equal
deleted
inserted
replaced
1 (* Title: HOL/Auth/Yahalom |
1 (* Title: HOL/Auth/Yahalom |
2 ID: $Id$ |
2 ID: $Id$ |
3 Author: Lawrence C Paulson, Cambridge University Computer Laboratory |
3 Author: Lawrence C Paulson, Cambridge University Computer Laboratory |
4 Copyright 1996 University of Cambridge |
4 Copyright 1996 University of Cambridge |
5 |
5 |
6 Inductive relation "otway" for the Yahalom protocol. |
6 Inductive relation "yahalom" for the Yahalom protocol. |
7 |
7 |
8 From page 257 of |
8 From page 257 of |
9 Burrows, Abadi and Needham. A Logic of Authentication. |
9 Burrows, Abadi and Needham. A Logic of Authentication. |
10 Proc. Royal Soc. 426 (1989) |
10 Proc. Royal Soc. 426 (1989) |
11 *) |
11 *) |
111 |
111 |
112 bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D); |
112 bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D); |
113 AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D]; |
113 AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D]; |
114 |
114 |
115 |
115 |
116 (*Nobody can have used non-existent keys!*) |
116 (*Nobody can have used non-existent keys! Needed to apply analz_insert_Key*) |
117 goal thy "!!evs. evs : yahalom lost ==> \ |
117 goal thy "!!evs. evs : yahalom lost ==> \ |
118 \ Key K ~: used evs --> K ~: keysFor (parts (sees lost Spy evs))"; |
118 \ Key K ~: used evs --> K ~: keysFor (parts (sees lost Spy evs))"; |
119 by parts_induct_tac; |
119 by parts_induct_tac; |
120 (*YM4: Key K is not fresh!*) |
120 (*YM4: Key K is not fresh!*) |
121 by (blast_tac (!claset addSEs sees_Spy_partsEs) 3); |
121 by (blast_tac (!claset addSEs sees_Spy_partsEs) 3); |
266 (*Oops*) |
266 (*Oops*) |
267 by (blast_tac (!claset addDs [unique_session_keys]) 1); |
267 by (blast_tac (!claset addDs [unique_session_keys]) 1); |
268 val lemma = result() RS mp RS mp RSN(2,rev_notE); |
268 val lemma = result() RS mp RS mp RSN(2,rev_notE); |
269 |
269 |
270 |
270 |
271 (*Final version: Server's message in the most abstract form*) |
271 (*Final version*) |
272 goal thy |
272 goal thy |
273 "!!evs. [| Says Server A \ |
273 "!!evs. [| Says Server A \ |
274 \ {|Crypt (shrK A) {|Agent B, Key K, NA, NB|}, \ |
274 \ {|Crypt (shrK A) {|Agent B, Key K, NA, NB|}, \ |
275 \ Crypt (shrK B) {|Agent A, Key K|}|} \ |
275 \ Crypt (shrK B) {|Agent A, Key K|}|} \ |
276 \ : set_of_list evs; \ |
276 \ : set_of_list evs; \ |
280 by (forward_tac [Says_Server_message_form] 1 THEN assume_tac 1); |
280 by (forward_tac [Says_Server_message_form] 1 THEN assume_tac 1); |
281 by (blast_tac (!claset addSEs [lemma]) 1); |
281 by (blast_tac (!claset addSEs [lemma]) 1); |
282 qed "Spy_not_see_encrypted_key"; |
282 qed "Spy_not_see_encrypted_key"; |
283 |
283 |
284 |
284 |
|
285 (*And other agents don't see the key either.*) |
285 goal thy |
286 goal thy |
286 "!!evs. [| C ~: {A,B,Server}; \ |
287 "!!evs. [| C ~: {A,B,Server}; \ |
287 \ Says Server A \ |
288 \ Says Server A \ |
288 \ {|Crypt (shrK A) {|Agent B, Key K, NA, NB|}, \ |
289 \ {|Crypt (shrK A) {|Agent B, Key K, NA, NB|}, \ |
289 \ Crypt (shrK B) {|Agent A, Key K|}|} \ |
290 \ Crypt (shrK B) {|Agent A, Key K|}|} \ |