scyther/protocols/misc/bunava-1-3.spdl

# Buttyan Nagy Vajda protocol 1 (3-party)
#
# Modelled after the description in the paper
# "Efficient multi-party challenge-response protocols for entity
# authentication"
#
# Attacks:
# Does not satisfy ni-agree, because when Alice in the R0 role terminates
# it cannot be sure that the agent in role R1 is aware of having sent a
# reply for Alice.
# R0 type flaw attack exists in which there are only two agents active.
#

secret k: Function;

protocol intruderhelp(Swap)
{
    role Swap
    {
        var T: Ticket;
	var R0,R1: Agent;

	read_!1(Swap,Swap, { T }k(R0,R1) );
	send_!2(Swap,Swap, { T }k(R1,R0) );
    }
}

protocol bunava13(R0,R1,R2)
{
    role R0
    {
        fresh n0: Nonce;
	var n1,n2: Nonce;

	send_1(R0,R1, n0);
	read_3(R2,R0, n2,{R2,n1,R1,n0}k(R0,R2) );
	send_4(R0,R1, {R0,n2,R2,n1}k(R0,R1) );

	claim_A1(R0, Niagree);
	claim_A2(R0, Nisynch);
    }

    role R1
    {
        fresh n1: Nonce;
	var n0,n2: Nonce;

	read_1(R0,R1, n0);
	send_2(R1,R2, n1,{R1,n0}k(R1,R2) );
	read_4(R0,R1, {R0,n2,R2,n1}k(R0,R1) );
	send_5(R1,R2, {R1,R0,n2}k(R1,R2) );

	claim_B1(R1, Niagree);
	claim_B2(R1, Nisynch);
    }

    role R2
    {
        fresh n2: Nonce;
	var n0,n1: Nonce;

	read_2(R1,R2, n1,{R1,n0}k(R1,R2) );
	send_3(R2,R0, n2,{R2,n1,R1,n0}k(R0,R2) );
	read_5(R1,R2, {R1,R0,n2}k(R1,R2) );

	claim_C1(R2, Niagree);
	claim_C2(R2, Nisynch);
    }
}


# General scenario, 2 parallel runs of the protocol
- Added protocols 2006-11-21 13:40:50 +00:00			`# Buttyan Nagy Vajda protocol 1 (3-party)`
			`#`
			`# Modelled after the description in the paper`
			`# "Efficient multi-party challenge-response protocols for entity`
			`# authentication"`
			`#`
			`# Attacks:`
			`# Does not satisfy ni-agree, because when Alice in the R0 role terminates`
			`# it cannot be sure that the agent in role R1 is aware of having sent a`
			`# reply for Alice.`
			`# R0 type flaw attack exists in which there are only two agents active.`
			`#`

			`secret k: Function;`

			`protocol intruderhelp(Swap)`
			`{`
			`role Swap`
			`{`
			`var T: Ticket;`
			`var R0,R1: Agent;`

- Scanned protocols for new obligatory check. 2007-01-29 15:05:15 +00:00			`read_!1(Swap,Swap, { T }k(R0,R1) );`
			`send_!2(Swap,Swap, { T }k(R1,R0) );`
- Added protocols 2006-11-21 13:40:50 +00:00			`}`
			`}`

			`protocol bunava13(R0,R1,R2)`
			`{`
			`role R0`
			`{`
Fixed obsolete notation in protocol specification files. Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised. 2012-05-02 22:01:08 +01:00			`fresh n0: Nonce;`
- Added protocols 2006-11-21 13:40:50 +00:00			`var n1,n2: Nonce;`

			`send_1(R0,R1, n0);`
			`read_3(R2,R0, n2,{R2,n1,R1,n0}k(R0,R2) );`
			`send_4(R0,R1, {R0,n2,R2,n1}k(R0,R1) );`

			`claim_A1(R0, Niagree);`
			`claim_A2(R0, Nisynch);`
			`}`

			`role R1`
			`{`
Fixed obsolete notation in protocol specification files. Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised. 2012-05-02 22:01:08 +01:00			`fresh n1: Nonce;`
- Added protocols 2006-11-21 13:40:50 +00:00			`var n0,n2: Nonce;`

			`read_1(R0,R1, n0);`
			`send_2(R1,R2, n1,{R1,n0}k(R1,R2) );`
			`read_4(R0,R1, {R0,n2,R2,n1}k(R0,R1) );`
			`send_5(R1,R2, {R1,R0,n2}k(R1,R2) );`

			`claim_B1(R1, Niagree);`
			`claim_B2(R1, Nisynch);`
			`}`

			`role R2`
			`{`
Fixed obsolete notation in protocol specification files. Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised. 2012-05-02 22:01:08 +01:00			`fresh n2: Nonce;`
- Added protocols 2006-11-21 13:40:50 +00:00			`var n0,n1: Nonce;`

			`read_2(R1,R2, n1,{R1,n0}k(R1,R2) );`
			`send_3(R2,R0, n2,{R2,n1,R1,n0}k(R0,R2) );`
			`read_5(R1,R2, {R1,R0,n2}k(R1,R2) );`

			`claim_C1(R2, Niagree);`
			`claim_C2(R2, Nisynch);`
			`}`
			`}`



			`# General scenario, 2 parallel runs of the protocol`