60 |
64 |
61 (*Spy never sees another agent's shared key! (unless it's bad at start)*) |
65 (*Spy never sees another agent's shared key! (unless it's bad at start)*) |
62 goal thy |
66 goal thy |
63 "!!evs. evs : woolam ==> (Key (shrK A) : parts (spies evs)) = (A : bad)"; |
67 "!!evs. evs : woolam ==> (Key (shrK A) : parts (spies evs)) = (A : bad)"; |
64 by (parts_induct_tac 1); |
68 by (parts_induct_tac 1); |
65 by (Fake_parts_insert_tac 1); |
69 by (Blast_tac 1); |
66 qed "Spy_see_shrK"; |
70 qed "Spy_see_shrK"; |
67 Addsimps [Spy_see_shrK]; |
71 Addsimps [Spy_see_shrK]; |
68 |
72 |
69 goal thy |
73 goal thy |
70 "!!evs. evs : woolam ==> (Key (shrK A) : analz (spies evs)) = (A : bad)"; |
74 "!!evs. evs : woolam ==> (Key (shrK A) : analz (spies evs)) = (A : bad)"; |
71 by (auto_tac(claset() addDs [impOfSubs analz_subset_parts], simpset())); |
75 by (Auto_tac()); |
72 qed "Spy_analz_shrK"; |
76 qed "Spy_analz_shrK"; |
73 Addsimps [Spy_analz_shrK]; |
77 Addsimps [Spy_analz_shrK]; |
74 |
78 |
75 goal thy "!!A. [| Key (shrK A) : parts (spies evs); \ |
79 AddSDs [Spy_see_shrK RSN (2, rev_iffD1), |
76 \ evs : woolam |] ==> A:bad"; |
80 Spy_analz_shrK RSN (2, rev_iffD1)]; |
77 by (blast_tac (claset() addDs [Spy_see_shrK]) 1); |
|
78 qed "Spy_see_shrK_D"; |
|
79 |
|
80 bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D); |
|
81 AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D]; |
|
82 |
81 |
83 |
82 |
84 (**** Autheticity properties for Woo-Lam ****) |
83 (**** Autheticity properties for Woo-Lam ****) |
85 |
84 |
86 |
85 |
87 (*** WL4 ***) |
86 (*** WL4 ***) |
88 |
87 |
89 (*If the encrypted message appears then it originated with Alice*) |
88 (*If the encrypted message appears then it originated with Alice*) |
90 goal thy |
89 goal thy |
91 "!!evs. [| A ~: bad; evs : woolam |] \ |
90 "!!evs. [| Crypt (shrK A) (Nonce NB) : parts (spies evs); \ |
92 \ ==> Crypt (shrK A) (Nonce NB) : parts (spies evs) \ |
91 \ A ~: bad; evs : woolam |] \ |
93 \ --> (EX B. Says A B (Crypt (shrK A) (Nonce NB)) : set evs)"; |
92 \ ==> EX B. Says A B (Crypt (shrK A) (Nonce NB)) : set evs"; |
|
93 by (etac rev_mp 1); |
94 by (parts_induct_tac 1); |
94 by (parts_induct_tac 1); |
95 by (Fake_parts_insert_tac 1); |
95 by (ALLGOALS Blast_tac); |
96 by (Blast_tac 1); |
96 qed "NB_Crypt_imp_Alice_msg"; |
97 qed_spec_mp "NB_Crypt_imp_Alice_msg"; |
|
98 |
97 |
99 (*Guarantee for Server: if it gets a message containing a certificate from |
98 (*Guarantee for Server: if it gets a message containing a certificate from |
100 Alice, then she originated that certificate. But we DO NOT know that B |
99 Alice, then she originated that certificate. But we DO NOT know that B |
101 ever saw it: the Spy may have rerouted the message to the Server.*) |
100 ever saw it: the Spy may have rerouted the message to the Server.*) |
102 goal thy |
101 goal thy |
103 "!!evs. [| A ~: bad; evs : woolam; \ |
102 "!!evs. [| Says B' Server {|Agent A, Agent B, Crypt (shrK A) (Nonce NB)|} \ |
104 \ Says B' Server {|Agent A, Agent B, Crypt (shrK A) (Nonce NB)|} \ |
103 \ : set evs; \ |
105 \ : set evs |] \ |
104 \ A ~: bad; evs : woolam |] \ |
106 \ ==> EX B. Says A B (Crypt (shrK A) (Nonce NB)) : set evs"; |
105 \ ==> EX B. Says A B (Crypt (shrK A) (Nonce NB)) : set evs"; |
107 by (blast_tac (claset() addSIs [NB_Crypt_imp_Alice_msg] |
106 by (blast_tac (claset() addSIs [NB_Crypt_imp_Alice_msg]) 1); |
108 addSEs [MPair_parts] |
|
109 addDs [Says_imp_spies RS parts.Inj]) 1); |
|
110 qed "Server_trusts_WL4"; |
107 qed "Server_trusts_WL4"; |
|
108 |
|
109 AddDs [Server_trusts_WL4]; |
111 |
110 |
112 |
111 |
113 (*** WL5 ***) |
112 (*** WL5 ***) |
114 |
113 |
115 (*Server sent WL5 only if it received the right sort of message*) |
114 (*Server sent WL5 only if it received the right sort of message*) |
116 goal thy |
115 goal thy |
117 "!!evs. evs : woolam ==> \ |
116 "!!evs. [| Says Server B (Crypt (shrK B) {|Agent A, NB|}) : set evs; \ |
118 \ Says Server B (Crypt (shrK B) {|Agent A, NB|}) : set evs \ |
117 \ evs : woolam |] \ |
119 \ --> (EX B'. Says B' Server {|Agent A, Agent B, Crypt (shrK A) NB|} \ |
118 \ ==> EX B'. Says B' Server {|Agent A, Agent B, Crypt (shrK A) NB|} \ |
120 \ : set evs)"; |
119 \ : set evs"; |
|
120 by (etac rev_mp 1); |
121 by (parts_induct_tac 1); |
121 by (parts_induct_tac 1); |
122 by (Fake_parts_insert_tac 1); |
|
123 by (ALLGOALS Blast_tac); |
122 by (ALLGOALS Blast_tac); |
124 bind_thm ("Server_sent_WL5", result() RSN (2, rev_mp)); |
123 qed "Server_sent_WL5"; |
125 |
124 |
|
125 AddDs [Server_sent_WL5]; |
126 |
126 |
127 (*If the encrypted message appears then it originated with the Server!*) |
127 (*If the encrypted message appears then it originated with the Server!*) |
128 goal thy |
128 goal thy |
129 "!!evs. [| B ~: bad; evs : woolam |] \ |
129 "!!evs. [| Crypt (shrK B) {|Agent A, NB|} : parts (spies evs); \ |
130 \ ==> Crypt (shrK B) {|Agent A, NB|} : parts (spies evs) \ |
130 \ B ~: bad; evs : woolam |] \ |
131 \ --> Says Server B (Crypt (shrK B) {|Agent A, NB|}) : set evs"; |
131 \ ==> Says Server B (Crypt (shrK B) {|Agent A, NB|}) : set evs"; |
|
132 by (etac rev_mp 1); |
132 by (parts_induct_tac 1); |
133 by (parts_induct_tac 1); |
133 by (Fake_parts_insert_tac 1); |
134 by (Blast_tac 1); |
134 qed_spec_mp "NB_Crypt_imp_Server_msg"; |
135 qed_spec_mp "NB_Crypt_imp_Server_msg"; |
135 |
|
136 (*Partial guarantee for B: if it gets a message of correct form then the Server |
|
137 sent the same message.*) |
|
138 goal thy |
|
139 "!!evs. [| Says S B (Crypt (shrK B) {|Agent A, NB|}) : set evs; \ |
|
140 \ B ~: bad; evs : woolam |] \ |
|
141 \ ==> Says Server B (Crypt (shrK B) {|Agent A, NB|}) : set evs"; |
|
142 by (blast_tac (claset() addSIs [NB_Crypt_imp_Server_msg] |
|
143 addDs [Says_imp_spies RS parts.Inj]) 1); |
|
144 qed "B_got_WL5"; |
|
145 |
136 |
146 (*Guarantee for B. If B gets the Server's certificate then A has encrypted |
137 (*Guarantee for B. If B gets the Server's certificate then A has encrypted |
147 the nonce using her key. This event can be no older than the nonce itself. |
138 the nonce using her key. This event can be no older than the nonce itself. |
148 But A may have sent the nonce to some other agent and it could have reached |
139 But A may have sent the nonce to some other agent and it could have reached |
149 the Server via the Spy.*) |
140 the Server via the Spy.*) |
150 goal thy |
141 goal thy |
151 "!!evs. [| Says S B (Crypt (shrK B) {|Agent A, Nonce NB|}): set evs; \ |
142 "!!evs. [| Says S B (Crypt (shrK B) {|Agent A, Nonce NB|}): set evs; \ |
152 \ A ~: bad; B ~: bad; evs : woolam |] \ |
143 \ A ~: bad; B ~: bad; evs : woolam |] \ |
153 \ ==> EX B. Says A B (Crypt (shrK A) (Nonce NB)) : set evs"; |
144 \ ==> EX B. Says A B (Crypt (shrK A) (Nonce NB)) : set evs"; |
154 by (blast_tac (claset() addIs [Server_trusts_WL4] |
145 by (blast_tac (claset() addSDs [NB_Crypt_imp_Server_msg]) 1); |
155 addSDs [B_got_WL5 RS Server_sent_WL5]) 1); |
|
156 qed "B_trusts_WL5"; |
146 qed "B_trusts_WL5"; |
157 |
147 |
158 |
148 |
159 (*B only issues challenges in response to WL1. Useful??*) |
149 (*B only issues challenges in response to WL1. Not used.*) |
160 goal thy |
150 goal thy |
161 "!!evs. [| B ~= Spy; evs : woolam |] \ |
151 "!!evs. [| Says B A (Nonce NB) : set evs; B ~= Spy; evs : woolam |] \ |
162 \ ==> Says B A (Nonce NB) : set evs \ |
152 \ ==> EX A'. Says A' B (Agent A) : set evs"; |
163 \ --> (EX A'. Says A' B (Agent A) : set evs)"; |
153 by (etac rev_mp 1); |
164 by (parts_induct_tac 1); |
154 by (parts_induct_tac 1); |
165 by (Fake_parts_insert_tac 1); |
|
166 by (ALLGOALS Blast_tac); |
155 by (ALLGOALS Blast_tac); |
167 bind_thm ("B_said_WL2", result() RSN (2, rev_mp)); |
156 qed "B_said_WL2"; |
168 |
157 |
169 |
158 |
170 (**CANNOT be proved because A doesn't know where challenges come from... |
159 (**CANNOT be proved because A doesn't know where challenges come from... |
171 goal thy |
160 goal thy |
172 "!!evs. [| A ~: bad; B ~= Spy; evs : woolam |] \ |
161 "!!evs. [| A ~: bad; B ~= Spy; evs : woolam |] \ |
173 \ ==> Crypt (shrK A) (Nonce NB) : parts (spies evs) & \ |
162 \ ==> Crypt (shrK A) (Nonce NB) : parts (spies evs) & \ |
174 \ Says B A (Nonce NB) : set evs \ |
163 \ Says B A (Nonce NB) : set evs \ |
175 \ --> Says A B (Crypt (shrK A) (Nonce NB)) : set evs"; |
164 \ --> Says A B (Crypt (shrK A) (Nonce NB)) : set evs"; |
176 by (parts_induct_tac 1); |
165 by (parts_induct_tac 1); |
177 by (Fake_parts_insert_tac 1); |
166 by (Blast_tac 1); |
178 by Safe_tac; |
167 by Safe_tac; |
179 by (blast_tac (claset() addSEs partsEs) 1); |
|
180 **) |
168 **) |