isabelle: src/HOL/Auth/Kerberos_BAN.ML@77bd19f782e6 (annotated)

5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	1	(* Title: HOL/Auth/Kerberos_BAN
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	2	ID: $Id$
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	3	Author: Giampaolo Bella, Cambridge University Computer Laboratory
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	4	Copyright 1998 University of Cambridge
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	5
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	6	The Kerberos protocol, BAN version.
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	7
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	8	From page 251 of
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	9	Burrows, Abadi and Needham. A Logic of Authentication.
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	10	Proc. Royal Soc. 426 (1989)
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	11
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	12	Tidied by lcp.
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	13	*)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	14
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	15	open Kerberos_BAN;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	16
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	17	(*
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	18	Confidentiality (secrecy) and authentication properties rely on
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	19	temporal checks: strong guarantees in a little abstracted - but
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	20	very realistic - model (see .thy).
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	21
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	22	Total execution time: 158s
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	23	*)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	24
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	25	proof_timing:=true;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	26	HOL_quantifiers := false;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	27
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	28	AddEs spies_partsEs;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	29	AddDs [impOfSubs analz_subset_parts];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	30	AddDs [impOfSubs Fake_parts_insert];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	31
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	32	AddIffs [SesKeyLife_LB, AutLife_LB];
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	33
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	34
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	35	(A "possibility property": there are traces that reach the end.)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	36	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	37	"!!A B. [\| A ~= B; A ~= Server; B ~= Server \|] \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	38	\ ==> EX Timestamp K. EX evs: kerberos_ban. \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	39	\ Says B A (Crypt K (Number Timestamp)) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	40	\ : set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	41	by (REPEAT (resolve_tac [exI,bexI] 1));
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	42	by (rtac (kerberos_ban.Nil RS kerberos_ban.Kb1 RS kerberos_ban.Kb2 RS
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	43	kerberos_ban.Kb3 RS kerberos_ban.Kb4) 2);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	44	by possibility_tac;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	45	by (ALLGOALS (simp_tac (simpset() addsimps [leD]))); (from NatDef.ML!!!!)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	46	by (cut_facts_tac [SesKeyLife_LB] 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	47	by (trans_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	48	result();
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	49
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	50
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	51
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	52	(** Inductive proofs about kerberos_ban **)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	53
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	54	(Nobody sends themselves messages)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	55	goal thy "!!evs. evs : kerberos_ban ==> ALL A X. Says A A X ~: set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	56	by (etac kerberos_ban.induct 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	57	by Auto_tac;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	58	qed_spec_mp "not_Says_to_self";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	59	Addsimps [not_Says_to_self];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	60	AddSEs [not_Says_to_self RSN (2, rev_notE)];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	61
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	62
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	63	(Forwarding Lemma for reasoning about the encrypted portion of message Kb3)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	64	goal thy "!!evs. Says S A (Crypt KA {\|Timestamp, B, K, X\|}) : set evs \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	65	\ ==> X : parts (spies evs)";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	66	by (Blast_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	67	qed "Kb3_msg_in_parts_spies";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	68
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	69	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	70	"!!evs. Says Server A (Crypt (shrK A) {\|Timestamp, B, K, X\|}) : set evs \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	71	\ ==> K : parts (spies evs)";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	72	by (Blast_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	73	qed "Oops_parts_spies";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	74
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	75	(For proving the easier theorems about X ~: parts (spies evs).)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	76	fun parts_induct_tac i =
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	77	etac kerberos_ban.induct i THEN
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	78	forward_tac [Oops_parts_spies] (i+6) THEN
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	79	forward_tac [Kb3_msg_in_parts_spies] (i+4) THEN
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	80	prove_simple_subgoals_tac i;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	81
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	82
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	83	(Spy never sees another agent's shared key! (unless it's bad at start))
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	84	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	85	"!!evs. evs : kerberos_ban ==> (Key (shrK A) : parts (spies evs)) = (A : bad)";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	86	by (parts_induct_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	87	by (ALLGOALS Blast_tac);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	88	qed "Spy_see_shrK";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	89	Addsimps [Spy_see_shrK];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	90
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	91
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	92	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	93	"!!evs. evs : kerberos_ban ==> (Key (shrK A) : analz (spies evs)) = (A : bad)";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	94	by Auto_tac;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	95	qed "Spy_analz_shrK";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	96	Addsimps [Spy_analz_shrK];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	97
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	98	goal thy "!!A. [\| Key (shrK A) : parts (spies evs); \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	99	\ evs : kerberos_ban \|] ==> A:bad";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	100	by (blast_tac (claset() addDs [Spy_see_shrK]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	101	qed "Spy_see_shrK_D";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	102
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	103	bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	104	AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	105
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	106
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	107	(Nobody can have used non-existent keys!)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	108	goal thy "!!evs. evs : kerberos_ban ==> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	109	\ Key K ~: used evs --> K ~: keysFor (parts (spies evs))";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	110	by (parts_induct_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	111	(Fake)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	112	by (blast_tac (claset() addSDs [keysFor_parts_insert]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	113	(Kb2, Kb3, Kb4)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	114	by (ALLGOALS Blast_tac);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	115	qed_spec_mp "new_keys_not_used";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	116
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	117	bind_thm ("new_keys_not_analzd",
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	118	[analz_subset_parts RS keysFor_mono,
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	119	new_keys_not_used] MRS contra_subsetD);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	120
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	121	Addsimps [new_keys_not_used, new_keys_not_analzd];
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	122
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	123
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	124	( Lemmas concerning the form of items passed in messages )
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	125
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	126	(Describes the form of K, X and K' when the Server sends this message.)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	127	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	128	"!!evs. [\| Says Server A (Crypt K' {\|Number Ts, Agent B, Key K, X\|}) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	129	\ : set evs; evs : kerberos_ban \|] \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	130	\ ==> K ~: range shrK & \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	131	\ X = (Crypt (shrK B) {\|Number Ts, Agent A, Key K\|}) & \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	132	\ K' = shrK A";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	133	by (etac rev_mp 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	134	by (etac kerberos_ban.induct 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	135	by Auto_tac;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	136	qed "Says_Server_message_form";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	137
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	138
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	139	(*If the encrypted message appears then it originated with the Server
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	140	PROVIDED that A is NOT compromised!
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	141
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	142	This shows implicitly the FRESHNESS OF THE SESSION KEY to A
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	143	*)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	144	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	145	"!!evs. [\| Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|} \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	146	\ : parts (spies evs); \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	147	\ A ~: bad; evs : kerberos_ban \|] \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	148	\ ==> Says Server A (Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|}) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	149	\ : set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	150	by (etac rev_mp 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	151	by (parts_induct_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	152	by (Blast_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	153	qed "A_trusts_K_by_Kb2";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	154
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	155
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	156	(If the TICKET appears then it originated with the Server)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	157	(FRESHNESS OF THE SESSION KEY to B)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	158	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	159	"!!evs. [\| Crypt (shrK B) {\|Number Ts, Agent A, Key K\|} : parts (spies evs); \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	160	\ B ~: bad; evs : kerberos_ban \|] \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	161	\ ==> Says Server A \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	162	\ (Crypt (shrK A) {\|Number Ts, Agent B, Key K, \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	163	\ Crypt (shrK B) {\|Number Ts, Agent A, Key K\|}\|}) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	164	\ : set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	165	by (etac rev_mp 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	166	by (parts_induct_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	167	by (Blast_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	168	qed "B_trusts_K_by_Kb3";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	169
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	170
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	171	(*EITHER describes the form of X when the following message is sent,
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	172	OR reduces it to the Fake case.
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	173	Use Says_Server_message_form if applicable.*)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	174	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	175	"!!evs. [\| Says S A (Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|}) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	176	\ : set evs; \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	177	\ evs : kerberos_ban \|] \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	178	\ ==> (K ~: range shrK & X = (Crypt (shrK B) {\|Number Ts, Agent A, Key K\|}))\
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	179	\ \| X : analz (spies evs)";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	180	by (case_tac "A : bad" 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	181	by (fast_tac (claset() addSDs [Says_imp_spies RS analz.Inj]
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	182	addss (simpset())) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	183	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	184	by (blast_tac (claset() addSDs [A_trusts_K_by_Kb2,
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	185	Says_Server_message_form]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	186	qed "Says_S_message_form";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	187
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	188
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	189	(For proofs involving analz.)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	190	val analz_spies_tac =
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	191	forward_tac [Says_Server_message_form] 7 THEN
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	192	forward_tac [Says_S_message_form] 5 THEN
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	193	REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE] ORELSE' hyp_subst_tac);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	194
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	195
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	196	(****
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	197	The following is to prove theorems of the form
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	198
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	199	Key K : analz (insert (Key KAB) (spies evs)) ==>
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	200	Key K : analz (spies evs)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	201
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	202	A more general formula must be proved inductively.
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	203
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	204	****)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	205
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	206
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	207	( Session keys are not used to encrypt other session keys )
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	208
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	209	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	210	"!!evs. evs : kerberos_ban ==> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	211	\ ALL K KK. KK <= Compl (range shrK) --> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	212	\ (Key K : analz (Key``KK Un (spies evs))) = \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	213	\ (K : KK \| Key K : analz (spies evs))";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	214	by (etac kerberos_ban.induct 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	215	by analz_spies_tac;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	216	by (REPEAT_FIRST (resolve_tac [allI, impI]));
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	217	by (REPEAT_FIRST (rtac analz_image_freshK_lemma));
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	218	(Takes 5 secs)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	219	by (ALLGOALS (asm_simp_tac analz_image_freshK_ss));
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	220	(Fake)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	221	by (spy_analz_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	222	qed_spec_mp "analz_image_freshK";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	223
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	224
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	225	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	226	"!!evs. [\| evs : kerberos_ban; KAB ~: range shrK \|] ==> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	227	\ Key K : analz (insert (Key KAB) (spies evs)) = \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	228	\ (K = KAB \| Key K : analz (spies evs))";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	229	by (asm_simp_tac (analz_image_freshK_ss addsimps [analz_image_freshK]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	230	qed "analz_insert_freshK";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	231
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	232
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	233	( The session key K uniquely identifies the message )
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	234
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	235	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	236	"!!evs. evs : kerberos_ban ==> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	237	\ EX A' Ts' B' X'. ALL A Ts B X. \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	238	\ Says Server A (Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|}) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	239	\ : set evs \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	240	\ --> A=A' & Ts=Ts' & B=B' & X=X'";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	241	by (etac kerberos_ban.induct 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	242	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	243	by Safe_tac;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	244	(Kb2: it can't be a new key)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	245	by (expand_case_tac "K = ?y" 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	246	by (REPEAT (ares_tac [refl,exI,impI,conjI] 2));
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	247	by (blast_tac (claset() delrules [conjI]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	248	val lemma = result();
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	249
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	250	(In messages of this form, the session key uniquely identifies the rest)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	251	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	252	"!!evs. [\| Says Server A \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	253	\ (Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|}) : set evs; \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	254	\ Says Server A' \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	255	\ (Crypt (shrK A') {\|Number Ts', Agent B', Key K, X'\|}) : set evs;\
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	256	\ evs : kerberos_ban \|] ==> A=A' & Ts=Ts' & B=B' & X = X'";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	257	by (prove_unique_tac lemma 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	258	qed "unique_session_keys";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	259
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	260
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	261	(** Lemma: the session key sent in msg Kb2 would be EXPIRED
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	262	if the spy could see it!
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	263	**)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	264
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	265	goal thy
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	266	"!!evs. [\| A ~: bad; B ~: bad; evs : kerberos_ban \|] \
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	267	\ ==> Says Server A \
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	268	\ (Crypt (shrK A) {\|Number Ts, Agent B, Key K, \
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	269	\ Crypt (shrK B) {\|Number Ts, Agent A, Key K\|}\|})\
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	270	\ : set evs --> \
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	271	\ Key K : analz (spies evs) --> Expired Ts evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	272	by (etac kerberos_ban.induct 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	273	by analz_spies_tac;
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	274	by (ALLGOALS
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	275	(asm_simp_tac (simpset() addsimps ([analz_insert_eq, analz_insert_freshK]
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	276	@ pushes))));
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	277	(Oops)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	278	by (blast_tac (claset() addDs [unique_session_keys] addIs [less_SucI]) 4);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	279	(Kb2)
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	280	by (blast_tac (claset() addIs [parts_insertI, less_SucI]) 2);
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	281	(Fake)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	282	by (spy_analz_tac 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	283	(LEVEL 6 )
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	284	(Kb3)
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	285	by (case_tac "Aa : bad" 1);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	286	by (blast_tac (claset() addDs [A_trusts_K_by_Kb2, unique_session_keys]) 2);
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	287	by (blast_tac (claset() addDs [Says_imp_spies RS analz.Inj,
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	288	Crypt_Spy_analz_bad, analz.Fst, analz.Snd]
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	289	addIs [less_SucI]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	290	val lemma = result() RS mp RS mp RSN(1,rev_notE);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	291
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	292
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	293	(** CONFIDENTIALITY for the SERVER:
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	294	Spy does not see the keys sent in msg Kb2
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	295	as long as they have NOT EXPIRED
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	296	**)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	297	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	298	"!!evs. [\| Says Server A \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	299	\ (Crypt K' {\|Number T, Agent B, Key K, X\|}) : set evs; \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	300	\ ~ Expired T evs; \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	301	\ A ~: bad; B ~: bad; evs : kerberos_ban \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	302	\ \|] ==> Key K ~: analz (spies evs)";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	303	by (forward_tac [Says_Server_message_form] 1 THEN assume_tac 1);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	304	by (Clarify_tac 1); (prevents PROOF FAILED)
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	305	by (blast_tac (claset() addSEs [lemma]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	306	qed "Confidentiality_S";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	307
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	308	(**** THE COUNTERPART OF CONFIDENTIALITY
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	309	[\|...; Expired Ts evs; ...\|] ==> Key K : analz (spies evs)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	310	WOULD HOLD ONLY IF AN OOPS OCCURRED! ---> Nothing to prove! ****)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	311
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	312
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	313	( CONFIDENTIALITY for ALICE: )
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	314	( Also A_trusts_K_by_Kb2 RS Confidentiality_S )
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	315	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	316	"!!evs. [\| Crypt (shrK A) {\|Number T, Agent B, Key K, X\|} : parts (spies evs);\
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	317	\ ~ Expired T evs; \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	318	\ A ~: bad; B ~: bad; evs : kerberos_ban \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	319	\ \|] ==> Key K ~: analz (spies evs)";
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	320	by (blast_tac (claset() addSDs [A_trusts_K_by_Kb2, Confidentiality_S]) 1);
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	321	qed "Confidentiality_A";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	322
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	323
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	324	( CONFIDENTIALITY for BOB: )
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	325	( Also B_trusts_K_by_Kb3 RS Confidentiality_S )
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	326	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	327	"!!evs. [\| Crypt (shrK B) {\|Number Tk, Agent A, Key K\|} \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	328	\ : parts (spies evs); \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	329	\ ~ Expired Tk evs; \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	330	\ A ~: bad; B ~: bad; evs : kerberos_ban \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	331	\ \|] ==> Key K ~: analz (spies evs)";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	332	by (blast_tac (claset() addSDs [B_trusts_K_by_Kb3,
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	333	Confidentiality_S]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	334	qed "Confidentiality_B";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	335
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	336
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	337	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	338	"!!evs. [\| B ~: bad; evs : kerberos_ban \|] \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	339	\ ==> Key K ~: analz (spies evs) --> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	340	\ Says Server A (Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|}) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	341	\ : set evs --> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	342	\ Crypt K (Number Ta) : parts (spies evs) --> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	343	\ Says B A (Crypt K (Number Ta)) : set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	344	by (etac kerberos_ban.induct 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	345	by (forward_tac [Says_S_message_form] 5 THEN assume_tac 5);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	346	by (dtac Kb3_msg_in_parts_spies 5);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	347	by (forward_tac [Oops_parts_spies] 7);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	348	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	349	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	350	(LEVEL 6)
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	351	by (Blast_tac 1);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	352	by (Clarify_tac 1);
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	353	(*
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	354	Subgoal 1: contradiction from the assumptions
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	355	Key K ~: used evs2 and Crypt K (Number Ta) : parts (spies evs2)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	356	*)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	357	by (dtac Crypt_imp_invKey_keysFor 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	358	by (Asm_full_simp_tac 1);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	359	(* the two tactics above detect the contradiction*)
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	360	by (case_tac "Ba : bad" 1); (splits up the subgoal by the stated case)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	361	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	362	B_trusts_K_by_Kb3,
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	363	unique_session_keys]) 2);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	364	by (blast_tac (claset() addDs [Says_imp_spies RS analz.Inj RS analz.Fst RS
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	365	Crypt_Spy_analz_bad]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	366	val lemma_B = result();
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	367
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	368
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	369	(AUTHENTICATION OF B TO A)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	370	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	371	"!!evs. [\| Crypt K (Number Ta) : parts (spies evs); \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	372	\ Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|} \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	373	\ : parts (spies evs); \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	374	\ ~ Expired Ts evs; \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	375	\ A ~: bad; B ~: bad; evs : kerberos_ban \|] \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	376	\ ==> Says B A (Crypt K (Number Ta)) : set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	377	by (blast_tac (claset() addSDs [A_trusts_K_by_Kb2]
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	378	addSIs [lemma_B RS mp RS mp RS mp]
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	379	addSEs [Confidentiality_S RSN (2,rev_notE)]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	380	qed "Authentication_B";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	381
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	382
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	383	goal thy
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	384	"!!evs. [\| A ~: bad; B ~: bad; evs : kerberos_ban \|] ==> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	385	\ Key K ~: analz (spies evs) --> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	386	\ Says Server A (Crypt (shrK A) {\|Number Ts, Agent B, Key K, X\|}) \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	387	\ : set evs --> \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	388	\ Crypt K {\|Agent A, Number Ta\|} : parts (spies evs) -->\
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	389	\ Says A B {\|X, Crypt K {\|Agent A, Number Ta\|}\|} \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	390	\ : set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	391	by (etac kerberos_ban.induct 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	392	by (forward_tac [Says_S_message_form] 5 THEN assume_tac 5);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	393	by (forward_tac [Kb3_msg_in_parts_spies] 5);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	394	by (forward_tac [Oops_parts_spies] 7);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	395	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	396	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	397	(LEVEL 6)
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	398	by (Blast_tac 1);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	399	by (Clarify_tac 1);
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	400	by (dtac Crypt_imp_invKey_keysFor 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	401	by (Asm_full_simp_tac 1);
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	402	by (blast_tac (claset() addDs [A_trusts_K_by_Kb2, unique_session_keys]) 1);
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	403	val lemma_A = result();
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	404
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	405
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	406	(AUTHENTICATION OF A TO B)
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	407	goal thy
5064 77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	408	"!!evs. [\| Crypt K {\|Agent A, Number Ta\|} : parts (spies evs); \
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	409	\ Crypt (shrK B) {\|Number Ts, Agent A, Key K\|} \
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	410	\ : parts (spies evs); \
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	411	\ ~ Expired Ts evs; \
77bd19f782e6 simplified and tidied the proofs paulson parents: 5053 diff changeset	412	\ A ~: bad; B ~: bad; evs : kerberos_ban \|] \
5053 75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	413	\ ==> Says A B {\|Crypt (shrK B) {\|Number Ts, Agent A, Key K\|}, \
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	414	\ Crypt K {\|Agent A, Number Ta\|}\|} : set evs";
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	415	by (blast_tac (claset() addSDs [B_trusts_K_by_Kb3]
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	416	addSIs [lemma_A RS mp RS mp RS mp]
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	417	addSEs [Confidentiality_S RSN (2,rev_notE)]) 1);
75d20f367e94 New example Kerberos_BAN by G Bella paulson parents: diff changeset	418	qed "Authentication_A";

author	paulson
	Mon, 22 Jun 1998 15:49:29 +0200
changeset 5064	77bd19f782e6
parent 5053	75d20f367e94
child 5076	fbc9d95b62ba
permissions	-rw-r--r--