isabelle: src/HOL/Auth/KerberosIV.ML@2f6cec5c046f (annotated)

6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1	(* Title: HOL/Auth/KerberosIV
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	2	ID: $Id$
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	3	Author: Giampaolo Bella, Cambridge University Computer Laboratory
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	4	Copyright 1998 University of Cambridge
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	5
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	6	The Kerberos protocol, version IV.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	7	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	8
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	9	Pretty.setdepth 20;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	10	proof_timing:=true;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	11	HOL_quantifiers := false;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	12
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	13	AddIffs [AuthLife_LB, ServLife_LB, AutcLife_LB, RespLife_LB, Tgs_not_bad];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	14
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	15
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	16	( Reversed traces )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	17
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	18	Goal "spies (evs @ [Says A B X]) = insert X (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	19	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	20	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	21	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	22	qed "spies_Says_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	23
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	24	Goal "spies (evs @ [Gets A X]) = spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	25	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	26	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	27	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	28	qed "spies_Gets_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	29
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	30	Goal "spies (evs @ [Notes A X]) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	31	\ (if A:bad then insert X (spies evs) else spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	32	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	33	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	34	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	35	qed "spies_Notes_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	36
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	37	Goal "spies evs = spies (rev evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	38	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	39	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	40	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	41	(asm_simp_tac (simpset() addsimps [spies_Says_rev, spies_Gets_rev,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	42	spies_Notes_rev])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	43	qed "spies_evs_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	44	bind_thm ("parts_spies_evs_revD2", spies_evs_rev RS equalityD2 RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	45
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	46	Goal "spies (takeWhile P evs) <= spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	47	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	48	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	49	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	50	(* Resembles "used_subset_append" in Event.ML*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	51	qed "spies_takeWhile";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	52	bind_thm ("parts_spies_takeWhile_mono", spies_takeWhile RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	53
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	54	Goal "~P(x) --> takeWhile P (xs @ [x]) = takeWhile P xs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	55	by (induct_tac "xs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	56	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	57	qed "takeWhile_tail";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	58
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	59
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	60	(***************LEMMAS ABOUT AuthKeys**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	61
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	62	Goalw [AuthKeys_def] "AuthKeys [] = {}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	63	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	64	qed "AuthKeys_empty";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	65
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	66	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	67	"(ALL A Tk akey Peer. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	68	\ ev ~= Says Kas A (Crypt (shrK A) {\|akey, Agent Peer, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	69	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, akey, Tk\|})\|}))\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	70	\ ==> AuthKeys (ev # evs) = AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	71	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	72	qed "AuthKeys_not_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	73
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	74	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	75	"AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	76	\ (Says Kas A (Crypt (shrK A) {\|Key K, Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	77	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K, Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	78	\ = insert K (AuthKeys evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	79	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	80	qed "AuthKeys_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	81
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	82	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	83	"K : AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	84	\ (Says Kas A (Crypt (shrK A) {\|Key K', Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	85	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K', Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	86	\ ==> K = K' \| K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	87	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	88	qed "AuthKeys_simp";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	89
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	90	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	91	"Says Kas A (Crypt (shrK A) {\|Key K, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	92	\ (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key K, Number Tk\|})\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	93	\ ==> K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	94	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	95	qed "AuthKeysI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	96
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	97	Goalw [AuthKeys_def] "K : AuthKeys evs ==> Key K : used evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	98	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	99	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	100	qed "AuthKeys_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	101
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	102
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	103	(** FORWARDING LEMMAS **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	104
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	105	(--For reasoning about the encrypted portion of message K3--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	106	Goal "Says Kas' A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	107	\ : set evs ==> AuthTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	108	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	109	qed "K3_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	110
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	111	Goal "Says Kas A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	112	\ : set evs ==> AuthKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	113	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	114	qed "Oops_parts_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	115
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	116	Goal "[\| Says Kas A (Crypt KeyA {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	117	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	118	\ evs : kerberos \|] ==> AuthKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	119	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	120	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	121	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	122	qed "Oops_range_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	123
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	124	(--For reasoning about the encrypted portion of message K5--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	125	Goal "Says Tgs' A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	126	\ : set evs ==> ServTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	127	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	128	qed "K5_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	129
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	130	Goal "Says Tgs A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	131	\ : set evs ==> ServKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	132	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	133	qed "Oops_parts_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	134
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	135	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	136	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	137	\ evs : kerberos \|] ==> ServKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	138	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	139	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	140	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	141	qed "Oops_range_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	142
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	143	Goal "Says S A (Crypt K {\|SesKey, B, TimeStamp, Ticket\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	144	\ ==> Ticket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	145	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	146	qed "Says_ticket_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	147	(Replaces both K3_msg_in_parts_spies and K5_msg_in_parts_spies)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	148
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	149	fun parts_induct_tac i =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	150	etac kerberos.induct i THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	151	REPEAT (FIRSTGOAL analz_mono_contra_tac) THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	152	forward_tac [K3_msg_in_parts_spies] (i+4) THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	153	forward_tac [K5_msg_in_parts_spies] (i+6) THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	154	forward_tac [Oops_parts_spies1] (i+8) THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	155	forward_tac [Oops_parts_spies2] (i+9) THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	156	prove_simple_subgoals_tac 1;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	157
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	158
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	159	(Spy never sees another agent's shared key! (unless it's lost at start))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	160	Goal "evs : kerberos ==> (Key (shrK A) : parts (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	161	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	162	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	163	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	164	qed "Spy_see_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	165	Addsimps [Spy_see_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	166
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	167	Goal "evs : kerberos ==> (Key (shrK A) : analz (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	168	by (auto_tac (claset() addDs [impOfSubs analz_subset_parts], simpset()));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	169	qed "Spy_analz_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	170	Addsimps [Spy_analz_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	171
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	172	Goal "[\| Key (shrK A) : parts (spies evs); evs : kerberos \|] ==> A:bad";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	173	by (blast_tac (claset() addDs [Spy_see_shrK]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	174	qed "Spy_see_shrK_D";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	175	bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	176	AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	177
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	178	(Nobody can have used non-existent keys!)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	179	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	180	\ Key K ~: used evs --> K ~: keysFor (parts (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	181	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	182	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	183	by (best_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	184	(claset() addSDs [impOfSubs (parts_insert_subset_Un RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	185	addIs [impOfSubs analz_subset_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	186	addDs [impOfSubs (analz_subset_parts RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	187	addss (simpset())) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	188	(Others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	189	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	190	qed_spec_mp "new_keys_not_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	191
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	192	bind_thm ("new_keys_not_analzd",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	193	[analz_subset_parts RS keysFor_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	194	new_keys_not_used] MRS contra_subsetD);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	195
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	196	Addsimps [new_keys_not_used, new_keys_not_analzd];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	197
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	198
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	199	(********************* REGULARITY LEMMAS *********************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	200	(* concerning the form of items passed in messages *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	201	(*****************************************************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	202
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	203	(Describes the form of AuthKey, AuthTicket, and K sent by Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	204	Goal "[\| Says Kas A (Crypt K {\|Key AuthKey, Agent Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	205	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	206	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	207	\ ==> AuthKey ~: range shrK & AuthKey : AuthKeys evs & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	208	\ AuthTicket = (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} ) &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	209	\ K = shrK A & Peer = Tgs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	210	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	211	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	212	by (ALLGOALS (simp_tac (simpset() addsimps [AuthKeys_def, AuthKeys_insert])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	213	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	214	qed "Says_Kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	215
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	216	(*This lemma is essential for proving Says_Tgs_message_form:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	217
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	218	the session key AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	219	supplied by Kas in the authentication ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	220	cannot be a long-term key!
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	221
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	222	Generalised to any session keys (both AuthKey and ServKey).
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	223	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	224	Goal "[\| Crypt (shrK Tgs_B) {\|Agent A, Agent Tgs_B, Key SesKey, Number T\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	225	\ : parts (spies evs); Tgs_B ~: bad;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	226	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	227	\ ==> SesKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	228	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	229	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	230	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	231	qed "SesKey_is_session_key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	232
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	233	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	234	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	235	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	236	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	237	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	238	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	239	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	240	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	241	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	242	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	243	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	244	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	245	qed "A_trusts_AuthTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	246
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	247	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	248	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	249	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	250	\ ==> AuthKey : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	251	by (forward_tac [A_trusts_AuthTicket] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	252	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	253	by (simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	254	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	255	qed "AuthTicket_crypt_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	256
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	257	(Describes the form of ServKey, ServTicket and AuthKey sent by Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	258	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	259	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	260	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	261	\ ==> B ~= Tgs & ServKey ~: range shrK & ServKey ~: AuthKeys evs &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	262	\ ServTicket = (Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} ) & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	263	\ AuthKey ~: range shrK & AuthKey : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	264	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	265	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	266	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	267	(asm_full_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	268	(simpset() addsimps [AuthKeys_insert, AuthKeys_not_insert,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	269	AuthKeys_empty, AuthKeys_simp])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	270	by (blast_tac (claset() addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	271	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	272	by (blast_tac (claset() addSDs [AuthKeys_used, Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	273	by (blast_tac (claset() addSDs [SesKey_is_session_key]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	274	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	275	by (blast_tac (claset() addDs [AuthTicket_crypt_AuthKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	276	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	277	qed "Says_Tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	278
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	279	(If a certain encrypted message appears then it originated with Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	280	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	281	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	282	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	283	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	284	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	285	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	286	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	287	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	288	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	289	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	290	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	291	A_trusts_AuthTicket RS Says_Kas_message_form])
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	292	1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	293	qed "A_trusts_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	294
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	295
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	296	(If a certain encrypted message appears then it originated with Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	297	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	298	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	299	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	300	\ AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	301	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	302	\==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	303	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	304	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	305	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	306	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	307	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	308	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	309	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	310	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	311	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	312	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	313	qed "A_trusts_K4";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	314
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	315	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	316	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	317	\ A ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	318	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	319	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	320	\ AuthTicket = Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	321	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	322	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	323	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	324	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	325	qed "AuthTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	326
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	327	(* This form holds also over an AuthTicket, but is not needed below. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	328	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	329	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	330	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	331	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	332	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	333	\ (EX A. ServTicket = Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|})";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	334	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	335	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	336	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	337	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	338	qed "ServTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	339
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	340	Goal "[\| Says Kas' A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	341	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	342	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	343	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	344	\ AuthTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	345	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	346	\ \| AuthTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	347	by (case_tac "A : bad" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	348	by (force_tac (claset() addSDs [Says_imp_spies RS analz.Inj], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	349	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	350	by (blast_tac (claset() addSDs [AuthTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	351	qed "Says_kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	352	(* Essentially the same as AuthTicket_form *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	353
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	354	Goal "[\| Says Tgs' A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	355	\ {\|Key ServKey, Agent B, Tt, ServTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	356	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	357	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	358	\ (EX A. ServTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	359	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	360	\ \| ServTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	361	by (case_tac "Key AuthKey : analz (spies evs)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	362	by (force_tac (claset() addSDs [Says_imp_spies RS analz.Inj], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	363	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	364	by (blast_tac (claset() addSDs [ServTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	365	qed "Says_tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	366	(* This form MUST be used in analz_sees_tac below *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	367
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	368
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	369	(***************UNICITY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	370
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	371	(* The session key, if secure, uniquely identifies the Ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	372	whether AuthTicket or ServTicket. As a matter of fact, one can read
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	373	also Tgs in the place of B. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	374	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	375	\ Key SesKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	376	\ (EX A B T. ALL A' B' T'. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	377	\ Crypt (shrK B') {\|Agent A', Agent B', Key SesKey, T'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	378	\ : parts (spies evs) --> A'=A & B'=B & T'=T)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	379	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	380	by (REPEAT (etac (exI RSN (2,exE)) 1) (stripping EXs makes proof faster)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	381	THEN Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	382	by (asm_simp_tac (simpset() addsimps [all_conj_distrib]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	383	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	384	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	385	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	386	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	387	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	388
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	389	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key SesKey, T\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	390	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	391	\ Crypt (shrK B') {\|Agent A', Agent B', Key SesKey, T'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	392	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	393	\ evs : kerberos; Key SesKey ~: analz (spies evs) \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	394	\ ==> A=A' & B=B' & T=T'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	395	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	396	qed "unique_CryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	397
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	398	Goal "evs : kerberos \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	399	\ ==> Key SesKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	400	\ (EX K' B' T' Ticket'. ALL K B T Ticket. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	401	\ Crypt K {\|Key SesKey, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	402	\ : parts (spies evs) --> K=K' & B=B' & T=T' & Ticket=Ticket')";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	403	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	404	by (REPEAT (etac (exI RSN (2,exE)) 1) THEN Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	405	by (asm_simp_tac (simpset() addsimps [all_conj_distrib]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	406	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	407	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	408	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	409	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	410	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	411
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	412	(*An AuthKey is encrypted by one and only one Shared key.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	413	A ServKey is encrypted by one and only one AuthKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	414	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	415	Goal "[\| Crypt K {\|Key SesKey, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	416	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	417	\ Crypt K' {\|Key SesKey, Agent B', T', Ticket'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	418	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	419	\ evs : kerberos; Key SesKey ~: analz (spies evs) \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	420	\ ==> K=K' & B=B' & T=T' & Ticket=Ticket'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	421	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	422	qed "Key_unique_SesKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	423
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	424
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	425	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	426	At reception of any message mentioning A, Kas associates shrK A with
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	427	a new AuthKey. Realistic, as the user gets a new AuthKey at each login.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	428	Similarly, at reception of any message mentioning an AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	429	(a legitimate user could make several requests to Tgs - by K3), Tgs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	430	associates it with a new ServKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	431
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	432	Therefore, a goal like
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	433
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	434	"evs : kerberos \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	435	\ ==> Key Kc ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	436	\ (EX K' B' T' Ticket'. ALL K B T Ticket. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	437	\ Crypt Kc {\|Key K, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	438	\ : parts (spies evs) --> K=K' & B=B' & T=T' & Ticket=Ticket')";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	439
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	440	would fail on the K2 and K4 cases.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	441	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	442
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	443	(* AuthKey uniquely identifies the message from Kas *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	444	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	445	\ EX A' Ka' Tk' X'. ALL A Ka Tk X. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	446	\ Says Kas A (Crypt Ka {\|Key AuthKey, Agent Tgs, Tk, X\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	447	\ : set evs --> A=A' & Ka=Ka' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	448	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	449	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	450	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	451	(K2: it can't be a new key)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	452	by (expand_case_tac "AuthKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	453	by (REPEAT (ares_tac [refl,exI,impI,conjI] 2));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	454	by (blast_tac (claset() delrules [conjI] (prevent split-up into 4 subgoals)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	455	addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	456	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	457
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	458	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	459	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Tk, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	460	\ Says Kas A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	461	\ (Crypt Ka' {\|Key AuthKey, Agent Tgs, Tk', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	462	\ evs : kerberos \|] ==> A=A' & Ka=Ka' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	463	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	464	qed "unique_AuthKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	465
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	466	(* ServKey uniquely identifies the message from Tgs *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	467	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	468	\ EX A' B' AuthKey' Tk' X'. ALL A B AuthKey Tk X. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	469	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tk, X\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	470	\ : set evs --> A=A' & B=B' & AuthKey=AuthKey' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	471	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	472	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	473	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	474	(K4: it can't be a new key)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	475	by (expand_case_tac "ServKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	476	by (REPEAT (ares_tac [refl,exI,impI,conjI] 2));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	477	by (blast_tac (claset() delrules [conjI] (prevent split-up into 4 subgoals)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	478	addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	479	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	480
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	481	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	482	\ (Crypt K {\|Key ServKey, Agent B, Tt, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	483	\ Says Tgs A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	484	\ (Crypt K' {\|Key ServKey, Agent B', Tt', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	485	\ evs : kerberos \|] ==> A=A' & B=B' & K=K' & Tt=Tt' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	486	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	487	qed "unique_ServKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	488
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	489
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	490	(***************LEMMAS ABOUT the predicate KeyCryptKey**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	491
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	492	Goalw [KeyCryptKey_def] "~ KeyCryptKey AuthKey ServKey []";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	493	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	494	qed "not_KeyCryptKey_Nil";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	495	AddIffs [not_KeyCryptKey_Nil];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	496
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	497	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	498	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	499	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	500	\ evs : kerberos \|] ==> KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	501	by (forward_tac [Says_Tgs_message_form] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	502	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	503	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	504	qed "KeyCryptKeyI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	505
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	506	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	507	"KeyCryptKey AuthKey ServKey (Says S A X # evs) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	508	\ (Tgs = S & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	509	\ (EX B tt. X = Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	510	\ {\|Key ServKey, Agent B, tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	511	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	512	\ \| KeyCryptKey AuthKey ServKey evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	513	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	514	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	515	qed "KeyCryptKey_Says";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	516	Addsimps [KeyCryptKey_Says];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	517
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	518	(*A fresh AuthKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	519	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	520	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	521	"[\| Key AuthKey ~: used evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	522	\ ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	523	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	524	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	525	by (Asm_full_simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	526	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	527	qed "Auth_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	528
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	529	(*A fresh ServKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	530	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	531	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	532	"Key ServKey ~: used evs ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	533	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	534	qed "Serv_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	535
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	536	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	537	"[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	538	\ : parts (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	539	\ ==> ~ KeyCryptKey K AuthKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	540	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	541	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	542	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	543	by (blast_tac (claset() addEs spies_partsEs) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	544	(K2: by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	545	by (blast_tac (claset() addEs spies_partsEs) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	546	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	547	qed "AuthKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	548
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	549	(A secure serverkey cannot have been used to encrypt others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	550	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	551	"[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	552	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	553	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	554	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	555	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	556	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	557	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	558	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	559	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	560	(K4 splits into distinct subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	561	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	562	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	563	(ServKey can't have been enclosed in two certificates)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	564	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	565	addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	566	addDs [unique_CryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	567	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	568	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	569	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	570	simpset()) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	571	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	572	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	573	qed "ServKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	574
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	575	(Long term keys are not issued as ServKeys)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	576	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	577	"evs : kerberos ==> ~ KeyCryptKey K (shrK A) evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	578	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	579	qed "shrK_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	580
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	581	(*The Tgs message associates ServKey with AuthKey and therefore not with any
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	582	other key AuthKey.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	583	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	584	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	585	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	586	\ AuthKey' ~= AuthKey; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	587	\ ==> ~ KeyCryptKey AuthKey' ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	588	by (blast_tac (claset() addDs [unique_ServKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	589	qed "Says_Tgs_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	590
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	591	Goal "[\| KeyCryptKey AuthKey ServKey evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	592	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	593	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	594	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	595	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	596	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	597	(K4 splits into subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	598	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	599	addSDs [AuthKey_not_KeyCryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	600	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	601	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	602	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	603	simpset() addsimps [KeyCryptKey_def]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	604	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	605	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	606	qed "KeyCryptKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	607
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	608	(*The only session keys that can be found with the help of session keys are
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	609	those sent by Tgs in step K4. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	610
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	611	(*We take some pains to express the property
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	612	as a logical equivalence so that the simplifier can apply it.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	613	Goal "P --> (Key K : analz (Key``KK Un H)) --> (K:KK \| Key K : analz H) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	614	\ ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	615	\ P --> (Key K : analz (Key``KK Un H)) = (K:KK \| Key K : analz H)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	616	by (blast_tac (claset() addIs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	617	qed "Key_analz_image_Key_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	618
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	619	Goal "[\| KeyCryptKey K K' evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	620	\ ==> Key K' : analz (insert (Key K) (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	621	by (full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	622	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	623	by (dresolve_tac [Says_imp_spies RS analz.Inj RS analz_insertI] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	624	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	625	qed "KeyCryptKey_analz_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	626
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	627	Goal "[\| K : AuthKeys evs Un range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	628	\ ==> ALL SK. ~ KeyCryptKey SK K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	629	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	630	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	631	qed "AuthKeys_are_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	632
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	633	Goal "[\| K ~: AuthKeys evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	634	\ K ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	635	\ ==> ALL SK. ~ KeyCryptKey K SK evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	636	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	637	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	638	qed "not_AuthKeys_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	639
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	640
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	641	(***************SECRECY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	642
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	643	(For proofs involving analz.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	644	val analz_sees_tac =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	645	EVERY
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	646	[REPEAT (FIRSTGOAL analz_mono_contra_tac),
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	647	forward_tac [Oops_range_spies2] 10,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	648	forward_tac [Oops_range_spies1] 9,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	649	forward_tac [Says_tgs_message_form] 7,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	650	forward_tac [Says_kas_message_form] 5,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	651	REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE, exE]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	652	ORELSE' hyp_subst_tac)];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	653
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	654	Goal "[\| KK <= -(range shrK); Key K : analz (spies evs); evs: kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	655	\ ==> Key K : analz (Key `` KK Un spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	656	by (blast_tac (claset() addDs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	657	qed "analz_mono_KK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	658
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	659	(* Big simplification law for keys SK that are not crypted by keys in KK *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	660	(* It helps prove three, otherwise hard, facts about keys. These facts are *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	661	(* exploited as simplification laws for analz, and also "limit the damage" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	662	(* in case of loss of a key to the spy. See ESORICS98. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	663	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	664	\ (ALL SK KK. KK <= -(range shrK) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	665	\ (ALL K: KK. ~ KeyCryptKey K SK evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	666	\ (Key SK : analz (Key``KK Un (spies evs))) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	667	\ (SK : KK \| Key SK : analz (spies evs)))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	668	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	669	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	670	by (REPEAT_FIRST (rtac allI));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	671	by (REPEAT_FIRST (rtac (Key_analz_image_Key_lemma RS impI)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	672	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	673	(asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	674	(analz_image_freshK_ss addsimps
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	675	[KeyCryptKey_Says, shrK_not_KeyCryptKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	676	Auth_fresh_not_KeyCryptKey, Serv_fresh_not_KeyCryptKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	677	Says_Tgs_KeyCryptKey, Spy_analz_shrK])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	678	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	679	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	680	(* Base + K2 done by the simplifier! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	681	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	682	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	683	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	684	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	685	addSDs [AuthKey_not_KeyCryptKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	686	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	687	by (rtac impI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	688	by (case_tac "Key ServKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	689	(If ServKey is compromised then the result follows directly...)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	690	by (asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	691	(simpset() addsimps [analz_insert_eq,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	692	impOfSubs (Un_upper2 RS analz_mono)]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	693	(...therefore ServKey is uncompromised.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	694	by (case_tac "KeyCryptKey ServKey SK evs5" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	695	by (asm_simp_tac analz_image_freshK_ss 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	696	(The KeyCryptKey ServKey SK evs5 case leads to a contradiction.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	697	by (blast_tac (claset() addSEs [ServKey_not_KeyCryptKey RSN(2, rev_notE)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	698	addEs spies_partsEs delrules [allE, ballE]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	699	( Level 14: Oops1 and Oops2 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	700	by (ALLGOALS Clarify_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	701	(Oops 2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	702	by (case_tac "Key ServKey : analz (spies evsO2)" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	703	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	704	by (forward_tac [analz_mono_KK] 2
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	705	THEN assume_tac 2
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	706	THEN assume_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	707	by (forward_tac [analz_cut] 2 THEN assume_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	708	by (blast_tac (claset() addDs [analz_cut, impOfSubs analz_mono]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	709	by (dres_inst_tac [("x","SK")] spec 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	710	by (dres_inst_tac [("x","insert ServKey KK")] spec 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	711	by (forward_tac [Says_Tgs_message_form] 2 THEN assume_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	712	by (Clarify_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	713	by (forward_tac [Says_imp_spies RS parts.Inj RS parts.Body
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	714	RS parts.Snd RS parts.Snd RS parts.Snd] 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	715	by (Asm_full_simp_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	716	by (blast_tac (claset() addSDs [ServKey_not_KeyCryptKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	717	addDs [impOfSubs analz_mono]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	718	(Level 28: Oops 1)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	719	by (dres_inst_tac [("x","SK")] spec 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	720	by (dres_inst_tac [("x","insert AuthKey KK")] spec 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	721	by (case_tac "KeyCryptKey AuthKey SK evsO1" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	722	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	723	by (blast_tac (claset() addSDs [KeyCryptKey_analz_insert]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	724	by (blast_tac (claset() addDs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	725	qed_spec_mp "Key_analz_image_Key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	726
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	727
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	728	(* First simplification law for analz: no session keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	729	(* authentication keys or shared keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	730	Goal "[\| evs : kerberos; K : (AuthKeys evs) Un range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	731	\ SesKey ~: range shrK \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	732	\ ==> Key K : analz (insert (Key SesKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	733	\ (K = SesKey \| Key K : analz (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	734	by (forward_tac [AuthKeys_are_not_KeyCryptKey] 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	735	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	736	qed "analz_insert_freshK1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	737
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	738
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	739	(* Second simplification law for analz: no service keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	740	(* any other keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	741	Goal "[\| evs : kerberos; ServKey ~: (AuthKeys evs); ServKey ~: range shrK\|]\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	742	\ ==> Key K : analz (insert (Key ServKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	743	\ (K = ServKey \| Key K : analz (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	744	by (forward_tac [not_AuthKeys_not_KeyCryptKey] 1
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	745	THEN assume_tac 1
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	746	THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	747	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	748	qed "analz_insert_freshK2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	749
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	750
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	751	(* Third simplification law for analz: only one authentication key *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	752	(* encrypts a certain service key. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	753	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	754	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	755	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	756	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	757	\ AuthKey ~= AuthKey'; AuthKey' ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	758	\ ==> Key ServKey : analz (insert (Key AuthKey') (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	759	\ (ServKey = AuthKey' \| Key ServKey : analz (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	760	by (dres_inst_tac [("AuthKey'","AuthKey'")] Says_Tgs_KeyCryptKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	761	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	762	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	763	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	764	qed "analz_insert_freshK3";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	765
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	766
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	767	(a weakness of the protocol)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	768	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	769	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	770	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	771	\ Key AuthKey : analz (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	772	\ ==> Key ServKey : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	773	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	774	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	775	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	776	qed "AuthKey_compromises_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	777
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	778
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	779	(******************** Guarantees for Kas ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	780	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	781	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	782	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	783	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	784	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	785	\ ==> ServKey ~: AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	786	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	787	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	788	by (asm_full_simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	789	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	790	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	791	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	792	bind_thm ("ServKey_notin_AuthKeys", result() RSN (2, rev_notE));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	793	bind_thm ("ServKey_notin_AuthKeysD", result());
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	794
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	795
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	796	(** If Spy sees the Authentication Key sent in msg K2, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	797	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	798	Goal "[\| A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	799	\ ==> Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	800	\ (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	801	\ {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	802	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	803	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	804	\ Key AuthKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	805	\ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	806	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	807	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	808	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	809	(asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	810	(simpset() addsimps ([Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	811	analz_insert_eq, not_parts_not_analz,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	812	analz_insert_freshK1] @ pushes))));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	813	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	814	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	815	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	816	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	817	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	818	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	819	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	820	(Level 8: K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	821	by (blast_tac (claset() addEs [ServKey_notin_AuthKeys]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	822	addDs [Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	823	Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	824	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	825	(Oops1)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	826	by (blast_tac (claset() addDs [unique_AuthKeys] addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	827	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	828	by (blast_tac (claset() addDs [Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	829	Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	830	val lemma = result() RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	831
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	832
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	833	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	834	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	835	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	836	\ ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	837	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	838	\ ==> Key AuthKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	839	by (forward_tac [Says_Kas_message_form] 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	840	by (blast_tac (claset() addSDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	841	qed "Confidentiality_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	842
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	843
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	844
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	845
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	846
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	847
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	848	(******************** Guarantees for Tgs ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	849
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	850	(** If Spy sees the Service Key sent in msg K4, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	851	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	852	Goal "[\| A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	853	\ ==> Key AuthKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	854	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	855	\ (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	856	\ {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	857	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	858	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	859	\ Key ServKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	860	\ ExpirServ Tt evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	861	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	862	(*The Oops1 case is unusual: must simplify Authkey ~: analz (spies (ev#evs))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	863	rather than weakening it to Authkey ~: analz (spies evs), for we then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	864	conclude AuthKey ~= AuthKeya.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	865	by (Clarify_tac 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	866	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	867	by (rotate_tac ~1 11);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	868	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	869	(asm_full_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	870	(simpset() addsimps ([Says_Kas_message_form, Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	871	analz_insert_eq, not_parts_not_analz,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	872	analz_insert_freshK1, analz_insert_freshK2] @ pushes))));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	873	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	874	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	875	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	876	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	877	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	878	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	879	by (case_tac "A ~= Aa" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	880	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	881	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	882	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	883	A_trusts_AuthTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	884	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	885	impOfSubs analz_subset_parts]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	886	by (ALLGOALS Clarify_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	887	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	888	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	889	Key_unique_SesKey] addIs [less_SucI]) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	890	( Level 12 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	891	(Oops1)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	892	by (forward_tac [Says_Kas_message_form] 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	893	by (assume_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	894	by (blast_tac (claset() addDs [analz_insert_freshK3,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	895	Says_Kas_message_form, Says_Tgs_message_form]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	896	addIs [less_SucI]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	897	( Level 16 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	898	by (thin_tac "Says Aa Tgs ?X : set ?evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	899	by (forward_tac [Says_imp_spies RS parts.Inj RS ServKey_notin_AuthKeysD] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	900	by (assume_tac 1 THEN Blast_tac 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	901	by (rotate_tac ~1 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	902	by (asm_full_simp_tac (simpset() addsimps [analz_insert_freshK2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	903	by (etac disjE 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	904	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	905	Key_unique_SesKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	906	by (blast_tac (claset() addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	907	val lemma = result() RS mp RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	908
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	909
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	910	(* In the real world Tgs can't check wheter AuthKey is secure! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	911	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	912	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	913	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	914	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	915	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	916	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	917	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	918	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	919	by (forward_tac [Says_Tgs_message_form] 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	920	by (blast_tac (claset() addDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	921	qed "Confidentiality_Tgs1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	922
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	923	(* In the real world Tgs CAN check what Kas sends! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	924	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	925	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	926	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	927	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	928	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	929	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	930	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	931	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	932	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	933	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	934	by (blast_tac (claset() addSDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	935	Confidentiality_Tgs1]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	936	qed "Confidentiality_Tgs2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	937
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	938	(Most general form)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	939	val Confidentiality_Tgs3 = A_trusts_AuthTicket RS Confidentiality_Tgs2;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	940
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	941
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	942	(******************** Guarantees for Alice ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	943
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	944	val Confidentiality_Auth_A = A_trusts_AuthKey RS Confidentiality_Kas;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	945
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	946	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	947	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	948	\ (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) : set evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	949	\ Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	950	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	951	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	952	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	953	\==> Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	954	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	955	by (forward_tac [Says_Kas_message_form] 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	956	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	957	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	958	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	959	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	960	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	961	(K2 and K4 remain)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	962	by (blast_tac (claset() addEs spies_partsEs addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	963	addSDs [unique_CryptKey]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	964	by (blast_tac (claset() addSDs [A_trusts_K4, Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	965	AuthKeys_used]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	966	qed "A_trusts_K4_bis";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	967
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	968
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	969	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	970	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	971	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	972	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	973	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	974	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	975	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	976	by (dtac A_trusts_AuthKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	977	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	978	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	979	by (blast_tac (claset() addDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	980	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	981	A_trusts_K4_bis, Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	982	qed "Confidentiality_Serv_A";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	983
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	984
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	985	(******************** Guarantees for Bob ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	986	(* Theorems for the refined model have suffix "refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	987
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	988	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	989	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	990	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	991	\ ==> EX Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	992	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	993	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	994	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	995	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	996	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	997	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	998	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	999	qed "K4_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1000
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1001	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1002	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1003	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1004	\ ==> EX Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1005	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1006	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1007	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1008	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1009	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1010	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1011	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1012	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1013	qed "K4_imp_K2_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1014
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1015	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1016	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1017	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1018	\==> EX AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1019	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1020	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1021	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1022	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1023	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1024	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1025	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1026	qed "B_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1027
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1028	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1029	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1030	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1031	\ ==> EX AuthKey Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1032	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1033	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1034	by (blast_tac (claset() addSDs [B_trusts_ServKey, K4_imp_K2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1035	qed "B_trusts_ServTicket_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1036
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1037	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1038	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1039	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1040	\ ==> EX AuthKey Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1041	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1042	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1043	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1044	by (blast_tac (claset() addSDs [B_trusts_ServKey,K4_imp_K2_refined]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1045	qed "B_trusts_ServTicket_Kas_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1046
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1047	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1048	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1049	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1050	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1051	\ Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1052	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1053	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1054	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1055	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1056	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1057	by (forward_tac [B_trusts_ServKey] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1058	by (etac exE 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1059	by (forward_tac [K4_imp_K2] 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1060	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1061	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1062	qed "B_trusts_ServTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1063
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1064	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1065	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1066	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1067	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1068	\ (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1069	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1070	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1071	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1072	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1073	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1074	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1075	by (forward_tac [B_trusts_ServKey] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1076	by (etac exE 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1077	by (forward_tac [K4_imp_K2_refined] 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1078	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1079	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1080	qed "B_trusts_ServTicket_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1081
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1082
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1083	Goal "[\| ~ ExpirServ Tt evs; ServLife + Tt <= AuthLife + Tk \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1084	\ ==> ~ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1085	by (blast_tac (claset() addDs [leI,le_trans] addEs [leE]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1086	qed "NotExpirServ_NotExpirAuth_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1087
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1088
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1089	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1090	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1091	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1092	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1093	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1094	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1095	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1096	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1097	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1098	by (forward_tac [A_trusts_AuthKey] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1099	by (forward_tac [Confidentiality_Kas] 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1100	by (forward_tac [B_trusts_ServTicket] 6);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1101	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1102	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1103	by (forward_tac [Says_Kas_message_form] 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1104	by (blast_tac (claset() addDs [A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1105	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1106	Confidentiality_Tgs2]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1107	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1108	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1109	The proof above executes in 8 secs. It can be done in one command in 50 secs:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1110	by (blast_tac (claset() addDs [A_trusts_AuthKey, A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1111	Says_Kas_message_form, B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1112	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1113	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1114	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1115	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1116	qed "Confidentiality_B";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1117
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1118
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1119	(Most general form -- only for refined model! )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1120	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1121	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1122	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1123	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1124	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1125	by (blast_tac (claset() addDs [B_trusts_ServTicket_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1126	NotExpirServ_NotExpirAuth_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1127	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1128	qed "Confidentiality_B_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1129
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1130
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1131	(******************** Authenticity theorems ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1132
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1133	(*1. Session Keys authenticity: they originated with servers.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1134
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1135	(Authenticity of AuthKey for A: "A_trusts_AuthKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1136
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1137	(Authenticity of ServKey for A: "A_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1138	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1139	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1140	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1141	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1142	\ ~ ExpirAuth Tk evs; A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1143	\==>Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1144	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1145	by (forward_tac [A_trusts_AuthKey] 1 THEN assume_tac 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1146	by (blast_tac (claset() addDs [Confidentiality_Auth_A, A_trusts_K4_bis]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1147	qed "A_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1148	(Note: requires a temporal check)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1149
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1150
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1151	(Authenticity of ServKey for B: "B_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1152
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1153	(***2. Parties authenticity: each party verifies "the identity of
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1154	another party who generated some data" (quoted from Neuman & Ts'o).***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1155
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1156	(*These guarantees don't assess whether two parties agree on
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1157	the same session key: sending a message containing a key
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1158	doesn't a priori state knowledge of the key.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1159
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1160	(*B checks authenticity of A: theorems "A_Authenticity",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1161	"A_authenticity_refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1162	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1163	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1164	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1165	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1166	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1167	\==> Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1168	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1169	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1170	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1171	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1172	by (forward_tac [Says_ticket_in_parts_spies] 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1173	by (forward_tac [Says_ticket_in_parts_spies] 7);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1174	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1175	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1176	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1177	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1178	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1179	addDs [A_trusts_AuthKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1180	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1181	Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1182	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1183	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1184	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1185	by (blast_tac (claset() addDs [Key_unique_SesKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1186	qed "Says_Auth";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1187
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1188	(The second assumption tells B what kind of key ServKey is.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1189	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1190	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1191	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1192	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1193	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1194	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1195	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1196	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1197	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1198	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1199	\ Crypt ServKey {\|Agent A, Number Ta\|} \|} : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1200	by (forward_tac [Confidentiality_B] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1201	by (forward_tac [B_trusts_ServKey] 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1202	by (etac exE 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1203	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1204	addSIs [Says_Auth]) 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1205	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1206	qed "A_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1207
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1208	(Stronger form in the refined model)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1209	Goal "[\| Crypt ServKey {\|Agent A, Number Ta2\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1210	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1211	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1212	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1213	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1214	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1215	\ Crypt ServKey {\|Agent A, Number Ta2\|} \|} : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1216	by (forward_tac [Confidentiality_B_refined] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1217	by (forward_tac [B_trusts_ServKey] 6);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1218	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1219	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1220	addSIs [Says_Auth]) 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1221	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1222	qed "A_Authenticity_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1223
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1224
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1225	(A checks authenticity of B: theorem "B_authenticity")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1226
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1227	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1228	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1229	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1230	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1231	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1232	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1233	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1234	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1235	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1236	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1237	by (forward_tac [Says_ticket_in_parts_spies] 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1238	by (forward_tac [Says_ticket_in_parts_spies] 7);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1239	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1240	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1241	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1242	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1243	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1244	by (forward_tac [Says_Tgs_message_form] 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1245	by (Clarify_tac 1); (PROOF FAILED if omitted)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1246	by (blast_tac (claset() addDs [unique_CryptKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1247	qed "Says_K6";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1248
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1249	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1250	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1251	\ Key AuthKey ~: analz (spies evs); AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1252	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1253	\ ==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1254	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1255	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1256	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1257	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1258	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1259	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1260	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1261	qed "K4_trustworthy";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1262
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1263	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1264	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1265	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1266	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1267	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1268	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1269	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1270	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1271	by (forward_tac [A_trusts_AuthKey] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1272	by (forward_tac [Says_Kas_message_form] 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1273	by (forward_tac [Confidentiality_Kas] 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1274	by (forward_tac [K4_trustworthy] 7);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1275	by (Blast_tac 8);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1276	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1277	by (forward_tac [K4_imp_K2] 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1278	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1279	addSIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1280	addSEs [Confidentiality_Tgs1 RSN (2,rev_notE)]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1281	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1282	qed "B_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1283
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1284
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1285	(***3. Parties' knowledge of session keys. A knows a session key if she
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1286	used it to build a cipher.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1287
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1288	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1289	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1290	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1291	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1292	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1293	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1294	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1295	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1296	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1297	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1298	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1299	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1300	by (forward_tac [Says_ticket_in_parts_spies] 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1301	by (forward_tac [Says_ticket_in_parts_spies] 7);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1302	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1303	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1304	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1305	(K6 requires numerous lemmas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1306	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1307	by (blast_tac (claset() addDs [B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1308	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1309	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1310	addIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1311	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1312	qed "B_Knows_B_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1313	(*Key ServKey ~: analz (spies evs) could be relaxed by Confidentiality_B
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1314	but this is irrelevant because B knows what he knows! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1315
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1316	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1317	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1318	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1319	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1320	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1321	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1322	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1323	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1324	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1325	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1326	by (blast_tac (claset() addSDs [Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1327	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1328	qed "B_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1329
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1330	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1331	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1332	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1333	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1334	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1335	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1336	by (blast_tac (claset() addSDs [Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1337	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1338	qed "B_Knows_B_Knows_ServKey_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1339
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1340
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1341	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1342	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1343	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1344	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1345	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1346	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1347	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1348	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1349	by (blast_tac (claset() addSDs [B_Authenticity, Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1350	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1351	qed "A_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1352
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1353	Goal "[\| Says A Tgs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1354	\ {\|AuthTicket, Crypt AuthKey {\|Agent A, Number Ta\|}, Agent B\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1355	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1356	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1357	\ ==> EX Tk. Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1358	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1359	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1360	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1361	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1362	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1363	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1364	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1365	A_trusts_AuthKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1366	qed "K3_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1367
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1368	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1369	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1370	\ Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1371	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1372	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1373	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1374	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1375	\ ==> Says Tgs A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1376	\ {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1377	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1378	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1379	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1380	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1381	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1382	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1383	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1384	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1385	A_trusts_AuthTicket, unique_AuthKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1386	qed "K4_trustworthy'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1387
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1388	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1389	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1390	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1391	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1392	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1393	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1394	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1395	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1396	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1397	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1398	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1399	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1400	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1401	by (forward_tac [Says_ticket_in_parts_spies] 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1402	by (forward_tac [Says_ticket_in_parts_spies] 7);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1403	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1404	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1405	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1406	(K6)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1407	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1408	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1409	(*Level 15: case study necessary because the assumption doesn't state
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1410	the form of ServTicket. The guarantee becomes stronger.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1411	by (case_tac "Key AuthKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1412	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1413	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1414	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1415	by (blast_tac (claset() addDs [K3_imp_K2, K4_trustworthy',
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1416	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1417	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1418	addIs [Says_Auth]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1419	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1420	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1421	qed "A_Knows_A_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1422
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1423	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1424	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1425	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1426	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1427	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1428	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1429	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1430	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1431	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1432	by (blast_tac (claset() addSDs [Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1433	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1434	qed "A_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1435
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1436	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1437	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1438	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1439	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1440	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1441	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1442	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1443	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1444	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1445	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1446	by (blast_tac (claset() addDs [A_Authenticity, Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1447	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1448	qed "B_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1449
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1450
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1451	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1452	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1453	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1454	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1455	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1456	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1457	by (blast_tac (claset() addDs [A_Authenticity_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1458	Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1459	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1460	qed "B_Knows_A_Knows_ServKey_refined";

author	wenzelm
	Tue, 27 Apr 1999 10:50:50 +0200
changeset 6522	2f6cec5c046f
parent 6452	6a1b393ccdc0
child 7239	26685edee372
permissions	-rw-r--r--