scyther/gui/Protocols/ISO-9798/isoiec-9798-2-6.spdl

/*
 * Modeled from ISO/IEC 9798
 * Modeler: Cas Cremers, Dec. 2010
 *
 * symmetric
 * ttp
 * five-pass
 * mutual
 *
 * MPA Attack reported by Mathuria:
 * - Type flaw MPA when in parallel with Abadi-Needham protocol.
 *
 */
protocol isoiec-9798-2-6(A,B,P)
{
	role A
	{
		var Rb: Nonce;
		fresh Ra,Rpa: Nonce;
		var Kab: SessionKey;
		var T: Ticket;
		fresh Text2,Text6,Text7: Ticket;
		var Text1,Text4,Text5,Text8,Text9: Ticket;

		recv_1(B,A, Rb, Text1);
		send_2(A,P, Ra, Rb, B, Text2);
		recv_3(P,A, Text5, {Ra,Kab,B,Text4}k(A,P), T );
		claim(A,Running,B,Kab,Text6);
		send_4(A,B, Text7, T, {Rpa,Rb,Text6}Kab );
		recv_5(B,A, Text9, {Rb,Rpa,Text8}Kab );

		claim(A,Commit,B,Kab,Text6,Text8);
		claim(A,Secret,Kab);
		claim(A,Secret,Text6);
		claim(A,Secret,Text8);
		claim(A,Alive);
		claim(A,Weakagree);
	}
	role B
	{
		fresh Rb: Nonce;
		var Rpa: Nonce;
		var Kab: SessionKey;
		fresh Text1,Text8,Text9: Ticket;
		var Text3,Text6,Text7: Ticket;

		send_1(B,A, Rb, Text1);
		recv_4(A,B, Text7, {Rb,Kab,A,Text3}k(B,P), {Rpa,Rb,Text6}Kab );
		claim(B,Running,A,Kab,Text6,Text8);
		send_5(B,A, Text9, {Rb,Rpa,Text8}Kab );
		
		claim(B,Commit,A,Kab,Text6);
		claim(B,Secret,Kab);
		claim(B,Secret,Text6);
		claim(B,Secret,Text8);
		claim(B,Alive);
		claim(B,Weakagree);
	}
	role P
	{
		var Ra, Rb: Nonce;
		fresh Kab: SessionKey;
		fresh Text3,Text4,Text5: Ticket;
		var Text2: Ticket;

		recv_2(A,P, Ra, Rb, B, Text2);
		send_3(P,A, Text5, {Ra,Kab,B,Text4}k(A,P),
				  {Rb,Kab,A,Text3}k(B,P) );
	}
}

protocol @keysymm26(A,B,P)
{
	role A
	{
		var TVPN: Nonce;
		var Kab: SessionKey;
		var Text: Ticket;

		recv_!1(B,A, { TVPN, Kab, B, Text }k(P,A) );
		send_!2(A,B, { TVPN, Kab, B, Text }k(A,P) );
	}
	role B
	{
	}
	role P
	{
	}
}
Added ISO/IEC 9798 models. 2012-11-15 11:10:06 +00:00			`/*`
			`* Modeled from ISO/IEC 9798`
			`* Modeler: Cas Cremers, Dec. 2010`
			`*`
			`* symmetric`
			`* ttp`
			`* five-pass`
			`* mutual`
			`*`
			`* MPA Attack reported by Mathuria:`
			`* - Type flaw MPA when in parallel with Abadi-Needham protocol.`
			`*`
			`*/`
			`protocol isoiec-9798-2-6(A,B,P)`
			`{`
			`role A`
			`{`
			`var Rb: Nonce;`
			`fresh Ra,Rpa: Nonce;`
			`var Kab: SessionKey;`
			`var T: Ticket;`
			`fresh Text2,Text6,Text7: Ticket;`
			`var Text1,Text4,Text5,Text8,Text9: Ticket;`

			`recv_1(B,A, Rb, Text1);`
			`send_2(A,P, Ra, Rb, B, Text2);`
			`recv_3(P,A, Text5, {Ra,Kab,B,Text4}k(A,P), T );`
			`claim(A,Running,B,Kab,Text6);`
			`send_4(A,B, Text7, T, {Rpa,Rb,Text6}Kab );`
			`recv_5(B,A, Text9, {Rb,Rpa,Text8}Kab );`

			`claim(A,Commit,B,Kab,Text6,Text8);`
			`claim(A,Secret,Kab);`
			`claim(A,Secret,Text6);`
			`claim(A,Secret,Text8);`
			`claim(A,Alive);`
			`claim(A,Weakagree);`
			`}`
			`role B`
			`{`
			`fresh Rb: Nonce;`
			`var Rpa: Nonce;`
			`var Kab: SessionKey;`
			`fresh Text1,Text8,Text9: Ticket;`
			`var Text3,Text6,Text7: Ticket;`

			`send_1(B,A, Rb, Text1);`
			`recv_4(A,B, Text7, {Rb,Kab,A,Text3}k(B,P), {Rpa,Rb,Text6}Kab );`
			`claim(B,Running,A,Kab,Text6,Text8);`
			`send_5(B,A, Text9, {Rb,Rpa,Text8}Kab );`

			`claim(B,Commit,A,Kab,Text6);`
			`claim(B,Secret,Kab);`
			`claim(B,Secret,Text6);`
			`claim(B,Secret,Text8);`
			`claim(B,Alive);`
			`claim(B,Weakagree);`
			`}`
			`role P`
			`{`
			`var Ra, Rb: Nonce;`
			`fresh Kab: SessionKey;`
			`fresh Text3,Text4,Text5: Ticket;`
			`var Text2: Ticket;`

			`recv_2(A,P, Ra, Rb, B, Text2);`
			`send_3(P,A, Text5, {Ra,Kab,B,Text4}k(A,P),`
			`{Rb,Kab,A,Text3}k(B,P) );`
			`}`
			`}`

			`protocol @keysymm26(A,B,P)`
			`{`
			`role A`
			`{`
			`var TVPN: Nonce;`
			`var Kab: SessionKey;`
			`var Text: Ticket;`

			`recv_!1(B,A, { TVPN, Kab, B, Text }k(P,A) );`
			`send_!2(A,B, { TVPN, Kab, B, Text }k(A,P) );`
			`}`
			`role B`
			`{`
			`}`
			`role P`
			`{`
			`}`
			`}`