isabelle: src/HOL/Auth/KerberosIV.ML@d8b3613158b1 (annotated)

6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1	(* Title: HOL/Auth/KerberosIV
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	2	ID: $Id$
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	3	Author: Giampaolo Bella, Cambridge University Computer Laboratory
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	4	Copyright 1998 University of Cambridge
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	5
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	6	The Kerberos protocol, version IV.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	7	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	8
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	9	Pretty.setdepth 20;
9000 c20d58286a51 cleaned up; wenzelm parents: 8954 diff changeset	10	set timing;
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	11
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	12	AddIffs [AuthLife_LB, ServLife_LB, AutcLife_LB, RespLife_LB, Tgs_not_bad];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	13
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	14
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	15	( Reversed traces )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	16
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	17	Goal "spies (evs @ [Says A B X]) = insert X (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	18	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	19	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	20	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	21	qed "spies_Says_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	22
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	23	Goal "spies (evs @ [Gets A X]) = spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	24	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	25	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	26	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	27	qed "spies_Gets_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	28
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	29	Goal "spies (evs @ [Notes A X]) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	30	\ (if A:bad then insert X (spies evs) else spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	31	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	32	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	33	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	34	qed "spies_Notes_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	35
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	36	Goal "spies evs = spies (rev evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	37	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	38	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	39	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	40	(asm_simp_tac (simpset() addsimps [spies_Says_rev, spies_Gets_rev,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	41	spies_Notes_rev])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	42	qed "spies_evs_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	43	bind_thm ("parts_spies_evs_revD2", spies_evs_rev RS equalityD2 RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	44
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	45	Goal "spies (takeWhile P evs) <= spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	46	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	47	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	48	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	49	(* Resembles "used_subset_append" in Event.ML*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	50	qed "spies_takeWhile";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	51	bind_thm ("parts_spies_takeWhile_mono", spies_takeWhile RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	52
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	53	Goal "~P(x) --> takeWhile P (xs @ [x]) = takeWhile P xs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	54	by (induct_tac "xs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	55	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	56	qed "takeWhile_tail";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	57
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	58
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	59	(***************LEMMAS ABOUT AuthKeys**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	60
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	61	Goalw [AuthKeys_def] "AuthKeys [] = {}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	62	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	63	qed "AuthKeys_empty";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	64
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	65	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	66	"(ALL A Tk akey Peer. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	67	\ ev ~= Says Kas A (Crypt (shrK A) {\|akey, Agent Peer, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	68	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, akey, Tk\|})\|}))\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	69	\ ==> AuthKeys (ev # evs) = AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	70	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	71	qed "AuthKeys_not_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	72
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	73	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	74	"AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	75	\ (Says Kas A (Crypt (shrK A) {\|Key K, Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	76	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K, Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	77	\ = insert K (AuthKeys evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	78	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	79	qed "AuthKeys_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	80
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	81	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	82	"K : AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	83	\ (Says Kas A (Crypt (shrK A) {\|Key K', Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	84	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K', Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	85	\ ==> K = K' \| K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	86	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	87	qed "AuthKeys_simp";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	88
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	89	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	90	"Says Kas A (Crypt (shrK A) {\|Key K, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	91	\ (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key K, Number Tk\|})\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	92	\ ==> K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	93	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	94	qed "AuthKeysI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	95
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	96	Goalw [AuthKeys_def] "K : AuthKeys evs ==> Key K : used evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	97	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	98	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	99	qed "AuthKeys_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	100
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	101
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	102	(** FORWARDING LEMMAS **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	103
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	104	(--For reasoning about the encrypted portion of message K3--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	105	Goal "Says Kas' A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	106	\ : set evs ==> AuthTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	107	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	108	qed "K3_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	109
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	110	Goal "Says Kas A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	111	\ : set evs ==> AuthKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	112	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	113	qed "Oops_parts_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	114
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	115	Goal "[\| Says Kas A (Crypt KeyA {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	116	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	117	\ evs : kerberos \|] ==> AuthKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	118	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	119	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	120	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	121	qed "Oops_range_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	122
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	123	(--For reasoning about the encrypted portion of message K5--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	124	Goal "Says Tgs' A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	125	\ : set evs ==> ServTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	126	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	127	qed "K5_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	128
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	129	Goal "Says Tgs A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	130	\ : set evs ==> ServKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	131	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	132	qed "Oops_parts_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	133
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	134	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	135	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	136	\ evs : kerberos \|] ==> ServKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	137	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	138	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	139	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	140	qed "Oops_range_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	141
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	142	Goal "Says S A (Crypt K {\|SesKey, B, TimeStamp, Ticket\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	143	\ ==> Ticket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	144	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	145	qed "Says_ticket_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	146	(Replaces both K3_msg_in_parts_spies and K5_msg_in_parts_spies)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	147
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	148	fun parts_induct_tac i =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	149	etac kerberos.induct i THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	150	REPEAT (FIRSTGOAL analz_mono_contra_tac) THEN
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	151	ftac K3_msg_in_parts_spies (i+4) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	152	ftac K5_msg_in_parts_spies (i+6) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	153	ftac Oops_parts_spies1 (i+8) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	154	ftac Oops_parts_spies2 (i+9) THEN
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	155	prove_simple_subgoals_tac 1;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	156
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	157
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	158	(Spy never sees another agent's shared key! (unless it's lost at start))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	159	Goal "evs : kerberos ==> (Key (shrK A) : parts (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	160	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	161	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	162	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	163	qed "Spy_see_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	164	Addsimps [Spy_see_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	165
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	166	Goal "evs : kerberos ==> (Key (shrK A) : analz (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	167	by (auto_tac (claset() addDs [impOfSubs analz_subset_parts], simpset()));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	168	qed "Spy_analz_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	169	Addsimps [Spy_analz_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	170
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	171	Goal "[\| Key (shrK A) : parts (spies evs); evs : kerberos \|] ==> A:bad";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	172	by (blast_tac (claset() addDs [Spy_see_shrK]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	173	qed "Spy_see_shrK_D";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	174	bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	175	AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	176
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	177	(Nobody can have used non-existent keys!)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	178	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	179	\ Key K ~: used evs --> K ~: keysFor (parts (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	180	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	181	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	182	by (best_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	183	(claset() addSDs [impOfSubs (parts_insert_subset_Un RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	184	addIs [impOfSubs analz_subset_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	185	addDs [impOfSubs (analz_subset_parts RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	186	addss (simpset())) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	187	(Others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	188	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	189	qed_spec_mp "new_keys_not_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	190
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	191	bind_thm ("new_keys_not_analzd",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	192	[analz_subset_parts RS keysFor_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	193	new_keys_not_used] MRS contra_subsetD);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	194
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	195	Addsimps [new_keys_not_used, new_keys_not_analzd];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	196
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	197
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	198	(********************* REGULARITY LEMMAS *********************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	199	(* concerning the form of items passed in messages *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	200	(*****************************************************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	201
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	202	(Describes the form of AuthKey, AuthTicket, and K sent by Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	203	Goal "[\| Says Kas A (Crypt K {\|Key AuthKey, Agent Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	204	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	205	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	206	\ ==> AuthKey ~: range shrK & AuthKey : AuthKeys evs & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	207	\ AuthTicket = (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} ) &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	208	\ K = shrK A & Peer = Tgs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	209	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	210	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	211	by (ALLGOALS (simp_tac (simpset() addsimps [AuthKeys_def, AuthKeys_insert])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	212	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	213	qed "Says_Kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	214
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	215	(*This lemma is essential for proving Says_Tgs_message_form:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	216
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	217	the session key AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	218	supplied by Kas in the authentication ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	219	cannot be a long-term key!
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	220
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	221	Generalised to any session keys (both AuthKey and ServKey).
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	222	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	223	Goal "[\| Crypt (shrK Tgs_B) {\|Agent A, Agent Tgs_B, Key SesKey, Number T\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	224	\ : parts (spies evs); Tgs_B ~: bad;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	225	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	226	\ ==> SesKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	227	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	228	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	229	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	230	qed "SesKey_is_session_key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	231
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	232	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	233	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	234	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	235	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	236	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	237	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	238	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	239	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	240	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	241	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	242	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	243	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	244	qed "A_trusts_AuthTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	245
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	246	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	247	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	248	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	249	\ ==> AuthKey : AuthKeys evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	250	by (ftac A_trusts_AuthTicket 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	251	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	252	by (simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	253	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	254	qed "AuthTicket_crypt_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	255
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	256	(Describes the form of ServKey, ServTicket and AuthKey sent by Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	257	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	258	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	259	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	260	\ ==> B ~= Tgs & ServKey ~: range shrK & ServKey ~: AuthKeys evs &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	261	\ ServTicket = (Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} ) & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	262	\ AuthKey ~: range shrK & AuthKey : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	263	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	264	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	265	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	266	(asm_full_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	267	(simpset() addsimps [AuthKeys_insert, AuthKeys_not_insert,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	268	AuthKeys_empty, AuthKeys_simp])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	269	by (blast_tac (claset() addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	270	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	271	by (blast_tac (claset() addSDs [AuthKeys_used, Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	272	by (blast_tac (claset() addSDs [SesKey_is_session_key]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	273	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	274	by (blast_tac (claset() addDs [AuthTicket_crypt_AuthKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	275	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	276	qed "Says_Tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	277
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	278	(If a certain encrypted message appears then it originated with Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	279	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	280	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	281	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	282	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	283	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	284	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	285	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	286	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	287	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	288	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	289	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	290	A_trusts_AuthTicket RS Says_Kas_message_form])
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	291	1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	292	qed "A_trusts_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	293
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	294
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	295	(If a certain encrypted message appears then it originated with Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	296	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	297	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	298	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	299	\ AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	300	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	301	\==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	302	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	303	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	304	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	305	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	306	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	307	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	308	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	309	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	310	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	311	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	312	qed "A_trusts_K4";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	313
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	314	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	315	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	316	\ A ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	317	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	318	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	319	\ AuthTicket = Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	320	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	321	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	322	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	323	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	324	qed "AuthTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	325
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	326	(* This form holds also over an AuthTicket, but is not needed below. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	327	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	328	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	329	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	330	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	331	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	332	\ (EX A. ServTicket = Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|})";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	333	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	334	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	335	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	336	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	337	qed "ServTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	338
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	339	Goal "[\| Says Kas' A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	340	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	341	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	342	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	343	\ AuthTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	344	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	345	\ \| AuthTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	346	by (case_tac "A : bad" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	347	by (force_tac (claset() addSDs [Says_imp_spies RS analz.Inj], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	348	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	349	by (blast_tac (claset() addSDs [AuthTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	350	qed "Says_kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	351	(* Essentially the same as AuthTicket_form *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	352
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	353	Goal "[\| Says Tgs' A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	354	\ {\|Key ServKey, Agent B, Tt, ServTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	355	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	356	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	357	\ (EX A. ServTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	358	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	359	\ \| ServTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	360	by (case_tac "Key AuthKey : analz (spies evs)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	361	by (force_tac (claset() addSDs [Says_imp_spies RS analz.Inj], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	362	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	363	by (blast_tac (claset() addSDs [ServTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	364	qed "Says_tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	365	(* This form MUST be used in analz_sees_tac below *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	366
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	367
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	368	(***************UNICITY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	369
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	370	(* The session key, if secure, uniquely identifies the Ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	371	whether AuthTicket or ServTicket. As a matter of fact, one can read
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	372	also Tgs in the place of B. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	373	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	374	\ Key SesKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	375	\ (EX A B T. ALL A' B' T'. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	376	\ Crypt (shrK B') {\|Agent A', Agent B', Key SesKey, T'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	377	\ : parts (spies evs) --> A'=A & B'=B & T'=T)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	378	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	379	by (REPEAT (etac (exI RSN (2,exE)) 1) (stripping EXs makes proof faster)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	380	THEN Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	381	by (asm_simp_tac (simpset() addsimps [all_conj_distrib]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	382	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	383	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	384	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	385	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	386	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	387
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	388	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key SesKey, T\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	389	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	390	\ Crypt (shrK B') {\|Agent A', Agent B', Key SesKey, T'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	391	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	392	\ evs : kerberos; Key SesKey ~: analz (spies evs) \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	393	\ ==> A=A' & B=B' & T=T'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	394	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	395	qed "unique_CryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	396
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	397	Goal "evs : kerberos \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	398	\ ==> Key SesKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	399	\ (EX K' B' T' Ticket'. ALL K B T Ticket. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	400	\ Crypt K {\|Key SesKey, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	401	\ : parts (spies evs) --> K=K' & B=B' & T=T' & Ticket=Ticket')";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	402	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	403	by (REPEAT (etac (exI RSN (2,exE)) 1) THEN Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	404	by (asm_simp_tac (simpset() addsimps [all_conj_distrib]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	405	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	406	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	407	by (expand_case_tac "SesKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	408	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	409	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	410
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	411	(*An AuthKey is encrypted by one and only one Shared key.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	412	A ServKey is encrypted by one and only one AuthKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	413	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	414	Goal "[\| Crypt K {\|Key SesKey, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	415	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	416	\ Crypt K' {\|Key SesKey, Agent B', T', Ticket'\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	417	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	418	\ evs : kerberos; Key SesKey ~: analz (spies evs) \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	419	\ ==> K=K' & B=B' & T=T' & Ticket=Ticket'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	420	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	421	qed "Key_unique_SesKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	422
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	423
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	424	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	425	At reception of any message mentioning A, Kas associates shrK A with
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	426	a new AuthKey. Realistic, as the user gets a new AuthKey at each login.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	427	Similarly, at reception of any message mentioning an AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	428	(a legitimate user could make several requests to Tgs - by K3), Tgs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	429	associates it with a new ServKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	430
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	431	Therefore, a goal like
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	432
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	433	"evs : kerberos \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	434	\ ==> Key Kc ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	435	\ (EX K' B' T' Ticket'. ALL K B T Ticket. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	436	\ Crypt Kc {\|Key K, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	437	\ : parts (spies evs) --> K=K' & B=B' & T=T' & Ticket=Ticket')";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	438
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	439	would fail on the K2 and K4 cases.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	440	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	441
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	442	(* AuthKey uniquely identifies the message from Kas *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	443	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	444	\ EX A' Ka' Tk' X'. ALL A Ka Tk X. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	445	\ Says Kas A (Crypt Ka {\|Key AuthKey, Agent Tgs, Tk, X\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	446	\ : set evs --> A=A' & Ka=Ka' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	447	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	448	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	449	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	450	(K2: it can't be a new key)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	451	by (expand_case_tac "AuthKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	452	by (REPEAT (ares_tac [refl,exI,impI,conjI] 2));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	453	by (blast_tac (claset() delrules [conjI] (prevent split-up into 4 subgoals)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	454	addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	455	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	456
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	457	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	458	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Tk, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	459	\ Says Kas A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	460	\ (Crypt Ka' {\|Key AuthKey, Agent Tgs, Tk', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	461	\ evs : kerberos \|] ==> A=A' & Ka=Ka' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	462	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	463	qed "unique_AuthKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	464
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	465	(* ServKey uniquely identifies the message from Tgs *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	466	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	467	\ EX A' B' AuthKey' Tk' X'. ALL A B AuthKey Tk X. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	468	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tk, X\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	469	\ : set evs --> A=A' & B=B' & AuthKey=AuthKey' & Tk=Tk' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	470	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	471	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	472	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	473	(K4: it can't be a new key)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	474	by (expand_case_tac "ServKey = ?y" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	475	by (REPEAT (ares_tac [refl,exI,impI,conjI] 2));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	476	by (blast_tac (claset() delrules [conjI] (prevent split-up into 4 subgoals)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	477	addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	478	val lemma = result();
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	479
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	480	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	481	\ (Crypt K {\|Key ServKey, Agent B, Tt, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	482	\ Says Tgs A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	483	\ (Crypt K' {\|Key ServKey, Agent B', Tt', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	484	\ evs : kerberos \|] ==> A=A' & B=B' & K=K' & Tt=Tt' & X=X'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	485	by (prove_unique_tac lemma 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	486	qed "unique_ServKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	487
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	488
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	489	(***************LEMMAS ABOUT the predicate KeyCryptKey**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	490
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	491	Goalw [KeyCryptKey_def] "~ KeyCryptKey AuthKey ServKey []";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	492	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	493	qed "not_KeyCryptKey_Nil";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	494	AddIffs [not_KeyCryptKey_Nil];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	495
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	496	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	497	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	498	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	499	\ evs : kerberos \|] ==> KeyCryptKey AuthKey ServKey evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	500	by (ftac Says_Tgs_message_form 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	501	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	502	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	503	qed "KeyCryptKeyI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	504
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	505	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	506	"KeyCryptKey AuthKey ServKey (Says S A X # evs) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	507	\ (Tgs = S & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	508	\ (EX B tt. X = Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	509	\ {\|Key ServKey, Agent B, tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	510	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	511	\ \| KeyCryptKey AuthKey ServKey evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	512	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	513	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	514	qed "KeyCryptKey_Says";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	515	Addsimps [KeyCryptKey_Says];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	516
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	517	(*A fresh AuthKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	518	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	519	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	520	"[\| Key AuthKey ~: used evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	521	\ ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	522	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	523	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	524	by (Asm_full_simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	525	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	526	qed "Auth_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	527
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	528	(*A fresh ServKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	529	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	530	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	531	"Key ServKey ~: used evs ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	532	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	533	qed "Serv_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	534
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	535	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	536	"[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	537	\ : parts (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	538	\ ==> ~ KeyCryptKey K AuthKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	539	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	540	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	541	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	542	by (blast_tac (claset() addEs spies_partsEs) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	543	(K2: by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	544	by (blast_tac (claset() addEs spies_partsEs) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	545	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	546	qed "AuthKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	547
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	548	(A secure serverkey cannot have been used to encrypt others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	549	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	550	"[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	551	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	552	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	553	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	554	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	555	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	556	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	557	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	558	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	559	(K4 splits into distinct subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	560	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	561	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	562	(ServKey can't have been enclosed in two certificates)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	563	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	564	addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	565	addDs [unique_CryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	566	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	567	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	568	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	569	simpset()) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	570	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	571	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	572	qed "ServKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	573
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	574	(Long term keys are not issued as ServKeys)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	575	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	576	"evs : kerberos ==> ~ KeyCryptKey K (shrK A) evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	577	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	578	qed "shrK_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	579
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	580	(*The Tgs message associates ServKey with AuthKey and therefore not with any
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	581	other key AuthKey.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	582	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	583	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	584	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	585	\ AuthKey' ~= AuthKey; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	586	\ ==> ~ KeyCryptKey AuthKey' ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	587	by (blast_tac (claset() addDs [unique_ServKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	588	qed "Says_Tgs_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	589
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	590	Goal "[\| KeyCryptKey AuthKey ServKey evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	591	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	592	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	593	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	594	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	595	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	596	(K4 splits into subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	597	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	598	addSDs [AuthKey_not_KeyCryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	599	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	600	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	601	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	602	simpset() addsimps [KeyCryptKey_def]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	603	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	604	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	605	qed "KeyCryptKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	606
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	607	(*The only session keys that can be found with the help of session keys are
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	608	those sent by Tgs in step K4. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	609
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	610	(*We take some pains to express the property
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	611	as a logical equivalence so that the simplifier can apply it.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	612	Goal "P --> (Key K : analz (Key``KK Un H)) --> (K:KK \| Key K : analz H) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	613	\ ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	614	\ P --> (Key K : analz (Key``KK Un H)) = (K:KK \| Key K : analz H)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	615	by (blast_tac (claset() addIs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	616	qed "Key_analz_image_Key_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	617
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	618	Goal "[\| KeyCryptKey K K' evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	619	\ ==> Key K' : analz (insert (Key K) (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	620	by (full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	621	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	622	by (dresolve_tac [Says_imp_spies RS analz.Inj RS analz_insertI] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	623	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	624	qed "KeyCryptKey_analz_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	625
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	626	Goal "[\| K : AuthKeys evs Un range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	627	\ ==> ALL SK. ~ KeyCryptKey SK K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	628	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	629	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	630	qed "AuthKeys_are_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	631
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	632	Goal "[\| K ~: AuthKeys evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	633	\ K ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	634	\ ==> ALL SK. ~ KeyCryptKey K SK evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	635	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	636	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	637	qed "not_AuthKeys_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	638
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	639
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	640	(***************SECRECY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	641
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	642	(For proofs involving analz.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	643	val analz_sees_tac =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	644	EVERY
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	645	[REPEAT (FIRSTGOAL analz_mono_contra_tac),
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	646	ftac Oops_range_spies2 10,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	647	ftac Oops_range_spies1 9,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	648	ftac Says_tgs_message_form 7,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	649	ftac Says_kas_message_form 5,
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	650	REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE, exE]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	651	ORELSE' hyp_subst_tac)];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	652
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	653	Goal "[\| KK <= -(range shrK); Key K : analz (spies evs); evs: kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	654	\ ==> Key K : analz (Key `` KK Un spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	655	by (blast_tac (claset() addDs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	656	qed "analz_mono_KK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	657
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	658	(For the Oops2 case of the next theorem)
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	659	Goal "[\| evs : kerberos; \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	660	\ Says Tgs A (Crypt AuthKey \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	661	\ {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	662	\ : set evs \|] \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	663	\ ==> ~ KeyCryptKey ServKey SK evs";
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	664	by (blast_tac (claset() addDs [KeyCryptKeyI, KeyCryptKey_not_KeyCryptKey]) 1);
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	665	qed "Oops2_not_KeyCryptKey";
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	666
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	667
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	668	(* Big simplification law for keys SK that are not crypted by keys in KK *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	669	(* It helps prove three, otherwise hard, facts about keys. These facts are *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	670	(* exploited as simplification laws for analz, and also "limit the damage" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	671	(* in case of loss of a key to the spy. See ESORICS98. *)
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	672	(* [simplified by LCP] *)
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	673	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	674	\ (ALL SK KK. KK <= -(range shrK) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	675	\ (ALL K: KK. ~ KeyCryptKey K SK evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	676	\ (Key SK : analz (Key``KK Un (spies evs))) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	677	\ (SK : KK \| Key SK : analz (spies evs)))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	678	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	679	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	680	by (REPEAT_FIRST (rtac allI));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	681	by (REPEAT_FIRST (rtac (Key_analz_image_Key_lemma RS impI)));
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	682	(Case-splits for Oops1 & 5: the negated case simplifies using the ind hyp)
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	683	by (case_tac "KeyCryptKey AuthKey SK evsO1" 11);
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	684	by (case_tac "KeyCryptKey ServKey SK evs5" 8);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	685	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	686	(asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	687	(analz_image_freshK_ss addsimps
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	688	[KeyCryptKey_Says, shrK_not_KeyCryptKey, Oops2_not_KeyCryptKey,
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	689	Auth_fresh_not_KeyCryptKey, Serv_fresh_not_KeyCryptKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	690	Says_Tgs_KeyCryptKey, Spy_analz_shrK])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	691	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	692	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	693	(* Base + K2 done by the simplifier! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	694	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	695	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	696	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	697	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	698	addSDs [AuthKey_not_KeyCryptKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	699	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	700	by (case_tac "Key ServKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	701	(If ServKey is compromised then the result follows directly...)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	702	by (asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	703	(simpset() addsimps [analz_insert_eq,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	704	impOfSubs (Un_upper2 RS analz_mono)]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	705	(...therefore ServKey is uncompromised.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	706	(The KeyCryptKey ServKey SK evs5 case leads to a contradiction.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	707	by (blast_tac (claset() addSEs [ServKey_not_KeyCryptKey RSN(2, rev_notE)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	708	addEs spies_partsEs delrules [allE, ballE]) 1);
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	709	( Level 13: Oops1 )
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	710	by (Asm_full_simp_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	711	by (blast_tac (claset() addSDs [KeyCryptKey_analz_insert]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	712	qed_spec_mp "Key_analz_image_Key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	713
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	714
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	715	(* First simplification law for analz: no session keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	716	(* authentication keys or shared keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	717	Goal "[\| evs : kerberos; K : (AuthKeys evs) Un range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	718	\ SesKey ~: range shrK \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	719	\ ==> Key K : analz (insert (Key SesKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	720	\ (K = SesKey \| Key K : analz (spies evs))";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	721	by (ftac AuthKeys_are_not_KeyCryptKey 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	722	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	723	qed "analz_insert_freshK1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	724
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	725
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	726	(* Second simplification law for analz: no service keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	727	(* any other keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	728	Goal "[\| evs : kerberos; ServKey ~: (AuthKeys evs); ServKey ~: range shrK\|]\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	729	\ ==> Key K : analz (insert (Key ServKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	730	\ (K = ServKey \| Key K : analz (spies evs))";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	731	by (ftac not_AuthKeys_not_KeyCryptKey 1
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	732	THEN assume_tac 1
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	733	THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	734	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	735	qed "analz_insert_freshK2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	736
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	737
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	738	(* Third simplification law for analz: only one authentication key *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	739	(* encrypts a certain service key. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	740	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	741	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	742	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	743	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	744	\ AuthKey ~= AuthKey'; AuthKey' ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	745	\ ==> Key ServKey : analz (insert (Key AuthKey') (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	746	\ (ServKey = AuthKey' \| Key ServKey : analz (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	747	by (dres_inst_tac [("AuthKey'","AuthKey'")] Says_Tgs_KeyCryptKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	748	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	749	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	750	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	751	qed "analz_insert_freshK3";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	752
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	753
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	754	(a weakness of the protocol)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	755	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	756	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	757	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	758	\ Key AuthKey : analz (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	759	\ ==> Key ServKey : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	760	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	761	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	762	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	763	qed "AuthKey_compromises_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	764
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	765
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	766	(******************** Guarantees for Kas ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	767	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	768	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	769	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	770	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	771	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	772	\ ==> ServKey ~: AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	773	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	774	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	775	by (asm_full_simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	776	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	777	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	778	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	779	bind_thm ("ServKey_notin_AuthKeys", result() RSN (2, rev_notE));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	780	bind_thm ("ServKey_notin_AuthKeysD", result());
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	781
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	782
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	783	(** If Spy sees the Authentication Key sent in msg K2, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	784	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	785	Goal "[\| A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	786	\ ==> Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	787	\ (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	788	\ {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	789	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	790	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	791	\ Key AuthKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	792	\ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	793	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	794	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	795	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	796	(asm_simp_tac
8741 61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	797	(simpset() addsimps ([Says_Kas_message_form, less_SucI,
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	798	analz_insert_eq, not_parts_not_analz,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	799	analz_insert_freshK1] @ pushes))));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	800	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	801	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	802	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	803	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	804	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	805	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	806	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	807	(Level 8: K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	808	by (blast_tac (claset() addEs [ServKey_notin_AuthKeys]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	809	addDs [Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	810	Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	811	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	812	(Oops1)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	813	by (blast_tac (claset() addDs [unique_AuthKeys] addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	814	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	815	by (blast_tac (claset() addDs [Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	816	Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	817	val lemma = result() RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	818
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	819
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	820	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	821	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	822	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	823	\ ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	824	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	825	\ ==> Key AuthKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	826	by (ftac Says_Kas_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	827	by (blast_tac (claset() addSDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	828	qed "Confidentiality_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	829
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	830
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	831
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	832
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	833
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	834
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	835	(******************** Guarantees for Tgs ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	836
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	837	(** If Spy sees the Service Key sent in msg K4, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	838	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	839	Goal "[\| A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	840	\ ==> Key AuthKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	841	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	842	\ (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	843	\ {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	844	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	845	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	846	\ Key ServKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	847	\ ExpirServ Tt evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	848	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	849	(*The Oops1 case is unusual: must simplify Authkey ~: analz (spies (ev#evs))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	850	rather than weakening it to Authkey ~: analz (spies evs), for we then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	851	conclude AuthKey ~= AuthKeya.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	852	by (Clarify_tac 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	853	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	854	by (rotate_tac ~1 11);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	855	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	856	(asm_full_simp_tac
8741 61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	857	(simpset() addsimps [less_SucI,
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	858	Says_Kas_message_form, Says_Tgs_message_form,
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	859	analz_insert_eq, not_parts_not_analz,
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	860	analz_insert_freshK1, analz_insert_freshK2]
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	861	@ pushes)));
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	862	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	863	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	864	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	865	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	866	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	867	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	868	by (case_tac "A ~= Aa" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	869	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	870	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	871	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	872	A_trusts_AuthTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	873	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	874	impOfSubs analz_subset_parts]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	875	by (ALLGOALS Clarify_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	876	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	877	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	878	Key_unique_SesKey] addIs [less_SucI]) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	879	( Level 12 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	880	(Oops1)
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	881	by (ftac Says_Kas_message_form 2);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	882	by (assume_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	883	by (blast_tac (claset() addDs [analz_insert_freshK3,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	884	Says_Kas_message_form, Says_Tgs_message_form]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	885	addIs [less_SucI]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	886	( Level 16 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	887	by (thin_tac "Says Aa Tgs ?X : set ?evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	888	by (forward_tac [Says_imp_spies RS parts.Inj RS ServKey_notin_AuthKeysD] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	889	by (assume_tac 1 THEN Blast_tac 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	890	by (rotate_tac ~1 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	891	by (asm_full_simp_tac (simpset() addsimps [analz_insert_freshK2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	892	by (etac disjE 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	893	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	894	Key_unique_SesKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	895	by (blast_tac (claset() addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	896	val lemma = result() RS mp RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	897
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	898
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	899	(* In the real world Tgs can't check wheter AuthKey is secure! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	900	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	901	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	902	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	903	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	904	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	905	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	906	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	907	\ ==> Key ServKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	908	by (ftac Says_Tgs_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	909	by (blast_tac (claset() addDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	910	qed "Confidentiality_Tgs1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	911
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	912	(* In the real world Tgs CAN check what Kas sends! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	913	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	914	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	915	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	916	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	917	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	918	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	919	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	920	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	921	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	922	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	923	by (blast_tac (claset() addSDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	924	Confidentiality_Tgs1]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	925	qed "Confidentiality_Tgs2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	926
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	927	(Most general form)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	928	val Confidentiality_Tgs3 = A_trusts_AuthTicket RS Confidentiality_Tgs2;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	929
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	930
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	931	(******************** Guarantees for Alice ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	932
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	933	val Confidentiality_Auth_A = A_trusts_AuthKey RS Confidentiality_Kas;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	934
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	935	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	936	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	937	\ (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) : set evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	938	\ Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	939	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	940	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	941	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	942	\==> Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	943	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	944	by (ftac Says_Kas_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	945	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	946	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	947	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	948	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	949	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	950	(K2 and K4 remain)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	951	by (blast_tac (claset() addEs spies_partsEs addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	952	addSDs [unique_CryptKey]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	953	by (blast_tac (claset() addSDs [A_trusts_K4, Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	954	AuthKeys_used]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	955	qed "A_trusts_K4_bis";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	956
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	957
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	958	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	959	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	960	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	961	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	962	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	963	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	964	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	965	by (dtac A_trusts_AuthKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	966	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	967	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	968	by (blast_tac (claset() addDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	969	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	970	A_trusts_K4_bis, Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	971	qed "Confidentiality_Serv_A";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	972
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	973
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	974	(******************** Guarantees for Bob ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	975	(* Theorems for the refined model have suffix "refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	976
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	977	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	978	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	979	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	980	\ ==> EX Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	981	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	982	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	983	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	984	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	985	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	986	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	987	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	988	qed "K4_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	989
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	990	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	991	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	992	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	993	\ ==> EX Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	994	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	995	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	996	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	997	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	998	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	999	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1000	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1001	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1002	qed "K4_imp_K2_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1003
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1004	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1005	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1006	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1007	\==> EX AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1008	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1009	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1010	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1011	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1012	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1013	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1014	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1015	qed "B_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1016
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1017	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1018	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1019	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1020	\ ==> EX AuthKey Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1021	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1022	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1023	by (blast_tac (claset() addSDs [B_trusts_ServKey, K4_imp_K2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1024	qed "B_trusts_ServTicket_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1025
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1026	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1027	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1028	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1029	\ ==> EX AuthKey Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1030	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1031	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1032	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1033	by (blast_tac (claset() addSDs [B_trusts_ServKey,K4_imp_K2_refined]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1034	qed "B_trusts_ServTicket_Kas_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1035
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1036	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1037	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1038	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1039	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1040	\ Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1041	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1042	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1043	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1044	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1045	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1046	by (ftac B_trusts_ServKey 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1047	by (etac exE 4);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1048	by (ftac K4_imp_K2 4);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1049	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1050	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1051	qed "B_trusts_ServTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1052
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1053	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1054	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1055	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1056	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1057	\ (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1058	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1059	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1060	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1061	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1062	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1063	\ & ServLife + Tt <= AuthLife + Tk)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1064	by (ftac B_trusts_ServKey 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1065	by (etac exE 4);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1066	by (ftac K4_imp_K2_refined 4);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1067	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1068	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1069	qed "B_trusts_ServTicket_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1070
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1071
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1072	Goal "[\| ~ ExpirServ Tt evs; ServLife + Tt <= AuthLife + Tk \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1073	\ ==> ~ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1074	by (blast_tac (claset() addDs [leI,le_trans] addEs [leE]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1075	qed "NotExpirServ_NotExpirAuth_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1076
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1077
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1078	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1079	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1080	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1081	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1082	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1083	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1084	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1085	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1086	\ ==> Key ServKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1087	by (ftac A_trusts_AuthKey 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1088	by (ftac Confidentiality_Kas 3);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1089	by (ftac B_trusts_ServTicket 6);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1090	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1091	by (etac exE 9);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1092	by (ftac Says_Kas_message_form 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1093	by (blast_tac (claset() addDs [A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1094	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1095	Confidentiality_Tgs2]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1096	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1097	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1098	The proof above executes in 8 secs. It can be done in one command in 50 secs:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1099	by (blast_tac (claset() addDs [A_trusts_AuthKey, A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1100	Says_Kas_message_form, B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1101	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1102	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1103	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1104	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1105	qed "Confidentiality_B";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1106
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1107
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1108	(Most general form -- only for refined model! )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1109	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1110	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1111	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1112	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1113	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1114	by (blast_tac (claset() addDs [B_trusts_ServTicket_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1115	NotExpirServ_NotExpirAuth_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1116	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1117	qed "Confidentiality_B_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1118
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1119
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1120	(******************** Authenticity theorems ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1121
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1122	(*1. Session Keys authenticity: they originated with servers.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1123
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1124	(Authenticity of AuthKey for A: "A_trusts_AuthKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1125
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1126	(Authenticity of ServKey for A: "A_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1127	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1128	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1129	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1130	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1131	\ ~ ExpirAuth Tk evs; A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1132	\==>Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1133	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1134	by (ftac A_trusts_AuthKey 1 THEN assume_tac 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1135	by (blast_tac (claset() addDs [Confidentiality_Auth_A, A_trusts_K4_bis]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1136	qed "A_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1137	(Note: requires a temporal check)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1138
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1139
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1140	(Authenticity of ServKey for B: "B_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1141
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1142	(***2. Parties authenticity: each party verifies "the identity of
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1143	another party who generated some data" (quoted from Neuman & Ts'o).***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1144
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1145	(*These guarantees don't assess whether two parties agree on
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1146	the same session key: sending a message containing a key
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1147	doesn't a priori state knowledge of the key.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1148
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1149	(*B checks authenticity of A: theorems "A_Authenticity",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1150	"A_authenticity_refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1151	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1152	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1153	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1154	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1155	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1156	\==> Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1157	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1158	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1159	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1160	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1161	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1162	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1163	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1164	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1165	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1166	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1167	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1168	addDs [A_trusts_AuthKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1169	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1170	Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1171	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1172	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1173	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1174	by (blast_tac (claset() addDs [Key_unique_SesKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1175	qed "Says_Auth";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1176
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1177	(The second assumption tells B what kind of key ServKey is.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1178	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1179	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1180	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1181	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1182	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1183	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1184	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1185	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1186	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1187	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1188	\ Crypt ServKey {\|Agent A, Number Ta\|} \|} : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1189	by (ftac Confidentiality_B 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1190	by (ftac B_trusts_ServKey 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1191	by (etac exE 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1192	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1193	addSIs [Says_Auth]) 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1194	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1195	qed "A_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1196
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1197	(Stronger form in the refined model)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1198	Goal "[\| Crypt ServKey {\|Agent A, Number Ta2\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1199	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1200	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1201	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1202	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1203	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1204	\ Crypt ServKey {\|Agent A, Number Ta2\|} \|} : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1205	by (ftac Confidentiality_B_refined 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1206	by (ftac B_trusts_ServKey 6);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1207	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1208	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1209	addSIs [Says_Auth]) 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1210	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1211	qed "A_Authenticity_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1212
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1213
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1214	(A checks authenticity of B: theorem "B_authenticity")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1215
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1216	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1217	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1218	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1219	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1220	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1221	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1222	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1223	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1224	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1225	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1226	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1227	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1228	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1229	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1230	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1231	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1232	by (Clarify_tac 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1233	by (ftac Says_Tgs_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1234	by (Clarify_tac 1); (PROOF FAILED if omitted)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1235	by (blast_tac (claset() addDs [unique_CryptKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1236	qed "Says_K6";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1237
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1238	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1239	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1240	\ Key AuthKey ~: analz (spies evs); AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1241	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1242	\ ==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1243	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1244	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1245	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1246	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1247	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1248	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1249	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1250	qed "K4_trustworthy";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1251
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1252	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1253	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1254	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1255	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1256	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1257	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1258	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1259	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1260	by (ftac A_trusts_AuthKey 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1261	by (ftac Says_Kas_message_form 3);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1262	by (ftac Confidentiality_Kas 4);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1263	by (ftac K4_trustworthy 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1264	by (Blast_tac 8);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1265	by (etac exE 9);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1266	by (ftac K4_imp_K2 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1267	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1268	addSIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1269	addSEs [Confidentiality_Tgs1 RSN (2,rev_notE)]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1270	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1271	qed "B_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1272
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1273
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1274	(***3. Parties' knowledge of session keys. A knows a session key if she
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1275	used it to build a cipher.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1276
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1277	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1278	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1279	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1280	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1281	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1282	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1283	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1284	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1285	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1286	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1287	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1288	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1289	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1290	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1291	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1292	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1293	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1294	(K6 requires numerous lemmas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1295	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1296	by (blast_tac (claset() addDs [B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1297	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1298	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1299	addIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1300	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1301	qed "B_Knows_B_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1302	(*Key ServKey ~: analz (spies evs) could be relaxed by Confidentiality_B
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1303	but this is irrelevant because B knows what he knows! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1304
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1305	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1306	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1307	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1308	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1309	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1310	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1311	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1312	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1313	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1314	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1315	by (blast_tac (claset() addSDs [Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1316	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1317	qed "B_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1318
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1319	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1320	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1321	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1322	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1323	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1324	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1325	by (blast_tac (claset() addSDs [Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1326	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1327	qed "B_Knows_B_Knows_ServKey_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1328
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1329
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1330	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1331	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1332	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1333	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1334	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1335	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1336	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1337	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1338	by (blast_tac (claset() addSDs [B_Authenticity, Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1339	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1340	qed "A_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1341
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1342	Goal "[\| Says A Tgs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1343	\ {\|AuthTicket, Crypt AuthKey {\|Agent A, Number Ta\|}, Agent B\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1344	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1345	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1346	\ ==> EX Tk. Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1347	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1348	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1349	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1350	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1351	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1352	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1353	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1354	A_trusts_AuthKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1355	qed "K3_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1356
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1357	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1358	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1359	\ Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1360	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1361	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1362	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1363	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1364	\ ==> Says Tgs A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1365	\ {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1366	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1367	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1368	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1369	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1370	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1371	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1372	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1373	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1374	A_trusts_AuthTicket, unique_AuthKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1375	qed "K4_trustworthy'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1376
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1377	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1378	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1379	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1380	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1381	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1382	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1383	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1384	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1385	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1386	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1387	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1388	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1389	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1390	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1391	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1392	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1393	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1394	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1395	(K6)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1396	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1397	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1398	(*Level 15: case study necessary because the assumption doesn't state
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1399	the form of ServTicket. The guarantee becomes stronger.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1400	by (case_tac "Key AuthKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1401	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1402	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1403	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1404	by (blast_tac (claset() addDs [K3_imp_K2, K4_trustworthy',
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1405	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1406	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1407	addIs [Says_Auth]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1408	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1409	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1410	qed "A_Knows_A_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1411
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1412	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1413	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1414	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1415	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1416	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1417	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1418	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1419	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1420	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1421	by (blast_tac (claset() addSDs [Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1422	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1423	qed "A_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1424
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1425	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1426	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1427	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1428	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1429	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1430	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1431	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1432	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1433	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1434	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1435	by (blast_tac (claset() addDs [A_Authenticity, Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1436	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1437	qed "B_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1438
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1439
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1440	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1441	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1442	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1443	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1444	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1445	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1446	by (blast_tac (claset() addDs [A_Authenticity_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1447	Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1448	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1449	qed "B_Knows_A_Knows_ServKey_refined";

author	wenzelm
	Mon, 06 Nov 2000 22:56:07 +0100
changeset 10408	d8b3613158b1
parent 9000	c20d58286a51
child 10833	c0844a30ea4e
permissions	-rw-r--r--