134 lines
3.8 KiB
Plaintext
134 lines
3.8 KiB
Plaintext
(*
|
|
(C) Copyright Andreas Viktor Hess, DTU, 2020
|
|
(C) Copyright Sebastian A. Mödersheim, DTU, 2020
|
|
(C) Copyright Achim D. Brucker, University of Exeter, 2020
|
|
(C) Copyright Anders Schlichtkrull, DTU, 2020
|
|
|
|
All Rights Reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions are
|
|
met:
|
|
|
|
- Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
|
|
- Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
- Neither the name of the copyright holder nor the names of its
|
|
contributors may be used to endorse or promote products
|
|
derived from this software without specific prior written
|
|
permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*)
|
|
|
|
(* Title: Keyserver.thy
|
|
Author: Andreas Viktor Hess, DTU
|
|
Author: Sebastian A. Mödersheim, DTU
|
|
Author: Achim D. Brucker, University of Exeter
|
|
Author: Anders Schlichtkrull, DTU
|
|
*)
|
|
|
|
section\<open>The Keyserver Protocol\<close>
|
|
theory Keyserver
|
|
imports "../PSPSP"
|
|
begin
|
|
|
|
declare [[code_timing]]
|
|
|
|
trac\<open>
|
|
Protocol: keyserver
|
|
|
|
Types:
|
|
honest = {a,b,c}
|
|
server = {s}
|
|
agents = honest ++ server
|
|
|
|
Sets:
|
|
ring/1 valid/2 revoked/2
|
|
|
|
Functions:
|
|
Public sign/2 crypt/2 pair/2
|
|
Private inv/1
|
|
|
|
Analysis:
|
|
sign(X,Y) -> Y
|
|
crypt(X,Y) ? inv(X) -> Y
|
|
pair(X,Y) -> X,Y
|
|
|
|
Transactions:
|
|
# Out-of-band registration
|
|
outOfBand(A:honest,S:server)
|
|
new NPK
|
|
insert NPK ring(A)
|
|
insert NPK valid(A,S)
|
|
send NPK.
|
|
|
|
# User update key
|
|
keyUpdateUser(A:honest,PK:value)
|
|
PK in ring(A)
|
|
new NPK
|
|
delete PK ring(A)
|
|
insert NPK ring(A)
|
|
send sign(inv(PK),pair(A,NPK)).
|
|
|
|
# Server update key
|
|
keyUpdateServer(A:honest,S:server,PK:value,NPK:value)
|
|
receive sign(inv(PK),pair(A,NPK))
|
|
PK in valid(A,S)
|
|
NPK notin valid(_)
|
|
NPK notin revoked(_)
|
|
delete PK valid(A,S)
|
|
insert PK revoked(A,S)
|
|
insert NPK valid(A,S)
|
|
send inv(PK).
|
|
|
|
# Attack definition
|
|
authAttack(A:honest,S:server,PK:value)
|
|
receive inv(PK)
|
|
PK in valid(A,S)
|
|
attack.
|
|
\<close>\<open>
|
|
val(ring(A)) where A:honest
|
|
sign(inv(val(0)),pair(A,val(ring(A)))) where A:honest
|
|
inv(val(revoked(A,S))) where A:honest S:server
|
|
pair(A,val(ring(A))) where A:honest
|
|
|
|
occurs(val(ring(A))) where A:honest
|
|
|
|
timplies(val(ring(A)),val(ring(A),valid(A,S))) where A:honest S:server
|
|
timplies(val(ring(A)),val(0)) where A:honest
|
|
timplies(val(ring(A),valid(A,S)),val(valid(A,S))) where A:honest S:server
|
|
timplies(val(0),val(valid(A,S))) where A:honest S:server
|
|
timplies(val(valid(A,S)),val(revoked(A,S))) where A:honest S:server
|
|
\<close>
|
|
|
|
|
|
subsection \<open>Proof of security\<close>
|
|
protocol_model_setup spm: keyserver
|
|
compute_SMP [optimized] keyserver_protocol keyserver_SMP
|
|
manual_protocol_security_proof ssp: keyserver
|
|
for keyserver_protocol keyserver_fixpoint keyserver_SMP
|
|
apply check_protocol_intro
|
|
subgoal by code_simp
|
|
subgoal by code_simp
|
|
subgoal by code_simp
|
|
subgoal by code_simp
|
|
subgoal by code_simp
|
|
done
|
|
|
|
end
|