2010-11-09 09:05:34 +00:00
|
|
|
// BAN modified version of the yahalom protocol
|
|
|
|
//
|
|
|
|
// Modeled as version in Paulson's paper:
|
|
|
|
// "Relations Between Secrets: Two Formal Analyses of the Yahalom
|
|
|
|
// Protocol"
|
|
|
|
|
|
|
|
usertype Server;
|
|
|
|
usertype SessionKey;
|
|
|
|
|
|
|
|
protocol yahalom-BAN-Paulson(A,B,S)
|
|
|
|
{
|
|
|
|
role A
|
|
|
|
{
|
|
|
|
fresh na: Nonce;
|
|
|
|
var nb: Nonce;
|
|
|
|
var ticket: Ticket;
|
|
|
|
var kab: SessionKey;
|
|
|
|
|
|
|
|
send_1(A,B, A,na);
|
2012-04-26 15:40:01 +01:00
|
|
|
recv_3(S,A, {B,kab,na,nb}k(A,S), ticket );
|
2010-11-09 09:05:34 +00:00
|
|
|
send_4(A,B, ticket, {nb}kab );
|
|
|
|
claim_5(A, Secret,kab);
|
|
|
|
}
|
|
|
|
|
|
|
|
role B
|
|
|
|
{
|
|
|
|
fresh nb: Nonce;
|
|
|
|
var na: Nonce;
|
|
|
|
var ticket: Ticket;
|
|
|
|
var kab: SessionKey;
|
|
|
|
|
2012-04-26 15:40:01 +01:00
|
|
|
recv_1(A,B, A,na);
|
2010-11-09 09:05:34 +00:00
|
|
|
send_2(B,S, B, {A,na,nb}k(B,S) );
|
2012-04-26 15:40:01 +01:00
|
|
|
recv_4(A,B, {A,kab}k(B,S) , {nb}kab );
|
2010-11-09 09:05:34 +00:00
|
|
|
claim_6(B, Secret,kab);
|
|
|
|
}
|
|
|
|
|
|
|
|
role S
|
|
|
|
{
|
|
|
|
fresh kab: SessionKey;
|
|
|
|
var na,nb: Nonce;
|
|
|
|
|
2012-04-26 15:40:01 +01:00
|
|
|
recv_2(B,S, B, {A,na,nb}k(B,S) );
|
2010-11-09 09:05:34 +00:00
|
|
|
send_3(S,A, {B,kab,na,nb}k(A,S), {A,kab}k(B,S) );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|