Next: Conclusion Up: A semantics for BAN Previous: Protocols

Correctness of protocols

Our aim now is to prove that if ${\cal C}$ can be derived in our logic from ${\cal A}$ together with (some yet-to-be-defined logic translation of) ${\cal P}$ , then $\models \spec{{\cal A}}{{\cal P}}{{\cal C}}$ holds. From that we can conclude a rectified version, so that we know that participants in protocols draw correct conclusions.

As we have seen, the sending of a message is modelled by adding the message to the sender's $\Once$ set of messages once-said, and to the receiver's $\Sees$ set of messages seen, and then to apply the closure as mentioned in section 4. We now define the logical equivalent of this:

$\begin{definition} For an action $\send{P}{Q}{X}$, i.e., the sending of a messag... ...l P}_1} \union \predprot{{\cal P}_2}\end{array}\end{displaymath}\end{definition}$

$\begin{lemma} For all actions $\mbox{$a$}$: $\models \spec{\emptyset}{\mbox{$a$}}{\predprot{\mbox{$a$}}}$\end{lemma}$

Proof Let $\mbox{$a$}$ be $\send{P}{Q}{X}$ .
$\begin{calc} \xpr{\models \spec{\emptyset}{\send{P}{Q}{X}}{\predprot{\send{P}{Q}... ...Q\becomes\Sees_Q\union\{X\}]) \models P \oncesaid X \land Q \sees X}\end{calc}$
Now let s be any state, and put $s' = \closure(s[\Once_P\becomes\Once_P\union\{X\},\, \Sees_Q\becomes\Sees_Q\union\{X\}])$ .We have
$\begin{calc} \xpr{X \in \Once_P\union\{X\} \land X \in \Sees\union\{X\}} \z{\Rig... ...aid$\space and $\sees$} \xpr{s' \models P \oncesaid X \land Q \sees X}\end{calc}$
$\fbox {\vphantom{\tiny .}}$

$\begin{definition} For a collection of predicates ${\cal A}$\space and a protoc... ...nion \predprot{a}) \allows {\cal P} \end{array}\end{displaymath}\end{definition}$

$\begin{lemma} If ${\cal A} \allows a$, then $\rectify{{\cal A}} \allows a$.\end{lemma}$

Proof We prove $\rectify{{\cal A}} \allows \send{P}{Q}{X}$ from ${\cal A} \allows \send{P}{Q}{X}$ with induction on X .

$\begin{outcase} % latex2html id marker 922 \mbox{\bf Case}~\mbox{\rm $\encrypt{X... ...rectify{{\cal A}} \allows \send{P}{Q}{\encrypt{X}{K}{R}}}\end{calc}\end{outcase}$

$\begin{outcase} % latex2html id marker 1040 \mbox{\bf Case}~\mbox{\rm $(X,Y)$:} ... ...\allows$} \xpr{\rectify{{\cal A}} \allows \send{P}{Q}{X}}\end{calc}\end{outcase}$

$\fbox {\vphantom{\tiny .}}$

$\begin{definition} We define {\em positive} formulas as the least set such that:... ...x{not containing unbound variables.}\end{array}\end{displaymath}\end{definition}$
This is extended to finite sets of formulas: ${\cal F}$ is positive whenever the formula $\bigwedge{\cal F}$ is.

$\begin{lemma} If ${\cal A} \union \predprot{a}$\space is positive and ${\cal A} \allows a$, then $\models \spec{{\cal A}}{a}{{\cal A}}$\end{lemma}$

This follows immediately from the following lemma:

$\begin{lemma} If ${\cal A} \allows a$, ${\cal A} \derives \phi$ and $\phi$\space positive, then $\models \spec{{\cal A}}{a}{\phi}$\end{lemma}$

The proof of this lemma can be found in the appendix.

$\begin{lemma} \begin{quote} \noindent If ${\cal A} \union \predprot{a}$\space po... ...then $\models \spec{{\cal A}}{a}{{\cal A}, \predprot{a}}$.\end{quote}\end{lemma}$

$\begin{proof} % latex2html id marker 1183 This follows now directly from Lemmas~\ref{spec-cup}, \ref{spec-more} and \ref{spec-same}.\end{proof}$

$\begin{definition} We define a collection of predicates ${\cal A}$\space to be {... ...ollection ${\cal A}'$ such that ${\cal A}=\rectify{{\cal A}'}$.\end{definition}$
The following lemma follows immediately from the definition of safe.
$\begin{lemma} If ${\cal A}$\space is positive, then $\rectify{{\cal A}}$\space is safe.\end{lemma}$
We now formulate Lemma 23 for the weaker requirement of ${\cal A}$ being safe, rather than positive.

$\begin{lemma} $\mbox{If } {\cal A} \union \predprot{a} \nomath{safe and} {\cal A} \allows a\mbox{, then } \models \spec{{\cal A}}{a}{{\cal A}}$\end{lemma}$

The proof of this lemma can be found in the appendix.

$\begin{lemma} \begin{quote} \noindent If ${\cal A} \union \predprot{a}$\space sa... ...then $\models \spec{{\cal A}}{a}{{\cal A}, \predprot{a}}$.\end{quote}\end{lemma}$

$\begin{proof} % latex2html id marker 1227 This follows now directly from Lemmas~\ref{spec-cup}, \ref{spec-more} and \ref{spec-same}. \end{proof}$

$\begin{theorem} If ${\cal A}\union\predprot{{\cal P}}$\space safe, ${\cal A} \a... ...ves {\cal C}$, then $\models \spec{{\cal A}}{{\cal P}}{{\cal C}}$.\end{theorem}$

$\begin{proof} % latex2html id marker 1245 We prove the theorem by induction on t... ...xpr{\models \spec{{\cal A}}{\mbox{$a$};{\cal P}}{{\cal C}}}\end{calc}\end{proof}$

From Theorem 9 our main theorem now follows: a proof of a specification in the logic indeed ensures the right conclusions of the principals during the protocol.

$\begin{theorem} If ${\cal A} \union \predprot{{\cal P}}$\space positive, ${\cal ... ... $\models \spec{\rectify{{\cal A}}}{{\cal P}}{\rectify{{\cal C}}}$.\end{theorem}$

$\begin{proof} % latex2html id marker 1335 Let ${\cal A} \union \predprot{{\cal P... ...$ (Lemma~\ref{rect-derive}). Now we can apply Theorem~\ref{th-main}.\end{proof}$

Next: Conclusion Up: A semantics for BAN Previous: Protocols