|
5053
|
1 |
(* Title: HOL/Auth/Kerberos_BAN
|
|
|
2 |
ID: $Id$
|
|
|
3 |
Author: Giampaolo Bella, Cambridge University Computer Laboratory
|
|
|
4 |
Copyright 1998 University of Cambridge
|
|
|
5 |
|
|
|
6 |
The Kerberos protocol, BAN version.
|
|
|
7 |
|
|
|
8 |
From page 251 of
|
|
|
9 |
Burrows, Abadi and Needham. A Logic of Authentication.
|
|
|
10 |
Proc. Royal Soc. 426 (1989)
|
|
|
11 |
*)
|
|
|
12 |
|
|
|
13 |
Kerberos_BAN = Shared +
|
|
|
14 |
|
|
|
15 |
(* Temporal modelization: session keys can be leaked
|
|
|
16 |
ONLY when they have expired *)
|
|
|
17 |
|
|
|
18 |
syntax
|
|
|
19 |
CT :: event list=>nat
|
|
|
20 |
Expired :: [nat, event list] => bool
|
|
|
21 |
RecentAuth :: [nat, event list] => bool
|
|
|
22 |
|
|
|
23 |
consts
|
|
|
24 |
|
|
|
25 |
(*Duration of the session key*)
|
|
|
26 |
SesKeyLife :: nat
|
|
|
27 |
|
|
|
28 |
(*Duration of the authenticator*)
|
|
|
29 |
AutLife :: nat
|
|
|
30 |
|
|
|
31 |
rules
|
|
|
32 |
(*The ticket should remain fresh for two journeys on the network at least*)
|
|
|
33 |
SesKeyLife_LB "2 <= SesKeyLife"
|
|
|
34 |
|
|
|
35 |
(*The authenticator only for one journey*)
|
|
|
36 |
AutLife_LB "1 <= AutLife"
|
|
|
37 |
|
|
|
38 |
translations
|
|
|
39 |
"CT" == "length"
|
|
|
40 |
|
|
|
41 |
"Expired T evs" == "SesKeyLife + T < CT evs"
|
|
|
42 |
|
|
|
43 |
"RecentAuth T evs" == "CT evs <= AutLife + T"
|
|
|
44 |
|
|
|
45 |
consts kerberos_ban :: event list set
|
|
|
46 |
inductive "kerberos_ban"
|
|
|
47 |
intrs
|
|
|
48 |
|
|
|
49 |
Nil "[]: kerberos_ban"
|
|
|
50 |
|
|
|
51 |
|
|
|
52 |
Fake "[| evs: kerberos_ban; B ~= Spy;
|
|
|
53 |
X: synth (analz (spies evs)) |]
|
|
|
54 |
==> Says Spy B X # evs : kerberos_ban"
|
|
|
55 |
|
|
|
56 |
|
|
|
57 |
Kb1 "[| evs1: kerberos_ban; A ~= Server |]
|
|
|
58 |
==> Says A Server {|Agent A, Agent B|} # evs1
|
|
|
59 |
: kerberos_ban"
|
|
|
60 |
|
|
|
61 |
|
|
|
62 |
Kb2 "[| evs2: kerberos_ban; A ~= B; A ~= Server; Key KAB ~: used evs2;
|
|
|
63 |
Says A' Server {|Agent A, Agent B|} : set evs2 |]
|
|
|
64 |
==> Says Server A
|
|
|
65 |
(Crypt (shrK A)
|
|
|
66 |
{|Number (CT evs2), Agent B, Key KAB,
|
|
|
67 |
(Crypt (shrK B) {|Number (CT evs2), Agent A, Key KAB|})|})
|
|
|
68 |
# evs2 : kerberos_ban"
|
|
|
69 |
|
|
|
70 |
|
|
|
71 |
Kb3 "[| evs3: kerberos_ban; A ~= B;
|
|
|
72 |
Says S A (Crypt (shrK A) {|Number Ts, Agent B, Key K, X|})
|
|
|
73 |
: set evs3;
|
|
|
74 |
Says A Server {|Agent A, Agent B|} : set evs3;
|
|
|
75 |
~ Expired Ts evs3 |]
|
|
|
76 |
==> Says A B {|X, Crypt K {|Agent A, Number (CT evs3)|} |}
|
|
|
77 |
# evs3 : kerberos_ban"
|
|
|
78 |
|
|
|
79 |
|
|
|
80 |
Kb4 "[| evs4: kerberos_ban; A ~= B;
|
|
|
81 |
Says A' B {|(Crypt (shrK B) {|Number Ts, Agent A, Key K|}),
|
|
|
82 |
(Crypt K {|Agent A, Number Ta|}) |}: set evs4;
|
|
|
83 |
~ Expired Ts evs4;
|
|
|
84 |
RecentAuth Ta evs4|]
|
|
|
85 |
==> Says B A (Crypt K (Number Ta)) # evs4
|
|
|
86 |
: kerberos_ban"
|
|
|
87 |
|
|
|
88 |
|
|
|
89 |
(*The session key has EXPIRED when it gets lost *)
|
|
|
90 |
Oops "[| evso: kerberos_ban; A ~= Spy;
|
|
|
91 |
Says Server A (Crypt (shrK A) {|Number Ts, Agent B, Key K, X|})
|
|
|
92 |
: set evso;
|
|
|
93 |
Expired Ts evso |]
|
|
|
94 |
==> Says A Spy {|Number Ts, Key K|} # evso : kerberos_ban"
|
|
|
95 |
|
|
|
96 |
|
|
|
97 |
end
|