equal
deleted
inserted
replaced
3 Copyright 2002 University of Cambridge |
3 Copyright 2002 University of Cambridge |
4 |
4 |
5 Incorporating Lowe's fix (inclusion of B's identity in round 2). |
5 Incorporating Lowe's fix (inclusion of B's identity in round 2). |
6 *) |
6 *) |
7 |
7 |
8 section{*Needham-Schroeder-Lowe Public-Key Protocol*} |
8 section\<open>Needham-Schroeder-Lowe Public-Key Protocol\<close> |
9 |
9 |
10 theory Guard_NS_Public imports Guard_Public begin |
10 theory Guard_NS_Public imports Guard_Public begin |
11 |
11 |
12 subsection{*messages used in the protocol*} |
12 subsection\<open>messages used in the protocol\<close> |
13 |
13 |
14 abbreviation (input) |
14 abbreviation (input) |
15 ns1 :: "agent => agent => nat => event" where |
15 ns1 :: "agent => agent => nat => event" where |
16 "ns1 A B NA == Says A B (Crypt (pubK B) {|Nonce NA, Agent A|})" |
16 "ns1 A B NA == Says A B (Crypt (pubK B) {|Nonce NA, Agent A|})" |
17 |
17 |
30 abbreviation (input) |
30 abbreviation (input) |
31 ns3 :: "agent => agent => nat => event" where |
31 ns3 :: "agent => agent => nat => event" where |
32 "ns3 A B NB == Says A B (Crypt (pubK B) (Nonce NB))" |
32 "ns3 A B NB == Says A B (Crypt (pubK B) (Nonce NB))" |
33 |
33 |
34 |
34 |
35 subsection{*definition of the protocol*} |
35 subsection\<open>definition of the protocol\<close> |
36 |
36 |
37 inductive_set nsp :: "event list set" |
37 inductive_set nsp :: "event list set" |
38 where |
38 where |
39 |
39 |
40 Nil: "[]:nsp" |
40 Nil: "[]:nsp" |
47 ns2 B A NA NB # evs2:nsp" |
47 ns2 B A NA NB # evs2:nsp" |
48 |
48 |
49 | NS3: "!!A B B' NA NB evs3. [| evs3:nsp; ns1 A B NA:set evs3; ns2' B' B A NA NB:set evs3 |] ==> |
49 | NS3: "!!A B B' NA NB evs3. [| evs3:nsp; ns1 A B NA:set evs3; ns2' B' B A NA NB:set evs3 |] ==> |
50 ns3 A B NB # evs3:nsp" |
50 ns3 A B NB # evs3:nsp" |
51 |
51 |
52 subsection{*declarations for tactics*} |
52 subsection\<open>declarations for tactics\<close> |
53 |
53 |
54 declare knows_Spy_partsEs [elim] |
54 declare knows_Spy_partsEs [elim] |
55 declare Fake_parts_insert [THEN subsetD, dest] |
55 declare Fake_parts_insert [THEN subsetD, dest] |
56 declare initState.simps [simp del] |
56 declare initState.simps [simp del] |
57 |
57 |
58 subsection{*general properties of nsp*} |
58 subsection\<open>general properties of nsp\<close> |
59 |
59 |
60 lemma nsp_has_no_Gets: "evs:nsp ==> ALL A X. Gets A X ~:set evs" |
60 lemma nsp_has_no_Gets: "evs:nsp ==> ALL A X. Gets A X ~:set evs" |
61 by (erule nsp.induct, auto) |
61 by (erule nsp.induct, auto) |
62 |
62 |
63 lemma nsp_is_Gets_correct [iff]: "Gets_correct nsp" |
63 lemma nsp_is_Gets_correct [iff]: "Gets_correct nsp" |
75 |
75 |
76 lemma nsp_is_regular [iff]: "regular nsp" |
76 lemma nsp_is_regular [iff]: "regular nsp" |
77 apply (simp only: regular_def, clarify) |
77 apply (simp only: regular_def, clarify) |
78 by (erule nsp.induct, auto simp: initState.simps knows.simps) |
78 by (erule nsp.induct, auto simp: initState.simps knows.simps) |
79 |
79 |
80 subsection{*nonce are used only once*} |
80 subsection\<open>nonce are used only once\<close> |
81 |
81 |
82 lemma NA_is_uniq [rule_format]: "evs:nsp ==> |
82 lemma NA_is_uniq [rule_format]: "evs:nsp ==> |
83 Crypt (pubK B) {|Nonce NA, Agent A|}:parts (spies evs) |
83 Crypt (pubK B) {|Nonce NA, Agent A|}:parts (spies evs) |
84 --> Crypt (pubK B') {|Nonce NA, Agent A'|}:parts (spies evs) |
84 --> Crypt (pubK B') {|Nonce NA, Agent A'|}:parts (spies evs) |
85 --> Nonce NA ~:analz (spies evs) --> A=A' & B=B'" |
85 --> Nonce NA ~:analz (spies evs) --> A=A' & B=B'" |
104 --> Crypt (pubK A') {|Nonce NA', Nonce NB, Agent B'|}:parts (spies evs) |
104 --> Crypt (pubK A') {|Nonce NA', Nonce NB, Agent B'|}:parts (spies evs) |
105 --> Nonce NB ~:analz (spies evs) --> A=A' & B=B' & NA=NA'" |
105 --> Nonce NB ~:analz (spies evs) --> A=A' & B=B' & NA=NA'" |
106 apply (erule nsp.induct, simp_all) |
106 apply (erule nsp.induct, simp_all) |
107 by (blast intro: analz_insertI)+ |
107 by (blast intro: analz_insertI)+ |
108 |
108 |
109 subsection{*guardedness of NA*} |
109 subsection\<open>guardedness of NA\<close> |
110 |
110 |
111 lemma ns1_imp_Guard [rule_format]: "[| evs:nsp; A ~:bad; B ~:bad |] ==> |
111 lemma ns1_imp_Guard [rule_format]: "[| evs:nsp; A ~:bad; B ~:bad |] ==> |
112 ns1 A B NA:set evs --> Guard NA {priK A,priK B} (spies evs)" |
112 ns1 A B NA:set evs --> Guard NA {priK A,priK B} (spies evs)" |
113 apply (erule nsp.induct) |
113 apply (erule nsp.induct) |
114 (* Nil *) |
114 (* Nil *) |
131 apply (case_tac "NB=NA", clarify) |
131 apply (case_tac "NB=NA", clarify) |
132 apply (drule Guard_Nonce_analz, simp+) |
132 apply (drule Guard_Nonce_analz, simp+) |
133 apply (drule Says_imp_knows_Spy)+ |
133 apply (drule Says_imp_knows_Spy)+ |
134 by (drule no_Nonce_NS1_NS2, auto) |
134 by (drule no_Nonce_NS1_NS2, auto) |
135 |
135 |
136 subsection{*guardedness of NB*} |
136 subsection\<open>guardedness of NB\<close> |
137 |
137 |
138 lemma ns2_imp_Guard [rule_format]: "[| evs:nsp; A ~:bad; B ~:bad |] ==> |
138 lemma ns2_imp_Guard [rule_format]: "[| evs:nsp; A ~:bad; B ~:bad |] ==> |
139 ns2 B A NA NB:set evs --> Guard NB {priK A,priK B} (spies evs)" |
139 ns2 B A NA NB:set evs --> Guard NB {priK A,priK B} (spies evs)" |
140 apply (erule nsp.induct) |
140 apply (erule nsp.induct) |
141 (* Nil *) |
141 (* Nil *) |
161 apply (drule_tac A=Aa and A'=A in NB_is_uniq) |
161 apply (drule_tac A=Aa and A'=A in NB_is_uniq) |
162 apply auto[1] |
162 apply auto[1] |
163 apply (auto simp add: guard.No_Nonce) |
163 apply (auto simp add: guard.No_Nonce) |
164 done |
164 done |
165 |
165 |
166 subsection{*Agents' Authentication*} |
166 subsection\<open>Agents' Authentication\<close> |
167 |
167 |
168 lemma B_trusts_NS1: "[| evs:nsp; A ~:bad; B ~:bad |] ==> |
168 lemma B_trusts_NS1: "[| evs:nsp; A ~:bad; B ~:bad |] ==> |
169 Crypt (pubK B) {|Nonce NA, Agent A|}:parts (spies evs) |
169 Crypt (pubK B) {|Nonce NA, Agent A|}:parts (spies evs) |
170 --> Nonce NA ~:analz (spies evs) --> ns1 A B NA:set evs" |
170 --> Nonce NA ~:analz (spies evs) --> ns1 A B NA:set evs" |
171 apply (erule nsp.induct, simp_all) |
171 apply (erule nsp.induct, simp_all) |