any message mentioning an AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	428	(a legitimate user could make several requests to Tgs - by K3), Tgs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	429	associates it with a new ServKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	430
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	431	Therefore, a goal like
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	432
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	433	"evs : kerberos \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	434	\ ==> Key Kc ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	435	\ (EX K' B' T' Ticket'. ALL K B T Ticket. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	436	\ Crypt Kc {\|Key K, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	437	\ : parts (spies evs) --> K=K' & B=B' & T=T' & Ticket=Ticket')";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	438
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	439	would fail on the K2 and K4 cases.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	440	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	441
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	442	(* AuthKey uniquely identifies the message from Kas *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	443	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	444	\ EX A' Ka' Tk' X'. ALL A Ka Tk X. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	445	\ Says Kas A (Crypt Ka {\|Key AuthKey, Agent Tgs, Tk, X\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	446	\ : set evs --> A=A' & Ka=Ka' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	447	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	448	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	449	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	450	(K2: it can't be a new key)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	451	by (expand_case_tac "AuthKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	452	by (REPEAT (ares_tac [refl,exI,impI,conjI] 2));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	453	by (blast_tac (claset() delrules [conjI] (prevent split-up into 4 subgoals)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	454	addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	455	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	456
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	457	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	458	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Tk, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	459	\ Says Kas A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	460	\ (Crypt Ka' {\|Key AuthKey, Agent Tgs, Tk', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	461	\ evs : kerberos \|] ==> A=A' & Ka=Ka' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	462	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	463	qed "unique_AuthKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	464
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	465	(* ServKey uniquely identifies the message from Tgs *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	466	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	467	\ EX A' B' AuthKey' Tk' X'. ALL A B AuthKey Tk X. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	468	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tk, X\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	469	\ : set evs --> A=A' & B=B' & AuthKey=AuthKey' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	470	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	471	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	472	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	473	(K4: it can't be a new key)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	474	by (expand_case_tac "ServKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	475	by (REPEAT (ares_tac [refl,exI,impI,conjI] 2));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	476	by (blast_tac (claset() delrules [conjI] (prevent split-up into 4 subgoals)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	477	addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	478	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	479
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	480	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	481	\ (Crypt K {\|Key ServKey, Agent B, Tt, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	482	\ Says Tgs A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	483	\ (Crypt K' {\|Key ServKey, Agent B', Tt', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	484	\ evs : kerberos \|] ==> A=A' & B=B' & K=K' & Tt=Tt' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	485	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	486	qed "unique_ServKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	487
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	488
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	489	(***************LEMMAS ABOUT the predicate KeyCryptKey**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	490
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	491	Goalw [KeyCryptKey_def] "~ KeyCryptKey AuthKey ServKey []";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	492	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	493	qed "not_KeyCryptKey_Nil";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	494	AddIffs [not_KeyCryptKey_Nil];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	495
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	496	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	497	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	498	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	499	\ evs : kerberos \|] ==> KeyCryptKey AuthKey ServKey evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	500	by (ftac Says_Tgs_message_form 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	501	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	502	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	503	qed "KeyCryptKeyI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	504
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	505	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	506	"KeyCryptKey AuthKey ServKey (Says S A X # evs) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	507	\ (Tgs = S & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	508	\ (EX B tt. X = Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	509	\ {\|Key ServKey, Agent B, tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	510	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	511	\ \| KeyCryptKey AuthKey ServKey evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	512	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	513	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	514	qed "KeyCryptKey_Says";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	515	Addsimps [KeyCryptKey_Says];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	516
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	517	(*A fresh AuthKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	518	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	519	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	520	"[\| Key AuthKey ~: used evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	521	\ ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	522	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	523	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	524	by (Asm_full_simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	525	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	526	qed "Auth_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	527
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	528	(*A fresh ServKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	529	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	530	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	531	"Key ServKey ~: used evs ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	532	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	533	qed "Serv_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	534
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	535	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	536	"[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	537	\ : parts (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	538	\ ==> ~ KeyCryptKey K AuthKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	539	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	540	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	541	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	542	by (blast_tac (claset() addEs spies_partsEs) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	543	(K2: by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	544	by (blast_tac (claset() addEs spies_partsEs) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	545	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	546	qed "AuthKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	547
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	548	(A secure serverkey cannot have been used to encrypt others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	549	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	550	"[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	551	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	552	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	553	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	554	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	555	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	556	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	557	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	558	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	559	(K4 splits into distinct subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	560	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	561	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	562	(ServKey can't have been enclosed in two certificates)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	563	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	564	addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	565	addDs [unique_CryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	566	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	567	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	568	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	569	simpset()) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	570	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	571	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	572	qed "ServKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	573
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	574	(Long term keys are not issued as ServKeys)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	575	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	576	"evs : kerberos ==> ~ KeyCryptKey K (shrK A) evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	577	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	578	qed "shrK_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	579
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	580	(*The Tgs message associates ServKey with AuthKey and therefore not with any
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	581	other key AuthKey.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	582	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	583	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	584	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	585	\ AuthKey' ~= AuthKey; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	586	\ ==> ~ KeyCryptKey AuthKey' ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	587	by (blast_tac (claset() addDs [unique_ServKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	588	qed "Says_Tgs_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	589
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	590	Goal "[\| KeyCryptKey AuthKey ServKey evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	591	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	592	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	593	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	594	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	595	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	596	(K4 splits into subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	597	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	598	addSDs [AuthKey_not_KeyCryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	599	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	600	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	601	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	602	simpset() addsimps [KeyCryptKey_def]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	603	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	604	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	605	qed "KeyCryptKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	606
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	607	(*The only session keys that can be found with the help of session keys are
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	608	those sent by Tgs in step K4. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	609
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	610	(*We take some pains to express the property
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	611	as a logical equivalence so that the simplifier can apply it.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	612	Goal "P --> (Key K : analz (Key``KK Un H)) --> (K:KK \| Key K : analz H) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	613	\ ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	614	\ P --> (Key K : analz (Key``KK Un H)) = (K:KK \| Key K : analz H)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	615	by (blast_tac (claset() addIs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	616	qed "Key_analz_image_Key_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	617
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	618	Goal "[\| KeyCryptKey K K' evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	619	\ ==> Key K' : analz (insert (Key K) (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	620	by (full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	621	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	622	by (dresolve_tac [Says_imp_spies RS analz.Inj RS analz_insertI] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	623	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	624	qed "KeyCryptKey_analz_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	625
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	626	Goal "[\| K : AuthKeys evs Un range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	627	\ ==> ALL SK. ~ KeyCryptKey SK K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	628	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	629	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	630	qed "AuthKeys_are_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	631
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	632	Goal "[\| K ~: AuthKeys evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	633	\ K ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	634	\ ==> ALL SK. ~ KeyCryptKey K SK evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	635	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	636	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	637	qed "not_AuthKeys_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	638
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	639
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	640	(***************SECRECY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	641
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	642	(For proofs involving analz.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	643	val analz_sees_tac =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	644	EVERY
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	645	[REPEAT (FIRSTGOAL analz_mono_contra_tac),
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	646	ftac Oops_range_spies2 10,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	647	ftac Oops_range_spies1 9,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	648	ftac Says_tgs_message_form 7,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	649	ftac Says_kas_message_form 5,
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	650	REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE, exE]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	651	ORELSE' hyp_subst_tac)];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	652
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	653	Goal "[\| KK <= -(range shrK); Key K : analz (spies evs); evs: kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	654	\ ==> Key K : analz (Key `` KK Un spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	655	by (blast_tac (claset() addDs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	656	qed "analz_mono_KK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	657
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	658	(* Big simplification law for keys SK that are not crypted by keys in KK *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	659	(* It helps prove three, otherwise hard, facts about keys. These facts are *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	660	(* exploited as simplification laws for analz, and also "limit the damage" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	661	(* in case of loss of a key to the spy. See ESORICS98. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	662	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	663	\ (ALL SK KK. KK <= -(range shrK) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	664	\ (ALL K: KK. ~ KeyCryptKey K SK evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	665	\ (Key SK : analz (Key``KK Un (spies evs))) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	666	\ (SK : KK \| Key SK : analz (spies evs)))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	667	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	668	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	669	by (REPEAT_FIRST (rtac allI));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	670	by (REPEAT_FIRST (rtac (Key_analz_image_Key_lemma RS impI)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	671	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	672	(asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	673	(analz_image_freshK_ss addsimps
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	674	[KeyCryptKey_Says, shrK_not_KeyCryptKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	675	Auth_fresh_not_KeyCryptKey, Serv_fresh_not_KeyCryptKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	676	Says_Tgs_KeyCryptKey, Spy_analz_shrK])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	677	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	678	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	679	(* Base + K2 done by the simplifier! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	680	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	681	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	682	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	683	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	684	addSDs [AuthKey_not_KeyCryptKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	685	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	686	by (rtac impI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	687	by (case_tac "Key ServKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	688	(If ServKey is compromised then the result follows directly...)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	689	by (asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	690	(simpset() addsimps [analz_insert_eq,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	691	impOfSubs (Un_upper2 RS analz_mono)]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	692	(...therefore ServKey is uncompromised.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	693	by (case_tac "KeyCryptKey ServKey SK evs5" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	694	by (asm_simp_tac analz_image_freshK_ss 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	695	(The KeyCryptKey ServKey SK evs5 case leads to a contradiction.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	696	by (blast_tac (claset() addSEs [ServKey_not_KeyCryptKey RSN(2, rev_notE)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	697	addEs spies_partsEs delrules [allE, ballE]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	698	( Level 14: Oops1 and Oops2 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	699	by (ALLGOALS Clarify_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	700	(Oops 2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	701	by (case_tac "Key ServKey : analz (spies evsO2)" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	702	by (ALLGOALS Asm_full_simp_tac);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	703	by (ftac analz_mono_KK 2
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	704	THEN assume_tac 2
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	705	THEN assume_tac 2);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	706	by (ftac analz_cut 2 THEN assume_tac 2);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	707	by (blast_tac (claset() addDs [analz_cut, impOfSubs analz_mono]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	708	by (dres_inst_tac [("x","SK")] spec 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	709	by (dres_inst_tac [("x","insert ServKey KK")] spec 2);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	710	by (ftac Says_Tgs_message_form 2 THEN assume_tac 2);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	711	by (Clarify_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	712	by (forward_tac [Says_imp_spies RS parts.Inj RS parts.Body
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	713	RS parts.Snd RS parts.Snd RS parts.Snd] 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	714	by (Asm_full_simp_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	715	by (blast_tac (claset() addSDs [ServKey_not_KeyCryptKey]
7494 45905028bb1d added theorems le_maxI1 and le_maxI2, also in claset oheimb parents: 7239 diff changeset	716	delrules [le_maxI1, le_maxI2]
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	717	addDs [impOfSubs analz_mono]) 2);
7494 45905028bb1d added theorems le_maxI1 and le_maxI2, also in claset oheimb parents: 7239 diff changeset	718	(Level 27: Oops 1)
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	719	by (dres_inst_tac [("x","SK")] spec 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	720	by (dres_inst_tac [("x","insert AuthKey KK")] spec 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	721	by (case_tac "KeyCryptKey AuthKey SK evsO1" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	722	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	723	by (blast_tac (claset() addSDs [KeyCryptKey_analz_insert]) 1);
7494 45905028bb1d added theorems le_maxI1 and le_maxI2, also in claset oheimb parents: 7239 diff changeset	724	by (blast_tac (claset() delrules [le_maxI1, le_maxI2]
45905028bb1d added theorems le_maxI1 and le_maxI2, also in claset oheimb parents: 7239 diff changeset	725	addDs [impOfSubs analz_mono]) 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	726	qed_spec_mp "Key_analz_image_Key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	727
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	728
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	729	(* First simplification law for analz: no session keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	730	(* authentication keys or shared keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	731	Goal "[\| evs : kerberos; K : (AuthKeys evs) Un range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	732	\ SesKey ~: range shrK \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	733	\ ==> Key K : analz (insert (Key SesKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	734	\ (K = SesKey \| Key K : analz (spies evs))";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	735	by (ftac AuthKeys_are_not_KeyCryptKey 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	736	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	737	qed "analz_insert_freshK1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	738
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	739
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	740	(* Second simplification law for analz: no service keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	741	(* any other keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	742	Goal "[\| evs : kerberos; ServKey ~: (AuthKeys evs); ServKey ~: range shrK\|]\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	743	\ ==> Key K : analz (insert (Key ServKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	744	\ (K = ServKey \| Key K : analz (spies evs))";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	745	by (ftac not_AuthKeys_not_KeyCryptKey 1
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	746	THEN assume_tac 1
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	747	THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	748	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	749	qed "analz_insert_freshK2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	750
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	751
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	752	(* Third simplification law for analz: only one authentication key *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	753	(* encrypts a certain service key. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	754	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	755	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	756	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	757	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	758	\ AuthKey ~= AuthKey'; AuthKey' ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	759	\ ==> Key ServKey : analz (insert (Key AuthKey') (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	760	\ (ServKey = AuthKey' \| Key ServKey : analz (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	761	by (dres_inst_tac [("AuthKey'","AuthKey'")] Says_Tgs_KeyCryptKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	762	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	763	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	764	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	765	qed "analz_insert_freshK3";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	766
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	767
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	768	(a weakness of the protocol)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	769	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	770	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	771	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	772	\ Key AuthKey : analz (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	773	\ ==> Key ServKey : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	774	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	775	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	776	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	777	qed "AuthKey_compromises_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	778
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	779
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	780	(******************** Guarantees for Kas ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	781	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	782	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	783	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	784	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	785	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	786	\ ==> ServKey ~: AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	787	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	788	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	789	by (asm_full_simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	790	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	791	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	792	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	793	bind_thm ("ServKey_notin_AuthKeys", result() RSN (2, rev_notE));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	794	bind_thm ("ServKey_notin_AuthKeysD", result());
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	795
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	796
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	797	(** If Spy sees the Authentication Key sent in msg K2, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	798	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	799	Goal "[\| A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	800	\ ==> Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	801	\ (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	802	\ {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	803	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	804	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	805	\ Key AuthKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	806	\ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	807	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	808	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	809	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	810	(asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	811	(simpset() addsimps ([Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	812	analz_insert_eq, not_parts_not_analz,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	813	analz_insert_freshK1] @ pushes))));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	814	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	815	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	816	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	817	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	818	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	819	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	820	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	821	(Level 8: K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	822	by (blast_tac (claset() addEs [ServKey_notin_AuthKeys]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	823	addDs [Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	824	Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	825	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	826	(Oops1)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	827	by (blast_tac (claset() addDs [unique_AuthKeys] addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	828	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	829	by (blast_tac (claset() addDs [Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	830	Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	831	val lemma = result() RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	832
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	833
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	834	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	835	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	836	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	837	\ ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	838	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	839	\ ==> Key AuthKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	840	by (ftac Says_Kas_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	841	by (blast_tac (claset() addSDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	842	qed "Confidentiality_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	843
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	844
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	845
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	846
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	847
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	848
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	849	(******************** Guarantees for Tgs ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	850
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	851	(** If Spy sees the Service Key sent in msg K4, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	852	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	853	Goal "[\| A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	854	\ ==> Key AuthKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	855	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	856	\ (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	857	\ {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	858	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	859	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	860	\ Key ServKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	861	\ ExpirServ Tt evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	862	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	863	(*The Oops1 case is unusual: must simplify Authkey ~: analz (spies (ev#evs))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	864	rather than weakening it to Authkey ~: analz (spies evs), for we then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	865	conclude AuthKey ~= AuthKeya.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	866	by (Clarify_tac 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	867	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	868	by (rotate_tac ~1 11);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	869	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	870	(asm_full_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	871	(simpset() addsimps ([Says_Kas_message_form, Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	872	analz_insert_eq, not_parts_not_analz,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	873	analz_insert_freshK1, analz_insert_freshK2] @ pushes))));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	874	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	875	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	876	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	877	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	878	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	879	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	880	by (case_tac "A ~= Aa" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	881	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	882	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	883	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	884	A_trusts_AuthTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	885	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	886	impOfSubs analz_subset_parts]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	887	by (ALLGOALS Clarify_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	888	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	889	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	890	Key_unique_SesKey] addIs [less_SucI]) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	891	( Level 12 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	892	(Oops1)
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	893	by (ftac Says_Kas_message_form 2);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	894	by (assume_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	895	by (blast_tac (claset() addDs [analz_insert_freshK3,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	896	Says_Kas_message_form, Says_Tgs_message_form]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	897	addIs [less_SucI]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	898	( Level 16 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	899	by (thin_tac "Says Aa Tgs ?X : set ?evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	900	by (forward_tac [Says_imp_spies RS parts.Inj RS ServKey_notin_AuthKeysD] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	901	by (assume_tac 1 THEN Blast_tac 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	902	by (rotate_tac ~1 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	903	by (asm_full_simp_tac (simpset() addsimps [analz_insert_freshK2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	904	by (etac disjE 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	905	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	906	Key_unique_SesKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	907	by (blast_tac (claset() addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	908	val lemma = result() RS mp RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	909
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	910
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	911	(* In the real world Tgs can't check wheter AuthKey is secure! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	912	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	913	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	914	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	915	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	916	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	917	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	918	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	919	\ ==> Key ServKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	920	by (ftac Says_Tgs_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	921	by (blast_tac (claset() addDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	922	qed "Confidentiality_Tgs1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	923
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	924	(* In the real world Tgs CAN check what Kas sends! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	925	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	926	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	927	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	928	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	929	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	930	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	931	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	932	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	933	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	934	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	935	by (blast_tac (claset() addSDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	936	Confidentiality_Tgs1]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	937	qed "Confidentiality_Tgs2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	938
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	939	(Most general form)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	940	val Confidentiality_Tgs3 = A_trusts_AuthTicket RS Confidentiality_Tgs2;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	941
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	942
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	943	(******************** Guarantees for Alice ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	944
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	945	val Confidentiality_Auth_A = A_trusts_AuthKey RS Confidentiality_Kas;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	946
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	947	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	948	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	949	\ (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) : set evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	950	\ Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	951	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	952	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	953	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	954	\==> Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	955	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	956	by (ftac Says_Kas_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	957	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	958	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	959	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	960	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	961	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	962	(K2 and K4 remain)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	963	by (blast_tac (claset() addEs spies_partsEs addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	964	addSDs [unique_CryptKey]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	965	by (blast_tac (claset() addSDs [A_trusts_K4, Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	966	AuthKeys_used]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	967	qed "A_trusts_K4_bis";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	968
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	969
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	970	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	971	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	972	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	973	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	974	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	975	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	976	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	977	by (dtac A_trusts_AuthKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	978	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	979	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	980	by (blast_tac (claset() addDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	981	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	982	A_trusts_K4_bis, Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	983	qed "Confidentiality_Serv_A";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	984
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	985
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	986	(******************** Guarantees for Bob ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	987	(* Theorems for the refined model have suffix "refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	988
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	989	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	990	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	991	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	992	\ ==> EX Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	993	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	994	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	995	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	996	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	997	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	998	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	999	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1000	qed "K4_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1001
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1002	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1003	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1004	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1005	\ ==> EX Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1006	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1007	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1008	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1009	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1010	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1011	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1012	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1013	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1014	qed "K4_imp_K2_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1015
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1016	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1017	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1018	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1019	\==> EX AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1020	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1021	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1022	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1023	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1024	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1025	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1026	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1027	qed "B_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1028
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1029	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1030	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1031	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1032	\ ==> EX AuthKey Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1033	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1034	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1035	by (blast_tac (claset() addSDs [B_trusts_ServKey, K4_imp_K2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1036	qed "B_trusts_ServTicket_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1037
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1038	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1039	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1040	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1041	\ ==> EX AuthKey Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1042	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1043	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1044	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1045	by (blast_tac (claset() addSDs [B_trusts_ServKey,K4_imp_K2_refined]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1046	qed "B_trusts_ServTicket_Kas_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1047
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1048	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1049	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1050	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1051	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1052	\ Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1053	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1054	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1055	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1056	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1057	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1058	by (ftac B_trusts_ServKey 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1059	by (etac exE 4);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1060	by (ftac K4_imp_K2 4);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1061	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1062	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1063	qed "B_trusts_ServTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1064
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1065	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1066	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1067	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1068	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1069	\ (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1070	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1071	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1072	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1073	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1074	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1075	\ & ServLife + Tt <= AuthLife + Tk)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1076	by (ftac B_trusts_ServKey 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1077	by (etac exE 4);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1078	by (ftac K4_imp_K2_refined 4);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1079	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1080	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1081	qed "B_trusts_ServTicket_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1082
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1083
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1084	Goal "[\| ~ ExpirServ Tt evs; ServLife + Tt <= AuthLife + Tk \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1085	\ ==> ~ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1086	by (blast_tac (claset() addDs [leI,le_trans] addEs [leE]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1087	qed "NotExpirServ_NotExpirAuth_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1088
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1089
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1090	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1091	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1092	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1093	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1094	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1095	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1096	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1097	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1098	\ ==> Key ServKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1099	by (ftac A_trusts_AuthKey 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1100	by (ftac Confidentiality_Kas 3);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1101	by (ftac B_trusts_ServTicket 6);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1102	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1103	by (etac exE 9);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1104	by (ftac Says_Kas_message_form 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1105	by (blast_tac (claset() addDs [A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1106	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1107	Confidentiality_Tgs2]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1108	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1109	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1110	The proof above executes in 8 secs. It can be done in one command in 50 secs:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1111	by (blast_tac (claset() addDs [A_trusts_AuthKey, A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1112	Says_Kas_message_form, B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1113	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1114	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1115	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1116	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1117	qed "Confidentiality_B";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1118
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1119
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1120	(Most general form -- only for refined model! )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1121	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1122	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1123	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1124	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1125	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1126	by (blast_tac (claset() addDs [B_trusts_ServTicket_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1127	NotExpirServ_NotExpirAuth_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1128	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1129	qed "Confidentiality_B_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1130
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1131
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1132	(******************** Authenticity theorems ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1133
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1134	(*1. Session Keys authenticity: they originated with servers.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1135
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1136	(Authenticity of AuthKey for A: "A_trusts_AuthKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1137
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1138	(Authenticity of ServKey for A: "A_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1139	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1140	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1141	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1142	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1143	\ ~ ExpirAuth Tk evs; A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1144	\==>Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1145	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1146	by (ftac A_trusts_AuthKey 1 THEN assume_tac 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1147	by (blast_tac (claset() addDs [Confidentiality_Auth_A, A_trusts_K4_bis]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1148	qed "A_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1149	(Note: requires a temporal check)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1150
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1151
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1152	(Authenticity of ServKey for B: "B_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1153
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1154	(***2. Parties authenticity: each party verifies "the identity of
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1155	another party who generated some data" (quoted from Neuman & Ts'o).***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1156
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1157	(*These guarantees don't assess whether two parties agree on
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1158	the same session key: sending a message containing a key
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1159	doesn't a priori state knowledge of the key.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1160
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1161	(*B checks authenticity of A: theorems "A_Authenticity",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1162	"A_authenticity_refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1163	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1164	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1165	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1166	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1167	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1168	\==> Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1169	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1170	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1171	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1172	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1173	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1174	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1175	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1176	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1177	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1178	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1179	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1180	addDs [A_trusts_AuthKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1181	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1182	Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1183	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1184	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1185	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1186	by (blast_tac (claset() addDs [Key_unique_SesKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1187	qed "Says_Auth";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1188
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1189	(The second assumption tells B what kind of key ServKey is.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1190	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1191	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1192	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1193	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1194	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1195	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1196	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1197	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1198	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1199	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1200	\ Crypt ServKey {\|Agent A, Number Ta\|} \|} : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1201	by (ftac Confidentiality_B 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1202	by (ftac B_trusts_ServKey 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1203	by (etac exE 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1204	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1205	addSIs [Says_Auth]) 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1206	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1207	qed "A_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1208
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1209	(Stronger form in the refined model)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1210	Goal "[\| Crypt ServKey {\|Agent A, Number Ta2\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1211	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1212	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1213	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1214	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1215	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1216	\ Crypt ServKey {\|Agent A, Number Ta2\|} \|} : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1217	by (ftac Confidentiality_B_refined 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1218	by (ftac B_trusts_ServKey 6);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1219	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1220	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1221	addSIs [Says_Auth]) 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1222	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1223	qed "A_Authenticity_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1224
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1225
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1226	(A checks authenticity of B: theorem "B_authenticity")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1227
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1228	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1229	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1230	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1231	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1232	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1233	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1234	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1235	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1236	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1237	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1238	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1239	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1240	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1241	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1242	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1243	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1244	by (Clarify_tac 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1245	by (ftac Says_Tgs_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1246	by (Clarify_tac 1); (PROOF FAILED if omitted)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1247	by (blast_tac (claset() addDs [unique_CryptKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1248	qed "Says_K6";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1249
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1250	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1251	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1252	\ Key AuthKey ~: analz (spies evs); AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1253	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1254	\ ==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1255	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1256	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1257	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1258	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1259	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1260	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1261	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1262	qed "K4_trustworthy";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1263
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1264	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1265	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1266	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1267	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1268	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1269	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1270	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1271	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1272	by (ftac A_trusts_AuthKey 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1273	by (ftac Says_Kas_message_form 3);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1274	by (ftac Confidentiality_Kas 4);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1275	by (ftac K4_trustworthy 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1276	by (Blast_tac 8);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1277	by (etac exE 9);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1278	by (ftac K4_imp_K2 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1279	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1280	addSIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1281	addSEs [Confidentiality_Tgs1 RSN (2,rev_notE)]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1282	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1283	qed "B_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1284
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1285
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1286	(***3. Parties' knowledge of session keys. A knows a session key if she
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1287	used it to build a cipher.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1288
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1289	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1290	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1291	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1292	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1293	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1294	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1295	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1296	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1297	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1298	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1299	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1300	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1301	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1302	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1303	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1304	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1305	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1306	(K6 requires numerous lemmas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1307	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1308	by (blast_tac (claset() addDs [B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1309	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1310	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1311	addIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1312	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1313	qed "B_Knows_B_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1314	(*Key ServKey ~: analz (spies evs) could be relaxed by Confidentiality_B
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1315	but this is irrelevant because B knows what he knows! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1316
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1317	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1318	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1319	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1320	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1321	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1322	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1323	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1324	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1325	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1326	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1327	by (blast_tac (claset() addSDs [Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1328	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1329	qed "B_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1330
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1331	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1332	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1333	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1334	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1335	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1336	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1337	by (blast_tac (claset() addSDs [Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1338	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1339	qed "B_Knows_B_Knows_ServKey_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1340
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1341
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1342	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1343	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1344	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1345	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1346	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1347	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1348	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1349	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1350	by (blast_tac (claset() addSDs [B_Authenticity, Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1351	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1352	qed "A_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1353
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1354	Goal "[\| Says A Tgs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1355	\ {\|AuthTicket, Crypt AuthKey {\|Agent A, Number Ta\|}, Agent B\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1356	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1357	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1358	\ ==> EX Tk. Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1359	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1360	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1361	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1362	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1363	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1364	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1365	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1366	A_trusts_AuthKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1367	qed "K3_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1368
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1369	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1370	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1371	\ Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1372	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1373	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1374	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1375	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1376	\ ==> Says Tgs A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1377	\ {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1378	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1379	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1380	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1381	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1382	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1383	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1384	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1385	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1386	A_trusts_AuthTicket, unique_AuthKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1387	qed "K4_trustworthy'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1388
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1389	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1390	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1391	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1392	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1393	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1394	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1395	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1396	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1397	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1398	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1399	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1400	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1401	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1402	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1403	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1404	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1405	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1406	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1407	(K6)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1408	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1409	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1410	(*Level 15: case study necessary because the assumption doesn't state
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1411	the form of ServTicket. The guarantee becomes stronger.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1412	by (case_tac "Key AuthKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1413	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1414	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1415	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1416	by (blast_tac (claset() addDs [K3_imp_K2, K4_trustworthy',
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1417	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1418	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1419	addIs [Says_Auth]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1420	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1421	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1422	qed "A_Knows_A_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1423
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1424	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1425	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1426	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1427	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1428	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1429	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1430	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1431	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1432	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1433	by (blast_tac (claset() addSDs [Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1434	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1435	qed "A_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1436
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1437	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1438	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1439	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1440	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1441	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1442	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1443	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1444	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1445	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1446	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1447	by (blast_tac (claset() addDs [A_Authenticity, Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1448	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1449	qed "B_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1450
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1451
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1452	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1453	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1454	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1455	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1456	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1457	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1458	by (blast_tac (claset() addDs [A_Authenticity_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1459	Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1460	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1461	qed "B_Knows_A_Knows_ServKey_refined";

author	paulson
	Wed, 08 Mar 2000 16:17:10 +0100
changeset 8355	04d0f732e24e
parent 7499	23e090051cb8
child 8741	61bc5ed22b62
permissions	-rw-r--r--