isabelle: src/HOL/Auth/KerberosIV.ML@f2024fed9f0c (annotated)

6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1	(* Title: HOL/Auth/KerberosIV
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	2	ID: $Id$
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	3	Author: Giampaolo Bella, Cambridge University Computer Laboratory
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	4	Copyright 1998 University of Cambridge
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	5
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	6	The Kerberos protocol, version IV.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	7	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	8
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	9	Pretty.setdepth 20;
9000 c20d58286a51 cleaned up; wenzelm parents: 8954 diff changeset	10	set timing;
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	11
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	12	AddIffs [AuthLife_LB, ServLife_LB, AutcLife_LB, RespLife_LB, Tgs_not_bad];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	13
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	14
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	15	( Reversed traces )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	16
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	17	Goal "spies (evs @ [Says A B X]) = insert X (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	18	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	19	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	20	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	21	qed "spies_Says_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	22
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	23	Goal "spies (evs @ [Gets A X]) = spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	24	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	25	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	26	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	27	qed "spies_Gets_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	28
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	29	Goal "spies (evs @ [Notes A X]) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	30	\ (if A:bad then insert X (spies evs) else spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	31	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	32	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	33	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	34	qed "spies_Notes_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	35
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	36	Goal "spies evs = spies (rev evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	37	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	38	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	39	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	40	(asm_simp_tac (simpset() addsimps [spies_Says_rev, spies_Gets_rev,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	41	spies_Notes_rev])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	42	qed "spies_evs_rev";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	43	bind_thm ("parts_spies_evs_revD2", spies_evs_rev RS equalityD2 RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	44
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	45	Goal "spies (takeWhile P evs) <= spies evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	46	by (induct_tac "evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	47	by (induct_tac "a" 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	48	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	49	(* Resembles "used_subset_append" in Event.ML*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	50	qed "spies_takeWhile";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	51	bind_thm ("parts_spies_takeWhile_mono", spies_takeWhile RS parts_mono);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	52
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	53	Goal "~P(x) --> takeWhile P (xs @ [x]) = takeWhile P xs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	54	by (induct_tac "xs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	55	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	56	qed "takeWhile_tail";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	57
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	58
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	59	(***************LEMMAS ABOUT AuthKeys**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	60
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	61	Goalw [AuthKeys_def] "AuthKeys [] = {}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	62	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	63	qed "AuthKeys_empty";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	64
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	65	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	66	"(ALL A Tk akey Peer. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	67	\ ev ~= Says Kas A (Crypt (shrK A) {\|akey, Agent Peer, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	68	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, akey, Tk\|})\|}))\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	69	\ ==> AuthKeys (ev # evs) = AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	70	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	71	qed "AuthKeys_not_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	72
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	73	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	74	"AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	75	\ (Says Kas A (Crypt (shrK A) {\|Key K, Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	76	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K, Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	77	\ = insert K (AuthKeys evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	78	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	79	qed "AuthKeys_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	80
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	81	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	82	"K : AuthKeys \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	83	\ (Says Kas A (Crypt (shrK A) {\|Key K', Agent Peer, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	84	\ (Crypt (shrK Peer) {\|Agent A, Agent Peer, Key K', Number Tk\|})\|}) # evs) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	85	\ ==> K = K' \| K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	86	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	87	qed "AuthKeys_simp";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	88
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	89	Goalw [AuthKeys_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	90	"Says Kas A (Crypt (shrK A) {\|Key K, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	91	\ (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key K, Number Tk\|})\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	92	\ ==> K : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	93	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	94	qed "AuthKeysI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	95
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	96	Goalw [AuthKeys_def] "K : AuthKeys evs ==> Key K : used evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	97	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	98	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	99	qed "AuthKeys_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	100
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	101
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	102	(** FORWARDING LEMMAS **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	103
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	104	(--For reasoning about the encrypted portion of message K3--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	105	Goal "Says Kas' A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	106	\ : set evs ==> AuthTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	107	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	108	qed "K3_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	109
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	110	Goal "Says Kas A (Crypt KeyA {\|AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	111	\ : set evs ==> AuthKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	112	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	113	qed "Oops_parts_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	114
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	115	Goal "[\| Says Kas A (Crypt KeyA {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	116	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	117	\ evs : kerberos \|] ==> AuthKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	118	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	119	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	120	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	121	qed "Oops_range_spies1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	122
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	123	(--For reasoning about the encrypted portion of message K5--)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	124	Goal "Says Tgs' A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	125	\ : set evs ==> ServTicket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	126	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	127	qed "K5_msg_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	128
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	129	Goal "Says Tgs A (Crypt AuthKey {\|ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	130	\ : set evs ==> ServKey : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	131	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	132	qed "Oops_parts_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	133
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	134	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	135	\ : set evs ;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	136	\ evs : kerberos \|] ==> ServKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	137	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	138	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	139	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	140	qed "Oops_range_spies2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	141
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	142	Goal "Says S A (Crypt K {\|SesKey, B, TimeStamp, Ticket\|}) : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	143	\ ==> Ticket : parts (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	144	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	145	qed "Says_ticket_in_parts_spies";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	146	(Replaces both K3_msg_in_parts_spies and K5_msg_in_parts_spies)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	147
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	148	fun parts_induct_tac i =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	149	etac kerberos.induct i THEN
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	150	REPEAT (FIRSTGOAL analz_mono_contra_tac) THEN
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	151	ftac K3_msg_in_parts_spies (i+4) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	152	ftac K5_msg_in_parts_spies (i+6) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	153	ftac Oops_parts_spies1 (i+8) THEN
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	154	ftac Oops_parts_spies2 (i+9) THEN
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	155	prove_simple_subgoals_tac 1;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	156
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	157
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	158	(Spy never sees another agent's shared key! (unless it's lost at start))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	159	Goal "evs : kerberos ==> (Key (shrK A) : parts (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	160	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	161	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	162	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	163	qed "Spy_see_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	164	Addsimps [Spy_see_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	165
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	166	Goal "evs : kerberos ==> (Key (shrK A) : analz (spies evs)) = (A : bad)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	167	by (auto_tac (claset() addDs [impOfSubs analz_subset_parts], simpset()));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	168	qed "Spy_analz_shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	169	Addsimps [Spy_analz_shrK];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	170
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	171	Goal "[\| Key (shrK A) : parts (spies evs); evs : kerberos \|] ==> A:bad";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	172	by (blast_tac (claset() addDs [Spy_see_shrK]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	173	qed "Spy_see_shrK_D";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	174	bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	175	AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	176
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	177	(Nobody can have used non-existent keys!)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	178	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	179	\ Key K ~: used evs --> K ~: keysFor (parts (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	180	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	181	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	182	by (best_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	183	(claset() addSDs [impOfSubs (parts_insert_subset_Un RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	184	addIs [impOfSubs analz_subset_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	185	addDs [impOfSubs (analz_subset_parts RS keysFor_mono)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	186	addss (simpset())) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	187	(Others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	188	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	189	qed_spec_mp "new_keys_not_used";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	190
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	191	bind_thm ("new_keys_not_analzd",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	192	[analz_subset_parts RS keysFor_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	193	new_keys_not_used] MRS contra_subsetD);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	194
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	195	Addsimps [new_keys_not_used, new_keys_not_analzd];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	196
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	197
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	198	(********************* REGULARITY LEMMAS *********************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	199	(* concerning the form of items passed in messages *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	200	(*****************************************************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	201
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	202	(Describes the form of AuthKey, AuthTicket, and K sent by Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	203	Goal "[\| Says Kas A (Crypt K {\|Key AuthKey, Agent Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	204	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	205	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	206	\ ==> AuthKey ~: range shrK & AuthKey : AuthKeys evs & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	207	\ AuthTicket = (Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} ) &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	208	\ K = shrK A & Peer = Tgs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	209	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	210	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	211	by (ALLGOALS (simp_tac (simpset() addsimps [AuthKeys_def, AuthKeys_insert])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	212	by (ALLGOALS Blast_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	213	qed "Says_Kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	214
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	215	(*This lemma is essential for proving Says_Tgs_message_form:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	216
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	217	the session key AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	218	supplied by Kas in the authentication ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	219	cannot be a long-term key!
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	220
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	221	Generalised to any session keys (both AuthKey and ServKey).
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	222	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	223	Goal "[\| Crypt (shrK Tgs_B) {\|Agent A, Agent Tgs_B, Key SesKey, Number T\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	224	\ : parts (spies evs); Tgs_B ~: bad;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	225	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	226	\ ==> SesKey ~: range shrK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	227	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	228	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	229	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	230	qed "SesKey_is_session_key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	231
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	232	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	233	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	234	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	235	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	236	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	237	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	238	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	239	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	240	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	241	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	242	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	243	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	244	qed "A_trusts_AuthTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	245
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	246	Goal "[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	247	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	248	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	249	\ ==> AuthKey : AuthKeys evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	250	by (ftac A_trusts_AuthTicket 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	251	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	252	by (simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	253	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	254	qed "AuthTicket_crypt_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	255
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	256	(Describes the form of ServKey, ServTicket and AuthKey sent by Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	257	Goal "[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	258	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	259	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	260	\ ==> B ~= Tgs & ServKey ~: range shrK & ServKey ~: AuthKeys evs &\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	261	\ ServTicket = (Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} ) & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	262	\ AuthKey ~: range shrK & AuthKey : AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	263	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	264	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	265	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	266	(asm_full_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	267	(simpset() addsimps [AuthKeys_insert, AuthKeys_not_insert,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	268	AuthKeys_empty, AuthKeys_simp])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	269	by (blast_tac (claset() addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	270	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	271	by (blast_tac (claset() addSDs [AuthKeys_used, Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	272	by (blast_tac (claset() addSDs [SesKey_is_session_key]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	273	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	274	by (blast_tac (claset() addDs [AuthTicket_crypt_AuthKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	275	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	276	qed "Says_Tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	277
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	278	(If a certain encrypted message appears then it originated with Kas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	279	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	280	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	281	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	282	\ ==> Says Kas A (Crypt (shrK A) {\|Key AuthKey, Peer, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	283	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	284	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	285	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	286	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	287	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	288	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	289	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	290	A_trusts_AuthTicket RS Says_Kas_message_form])
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	291	1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	292	qed "A_trusts_AuthKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	293
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	294
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	295	(If a certain encrypted message appears then it originated with Tgs)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	296	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	297	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	298	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	299	\ AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	300	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	301	\==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	302	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	303	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	304	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	305	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	306	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	307	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	308	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	309	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	310	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	311	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	312	qed "A_trusts_K4";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	313
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	314	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	315	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	316	\ A ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	317	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	318	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	319	\ AuthTicket = Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	320	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	321	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	322	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	323	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	324	qed "AuthTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	325
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	326	(* This form holds also over an AuthTicket, but is not needed below. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	327	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	328	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	329	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	330	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	331	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	332	\ (EX A. ServTicket = Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|})";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	333	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	334	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	335	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	336	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	337	qed "ServTicket_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	338
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	339	Goal "[\| Says Kas' A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	340	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	341	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	342	\ ==> AuthKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	343	\ AuthTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	344	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	345	\ \| AuthTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	346	by (case_tac "A : bad" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	347	by (force_tac (claset() addSDs [Says_imp_spies RS analz.Inj], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	348	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	349	by (blast_tac (claset() addSDs [AuthTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	350	qed "Says_kas_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	351	(* Essentially the same as AuthTicket_form *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	352
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	353	Goal "[\| Says Tgs' A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	354	\ {\|Key ServKey, Agent B, Tt, ServTicket\|} ) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	355	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	356	\ ==> ServKey ~: range shrK & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	357	\ (EX A. ServTicket = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	358	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	359	\ \| ServTicket : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	360	by (case_tac "Key AuthKey : analz (spies evs)" 1);
11104 f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	361	by (blast_tac (claset() addDs [Says_imp_spies RS analz.Inj]) 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	362	by (forward_tac [Says_imp_spies RS parts.Inj] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	363	by (blast_tac (claset() addSDs [ServTicket_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	364	qed "Says_tgs_message_form";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	365	(* This form MUST be used in analz_sees_tac below *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	366
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	367
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	368	(***************UNICITY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	369
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	370	(* The session key, if secure, uniquely identifies the Ticket
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	371	whether AuthTicket or ServTicket. As a matter of fact, one can read
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	372	also Tgs in the place of B. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	373
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	374	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key SesKey, T\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	375	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	376	\ Crypt (shrK B') {\|Agent A', Agent B', Key SesKey, T'\|} \
11104 f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	377	\ : parts (spies evs); Key SesKey ~: analz (spies evs); \
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	378	\ evs : kerberos \|] \
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	379	\ ==> A=A' & B=B' & T=T'";
11104 f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	380	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	381	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	382	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	383	by (parts_induct_tac 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	384	(Fake, K2, K4)
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	385	by (Fake_parts_insert_tac 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	386	by (REPEAT (blast_tac (claset() addSEs knows_Spy_partsEs) 1));
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	387	qed "unique_CryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	388
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	389	(*An AuthKey is encrypted by one and only one Shared key.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	390	A ServKey is encrypted by one and only one AuthKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	391	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	392	Goal "[\| Crypt K {\|Key SesKey, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	393	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	394	\ Crypt K' {\|Key SesKey, Agent B', T', Ticket'\|} \
11104 f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	395	\ : parts (spies evs); Key SesKey ~: analz (spies evs); \
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	396	\ evs : kerberos \|] \
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	397	\ ==> K=K' & B=B' & T=T' & Ticket=Ticket'";
11104 f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	398	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	399	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	400	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	401	by (parts_induct_tac 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	402	(Fake, K2, K4)
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	403	by (Fake_parts_insert_tac 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	404	by (REPEAT (blast_tac (claset() addSEs knows_Spy_partsEs) 1));
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	405	qed "Key_unique_SesKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	406
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	407
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	408	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	409	At reception of any message mentioning A, Kas associates shrK A with
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	410	a new AuthKey. Realistic, as the user gets a new AuthKey at each login.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	411	Similarly, at reception of any message mentioning an AuthKey
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	412	(a legitimate user could make several requests to Tgs - by K3), Tgs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	413	associates it with a new ServKey.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	414
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	415	Therefore, a goal like
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	416
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	417	"evs : kerberos \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	418	\ ==> Key Kc ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	419	\ (EX K' B' T' Ticket'. ALL K B T Ticket. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	420	\ Crypt Kc {\|Key K, Agent B, T, Ticket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	421	\ : parts (spies evs) --> K=K' & B=B' & T=T' & Ticket=Ticket')";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	422
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	423	would fail on the K2 and K4 cases.
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	424	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	425
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	426	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	427	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Tk, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	428	\ Says Kas A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	429	\ (Crypt Ka' {\|Key AuthKey, Agent Tgs, Tk', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	430	\ evs : kerberos \|] ==> A=A' & Ka=Ka' & Tk=Tk' & X=X'";
11104 f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	431	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	432	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	433	by (parts_induct_tac 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	434	(K2)
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	435	by (blast_tac (claset() addSEs knows_Spy_partsEs) 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	436	qed "unique_AuthKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	437
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	438	(* ServKey uniquely identifies the message from Tgs *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	439	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	440	\ (Crypt K {\|Key ServKey, Agent B, Tt, X\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	441	\ Says Tgs A' \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	442	\ (Crypt K' {\|Key ServKey, Agent B', Tt', X'\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	443	\ evs : kerberos \|] ==> A=A' & B=B' & K=K' & Tt=Tt' & X=X'";
11104 f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	444	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	445	by (etac rev_mp 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	446	by (parts_induct_tac 1);
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	447	(K4)
f2024fed9f0c partial conversion to Isar script style paulson parents: 10833 diff changeset	448	by (blast_tac (claset() addSEs knows_Spy_partsEs) 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	449	qed "unique_ServKeys";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	450
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	451
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	452	(***************LEMMAS ABOUT the predicate KeyCryptKey**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	453
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	454	Goalw [KeyCryptKey_def] "~ KeyCryptKey AuthKey ServKey []";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	455	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	456	qed "not_KeyCryptKey_Nil";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	457	AddIffs [not_KeyCryptKey_Nil];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	458
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	459	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	460	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	461	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	462	\ evs : kerberos \|] ==> KeyCryptKey AuthKey ServKey evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	463	by (ftac Says_Tgs_message_form 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	464	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	465	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	466	qed "KeyCryptKeyI";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	467
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	468	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	469	"KeyCryptKey AuthKey ServKey (Says S A X # evs) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	470	\ (Tgs = S & \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	471	\ (EX B tt. X = Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	472	\ {\|Key ServKey, Agent B, tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	473	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	474	\ \| KeyCryptKey AuthKey ServKey evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	475	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	476	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	477	qed "KeyCryptKey_Says";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	478	Addsimps [KeyCryptKey_Says];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	479
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	480	(*A fresh AuthKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	481	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	482	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	483	"[\| Key AuthKey ~: used evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	484	\ ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	485	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	486	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	487	by (Asm_full_simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	488	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	489	qed "Auth_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	490
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	491	(*A fresh ServKey cannot be associated with any other
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	492	(with respect to a given trace). *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	493	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	494	"Key ServKey ~: used evs ==> ~ KeyCryptKey AuthKey ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	495	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	496	qed "Serv_fresh_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	497
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	498	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	499	"[\| Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, tk\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	500	\ : parts (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	501	\ ==> ~ KeyCryptKey K AuthKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	502	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	503	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	504	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	505	by (blast_tac (claset() addEs spies_partsEs) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	506	(K2: by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	507	by (blast_tac (claset() addEs spies_partsEs) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	508	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	509	qed "AuthKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	510
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	511	(A secure serverkey cannot have been used to encrypt others)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	512	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	513	"[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	514	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	515	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	516	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	517	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	518	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	519	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	520	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	521	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	522	(K4 splits into distinct subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	523	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	524	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	525	(ServKey can't have been enclosed in two certificates)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	526	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	527	addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	528	addDs [unique_CryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	529	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	530	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	531	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	532	simpset()) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	533	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	534	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	535	qed "ServKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	536
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	537	(Long term keys are not issued as ServKeys)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	538	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	539	"evs : kerberos ==> ~ KeyCryptKey K (shrK A) evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	540	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	541	qed "shrK_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	542
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	543	(*The Tgs message associates ServKey with AuthKey and therefore not with any
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	544	other key AuthKey.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	545	Goalw [KeyCryptKey_def]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	546	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, tt, X \|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	547	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	548	\ AuthKey' ~= AuthKey; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	549	\ ==> ~ KeyCryptKey AuthKey' ServKey evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	550	by (blast_tac (claset() addDs [unique_ServKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	551	qed "Says_Tgs_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	552
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	553	Goal "[\| KeyCryptKey AuthKey ServKey evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	554	\ ==> ~ KeyCryptKey ServKey K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	555	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	556	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	557	by (Step_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	558	by (ALLGOALS Asm_full_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	559	(K4 splits into subcases)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	560	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	561	addSDs [AuthKey_not_KeyCryptKey]) 4);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	562	(ServKey is fresh and so could not have been used, by new_keys_not_used)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	563	by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	564	Crypt_imp_invKey_keysFor],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	565	simpset() addsimps [KeyCryptKey_def]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	566	(Others by freshness)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	567	by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	568	qed "KeyCryptKey_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	569
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	570	(*The only session keys that can be found with the help of session keys are
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	571	those sent by Tgs in step K4. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	572
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	573	(*We take some pains to express the property
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	574	as a logical equivalence so that the simplifier can apply it.*)
10833 c0844a30ea4e `` -> ` and ``` -> `` nipkow parents: 9000 diff changeset	575	Goal "P --> (Key K : analz (Key`KK Un H)) --> (K:KK \| Key K : analz H) \
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	576	\ ==> \
10833 c0844a30ea4e `` -> ` and ``` -> `` nipkow parents: 9000 diff changeset	577	\ P --> (Key K : analz (Key`KK Un H)) = (K:KK \| Key K : analz H)";
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	578	by (blast_tac (claset() addIs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	579	qed "Key_analz_image_Key_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	580
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	581	Goal "[\| KeyCryptKey K K' evs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	582	\ ==> Key K' : analz (insert (Key K) (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	583	by (full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	584	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	585	by (dresolve_tac [Says_imp_spies RS analz.Inj RS analz_insertI] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	586	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	587	qed "KeyCryptKey_analz_insert";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	588
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	589	Goal "[\| K : AuthKeys evs Un range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	590	\ ==> ALL SK. ~ KeyCryptKey SK K evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	591	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	592	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	593	qed "AuthKeys_are_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	594
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	595	Goal "[\| K ~: AuthKeys evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	596	\ K ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	597	\ ==> ALL SK. ~ KeyCryptKey K SK evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	598	by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	599	by (blast_tac (claset() addDs [Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	600	qed "not_AuthKeys_not_KeyCryptKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	601
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	602
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	603	(***************SECRECY THEOREMS**************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	604
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	605	(For proofs involving analz.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	606	val analz_sees_tac =
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	607	EVERY
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	608	[REPEAT (FIRSTGOAL analz_mono_contra_tac),
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	609	ftac Oops_range_spies2 10,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	610	ftac Oops_range_spies1 9,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	611	ftac Says_tgs_message_form 7,
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	612	ftac Says_kas_message_form 5,
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	613	REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE, exE]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	614	ORELSE' hyp_subst_tac)];
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	615
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	616	Goal "[\| KK <= -(range shrK); Key K : analz (spies evs); evs: kerberos \|] \
10833 c0844a30ea4e `` -> ` and ``` -> `` nipkow parents: 9000 diff changeset	617	\ ==> Key K : analz (Key ` KK Un spies evs)";
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	618	by (blast_tac (claset() addDs [impOfSubs analz_mono]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	619	qed "analz_mono_KK";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	620
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	621	(For the Oops2 case of the next theorem)
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	622	Goal "[\| evs : kerberos; \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	623	\ Says Tgs A (Crypt AuthKey \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	624	\ {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	625	\ : set evs \|] \
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	626	\ ==> ~ KeyCryptKey ServKey SK evs";
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	627	by (blast_tac (claset() addDs [KeyCryptKeyI, KeyCryptKey_not_KeyCryptKey]) 1);
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	628	qed "Oops2_not_KeyCryptKey";
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	629
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	630
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	631	(* Big simplification law for keys SK that are not crypted by keys in KK *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	632	(* It helps prove three, otherwise hard, facts about keys. These facts are *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	633	(* exploited as simplification laws for analz, and also "limit the damage" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	634	(* in case of loss of a key to the spy. See ESORICS98. *)
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	635	(* [simplified by LCP] *)
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	636	Goal "evs : kerberos ==> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	637	\ (ALL SK KK. KK <= -(range shrK) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	638	\ (ALL K: KK. ~ KeyCryptKey K SK evs) --> \
10833 c0844a30ea4e `` -> ` and ``` -> `` nipkow parents: 9000 diff changeset	639	\ (Key SK : analz (Key`KK Un (spies evs))) = \
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	640	\ (SK : KK \| Key SK : analz (spies evs)))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	641	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	642	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	643	by (REPEAT_FIRST (rtac allI));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	644	by (REPEAT_FIRST (rtac (Key_analz_image_Key_lemma RS impI)));
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	645	(Case-splits for Oops1 & 5: the negated case simplifies using the ind hyp)
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	646	by (case_tac "KeyCryptKey AuthKey SK evsO1" 11);
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	647	by (case_tac "KeyCryptKey ServKey SK evs5" 8);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	648	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	649	(asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	650	(analz_image_freshK_ss addsimps
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	651	[KeyCryptKey_Says, shrK_not_KeyCryptKey, Oops2_not_KeyCryptKey,
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	652	Auth_fresh_not_KeyCryptKey, Serv_fresh_not_KeyCryptKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	653	Says_Tgs_KeyCryptKey, Spy_analz_shrK])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	654	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	655	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	656	(* Base + K2 done by the simplifier! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	657	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	658	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	659	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	660	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	661	addSDs [AuthKey_not_KeyCryptKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	662	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	663	by (case_tac "Key ServKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	664	(If ServKey is compromised then the result follows directly...)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	665	by (asm_simp_tac
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	666	(simpset() addsimps [analz_insert_eq,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	667	impOfSubs (Un_upper2 RS analz_mono)]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	668	(...therefore ServKey is uncompromised.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	669	(The KeyCryptKey ServKey SK evs5 case leads to a contradiction.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	670	by (blast_tac (claset() addSEs [ServKey_not_KeyCryptKey RSN(2, rev_notE)]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	671	addEs spies_partsEs delrules [allE, ballE]) 1);
8954 4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	672	( Level 13: Oops1 )
4fbdda40bb5f rewrote a very long proof (Key_analz_image_Key) because it had stopped working paulson parents: 8741 diff changeset	673	by (Asm_full_simp_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	674	by (blast_tac (claset() addSDs [KeyCryptKey_analz_insert]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	675	qed_spec_mp "Key_analz_image_Key";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	676
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	677
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	678	(* First simplification law for analz: no session keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	679	(* authentication keys or shared keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	680	Goal "[\| evs : kerberos; K : (AuthKeys evs) Un range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	681	\ SesKey ~: range shrK \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	682	\ ==> Key K : analz (insert (Key SesKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	683	\ (K = SesKey \| Key K : analz (spies evs))";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	684	by (ftac AuthKeys_are_not_KeyCryptKey 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	685	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	686	qed "analz_insert_freshK1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	687
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	688
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	689	(* Second simplification law for analz: no service keys encrypt *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	690	(* any other keys. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	691	Goal "[\| evs : kerberos; ServKey ~: (AuthKeys evs); ServKey ~: range shrK\|]\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	692	\ ==> Key K : analz (insert (Key ServKey) (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	693	\ (K = ServKey \| Key K : analz (spies evs))";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	694	by (ftac not_AuthKeys_not_KeyCryptKey 1
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	695	THEN assume_tac 1
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	696	THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	697	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	698	qed "analz_insert_freshK2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	699
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	700
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	701	(* Third simplification law for analz: only one authentication key *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	702	(* encrypts a certain service key. *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	703	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	704	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	705	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	706	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	707	\ AuthKey ~= AuthKey'; AuthKey' ~: range shrK; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	708	\ ==> Key ServKey : analz (insert (Key AuthKey') (spies evs)) = \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	709	\ (ServKey = AuthKey' \| Key ServKey : analz (spies evs))";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	710	by (dres_inst_tac [("AuthKey'","AuthKey'")] Says_Tgs_KeyCryptKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	711	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	712	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	713	by (asm_full_simp_tac (analz_image_freshK_ss addsimps [Key_analz_image_Key]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	714	qed "analz_insert_freshK3";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	715
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	716
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	717	(a weakness of the protocol)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	718	Goal "[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	719	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	720	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	721	\ Key AuthKey : analz (spies evs); evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	722	\ ==> Key ServKey : analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	723	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	724	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	725	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	726	qed "AuthKey_compromises_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	727
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	728
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	729	(******************** Guarantees for Kas ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	730	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	731	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	732	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	733	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	734	\ B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	735	\ ==> ServKey ~: AuthKeys evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	736	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	737	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	738	by (asm_full_simp_tac (simpset() addsimps [AuthKeys_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	739	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	740	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	741	by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs)));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	742	bind_thm ("ServKey_notin_AuthKeys", result() RSN (2, rev_notE));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	743	bind_thm ("ServKey_notin_AuthKeysD", result());
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	744
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	745
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	746	(** If Spy sees the Authentication Key sent in msg K2, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	747	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	748	Goal "[\| A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	749	\ ==> Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	750	\ (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	751	\ {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	752	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	753	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	754	\ Key AuthKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	755	\ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	756	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	757	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	758	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	759	(asm_simp_tac
8741 61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	760	(simpset() addsimps ([Says_Kas_message_form, less_SucI,
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	761	analz_insert_eq, not_parts_not_analz,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	762	analz_insert_freshK1] @ pushes))));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	763	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	764	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	765	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	766	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	767	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	768	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	769	by (blast_tac (claset() addSEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	770	(Level 8: K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	771	by (blast_tac (claset() addEs [ServKey_notin_AuthKeys]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	772	addDs [Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	773	Says_imp_spies RS parts.Inj]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	774	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	775	(Oops1)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	776	by (blast_tac (claset() addDs [unique_AuthKeys] addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	777	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	778	by (blast_tac (claset() addDs [Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	779	Says_Kas_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	780	val lemma = result() RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	781
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	782
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	783	Goal "[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	784	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	785	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	786	\ ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	787	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	788	\ ==> Key AuthKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	789	by (ftac Says_Kas_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	790	by (blast_tac (claset() addSDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	791	qed "Confidentiality_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	792
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	793
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	794
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	795
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	796
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	797
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	798	(******************** Guarantees for Tgs ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	799
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	800	(** If Spy sees the Service Key sent in msg K4, then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	801	the Key has expired **)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	802	Goal "[\| A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	803	\ ==> Key AuthKey ~: analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	804	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	805	\ (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	806	\ {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	807	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	808	\ : set evs --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	809	\ Key ServKey : analz (spies evs) --> \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	810	\ ExpirServ Tt evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	811	by (etac kerberos.induct 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	812	(*The Oops1 case is unusual: must simplify Authkey ~: analz (spies (ev#evs))
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	813	rather than weakening it to Authkey ~: analz (spies evs), for we then
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	814	conclude AuthKey ~= AuthKeya.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	815	by (Clarify_tac 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	816	by analz_sees_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	817	by (rotate_tac ~1 11);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	818	by (ALLGOALS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	819	(asm_full_simp_tac
8741 61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	820	(simpset() addsimps [less_SucI,
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	821	Says_Kas_message_form, Says_Tgs_message_form,
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	822	analz_insert_eq, not_parts_not_analz,
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	823	analz_insert_freshK1, analz_insert_freshK2]
61bc5ed22b62 removal of less_SucI, le_SucI from default simpset paulson parents: 7499 diff changeset	824	@ pushes)));
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	825	(Fake)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	826	by (spy_analz_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	827	(K2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	828	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	829	addIs [parts_insertI, impOfSubs analz_subset_parts, less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	830	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	831	by (case_tac "A ~= Aa" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	832	by (blast_tac (claset() addSEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	833	addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	834	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	835	A_trusts_AuthTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	836	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	837	impOfSubs analz_subset_parts]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	838	by (ALLGOALS Clarify_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	839	(Oops2)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	840	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	841	Key_unique_SesKey] addIs [less_SucI]) 3);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	842	( Level 12 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	843	(Oops1)
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	844	by (ftac Says_Kas_message_form 2);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	845	by (assume_tac 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	846	by (blast_tac (claset() addDs [analz_insert_freshK3,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	847	Says_Kas_message_form, Says_Tgs_message_form]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	848	addIs [less_SucI]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	849	( Level 16 )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	850	by (thin_tac "Says Aa Tgs ?X : set ?evs" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	851	by (forward_tac [Says_imp_spies RS parts.Inj RS ServKey_notin_AuthKeysD] 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	852	by (assume_tac 1 THEN Blast_tac 1 THEN assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	853	by (rotate_tac ~1 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	854	by (asm_full_simp_tac (simpset() addsimps [analz_insert_freshK2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	855	by (etac disjE 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	856	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	857	Key_unique_SesKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	858	by (blast_tac (claset() addIs [less_SucI]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	859	val lemma = result() RS mp RS mp RS mp RSN(1,rev_notE);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	860
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	861
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	862	(* In the real world Tgs can't check wheter AuthKey is secure! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	863	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	864	"[\| Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	865	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	866	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	867	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	868	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	869	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	870	\ ==> Key ServKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	871	by (ftac Says_Tgs_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	872	by (blast_tac (claset() addDs [lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	873	qed "Confidentiality_Tgs1";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	874
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	875	(* In the real world Tgs CAN check what Kas sends! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	876	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	877	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	878	\ (Crypt Ka {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	879	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	880	\ Says Tgs A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	881	\ (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	882	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	883	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	884	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	885	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	886	by (blast_tac (claset() addSDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	887	Confidentiality_Tgs1]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	888	qed "Confidentiality_Tgs2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	889
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	890	(Most general form)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	891	val Confidentiality_Tgs3 = A_trusts_AuthTicket RS Confidentiality_Tgs2;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	892
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	893
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	894	(******************** Guarantees for Alice ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	895
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	896	val Confidentiality_Auth_A = A_trusts_AuthKey RS Confidentiality_Kas;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	897
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	898	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	899	"[\| Says Kas A \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	900	\ (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) : set evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	901	\ Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	902	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	903	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	904	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	905	\==> Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	906	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	907	by (ftac Says_Kas_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	908	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	909	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	910	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	911	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	912	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	913	(K2 and K4 remain)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	914	by (blast_tac (claset() addEs spies_partsEs addSEs [MPair_parts]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	915	addSDs [unique_CryptKey]) 2);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	916	by (blast_tac (claset() addSDs [A_trusts_K4, Says_Tgs_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	917	AuthKeys_used]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	918	qed "A_trusts_K4_bis";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	919
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	920
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	921	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	922	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	923	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	924	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	925	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	926	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	927	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	928	by (dtac A_trusts_AuthKey 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	929	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	930	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	931	by (blast_tac (claset() addDs [Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	932	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	933	A_trusts_K4_bis, Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	934	qed "Confidentiality_Serv_A";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	935
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	936
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	937	(******************** Guarantees for Bob ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	938	(* Theorems for the refined model have suffix "refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	939
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	940	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	941	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	942	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	943	\ ==> EX Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	944	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	945	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	946	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	947	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	948	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	949	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	950	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	951	qed "K4_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	952
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	953	Goal
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	954	"[\| Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	955	\ : set evs; evs : kerberos\|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	956	\ ==> EX Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	957	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	958	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	959	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	960	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	961	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	962	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	963	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	964	A_trusts_AuthTicket]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	965	qed "K4_imp_K2_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	966
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	967	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	968	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	969	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	970	\==> EX AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	971	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	972	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	973	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	974	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	975	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	976	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	977	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	978	qed "B_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	979
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	980	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	981	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	982	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	983	\ ==> EX AuthKey Tk. Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	984	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	985	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	986	by (blast_tac (claset() addSDs [B_trusts_ServKey, K4_imp_K2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	987	qed "B_trusts_ServTicket_Kas";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	988
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	989	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	990	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	991	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	992	\ ==> EX AuthKey Tk. (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk,\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	993	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	994	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	995	\ & ServLife + Tt <= AuthLife + Tk)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	996	by (blast_tac (claset() addSDs [B_trusts_ServKey,K4_imp_K2_refined]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	997	qed "B_trusts_ServTicket_Kas_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	998
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	999	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1000	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1001	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1002	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1003	\ Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1004	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1005	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1006	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1007	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1008	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1009	by (ftac B_trusts_ServKey 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1010	by (etac exE 4);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1011	by (ftac K4_imp_K2 4);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1012	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1013	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1014	qed "B_trusts_ServTicket";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1015
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1016	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1017	\ : parts (spies evs); B ~= Tgs; B ~: bad; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1018	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1019	\==> EX Tk AuthKey. \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1020	\ (Says Kas A (Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1021	\ Crypt (shrK Tgs) {\|Agent A, Agent Tgs, Key AuthKey, Number Tk\|}\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1022	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1023	\ & Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1024	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1025	\ : set evs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1026	\ & ServLife + Tt <= AuthLife + Tk)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1027	by (ftac B_trusts_ServKey 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1028	by (etac exE 4);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1029	by (ftac K4_imp_K2_refined 4);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1030	by (Blast_tac 5);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1031	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1032	qed "B_trusts_ServTicket_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1033
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1034
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1035	Goal "[\| ~ ExpirServ Tt evs; ServLife + Tt <= AuthLife + Tk \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1036	\ ==> ~ ExpirAuth Tk evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1037	by (blast_tac (claset() addDs [leI,le_trans] addEs [leE]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1038	qed "NotExpirServ_NotExpirAuth_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1039
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1040
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1041	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1042	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1043	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1044	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1045	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1046	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1047	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1048	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1049	\ ==> Key ServKey ~: analz (spies evs)";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1050	by (ftac A_trusts_AuthKey 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1051	by (ftac Confidentiality_Kas 3);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1052	by (ftac B_trusts_ServTicket 6);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1053	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1054	by (etac exE 9);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1055	by (ftac Says_Kas_message_form 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1056	by (blast_tac (claset() addDs [A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1057	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1058	Confidentiality_Tgs2]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1059	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1060	(*
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1061	The proof above executes in 8 secs. It can be done in one command in 50 secs:
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1062	by (blast_tac (claset() addDs [A_trusts_AuthKey, A_trusts_K4,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1063	Says_Kas_message_form, B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1064	unique_ServKeys, unique_AuthKeys,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1065	Confidentiality_Kas,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1066	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1067	*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1068	qed "Confidentiality_B";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1069
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1070
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1071	(Most general form -- only for refined model! )
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1072	Goal "[\| Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1073	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1074	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1075	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1076	\ ==> Key ServKey ~: analz (spies evs)";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1077	by (blast_tac (claset() addDs [B_trusts_ServTicket_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1078	NotExpirServ_NotExpirAuth_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1079	Confidentiality_Tgs2]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1080	qed "Confidentiality_B_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1081
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1082
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1083	(******************** Authenticity theorems ***************************)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1084
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1085	(*1. Session Keys authenticity: they originated with servers.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1086
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1087	(Authenticity of AuthKey for A: "A_trusts_AuthKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1088
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1089	(Authenticity of ServKey for A: "A_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1090	Goal "[\| Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1091	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1092	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1093	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1094	\ ~ ExpirAuth Tk evs; A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1095	\==>Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1096	\ : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1097	by (ftac A_trusts_AuthKey 1 THEN assume_tac 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1098	by (blast_tac (claset() addDs [Confidentiality_Auth_A, A_trusts_K4_bis]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1099	qed "A_trusts_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1100	(Note: requires a temporal check)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1101
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1102
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1103	(Authenticity of ServKey for B: "B_trusts_ServKey")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1104
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1105	(***2. Parties authenticity: each party verifies "the identity of
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1106	another party who generated some data" (quoted from Neuman & Ts'o).***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1107
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1108	(*These guarantees don't assess whether two parties agree on
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1109	the same session key: sending a message containing a key
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1110	doesn't a priori state knowledge of the key.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1111
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1112	(*B checks authenticity of A: theorems "A_Authenticity",
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1113	"A_authenticity_refined" *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1114	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1115	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1116	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1117	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1118	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1119	\==> Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1120	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1121	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1122	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1123	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1124	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1125	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1126	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1127	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1128	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1129	(K3)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1130	by (blast_tac (claset() addEs spies_partsEs
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1131	addDs [A_trusts_AuthKey,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1132	Says_Kas_message_form,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1133	Says_Tgs_message_form]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1134	(K4)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1135	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1136	(K5)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1137	by (blast_tac (claset() addDs [Key_unique_SesKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1138	qed "Says_Auth";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1139
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1140	(The second assumption tells B what kind of key ServKey is.)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1141	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1142	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1143	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1144	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1145	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1146	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1147	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1148	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1149	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1150	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1151	\ Crypt ServKey {\|Agent A, Number Ta\|} \|} : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1152	by (ftac Confidentiality_B 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1153	by (ftac B_trusts_ServKey 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1154	by (etac exE 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1155	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1156	addSIs [Says_Auth]) 12);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1157	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1158	qed "A_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1159
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1160	(Stronger form in the refined model)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1161	Goal "[\| Crypt ServKey {\|Agent A, Number Ta2\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1162	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1163	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1164	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1165	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1166	\ ==> Says A B {\|Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|},\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1167	\ Crypt ServKey {\|Agent A, Number Ta2\|} \|} : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1168	by (ftac Confidentiality_B_refined 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1169	by (ftac B_trusts_ServKey 6);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1170	by (etac exE 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1171	by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1172	addSIs [Says_Auth]) 9);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1173	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1174	qed "A_Authenticity_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1175
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1176
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1177	(A checks authenticity of B: theorem "B_authenticity")
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1178
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1179	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1180	\ Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1181	\ ServTicket\|}) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1182	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1183	\ A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1184	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1185	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1186	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1187	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1188	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1189	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1190	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1191	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1192	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1193	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1194	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1195	by (Clarify_tac 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1196	by (ftac Says_Tgs_message_form 1 THEN assume_tac 1);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1197	by (Clarify_tac 1); (PROOF FAILED if omitted)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1198	by (blast_tac (claset() addDs [unique_CryptKey] addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1199	qed "Says_K6";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1200
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1201	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1202	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1203	\ Key AuthKey ~: analz (spies evs); AuthKey ~: range shrK; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1204	\ evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1205	\ ==> EX A. Says Tgs A (Crypt AuthKey {\|Key ServKey, Agent B, T, ServTicket\|})\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1206	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1207	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1208	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1209	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1210	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1211	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1212	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1213	qed "K4_trustworthy";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1214
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1215	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1216	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1217	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1218	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1219	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1220	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1221	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1222	\ ==> Says B A (Crypt ServKey (Number Ta)) : set evs";
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1223	by (ftac A_trusts_AuthKey 1);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1224	by (ftac Says_Kas_message_form 3);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1225	by (ftac Confidentiality_Kas 4);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1226	by (ftac K4_trustworthy 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1227	by (Blast_tac 8);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1228	by (etac exE 9);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1229	by (ftac K4_imp_K2 9);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1230	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, Key_unique_SesKey]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1231	addSIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1232	addSEs [Confidentiality_Tgs1 RSN (2,rev_notE)]) 10);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1233	by (ALLGOALS assume_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1234	qed "B_Authenticity";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1235
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1236
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1237	(***3. Parties' knowledge of session keys. A knows a session key if she
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1238	used it to build a cipher.***)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1239
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1240	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1241	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1242	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1243	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1244	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1245	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1246	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1247	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1248	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1249	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1250	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1251	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1252	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1253	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1254	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1255	by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib])));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1256	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1257	(K6 requires numerous lemmas)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1258	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1259	by (blast_tac (claset() addDs [B_trusts_ServTicket,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1260	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1261	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1262	addIs [Says_K6]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1263	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1264	qed "B_Knows_B_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1265	(*Key ServKey ~: analz (spies evs) could be relaxed by Confidentiality_B
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1266	but this is irrelevant because B knows what he knows! *)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1267
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1268	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1269	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1270	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1271	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1272	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1273	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1274	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1275	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1276	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1277	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1278	by (blast_tac (claset() addSDs [Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1279	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1280	qed "B_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1281
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1282	Goal "[\| Says B A (Crypt ServKey (Number Ta)) : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1283	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1284	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1285	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1286	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1287	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1288	by (blast_tac (claset() addSDs [Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1289	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1290	qed "B_Knows_B_Knows_ServKey_refined";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1291
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1292
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1293	Goal "[\| Crypt ServKey (Number Ta) : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1294	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1295	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1296	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1297	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1298	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1299	\ A ~: bad; B ~: bad; B ~= Tgs; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1300	\ ==> B Issues A with (Crypt ServKey (Number Ta)) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1301	by (blast_tac (claset() addSDs [B_Authenticity, Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1302	B_Knows_B_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1303	qed "A_Knows_B_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1304
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1305	Goal "[\| Says A Tgs \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1306	\ {\|AuthTicket, Crypt AuthKey {\|Agent A, Number Ta\|}, Agent B\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1307	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1308	\ A ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1309	\ ==> EX Tk. Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1310	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1311	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1312	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1313	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1314	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1315	by (Blast_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1316	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1317	A_trusts_AuthKey]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1318	qed "K3_imp_K2";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1319
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1320	Goal "[\| Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1321	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1322	\ Says Kas A (Crypt (shrK A) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1323	\ {\|Key AuthKey, Agent Tgs, Tk, AuthTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1324	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1325	\ Key AuthKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1326	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1327	\ ==> Says Tgs A (Crypt AuthKey \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1328	\ {\|Key ServKey, Agent B, Number Tt, ServTicket\|}) \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1329	\ : set evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1330	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1331	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1332	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1333	by (parts_induct_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1334	by (Fake_parts_insert_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1335	by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1336	by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj RS parts.Fst RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1337	A_trusts_AuthTicket, unique_AuthKeys]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1338	qed "K4_trustworthy'";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1339
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1340	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1341	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1342	\ Key ServKey ~: analz (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1343	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1344	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1345	by (simp_tac (simpset() addsimps [Issues_def]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1346	by (rtac exI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1347	by (rtac conjI 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1348	by (assume_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1349	by (Simp_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1350	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1351	by (etac rev_mp 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1352	by (etac kerberos.induct 1);
7499 23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1353	by (ftac Says_ticket_in_parts_spies 5);
23e090051cb8 isatool expandshort; wenzelm parents: 7494 diff changeset	1354	by (ftac Says_ticket_in_parts_spies 7);
6452 6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1355	by (REPEAT (FIRSTGOAL analz_mono_contra_tac));
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1356	by (ALLGOALS Asm_simp_tac);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1357	by (Clarify_tac 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1358	(K6)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1359	by Auto_tac;
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1360	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1361	(*Level 15: case study necessary because the assumption doesn't state
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1362	the form of ServTicket. The guarantee becomes stronger.*)
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1363	by (case_tac "Key AuthKey : analz (spies evs5)" 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1364	by (force_tac (claset() addDs [Says_imp_spies RS analz.Inj RS
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1365	analz.Decrypt RS analz.Fst],
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1366	simpset()) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1367	by (blast_tac (claset() addDs [K3_imp_K2, K4_trustworthy',
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1368	impOfSubs parts_spies_takeWhile_mono,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1369	impOfSubs parts_spies_evs_revD2]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1370	addIs [Says_Auth]
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1371	addEs spies_partsEs) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1372	by (asm_full_simp_tac (simpset() addsimps [takeWhile_tail]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1373	qed "A_Knows_A_Knows_ServKey_lemma";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1374
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1375	Goal "[\| Says A B {\|ServTicket, Crypt ServKey {\|Agent A, Number Ta\|}\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1376	\ : set evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1377	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1378	\ : parts (spies evs);\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1379	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|}\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1380	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1381	\ ~ ExpirAuth Tk evs; ~ ExpirServ Tt evs;\
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1382	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1383	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1384	by (blast_tac (claset() addSDs [Confidentiality_Serv_A,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1385	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1386	qed "A_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1387
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1388	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1389	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1390	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1391	\ Crypt AuthKey {\|Key ServKey, Agent B, Number Tt, ServTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1392	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1393	\ Crypt (shrK A) {\|Key AuthKey, Agent Tgs, Number Tk, AuthTicket\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1394	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1395	\ ~ ExpirServ Tt evs; ~ ExpirAuth Tk evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1396	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1397	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1398	by (blast_tac (claset() addDs [A_Authenticity, Confidentiality_B,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1399	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1400	qed "B_Knows_A_Knows_ServKey";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1401
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1402
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1403	Goal "[\| Crypt ServKey {\|Agent A, Number Ta\|} : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1404	\ Crypt (shrK B) {\|Agent A, Agent B, Key ServKey, Number Tt\|} \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1405	\ : parts (spies evs); \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1406	\ ~ ExpirServ Tt evs; \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1407	\ B ~= Tgs; A ~: bad; B ~: bad; evs : kerberos \|] \
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1408	\ ==> A Issues B with (Crypt ServKey {\|Agent A, Number Ta\|}) on evs";
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1409	by (blast_tac (claset() addDs [A_Authenticity_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1410	Confidentiality_B_refined,
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1411	A_Knows_A_Knows_ServKey_lemma]) 1);
6a1b393ccdc0 addition of Kerberos IV example paulson parents: diff changeset	1412	qed "B_Knows_A_Knows_ServKey_refined";

author	paulson
	Tue, 13 Feb 2001 13:16:27 +0100
changeset 11104	f2024fed9f0c
parent 10833	c0844a30ea4e
child 11185	1b737b4c2108
permissions	-rw-r--r--