scyther/testing/protocols/misc/bunava-1-3.spdl

75 lines
1.4 KiB
Plaintext
Raw Normal View History

2006-11-21 13:40:50 +00:00
# Buttyan Nagy Vajda protocol 1 (3-party)
#
# Modelled after the description in the paper
# "Efficient multi-party challenge-response protocols for entity
# authentication"
#
# Attacks:
# Does not satisfy ni-agree, because when Alice in the R0 role terminates
# it cannot be sure that the agent in role R1 is aware of having sent a
# reply for Alice.
# R0 type flaw attack exists in which there are only two agents active.
#
secret k: Function;
protocol intruderhelp(Swap)
{
role Swap
{
var T: Ticket;
var R0,R1: Agent;
2012-05-02 22:26:41 +01:00
recv_!1(Swap,Swap, { T }k(R0,R1) );
send_!2(Swap,Swap, { T }k(R1,R0) );
2006-11-21 13:40:50 +00:00
}
}
protocol bunava13(R0,R1,R2)
{
role R0
{
fresh n0: Nonce;
2006-11-21 13:40:50 +00:00
var n1,n2: Nonce;
send_1(R0,R1, n0);
2012-05-02 22:26:41 +01:00
recv_3(R2,R0, n2,{R2,n1,R1,n0}k(R0,R2) );
2006-11-21 13:40:50 +00:00
send_4(R0,R1, {R0,n2,R2,n1}k(R0,R1) );
claim_A1(R0, Niagree);
claim_A2(R0, Nisynch);
}
role R1
{
fresh n1: Nonce;
2006-11-21 13:40:50 +00:00
var n0,n2: Nonce;
2012-05-02 22:26:41 +01:00
recv_1(R0,R1, n0);
2006-11-21 13:40:50 +00:00
send_2(R1,R2, n1,{R1,n0}k(R1,R2) );
2012-05-02 22:26:41 +01:00
recv_4(R0,R1, {R0,n2,R2,n1}k(R0,R1) );
2006-11-21 13:40:50 +00:00
send_5(R1,R2, {R1,R0,n2}k(R1,R2) );
claim_B1(R1, Niagree);
claim_B2(R1, Nisynch);
}
role R2
{
fresh n2: Nonce;
2006-11-21 13:40:50 +00:00
var n0,n1: Nonce;
2012-05-02 22:26:41 +01:00
recv_2(R1,R2, n1,{R1,n0}k(R1,R2) );
2006-11-21 13:40:50 +00:00
send_3(R2,R0, n2,{R2,n1,R1,n0}k(R0,R2) );
2012-05-02 22:26:41 +01:00
recv_5(R1,R2, {R1,R0,n2}k(R1,R2) );
2006-11-21 13:40:50 +00:00
claim_C1(R2, Niagree);
claim_C2(R2, Nisynch);
}
}
# General scenario, 2 parallel runs of the protocol