- Update modeling of needham schroeder to better reflect the modelling in

SPORE:
    - pk is not known to all agents, only pk(Simon) is known
- Use new naming convention:
    - Protocol name starting with an @ means internal protocol
    - For non internal protocols naming is as follows:
      protocolname-variant^subprotocol
    For example: yahalom-Lowe^KeyCompromise meaning the key compromise sub
    protocol of the Lowe variant of the Yahalom protocol.
This commit is contained in:
gijs 2005-08-15 13:31:48 +00:00
parent 1ee77472a0
commit 0f54f2ed23
36 changed files with 156 additions and 145 deletions

View File

@ -33,7 +33,7 @@ protocol @swapkey(X)
}
}
protocol andrewConcreteSessionKeyCompromise(C)
protocol andrew-Concrete^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -54,7 +54,7 @@ protocol andrewConcreteSessionKeyCompromise(C)
}
protocol andrewConcrete(I,R)
protocol andrew-Concrete(I,R)
{
role I
@ -99,7 +99,7 @@ const kee: SessionKey;
# run andrewConcrete.R(Bob,Alice);
# This is the original scenario
run andrewConcrete.I(Agent,Agent);
run andrewConcrete.R(Agent,Agent);
run andrewConcrete.I(Agent,Agent);
run andrewConcrete.R(Agent,Agent);
run andrew-Concrete.I(Agent,Agent);
run andrew-Concrete.R(Agent,Agent);
run andrew-Concrete.I(Agent,Agent);
run andrew-Concrete.R(Agent,Agent);

View File

@ -16,7 +16,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol andrewBanSessionKeyCompromise(C)
protocol andrew-Ban^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -36,7 +36,7 @@ protocol andrewBanSessionKeyCompromise(C)
}
}
protocol andrewBan(I,R)
protocol andrew-Ban(I,R)
{
role I
{
@ -84,7 +84,7 @@ compromised k(Eve,Bob);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
run andrewBan.I(Agent,Agent);
run andrewBan.R(Agent,Agent);
run andrewBan.I(Agent,Agent);
run andrewBan.R(Agent,Agent);
run andrew-Ban.I(Agent,Agent);
run andrew-Ban.R(Agent,Agent);
run andrew-Ban.I(Agent,Agent);
run andrew-Ban.R(Agent,Agent);

View File

@ -23,7 +23,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol andrewLoweBanSessionKeyCompromise(C)
protocol andrew-LoweBan^KeyCompromise(C)
{
// Read the names of 2 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -43,7 +43,7 @@ protocol andrewLoweBanSessionKeyCompromise(C)
}
}
protocol andrewLoweBan(I,R)
protocol andrew-LoweBan(I,R)
{
role I
{
@ -89,7 +89,7 @@ compromised k(Bob,Eve);
run andrewLoweBan.I(Agent,Agent);
run andrewLoweBan.R(Agent,Agent);
run andrewLoweBan.I(Agent,Agent);
run andrewLoweBan.R(Agent,Agent);
run andrew-LoweBan.I(Agent,Agent);
run andrew-LoweBan.R(Agent,Agent);
run andrew-LoweBan.I(Agent,Agent);
run andrew-LoweBan.R(Agent,Agent);

View File

@ -15,7 +15,7 @@ const succ: Function;
const Fresh: Function;
const Compromised: Function;
protocol andrewSessionKeyCompromise(C)
protocol andrew^KeyCompromise(C)
{
// Read the names of 2 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -14,7 +14,7 @@ secret sk: Function;
inversekeys(pk,sk);
usertype Timestamp;
protocol ccitt5091(I,R)
protocol ccitt509-1(I,R)
{
role I
{
@ -45,7 +45,7 @@ compromised sk(Eve);
# General scenario, 2 parallel runs of the protocol
run ccitt5091.I(Agent,Agent);
run ccitt5091.R(Agent,Agent);
run ccitt5091.I(Agent,Agent);
run ccitt5091.R(Agent,Agent);
run ccitt509-1.I(Agent,Agent);
run ccitt509-1.R(Agent,Agent);
run ccitt509-1.I(Agent,Agent);
run ccitt509-1.R(Agent,Agent);

View File

@ -13,7 +13,7 @@ inversekeys (hash,unhash);
inversekeys(pk,sk);
usertype Timestamp;
protocol ccitt5091c(I,R)
protocol ccitt509-1c(I,R)
{
role I
{
@ -44,7 +44,7 @@ compromised sk(Eve);
# General scenario, 2 parallel runs of the protocol
run ccitt5091c.I(Agent,Agent);
run ccitt5091c.R(Agent,Agent);
run ccitt5091c.I(Agent,Agent);
run ccitt5091c.R(Agent,Agent);
run ccitt509-1c.I(Agent,Agent);
run ccitt509-1c.R(Agent,Agent);
run ccitt509-1c.I(Agent,Agent);
run ccitt509-1c.R(Agent,Agent);

View File

@ -13,7 +13,7 @@ secret sk: Function;
inversekeys(pk,sk);
usertype Timestamp;
protocol ccitt5093(I,R)
protocol ccitt509-3(I,R)
{
role I
{
@ -56,7 +56,7 @@ compromised sk(Eve);
# General scenario, 2 parallel runs of the protocol
run ccitt5093.I(Agent,Agent);
run ccitt5093.R(Agent,Agent);
run ccitt5093.I(Agent,Agent);
run ccitt5093.R(Agent,Agent);
run ccitt509-3.I(Agent,Agent);
run ccitt509-3.R(Agent,Agent);
run ccitt509-3.I(Agent,Agent);
run ccitt509-3.R(Agent,Agent);

View File

@ -15,7 +15,7 @@ const pk: Function;
secret sk: Function;
inversekeys(pk,sk);
protocol ccitt509ban3(I,R)
protocol ccitt509-ban3(I,R)
{
role I
{
@ -49,7 +49,7 @@ compromised sk(Eve);
# General scenario, 2 parallel runs of the protocol
run ccitt509ban3.I(Agent,Agent);
run ccitt509ban3.R(Agent,Agent);
run ccitt509ban3.I(Agent,Agent);
run ccitt509ban3.R(Agent,Agent);
run ccitt509-ban3.I(Agent,Agent);
run ccitt509-ban3.R(Agent,Agent);
run ccitt509-ban3.I(Agent,Agent);
run ccitt509-ban3.R(Agent,Agent);

View File

@ -21,14 +21,14 @@ const dec: PseudoFunction;
const Fresh: Function;
const Compromised: Function;
protocol denningSaccoLoweSessionKeyCompromise(C)
protocol denningSacco-Lowe^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
role C {
const Ni,Nr: Nonce;
const Kir: SessionKey;
const T: ExpiredTimeStamp;
const T: TimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
@ -43,7 +43,7 @@ protocol denningSaccoLoweSessionKeyCompromise(C)
}
}
protocol denningSaccoLowe(I,R,S)
protocol denningSacco-Lowe(I,R,S)
{
role I
{
@ -102,9 +102,9 @@ compromised k(Eve,Simon);
# Note because the modelchecker does not support tickets this might not
# be very useful
run denningSaccoLowe.I(Agent,Agent,Simon);
run denningSaccoLowe.R(Agent,Agent,Simon);
run denningSaccoLowe.S(Agent,Agent,Simon);
run denningSaccoLowe.I(Agent,Agent,Simon);
run denningSaccoLowe.R(Agent,Agent,Simon);
run denningSaccoLowe.S(Agent,Agent,Simon);
run denningSacco-Lowe.I(Agent,Agent,Simon);
run denningSacco-Lowe.R(Agent,Agent,Simon);
run denningSacco-Lowe.S(Agent,Agent,Simon);
run denningSacco-Lowe.I(Agent,Agent,Simon);
run denningSacco-Lowe.R(Agent,Agent,Simon);
run denningSacco-Lowe.S(Agent,Agent,Simon);

View File

@ -16,7 +16,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol denningSaccoSessionKeyCompromise(C)
protocol denningSacco^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -13,7 +13,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol kaochow2SessionKeyCompromise(C)
protocol kaochow-2^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -36,7 +36,7 @@ protocol kaochow2SessionKeyCompromise(C)
}
}
protocol kaochow2(I,R,S)
protocol kaochow-2(I,R,S)
{
role I
{
@ -95,9 +95,9 @@ compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run kaochow2.I(Agent,Agent,Simon);
run kaochow2.R(Agent,Agent,Simon);
run kaochow2.S(Agent,Agent,Simon);
run kaochow2.I(Agent,Agent,Simon);
run kaochow2.R(Agent,Agent,Simon);
run kaochow2.S(Agent,Agent,Simon);
run kaochow-2.I(Agent,Agent,Simon);
run kaochow-2.R(Agent,Agent,Simon);
run kaochow-2.S(Agent,Agent,Simon);
run kaochow-2.I(Agent,Agent,Simon);
run kaochow-2.R(Agent,Agent,Simon);
run kaochow-2.S(Agent,Agent,Simon);

View File

@ -15,7 +15,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol kaochow3SessionKeyCompromise(C)
protocol kaochow-3^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -41,7 +41,7 @@ protocol kaochow3SessionKeyCompromise(C)
}
}
protocol kaochow3(I,R,S)
protocol kaochow-3(I,R,S)
{
role I
{
@ -102,9 +102,9 @@ compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run kaochow3.I(Agent,Agent,Simon);
run kaochow3.R(Agent,Agent,Simon);
run kaochow3.S(Agent,Agent,Simon);
run kaochow3.I(Agent,Agent,Simon);
run kaochow3.R(Agent,Agent,Simon);
run kaochow3.S(Agent,Agent,Simon);
run kaochow-3.I(Agent,Agent,Simon);
run kaochow-3.R(Agent,Agent,Simon);
run kaochow-3.S(Agent,Agent,Simon);
run kaochow-3.I(Agent,Agent,Simon);
run kaochow-3.R(Agent,Agent,Simon);
run kaochow-3.S(Agent,Agent,Simon);

View File

@ -13,7 +13,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol kaochowSessionKeyCompromise(C)
protocol kaochow^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -26,7 +26,7 @@ const kee: SessionKey;
untrusted e;
compromised k(e,s);
protocol kslLoweSessionKeyCompromise(C)
protocol ksl-Lowe^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -54,7 +54,7 @@ protocol kslLoweSessionKeyCompromise(C)
}
}
protocol kslLowe(A,B,S)
protocol ksl-Lowe(A,B,S)
{
role A
{
@ -112,7 +112,7 @@ protocol kslLowe(A,B,S)
}
}
run kslLowe.A(a,b,s);
run kslLowe.B(a,b,s);
run kslLowe.S(a,b,s);
run ksl-Lowe.A(a,b,s);
run ksl-Lowe.B(a,b,s);
run ksl-Lowe.S(a,b,s);

View File

@ -23,7 +23,7 @@ const kee: SessionKey;
untrusted e;
compromised k(e,s);
protocol kslSessionKeyCompromise(C)
protocol ksl^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -10,11 +10,12 @@
# synchronisation and agreement, because the keys that the server sends
# out can be replayed.
const pk: Function;
secret pk: Function; # For some reason SPORE models it such that the agents
# do not know the public keys of the other agents
secret sk: Function;
inversekeys(pk,sk);
protocol needhamschroederpkLowe(I,R,S)
protocol needhamschroederpk-Lowe(I,R,S)
{
role I
{
@ -28,6 +29,7 @@ protocol needhamschroederpkLowe(I,R,S)
send_7(I,R, {Nr}pk(R));
claim_I1(I,Secret,Ni);
claim_I2(I,Secret,Nr);
claim_I3(I,Nisynch);
}
role R
@ -42,6 +44,7 @@ protocol needhamschroederpkLowe(I,R,S)
read_7(I,R,{Nr}pk(R));
claim_R1(R,Secret,Nr);
claim_R2(R,Secret,Ni);
claim_R3(R,Nisynch);
}
role S
@ -58,12 +61,14 @@ const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
compromised pk(Eve);
compromised pk(Simon); # Needed because of the way SPORE models nsl
# General scenario, 2 parallel runs of the protocol
run needhamschroederpkLowe.I(Agent,Agent,Simon);
run needhamschroederpkLowe.S(Agent,Agent,Simon);
run needhamschroederpkLowe.R(Agent,Agent,Simon);
run needhamschroederpkLowe.I(Agent,Agent,Simon);
run needhamschroederpkLowe.R(Agent,Agent,Simon);
run needhamschroederpkLowe.S(Agent,Agent,Simon);
run needhamschroederpk-Lowe.I(Agent,Agent,Simon);
run needhamschroederpk-Lowe.S(Agent,Agent,Simon);
run needhamschroederpk-Lowe.R(Agent,Agent,Simon);
run needhamschroederpk-Lowe.I(Agent,Agent,Simon);
run needhamschroederpk-Lowe.R(Agent,Agent,Simon);
run needhamschroederpk-Lowe.S(Agent,Agent,Simon);

View File

@ -22,7 +22,7 @@ usertype SessionKey;
const Fresh: Function;
const Compromised: Function;
protocol needhamschroederskamendSessionKeyCompromise(C)
protocol needhamschroedersk-amend^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -45,7 +45,7 @@ protocol needhamschroederskamendSessionKeyCompromise(C)
}
}
protocol needhamschroederskamend(I,R,S)
protocol needhamschroedersk-amend(I,R,S)
{
role I
{
@ -100,9 +100,9 @@ compromised k(Eve,Simon);
# General scenario, 2 parallel runs of the protocol
run needhamschroederskamend.I(Agent,Agent,Simon);
run needhamschroederskamend.R(Agent,Agent,Simon);
run needhamschroederskamend.S(Agent,Agent,Simon);
run needhamschroederskamend.I(Agent,Agent,Simon);
run needhamschroederskamend.R(Agent,Agent,Simon);
run needhamschroederskamend.S(Agent,Agent,Simon);
run needhamschroedersk-amend.I(Agent,Agent,Simon);
run needhamschroedersk-amend.R(Agent,Agent,Simon);
run needhamschroedersk-amend.S(Agent,Agent,Simon);
run needhamschroedersk-amend.I(Agent,Agent,Simon);
run needhamschroedersk-amend.R(Agent,Agent,Simon);
run needhamschroedersk-amend.S(Agent,Agent,Simon);

View File

@ -18,7 +18,7 @@ usertype SessionKey;
const Fresh: Function;
const Compromised: Function;
protocol needhamschroederSessionKeyCompromise(C)
protocol needhamschroedersk^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -10,7 +10,8 @@
# synchronisation and agreement, because the keys that the server sends
# out can be replayed.
const pk: Function;
secret pk: Function; # For some reason SPORE models it such that the agents
# do not know the public keys of the other agents
secret sk: Function;
inversekeys(pk,sk);
@ -28,6 +29,7 @@ protocol needhamschroederpk(I,R,S)
send_7(I,R, {Nr}pk(R));
claim_I1(I,Secret,Ni);
claim_I2(I,Secret,Nr);
claim_I3(I,Nisynch);
}
role R
@ -42,6 +44,7 @@ protocol needhamschroederpk(I,R,S)
read_7(I,R,{Nr}pk(R));
claim_R1(R,Secret,Nr);
claim_R2(R,Secret,Ni);
claim_R3(R,Nisynch);
}
role S
@ -58,6 +61,9 @@ const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
compromised pk(Eve);
compromised pk(Simon); # Needed because SPORE only assumes agents know their
# own public key and that of the server
# General scenario, 2 parallel runs of the protocol

View File

@ -26,7 +26,7 @@ const kee: SessionKey;
untrusted e;
compromised k(e,s);
protocol neustubHwangSessionKeyCompromise(C)
protocol neustub-Hwang^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -51,7 +51,7 @@ protocol neustubHwangSessionKeyCompromise(C)
}
}
protocol neustubHwang(I,R,S)
protocol neustub-Hwang(I,R,S)
{
role I
{
@ -106,7 +106,7 @@ protocol neustubHwang(I,R,S)
}
}
run neustubHwang.A(a,b,s);
run neustubHwang.B(a,b,s);
run neustubHwang.S(a,b,s);
run neustub-Hwang.A(a,b,s);
run neustub-Hwang.B(a,b,s);
run neustub-Hwang.S(a,b,s);

View File

@ -25,7 +25,7 @@ const kee: SessionKey;
untrusted Eve;
compromised k(Eve,Simon);
protocol neustubSessionKeyCompromise(C)
protocol neustub^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -50,7 +50,7 @@ protocol neustubSessionKeyCompromise(C)
}
}
protocol @neustubRepeat(I,R,S)
protocol neustub^Repeat(I,R,S)
{
const Kir: SessionKey;

View File

@ -16,7 +16,7 @@ const Compromised: Function;
usertype String,SessionKey;
protocol otwayReesSessionKeyCompromise(C)
protocol otwayRees^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -18,7 +18,7 @@ inversekeys (pk,sk);
const inc,dec: Function;
inversekeys (inc,dec);
protocol spliceASCJ(I,R,S)
protocol spliceAS-CJ(I,R,S)
{
role I
{
@ -73,9 +73,9 @@ untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run spliceASCJ.I(Agent,Agent,Agent);
run spliceASCJ.R(Agent,Agent,Agent);
run spliceASCJ.S(Agent,Agent,Agent);
run spliceAS-CJ.I(Agent,Agent,Agent);
run spliceAS-CJ.R(Agent,Agent,Agent);
run spliceAS-CJ.S(Agent,Agent,Agent);
#run spliceASCJ.I(Alice,Bob,Simon);
#run spliceASCJ.R(Alice,Bob,Simon);

View File

@ -13,7 +13,7 @@ inversekeys (pk,sk);
const inc,dec: Function;
inversekeys (inc,dec);
protocol spliceASHC(I,R,S)
protocol spliceAS-HC(I,R,S)
{
role I
{
@ -72,8 +72,8 @@ compromised sk(Eve);
#run spliceASHC.R(Alice,Bob,Simon);
#run spliceASHC.S(Alice,Bob,Simon);
run spliceASHC.I(Agent,Agent,Agent);
run spliceASHC.R(Agent,Agent,Agent);
run spliceASHC.S(Agent,Agent,Agent);
run spliceAS-HC.I(Agent,Agent,Agent);
run spliceAS-HC.R(Agent,Agent,Agent);
run spliceAS-HC.S(Agent,Agent,Agent);

View File

@ -14,7 +14,7 @@ inversekeys(pk,sk);
const Fresh: Function;
const Compromised: Function;
protocol tmnSessionKeyCompromise(C)
protocol tmn^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -19,7 +19,7 @@ const Compromised: Function;
secret k: Function;
protocol wmfLoweSessionKeyCompromise(C)
protocol wmf-Lowe^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -40,7 +40,7 @@ protocol wmfLoweSessionKeyCompromise(C)
}
}
protocol wmfLowe(I,R,S)
protocol wmf-Lowe(I,R,S)
{
role I
{
@ -92,9 +92,9 @@ const Te: TimeStamp;
untrusted Eve;
compromised k(Eve,Simon);
run wmfLowe.I (Agent,Agent,Simon);
run wmfLowe.R (Agent,Agent,Simon);
run wmfLowe.S (Agent,Agent,Simon);
run wmf-Lowe.I (Agent,Agent,Simon);
run wmf-Lowe.R (Agent,Agent,Simon);
run wmf-Lowe.S (Agent,Agent,Simon);

View File

@ -16,7 +16,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol wmfSessionKeyCompromise(C)
protocol wmf^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -10,7 +10,7 @@
secret k: Function;
protocol woolamPi1(I,R,S)
protocol woolamPi-1(I,R,S)
{
role I
{
@ -53,9 +53,9 @@ const Ne: Nonce;
untrusted Eve;
compromised k(Eve,Simon);
run woolamPi1.I (Agent,Agent,Simon);
run woolamPi1.R (Agent,Agent,Simon);
run woolamPi1.S (Agent,Agent,Simon);
run woolamPi-1.I (Agent,Agent,Simon);
run woolamPi-1.R (Agent,Agent,Simon);
run woolamPi-1.S (Agent,Agent,Simon);

View File

@ -10,7 +10,7 @@
secret k: Function;
protocol woolamPi2(I,R,S)
protocol woolamPi-2(I,R,S)
{
role I
{
@ -53,9 +53,9 @@ const Ne: Nonce;
untrusted Eve;
compromised k(Eve,Simon);
run woolamPi2.I (Agent,Agent,Simon);
run woolamPi2.R (Agent,Agent,Simon);
run woolamPi2.S (Agent,Agent,Simon);
run woolamPi-2.I (Agent,Agent,Simon);
run woolamPi-2.R (Agent,Agent,Simon);
run woolamPi-2.S (Agent,Agent,Simon);

View File

@ -10,7 +10,7 @@
secret k: Function;
protocol woolamPi3(I,R,S)
protocol woolamPi-3(I,R,S)
{
role I
{
@ -53,9 +53,9 @@ const Ne: Nonce;
untrusted Eve;
compromised k(Eve,Simon);
run woolamPi3.I (Agent,Agent,Simon);
run woolamPi3.R (Agent,Agent,Simon);
run woolamPi3.S (Agent,Agent,Simon);
run woolamPi-3.I (Agent,Agent,Simon);
run woolamPi-3.R (Agent,Agent,Simon);
run woolamPi-3.S (Agent,Agent,Simon);

View File

@ -10,7 +10,7 @@
secret k: Function;
protocol woolamPif(I,R,S)
protocol woolamPi-f(I,R,S)
{
role I
{
@ -53,7 +53,7 @@ const Ne: Nonce;
untrusted Eve;
compromised k(Eve,Simon);
run woolamPif.I (Agent,Agent,Simon);
run woolamPif.R (Agent,Agent,Simon);
run woolamPif.S (Agent,Agent,Simon);
run woolamPi-f.I (Agent,Agent,Simon);
run woolamPi-f.R (Agent,Agent,Simon);
run woolamPi-f.S (Agent,Agent,Simon);

View File

@ -15,7 +15,7 @@ secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol woolamSessionKeyCompromise(C)
protocol woolam^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise

View File

@ -14,7 +14,7 @@ usertype SessionKey;
const Fresh: Function;
const Compromised: Function;
protocol yahalomBANSessionKeyCompromise(C)
protocol yahalom-BAN^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -37,7 +37,7 @@ protocol yahalomBANSessionKeyCompromise(C)
protocol yahalomBAN(I,R,S)
protocol yahalom-BAN(I,R,S)
{
role I
{
@ -83,7 +83,7 @@ protocol yahalomBAN(I,R,S)
const Alice,Bob,Simon : Agent;
run yahalomBAN.I(Agent,Agent,s);
run yahalomBAN.I(Agent,Agent,s);
run yahalomBAN.R(Agent,Agent,s);
run yahalom-BAN.I(Agent,Agent,s);
run yahalom-BAN.I(Agent,Agent,s);
run yahalom-BAN.R(Agent,Agent,s);

View File

@ -10,7 +10,7 @@ secret k : Function;
usertype SessionKey;
protocol yahalomLowe(I,R,S)
protocol yahalom-Lowe(I,R,S)
{
role I
{
@ -54,7 +54,7 @@ protocol yahalomLowe(I,R,S)
const Alice,Bob,Simon : Agent;
run yahalomLowe.I(Agent,Agent,s);
run yahalomLowe.I(Agent,Agent,s);
run yahalomLowe.R(Agent,Agent,s);
run yahalom-Lowe.I(Agent,Agent,s);
run yahalom-Lowe.I(Agent,Agent,s);
run yahalom-Lowe.R(Agent,Agent,s);

View File

@ -14,7 +14,7 @@ const Compromised: Function;
usertype SessionKey;
protocol yahalomPaulsonSessionKeyCompromise(C)
protocol yahalom-Paulson^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
@ -36,7 +36,7 @@ protocol yahalomPaulsonSessionKeyCompromise(C)
}
protocol yahalomPaulson(I,R,S)
protocol yahalom-Paulson(I,R,S)
{
role I
{
@ -82,7 +82,7 @@ protocol yahalomPaulson(I,R,S)
const Alice,Bob,Simon : Agent;
run yahalomPaulson.I(Agent,Agent,s);
run yahalomPaulson.I(Agent,Agent,s);
run yahalomPaulson.R(Agent,Agent,s);
run yahalom-Paulson.I(Agent,Agent,s);
run yahalom-Paulson.I(Agent,Agent,s);
run yahalom-Paulson.R(Agent,Agent,s);

View File

@ -14,7 +14,7 @@ usertype SessionKey;
const Fresh: Function;
const Compromised: Function;
protocol yahalomSessionKeyCompromise(C)
protocol yahalom^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise