afp-mirror
/
Automated_Stateful_Protocol_Verification
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Automated_Stateful_Protocol.../Automated_Stateful_Protocol.../examples/Keyserver.thy

134 lines
3.8 KiB
Plaintext
Raw Blame History

(*
(C) Copyright Andreas Viktor Hess, DTU, 2020
(C) Copyright Sebastian A. Mödersheim, DTU, 2020
(C) Copyright Achim D. Brucker, University of Exeter, 2020
(C) Copyright Anders Schlichtkrull, DTU, 2020
All Rights Reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
- Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
- Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products
derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*)
(* Title: Keyserver.thy
Author: Andreas Viktor Hess, DTU
Author: Sebastian A. Mödersheim, DTU
Author: Achim D. Brucker, University of Exeter
Author: Anders Schlichtkrull, DTU
*)
section\<open>The Keyserver Protocol\<close>
theory Keyserver
imports "../PSPSP"
begin
declare [[code_timing]]
trac\<open>
Protocol: keyserver
Types:
honest = {a,b,c}
server = {s}
agents = honest ++ server
Sets:
ring/1 valid/2 revoked/2
Functions:
Public sign/2 crypt/2 pair/2
Private inv/1
Analysis:
sign(X,Y) -> Y
crypt(X,Y) ? inv(X) -> Y
pair(X,Y) -> X,Y
Transactions:
# Out-of-band registration
outOfBand(A:honest,S:server)
new NPK
insert NPK ring(A)
insert NPK valid(A,S)
send NPK.
# User update key
keyUpdateUser(A:honest,PK:value)
PK in ring(A)
new NPK
delete PK ring(A)
insert NPK ring(A)
send sign(inv(PK),pair(A,NPK)).
# Server update key
keyUpdateServer(A:honest,S:server,PK:value,NPK:value)
receive sign(inv(PK),pair(A,NPK))
PK in valid(A,S)
NPK notin valid(_)
NPK notin revoked(_)
delete PK valid(A,S)
insert PK revoked(A,S)
insert NPK valid(A,S)
send inv(PK).
# Attack definition
authAttack(A:honest,S:server,PK:value)
receive inv(PK)
PK in valid(A,S)
attack.
\<close>\<open>
val(ring(A)) where A:honest
sign(inv(val(0)),pair(A,val(ring(A)))) where A:honest
inv(val(revoked(A,S))) where A:honest S:server
pair(A,val(ring(A))) where A:honest
occurs(val(ring(A))) where A:honest
timplies(val(ring(A)),val(ring(A),valid(A,S))) where A:honest S:server
timplies(val(ring(A)),val(0)) where A:honest
timplies(val(ring(A),valid(A,S)),val(valid(A,S))) where A:honest S:server
timplies(val(0),val(valid(A,S))) where A:honest S:server
timplies(val(valid(A,S)),val(revoked(A,S))) where A:honest S:server
\<close>
subsection \<open>Proof of security\<close>
protocol_model_setup spm: keyserver
compute_SMP [optimized] keyserver_protocol keyserver_SMP
manual_protocol_security_proof ssp: keyserver
for keyserver_protocol keyserver_fixpoint keyserver_SMP
apply check_protocol_intro
subgoal by code_simp
subgoal by code_simp
subgoal by code_simp
subgoal by code_simp
subgoal by code_simp
done
end
Reference in New Issue View Git Blame Copy Permalink