equal
deleted
inserted
replaced
51 qed "Oops_parts_spies"; |
51 qed "Oops_parts_spies"; |
52 |
52 |
53 (*For proving the easier theorems about X ~: parts (spies evs).*) |
53 (*For proving the easier theorems about X ~: parts (spies evs).*) |
54 fun parts_induct_tac i = |
54 fun parts_induct_tac i = |
55 etac kerberos_ban.induct i THEN |
55 etac kerberos_ban.induct i THEN |
56 forward_tac [Oops_parts_spies] (i+6) THEN |
56 ftac Oops_parts_spies (i+6) THEN |
57 forward_tac [Kb3_msg_in_parts_spies] (i+4) THEN |
57 ftac Kb3_msg_in_parts_spies (i+4) THEN |
58 prove_simple_subgoals_tac i; |
58 prove_simple_subgoals_tac i; |
59 |
59 |
60 |
60 |
61 (*Spy never sees another agent's shared key! (unless it's bad at start)*) |
61 (*Spy never sees another agent's shared key! (unless it's bad at start)*) |
62 Goal "evs : kerberos_ban ==> (Key (shrK A) : parts (spies evs)) = (A : bad)"; |
62 Goal "evs : kerberos_ban ==> (Key (shrK A) : parts (spies evs)) = (A : bad)"; |
158 qed "Says_S_message_form"; |
158 qed "Says_S_message_form"; |
159 |
159 |
160 |
160 |
161 (*For proofs involving analz.*) |
161 (*For proofs involving analz.*) |
162 val analz_spies_tac = |
162 val analz_spies_tac = |
163 forward_tac [Says_Server_message_form] 7 THEN |
163 ftac Says_Server_message_form 7 THEN |
164 forward_tac [Says_S_message_form] 5 THEN |
164 ftac Says_S_message_form 5 THEN |
165 REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE] ORELSE' hyp_subst_tac); |
165 REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE] ORELSE' hyp_subst_tac); |
166 |
166 |
167 |
167 |
168 (**** |
168 (**** |
169 The following is to prove theorems of the form |
169 The following is to prove theorems of the form |
264 Goal "[| Says Server A \ |
264 Goal "[| Says Server A \ |
265 \ (Crypt K' {|Number T, Agent B, Key K, X|}) : set evs; \ |
265 \ (Crypt K' {|Number T, Agent B, Key K, X|}) : set evs; \ |
266 \ ~ Expired T evs; \ |
266 \ ~ Expired T evs; \ |
267 \ A ~: bad; B ~: bad; evs : kerberos_ban \ |
267 \ A ~: bad; B ~: bad; evs : kerberos_ban \ |
268 \ |] ==> Key K ~: analz (spies evs)"; |
268 \ |] ==> Key K ~: analz (spies evs)"; |
269 by (forward_tac [Says_Server_message_form] 1 THEN assume_tac 1); |
269 by (ftac Says_Server_message_form 1 THEN assume_tac 1); |
270 by (blast_tac (claset() addIs [lemma2]) 1); |
270 by (blast_tac (claset() addIs [lemma2]) 1); |
271 qed "Confidentiality_S"; |
271 qed "Confidentiality_S"; |
272 |
272 |
273 (**** THE COUNTERPART OF CONFIDENTIALITY |
273 (**** THE COUNTERPART OF CONFIDENTIALITY |
274 [|...; Expired Ts evs; ...|] ==> Key K : analz (spies evs) |
274 [|...; Expired Ts evs; ...|] ==> Key K : analz (spies evs) |
302 \ Says Server A (Crypt (shrK A) {|Number Ts, Agent B, Key K, X|}) \ |
302 \ Says Server A (Crypt (shrK A) {|Number Ts, Agent B, Key K, X|}) \ |
303 \ : set evs --> \ |
303 \ : set evs --> \ |
304 \ Crypt K (Number Ta) : parts (spies evs) --> \ |
304 \ Crypt K (Number Ta) : parts (spies evs) --> \ |
305 \ Says B A (Crypt K (Number Ta)) : set evs"; |
305 \ Says B A (Crypt K (Number Ta)) : set evs"; |
306 by (etac kerberos_ban.induct 1); |
306 by (etac kerberos_ban.induct 1); |
307 by (forward_tac [Says_S_message_form] 5 THEN assume_tac 5); |
307 by (ftac Says_S_message_form 5 THEN assume_tac 5); |
308 by (dtac Kb3_msg_in_parts_spies 5); |
308 by (dtac Kb3_msg_in_parts_spies 5); |
309 by (forward_tac [Oops_parts_spies] 7); |
309 by (ftac Oops_parts_spies 7); |
310 by (REPEAT (FIRSTGOAL analz_mono_contra_tac)); |
310 by (REPEAT (FIRSTGOAL analz_mono_contra_tac)); |
311 by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib]))); |
311 by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib]))); |
312 (**LEVEL 6**) |
312 (**LEVEL 6**) |
313 by (Blast_tac 1); |
313 by (Blast_tac 1); |
314 by (Clarify_tac 1); |
314 by (Clarify_tac 1); |
347 \ : set evs --> \ |
347 \ : set evs --> \ |
348 \ Crypt K {|Agent A, Number Ta|} : parts (spies evs) -->\ |
348 \ Crypt K {|Agent A, Number Ta|} : parts (spies evs) -->\ |
349 \ Says A B {|X, Crypt K {|Agent A, Number Ta|}|} \ |
349 \ Says A B {|X, Crypt K {|Agent A, Number Ta|}|} \ |
350 \ : set evs"; |
350 \ : set evs"; |
351 by (etac kerberos_ban.induct 1); |
351 by (etac kerberos_ban.induct 1); |
352 by (forward_tac [Says_S_message_form] 5 THEN assume_tac 5); |
352 by (ftac Says_S_message_form 5 THEN assume_tac 5); |
353 by (forward_tac [Kb3_msg_in_parts_spies] 5); |
353 by (ftac Kb3_msg_in_parts_spies 5); |
354 by (forward_tac [Oops_parts_spies] 7); |
354 by (ftac Oops_parts_spies 7); |
355 by (REPEAT (FIRSTGOAL analz_mono_contra_tac)); |
355 by (REPEAT (FIRSTGOAL analz_mono_contra_tac)); |
356 by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib]))); |
356 by (ALLGOALS (asm_simp_tac (simpset() addsimps [all_conj_distrib]))); |
357 (**LEVEL 6**) |
357 (**LEVEL 6**) |
358 by (Blast_tac 1); |
358 by (Blast_tac 1); |
359 by (Clarify_tac 1); |
359 by (Clarify_tac 1); |