19 |
19 |
20 |
20 |
21 (*A "possibility property": there are traces that reach the end*) |
21 (*A "possibility property": there are traces that reach the end*) |
22 goal thy |
22 goal thy |
23 "!!A B. [| A ~= B; A ~= Server; B ~= Server |] \ |
23 "!!A B. [| A ~= B; A ~= Server; B ~= Server |] \ |
24 \ ==> EX K. EX NA. EX evs: otway. \ |
24 \ ==> EX K. EX NA. EX evs: otway. \ |
25 \ Says B A (Crypt (shrK A) {|Nonce NA, Agent A, Agent B, Key K|}) \ |
25 \ Says B A (Crypt (shrK A) {|Nonce NA, Agent A, Agent B, Key K|}) \ |
26 \ : set evs"; |
26 \ : set evs"; |
27 by (REPEAT (resolve_tac [exI,bexI] 1)); |
27 by (REPEAT (resolve_tac [exI,bexI] 1)); |
28 by (rtac (otway.Nil RS otway.OR1 RS otway.OR2 RS otway.OR3 RS otway.OR4) 2); |
28 by (rtac (otway.Nil RS otway.OR1 RS otway.OR2 RS otway.OR3 RS otway.OR4) 2); |
29 by possibility_tac; |
29 by possibility_tac; |
123 goal thy |
123 goal thy |
124 "!!evs. [| Says Server B \ |
124 "!!evs. [| Says Server B \ |
125 \ {|Crypt (shrK A) {|NA, Agent A, Agent B, Key K|}, \ |
125 \ {|Crypt (shrK A) {|NA, Agent A, Agent B, Key K|}, \ |
126 \ Crypt (shrK B) {|NB, Agent A, Agent B, Key K|}|} \ |
126 \ Crypt (shrK B) {|NB, Agent A, Agent B, Key K|}|} \ |
127 \ : set evs; \ |
127 \ : set evs; \ |
128 \ evs : otway |] \ |
128 \ evs : otway |] \ |
129 \ ==> K ~: range shrK & (EX i. NA = Nonce i) & (EX j. NB = Nonce j)"; |
129 \ ==> K ~: range shrK & (EX i. NA = Nonce i) & (EX j. NB = Nonce j)"; |
130 by (etac rev_mp 1); |
130 by (etac rev_mp 1); |
131 by (etac otway.induct 1); |
131 by (etac otway.induct 1); |
132 by (ALLGOALS Asm_simp_tac); |
132 by (ALLGOALS Asm_simp_tac); |
133 by (Blast_tac 1); |
133 by (Blast_tac 1); |
181 |
181 |
182 |
182 |
183 (*** The Key K uniquely identifies the Server's message. **) |
183 (*** The Key K uniquely identifies the Server's message. **) |
184 |
184 |
185 goal thy |
185 goal thy |
186 "!!evs. evs : otway ==> \ |
186 "!!evs. evs : otway ==> \ |
187 \ EX A' B' NA' NB'. ALL A B NA NB. \ |
187 \ EX A' B' NA' NB'. ALL A B NA NB. \ |
188 \ Says Server B \ |
188 \ Says Server B \ |
189 \ {|Crypt (shrK A) {|NA, Agent A, Agent B, K|}, \ |
189 \ {|Crypt (shrK A) {|NA, Agent A, Agent B, K|}, \ |
190 \ Crypt (shrK B) {|NB, Agent A, Agent B, K|}|} : set evs \ |
190 \ Crypt (shrK B) {|NB, Agent A, Agent B, K|}|} : set evs \ |
191 \ --> A=A' & B=B' & NA=NA' & NB=NB'"; |
191 \ --> A=A' & B=B' & NA=NA' & NB=NB'"; |
192 by (etac otway.induct 1); |
192 by (etac otway.induct 1); |
193 by (ALLGOALS (asm_simp_tac (!simpset addsimps [all_conj_distrib]))); |
193 by (ALLGOALS (asm_simp_tac (!simpset addsimps [all_conj_distrib]))); |
256 (** Crucial secrecy property: Spy does not see the keys sent in msg OR3 |
256 (** Crucial secrecy property: Spy does not see the keys sent in msg OR3 |
257 Does not in itself guarantee security: an attack could violate |
257 Does not in itself guarantee security: an attack could violate |
258 the premises, e.g. by having A=Spy **) |
258 the premises, e.g. by having A=Spy **) |
259 |
259 |
260 goal thy |
260 goal thy |
261 "!!evs. [| A ~: lost; B ~: lost; evs : otway |] \ |
261 "!!evs. [| A ~: lost; B ~: lost; evs : otway |] \ |
262 \ ==> Says Server B \ |
262 \ ==> Says Server B \ |
263 \ {|Crypt (shrK A) {|NA, Agent A, Agent B, Key K|}, \ |
263 \ {|Crypt (shrK A) {|NA, Agent A, Agent B, Key K|}, \ |
264 \ Crypt (shrK B) {|NB, Agent A, Agent B, Key K|}|} \ |
264 \ Crypt (shrK B) {|NB, Agent A, Agent B, Key K|}|} \ |
265 \ : set evs --> \ |
265 \ : set evs --> \ |
266 \ Says B Spy {|NA, NB, Key K|} ~: set evs --> \ |
266 \ Says B Spy {|NA, NB, Key K|} ~: set evs --> \ |
267 \ Key K ~: analz (sees Spy evs)"; |
267 \ Key K ~: analz (sees Spy evs)"; |
268 by (etac otway.induct 1); |
268 by (etac otway.induct 1); |
269 by analz_sees_tac; |
269 by analz_sees_tac; |
270 by (ALLGOALS |
270 by (ALLGOALS |
271 (asm_simp_tac (!simpset addcongs [conj_cong] |
271 (asm_simp_tac (!simpset addcongs [conj_cong] |