| author | paulson |
| Fri, 01 Nov 1996 15:14:25 +0100 | |
| changeset 2142 | 20f208ff085d |
| parent 2111 | 81c8d46edfa3 |
| child 2155 | dc85854810eb |
| permissions | -rw-r--r-- |
|
2111
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
1 |
(* Title: HOL/Auth/Yahalom |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
2 |
ID: $Id$ |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
3 |
Author: Lawrence C Paulson, Cambridge University Computer Laboratory |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
4 |
Copyright 1996 University of Cambridge |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
5 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
6 |
Inductive relation "yahalom" for the Yahalom protocol, Variant 2. |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
7 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
8 |
This version trades encryption of NB for additional explicitness in YM3. |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
9 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
10 |
From page 259 of |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
11 |
Burrows, Abadi and Needham. A Logic of Authentication. |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
12 |
Proc. Royal Soc. 426 (1989) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
13 |
*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
14 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
15 |
Yahalom2 = Shared + |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
16 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
17 |
consts yahalom :: "agent set => event list set" |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
18 |
inductive "yahalom lost" |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
19 |
intrs |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
20 |
(*Initial trace is empty*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
21 |
Nil "[]: yahalom lost" |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
22 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
23 |
(*The spy MAY say anything he CAN say. We do not expect him to |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
24 |
invent new nonces here, but he can also use NS1. Common to |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
25 |
all similar protocols.*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
26 |
Fake "[| evs: yahalom lost; B ~= Spy; |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
27 |
X: synth (analz (sees lost Spy evs)) |] |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
28 |
==> Says Spy B X # evs : yahalom lost" |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
29 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
30 |
(*Alice initiates a protocol run*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
31 |
YM1 "[| evs: yahalom lost; A ~= B |] |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
32 |
==> Says A B {|Agent A, Nonce (newN evs)|} # evs : yahalom lost"
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
33 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
34 |
(*Bob's response to Alice's message. Bob doesn't know who |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
35 |
the sender is, hence the A' in the sender field.*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
36 |
YM2 "[| evs: yahalom lost; B ~= Server; |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
37 |
Says A' B {|Agent A, Nonce NA|} : set_of_list evs |]
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
38 |
==> Says B Server |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
39 |
{|Agent B, Nonce (newN evs),
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
40 |
Crypt {|Agent A, Nonce NA|} (shrK B)|}
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
41 |
# evs : yahalom lost" |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
42 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
43 |
(*The Server receives Bob's message. He responds by sending a |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
44 |
new session key to Alice, with a packet for forwarding to Bob.*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
45 |
YM3 "[| evs: yahalom lost; A ~= Server; |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
46 |
Says B' Server |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
47 |
{|Agent B, Nonce NB, Crypt {|Agent A, Nonce NA|} (shrK B)|}
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
48 |
: set_of_list evs |] |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
49 |
==> Says Server A |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
50 |
{|Nonce NB,
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
51 |
Crypt {|Agent B, Key (newK evs), Nonce NA|} (shrK A),
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
52 |
Crypt {|Agent A, Key (newK evs), Nonce NB, Nonce NB|} (shrK B)|}
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
53 |
# evs : yahalom lost" |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
54 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
55 |
(*Alice receives the Server's (?) message, checks her Nonce, and |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
56 |
uses the new session key to send Bob his Nonce.*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
57 |
YM4 "[| evs: yahalom lost; A ~= B; |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
58 |
Says S A {|Nonce NB, Crypt {|Agent B, Key K, Nonce NA|} (shrK A),
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
59 |
X|} |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
60 |
: set_of_list evs; |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
61 |
Says A B {|Agent A, Nonce NA|} : set_of_list evs |]
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
62 |
==> Says A B {|X, Crypt (Nonce NB) K|} # evs : yahalom lost"
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
63 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
64 |
(*This message models possible leaks of session keys. The Nonce NA |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
65 |
identifies the protocol run. We can't be sure about NB.*) |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
66 |
Revl "[| evs: yahalom lost; A ~= Spy; |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
67 |
Says S A {|Nonce NB, Crypt {|Agent B, Key K, Nonce NA|} (shrK A),
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
68 |
X|} |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
69 |
: set_of_list evs |] |
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
70 |
==> Says A Spy {|Nonce NA, Key K|} # evs : yahalom lost"
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
71 |
|
|
81c8d46edfa3
New version of Yahalom, as recommended on p 259 of BAN paper
paulson
parents:
diff
changeset
|
72 |
end |