89 lines
1.7 KiB
Plaintext
89 lines
1.7 KiB
Plaintext
|
# Buttyan Nagy Vajda protocol 2 (3-party)
|
||
|
#
|
||
|
# Modelled after the description in the paper
|
||
|
# "Efficient multi-party challenge-response protocols for entity
|
||
|
# authentication"
|
||
|
#
|
||
|
# Attacks:
|
||
|
#
|
||
|
|
||
|
secret k: Function;
|
||
|
|
||
|
protocol intruderhelp(Swap)
|
||
|
{
|
||
|
role Swap
|
||
|
{
|
||
|
var T: Ticket;
|
||
|
var R0,R1: Agent;
|
||
|
|
||
|
read_1(Swap,Swap, { T }k(R0,R1) );
|
||
|
send_2(Swap,Swap, { T }k(R1,R0) );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
protocol bunava23(R0,R1,R2)
|
||
|
{
|
||
|
role R0
|
||
|
{
|
||
|
const n0: Nonce;
|
||
|
var n1,n2: Nonce;
|
||
|
var T0: Ticket;
|
||
|
|
||
|
send_1(R0,R1, n0);
|
||
|
read_3(R2,R0, n2, T0, { R2,{ R1,n0 }k(R0,R1) }k(R0,R2) );
|
||
|
send_4(R0,R1, { R0,n2 }k(R0,R2), { R0, T0 }k(R0,R1) );
|
||
|
|
||
|
claim_A1(R0, Niagree);
|
||
|
claim_A2(R0, Nisynch);
|
||
|
}
|
||
|
|
||
|
role R1
|
||
|
{
|
||
|
const n1: Nonce;
|
||
|
var n0,n2: Nonce;
|
||
|
var T1: Ticket;
|
||
|
|
||
|
read_1(R0,R1, n0);
|
||
|
send_2(R1,R2, n1,{R1,n0}k(R1,R2) );
|
||
|
read_4(R0,R1, T1, { R0, { R2,n1 }k(R1,R2) }k(R0,R1) );
|
||
|
send_5(R1,R2, { R1, T1 }k(R1,R2) );
|
||
|
|
||
|
claim_B1(R1, Niagree);
|
||
|
claim_B2(R1, Nisynch);
|
||
|
}
|
||
|
|
||
|
role R2
|
||
|
{
|
||
|
const n2: Nonce;
|
||
|
var n0,n1: Nonce;
|
||
|
var T2: Ticket;
|
||
|
|
||
|
read_2(R1,R2, n1, T2 );
|
||
|
send_3(R2,R0, n2,{ R2,n1 }k(R1,R2), { R2, T2 }k(R0,R2) );
|
||
|
read_5(R1,R2, { R1, { R0,n2 }k(R0,R2) }k(R1,R2) );
|
||
|
|
||
|
claim_C1(R2, Niagree);
|
||
|
claim_C2(R2, Nisynch);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
const Alice,Bob,Charlie,David,Frodo,Gerard,Eve: Agent;
|
||
|
|
||
|
untrusted Eve;
|
||
|
const ne: Nonce;
|
||
|
compromised k(Alice,Eve);
|
||
|
compromised k(Bob,Eve);
|
||
|
compromised k(Charlie,Eve);
|
||
|
compromised k(Eve,Alice);
|
||
|
compromised k(Eve,Bob);
|
||
|
compromised k(Eve,Charlie);
|
||
|
|
||
|
# General scenario
|
||
|
|
||
|
run bunava23.R0(Agent,Agent,Agent);
|
||
|
run bunava23.R1(Agent,Agent,Agent);
|
||
|
run bunava23.R2(Agent,Agent,Agent);
|
||
|
run bunava23.R0(Agent,Agent,Agent);
|
||
|
run bunava23.R1(Agent,Agent,Agent);
|
||
|
run bunava23.R2(Agent,Agent,Agent);
|