Fixed obsolete notation in protocol specification files.
Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised.
This commit is contained in:
parent
2ba0de6abc
commit
727e813c77
@ -14,8 +14,8 @@ protocol ccitt509-1c(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ta: Timestamp;
|
||||
const Na,Xa,Ya: Nonce;
|
||||
fresh Ta: Timestamp;
|
||||
fresh Na,Xa,Ya: Nonce;
|
||||
send_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
|
||||
# claim_2(I,Nisynch);
|
||||
# This claim is useless as there are no preceding receive events
|
||||
|
@ -15,7 +15,7 @@ protocol ccitt509-ban3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Na,Xa,Ya: Nonce;
|
||||
fresh Na,Xa,Ya: Nonce;
|
||||
var Xb,Nb,Yb: Nonce;
|
||||
|
||||
send_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
|
||||
@ -27,7 +27,7 @@ protocol ccitt509-ban3(I,R)
|
||||
role R
|
||||
{
|
||||
var Na,Xa,Ya: Nonce;
|
||||
const Xb,Yb,Nb: Nonce;
|
||||
fresh Xb,Yb,Nb: Nonce;
|
||||
|
||||
recv_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
|
||||
send_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
|
||||
|
@ -8,7 +8,7 @@ protocol ns3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -24,7 +24,7 @@ protocol ns3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr}pk(I) );
|
||||
|
@ -9,7 +9,7 @@ protocol nsl3-broken(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {R,ni}pk(R) );
|
||||
@ -25,7 +25,7 @@ protocol nsl3-broken(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {R,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
|
@ -9,7 +9,7 @@ protocol nsl3-broken(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {R,ni}pk(R) );
|
||||
@ -25,7 +25,7 @@ protocol nsl3-broken(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {R,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -48,7 +48,7 @@ protocol nsl3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -64,7 +64,7 @@ protocol nsl3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
|
@ -8,7 +8,7 @@ protocol nsl3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -24,7 +24,7 @@ protocol nsl3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
|
@ -15,8 +15,8 @@ protocol course2r890year0405ex3(X,Y,I)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const nx: Nonce;
|
||||
const ny: Nonce;
|
||||
fresh nx: Nonce;
|
||||
fresh ny: Nonce;
|
||||
|
||||
send_1(I,X, nx );
|
||||
read_2(X,I, { I,nx }sk(X) );
|
||||
@ -44,9 +44,5 @@ protocol course2r890year0405ex3(X,Y,I)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -15,7 +15,7 @@ protocol course2r890year0405ex3(X,Y,I)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_1(I,X, ni );
|
||||
read_2(X,I, { I,ni }sk(X) );
|
||||
@ -43,9 +43,5 @@ protocol course2r890year0405ex3(X,Y,I)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -5,7 +5,7 @@ protocol andrewBan(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr,nr2: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -22,8 +22,8 @@ protocol andrewBan(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr,nr2: Nonce;
|
||||
const kir: SessionKey;
|
||||
fresh nr,nr2: Nonce;
|
||||
fresh kir: SessionKey;
|
||||
|
||||
read_1(I,R, I,{ni}k(I,R) );
|
||||
send_2(R,I, {ni,nr}k(I,R) );
|
||||
@ -36,18 +36,6 @@ protocol andrewBan(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
run andrewBan.I(Agent,Agent);
|
||||
run andrewBan.R(Agent,Agent);
|
||||
run andrewBan.I(Agent,Agent);
|
||||
run andrewBan.R(Agent,Agent);
|
||||
|
@ -5,7 +5,7 @@ protocol andrewLoweBan(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -22,8 +22,8 @@ protocol andrewLoweBan(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: SessionKey;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: SessionKey;
|
||||
|
||||
read_1(I,R, I,ni );
|
||||
send_2(R,I, {ni,kir,I}k(I,R) );
|
||||
@ -36,18 +36,6 @@ protocol andrewLoweBan(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
run andrewLoweBan.I(Agent,Agent);
|
||||
run andrewLoweBan.R(Agent,Agent);
|
||||
run andrewLoweBan.I(Agent,Agent);
|
||||
run andrewLoweBan.R(Agent,Agent);
|
||||
|
@ -14,7 +14,7 @@ protocol abreaker(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_!1(I,R, {{I,ni}pk(R)}pk(R) );
|
||||
|
||||
@ -33,12 +33,7 @@ protocol abreaker(I,R)
|
||||
|
||||
// The agents in the system
|
||||
|
||||
const Alice,Bob: Agent;
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -15,7 +15,7 @@ protocol bkebroken(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Key;
|
||||
|
||||
@ -28,8 +28,8 @@ protocol bkebroken(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: Key;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: Key;
|
||||
|
||||
read_1 (I,R, { ni,I }pk(R) );
|
||||
send_2 (R,I, { h(ni),nr,kir }pk(I) );
|
||||
@ -38,11 +38,7 @@ protocol bkebroken(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const a,b,e: Agent;
|
||||
|
||||
untrusted e;
|
||||
compromised sk(e);
|
||||
const ne: Nonce;
|
||||
|
||||
run bkebroken.I(a,Agent);
|
||||
run bkebroken.R(Agent,b);
|
||||
|
@ -14,7 +14,7 @@ protocol bkeONE(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Key;
|
||||
|
||||
@ -27,8 +27,8 @@ protocol bkeONE(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: Key;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: Key;
|
||||
|
||||
read_1 (I,R, { ni,I }pk(R) );
|
||||
send_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
|
||||
@ -37,22 +37,10 @@ protocol bkeONE(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const a,e: Agent;
|
||||
|
||||
untrusted e;
|
||||
compromised sk(e);
|
||||
const ne: Nonce;
|
||||
|
||||
run bkeONE.I(a,Agent);
|
||||
run bkeONE.R(Agent,a);
|
||||
run bkeONE.I(a,Agent);
|
||||
run bkeONE.R(Agent,a);
|
||||
|
||||
run bkeONE.I(a,Agent);
|
||||
run bkeONE.R(Agent,a);
|
||||
run bkeONE.I(a,Agent);
|
||||
run bkeONE.R(Agent,a);
|
||||
|
||||
run bkeONE.I(a,Agent);
|
||||
run bkeONE.R(Agent,a);
|
||||
|
||||
|
@ -15,7 +15,7 @@ protocol bkevariation(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Key;
|
||||
|
||||
@ -30,8 +30,8 @@ protocol bkevariation(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: Key;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: Key;
|
||||
|
||||
read_1 (I,R, { ni,I }pk(R) );
|
||||
send_2 (R,I, { hash(ni),nr,kir }pk(I) );
|
||||
@ -42,14 +42,8 @@ protocol bkevariation(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const a,b,e: Agent;
|
||||
|
||||
untrusted e;
|
||||
compromised sk(e);
|
||||
const ne: Nonce;
|
||||
|
||||
run bkevariation.I(a,Agent);
|
||||
run bkevariation.R(Agent,b);
|
||||
run bkevariation.I(a,Agent);
|
||||
run bkevariation.R(Agent,b);
|
||||
|
||||
|
@ -4,17 +4,13 @@
|
||||
|
||||
usertype Key;
|
||||
|
||||
const pk,hash: Function;
|
||||
secret sk,unhash: Function;
|
||||
|
||||
inversekeys (pk,sk);
|
||||
inversekeys (hash,unhash);
|
||||
hashfunction hash;
|
||||
|
||||
protocol bke(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Key;
|
||||
|
||||
@ -29,8 +25,8 @@ protocol bke(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: Key;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: Key;
|
||||
|
||||
read_1 (I,R, { ni,I }pk(R) );
|
||||
send_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
|
||||
@ -41,22 +37,10 @@ protocol bke(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const a,b,e: Agent;
|
||||
|
||||
untrusted e;
|
||||
compromised sk(e);
|
||||
const ne: Nonce;
|
||||
|
||||
run bke.I(a,Agent);
|
||||
run bke.R(Agent,b);
|
||||
run bke.I(a,Agent);
|
||||
run bke.R(Agent,b);
|
||||
|
||||
run bke.I(a,Agent);
|
||||
run bke.R(Agent,b);
|
||||
run bke.I(a,Agent);
|
||||
run bke.R(Agent,b);
|
||||
|
||||
run bke.I(a,Agent);
|
||||
run bke.R(Agent,b);
|
||||
|
||||
|
@ -18,8 +18,8 @@ protocol bkeCE(A,B)
|
||||
role A
|
||||
{
|
||||
var nb: Nonce;
|
||||
const na: Nonce;
|
||||
const kab: Key;
|
||||
fresh na: Nonce;
|
||||
fresh kab: Key;
|
||||
|
||||
read_1 (B,A, B,{ nb,B }pk(A) );
|
||||
send_2 (A,B, { hash(nb),na,A,kab }pk(B) );
|
||||
@ -31,7 +31,7 @@ protocol bkeCE(A,B)
|
||||
|
||||
role B
|
||||
{
|
||||
const nb: Nonce;
|
||||
fresh nb: Nonce;
|
||||
var na: Nonce;
|
||||
var kab: Key;
|
||||
|
||||
@ -47,7 +47,5 @@ protocol bkeCE(A,B)
|
||||
|
||||
const Alice,Bob,Eve;
|
||||
|
||||
compromised sk(Eve);
|
||||
untrusted Eve;
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@ protocol bkepkCE2(A,B,testnonce)
|
||||
{
|
||||
role B
|
||||
{
|
||||
const nb: Nonce;
|
||||
fresh nb: Nonce;
|
||||
var na: Nonce;
|
||||
var kab: Key;
|
||||
|
||||
@ -28,8 +28,8 @@ protocol bkepkCE2(A,B,testnonce)
|
||||
role A
|
||||
{
|
||||
var nb: Nonce;
|
||||
const na: Nonce;
|
||||
const kab: Key;
|
||||
fresh na: Nonce;
|
||||
fresh kab: Key;
|
||||
|
||||
read_1 (B,A, B,{ nb,B }pk(A) );
|
||||
send_2 (A,B, { hash(nb),na,A,kab }pk(B) );
|
||||
@ -46,17 +46,6 @@ protocol bkepkCE2(A,B,testnonce)
|
||||
|
||||
const Alice,Bob,Eve;
|
||||
|
||||
compromised sk(Eve);
|
||||
untrusted Eve;
|
||||
|
||||
|
||||
run bkepkCE2.A(Alice,Bob,Alice);
|
||||
run bkepkCE2.A(Alice,Bob,Alice);
|
||||
run bkepkCE2.A(Alice,Bob,Alice);
|
||||
run bkepkCE2.B(Alice,Bob,Alice);
|
||||
run bkepkCE2.B(Alice,Bob,Alice);
|
||||
run bkepkCE2.B(Alice,Bob,Alice);
|
||||
|
||||
run bkepkCE2.testnonce(Alice,Bob,Alice);
|
||||
run bkepkCE2.testnonce(Alice,Bob,Alice);
|
||||
run bkepkCE2.testnonce(Alice,Bob,Alice);
|
||||
|
@ -18,7 +18,7 @@ protocol boydNS(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {ni}pk(R),I );
|
||||
@ -33,7 +33,7 @@ protocol boydNS(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {ni}pk(R),I );
|
||||
send_2(R,I, {nr}pk(I),hash(ni,R) );
|
||||
@ -45,11 +45,5 @@ protocol boydNS(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run boydNS.I(Agent,Agent);
|
||||
run boydNS.R(Agent,Agent);
|
||||
|
@ -20,7 +20,7 @@ protocol boyd(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var ks: Macseed;
|
||||
|
||||
@ -36,7 +36,7 @@ protocol boyd(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var ks: Macseed;
|
||||
|
||||
read_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );
|
||||
@ -51,7 +51,7 @@ protocol boyd(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni,nr: Nonce;
|
||||
const ks: Macseed;
|
||||
fresh ks: Macseed;
|
||||
|
||||
read_1 (I,S, I,R, ni );
|
||||
send_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );
|
||||
|
@ -29,7 +29,7 @@ protocol bunava13(R0,R1,R2)
|
||||
{
|
||||
role R0
|
||||
{
|
||||
const n0: Nonce;
|
||||
fresh n0: Nonce;
|
||||
var n1,n2: Nonce;
|
||||
|
||||
send_1(R0,R1, n0);
|
||||
@ -42,7 +42,7 @@ protocol bunava13(R0,R1,R2)
|
||||
|
||||
role R1
|
||||
{
|
||||
const n1: Nonce;
|
||||
fresh n1: Nonce;
|
||||
var n0,n2: Nonce;
|
||||
|
||||
read_1(R0,R1, n0);
|
||||
@ -56,7 +56,7 @@ protocol bunava13(R0,R1,R2)
|
||||
|
||||
role R2
|
||||
{
|
||||
const n2: Nonce;
|
||||
fresh n2: Nonce;
|
||||
var n0,n1: Nonce;
|
||||
|
||||
read_2(R1,R2, n1,{R1,n0}k(R1,R2) );
|
||||
@ -68,22 +68,7 @@ protocol bunava13(R0,R1,R2)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Charlie,David,Frodo,Gerard,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Charlie,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Charlie);
|
||||
|
||||
# General scenario, 2 parallel runs of the protocol
|
||||
|
||||
run bunava13.R0(Agent,Agent,Agent);
|
||||
run bunava13.R1(Agent,Agent,Agent);
|
||||
run bunava13.R2(Agent,Agent,Agent);
|
||||
run bunava13.R0(Agent,Agent,Agent);
|
||||
run bunava13.R1(Agent,Agent,Agent);
|
||||
run bunava13.R2(Agent,Agent,Agent);
|
||||
|
@ -30,7 +30,7 @@ protocol bunava14(A,B,C,D)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const ra: Nonce;
|
||||
fresh ra: Nonce;
|
||||
var rb,rc,rd: Nonce;
|
||||
|
||||
send_1(A,B, ra);
|
||||
@ -43,7 +43,7 @@ protocol bunava14(A,B,C,D)
|
||||
|
||||
role B
|
||||
{
|
||||
const rb: Nonce;
|
||||
fresh rb: Nonce;
|
||||
var ra,rc,rd: Nonce;
|
||||
|
||||
read_1(A,B, ra);
|
||||
@ -57,7 +57,7 @@ protocol bunava14(A,B,C,D)
|
||||
|
||||
role C
|
||||
{
|
||||
const rc: Nonce;
|
||||
fresh rc: Nonce;
|
||||
var ra,rb,rd: Nonce;
|
||||
|
||||
read_2(B,C, rb,{B,ra}k(B,C) );
|
||||
@ -71,7 +71,7 @@ protocol bunava14(A,B,C,D)
|
||||
|
||||
role D
|
||||
{
|
||||
const rd: Nonce;
|
||||
fresh rd: Nonce;
|
||||
var ra,rb,rc: Nonce;
|
||||
|
||||
read_3(C,D, rc,{C,rb,B,ra}k(C,D) );
|
||||
@ -83,24 +83,7 @@ protocol bunava14(A,B,C,D)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Charlie,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Charlie,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Charlie);
|
||||
|
||||
# General scenario, 2 parallel runs of the protocol
|
||||
|
||||
run bunava14.A(Agent,Agent,Agent,Agent);
|
||||
run bunava14.B(Agent,Agent,Agent,Agent);
|
||||
run bunava14.C(Agent,Agent,Agent,Agent);
|
||||
run bunava14.D(Agent,Agent,Agent,Agent);
|
||||
run bunava14.A(Agent,Agent,Agent,Agent);
|
||||
run bunava14.B(Agent,Agent,Agent,Agent);
|
||||
run bunava14.C(Agent,Agent,Agent,Agent);
|
||||
run bunava14.D(Agent,Agent,Agent,Agent);
|
||||
|
@ -25,7 +25,7 @@ protocol bunava23(R0,R1,R2)
|
||||
{
|
||||
role R0
|
||||
{
|
||||
const n0: Nonce;
|
||||
fresh n0: Nonce;
|
||||
var n1,n2: Nonce;
|
||||
var T0: Ticket;
|
||||
|
||||
@ -39,7 +39,7 @@ protocol bunava23(R0,R1,R2)
|
||||
|
||||
role R1
|
||||
{
|
||||
const n1: Nonce;
|
||||
fresh n1: Nonce;
|
||||
var n0,n2: Nonce;
|
||||
var T1: Ticket;
|
||||
|
||||
@ -54,7 +54,7 @@ protocol bunava23(R0,R1,R2)
|
||||
|
||||
role R2
|
||||
{
|
||||
const n2: Nonce;
|
||||
fresh n2: Nonce;
|
||||
var n0,n1: Nonce;
|
||||
var T2: Ticket;
|
||||
|
||||
@ -67,22 +67,7 @@ protocol bunava23(R0,R1,R2)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Charlie,David,Frodo,Gerard,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Charlie,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Charlie);
|
||||
|
||||
# General scenario
|
||||
|
||||
run bunava23.R0(Agent,Agent,Agent);
|
||||
run bunava23.R1(Agent,Agent,Agent);
|
||||
run bunava23.R2(Agent,Agent,Agent);
|
||||
run bunava23.R0(Agent,Agent,Agent);
|
||||
run bunava23.R1(Agent,Agent,Agent);
|
||||
run bunava23.R2(Agent,Agent,Agent);
|
||||
|
@ -27,7 +27,7 @@ protocol bunava24(A,B,C,D)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const ra: Nonce;
|
||||
fresh ra: Nonce;
|
||||
var rb,rc,rd: Nonce;
|
||||
var Tacd, Tabd: Ticket;
|
||||
|
||||
@ -49,7 +49,7 @@ protocol bunava24(A,B,C,D)
|
||||
|
||||
role B
|
||||
{
|
||||
const rb: Nonce;
|
||||
fresh rb: Nonce;
|
||||
var ra,rc,rd: Nonce;
|
||||
var Tbad, Tbac: Ticket;
|
||||
|
||||
@ -73,7 +73,7 @@ protocol bunava24(A,B,C,D)
|
||||
|
||||
role C
|
||||
{
|
||||
const rc: Nonce;
|
||||
fresh rc: Nonce;
|
||||
var ra,rb,rd: Nonce;
|
||||
var Tcab,Tcbd: Ticket;
|
||||
|
||||
@ -96,7 +96,7 @@ protocol bunava24(A,B,C,D)
|
||||
|
||||
role D
|
||||
{
|
||||
const rd: Nonce;
|
||||
fresh rd: Nonce;
|
||||
var ra,rb,rc: Nonce;
|
||||
var Tdbc,Tdac: Ticket;
|
||||
|
||||
@ -115,24 +115,7 @@ protocol bunava24(A,B,C,D)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Charlie,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Charlie,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Charlie);
|
||||
|
||||
# General scenario
|
||||
|
||||
run bunava24.A(Agent,Agent,Agent,Agent);
|
||||
run bunava24.B(Agent,Agent,Agent,Agent);
|
||||
run bunava24.C(Agent,Agent,Agent,Agent);
|
||||
run bunava24.D(Agent,Agent,Agent,Agent);
|
||||
run bunava24.A(Agent,Agent,Agent,Agent);
|
||||
run bunava24.B(Agent,Agent,Agent,Agent);
|
||||
run bunava24.C(Agent,Agent,Agent,Agent);
|
||||
run bunava24.D(Agent,Agent,Agent,Agent);
|
||||
|
@ -6,7 +6,7 @@ protocol carkeybrokenlim(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_1(I,R, I,R );
|
||||
}
|
||||
@ -20,13 +20,5 @@ protocol carkeybrokenlim(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run carkeybrokenlim.I(Alice,Bob);
|
||||
run carkeybrokenlim.R(Alice,Bob);
|
||||
run carkeybrokenlim.I(Alice,Bob);
|
||||
run carkeybrokenlim.R(Alice,Bob);
|
||||
|
@ -6,7 +6,7 @@ protocol carkeybroken(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_1(I,R, {ni}sk(I) );
|
||||
}
|
||||
@ -20,13 +20,5 @@ protocol carkeybroken(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run carkeybroken.I(Agent,Agent);
|
||||
run carkeybroken.R(Agent,Agent);
|
||||
run carkeybroken.I(Agent,Agent);
|
||||
run carkeybroken.R(Agent,Agent);
|
||||
|
@ -6,7 +6,7 @@ protocol carkeyni(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_1(I,R, {R,ni}sk(I) );
|
||||
}
|
||||
@ -20,13 +20,5 @@ protocol carkeyni(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run carkeyni.I(Agent,Agent);
|
||||
run carkeyni.R(Agent,Agent);
|
||||
run carkeyni.I(Agent,Agent);
|
||||
run carkeyni.R(Agent,Agent);
|
||||
|
@ -6,7 +6,7 @@ protocol carkeyni2(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_1(I,R, {R,ni}sk(I) );
|
||||
send_2(I,R, {R,ni}sk(I) );
|
||||
@ -22,13 +22,5 @@ protocol carkeyni2(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run carkeyni2.I(Agent,Agent);
|
||||
run carkeyni2.R(Agent,Agent);
|
||||
run carkeyni2.I(Agent,Agent);
|
||||
run carkeyni2.R(Agent,Agent);
|
||||
|
@ -7,8 +7,8 @@ protocol ccitt509(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const xi,yi: Data;
|
||||
const ni: Nonce;
|
||||
fresh xi,yi: Data;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var yr,xr: Data;
|
||||
|
||||
@ -26,8 +26,8 @@ protocol ccitt509(I,R)
|
||||
{
|
||||
var xi,yi: Data;
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const yr,xr: Data;
|
||||
fresh nr: Nonce;
|
||||
fresh yr,xr: Data;
|
||||
|
||||
read_1(I,R, I,{ni, R, xi, {yi}pk(R) }sk(I) );
|
||||
send_2(R,I, R,{nr, I, ni, xr, {yr}pk(I) }sk(R) );
|
||||
@ -40,14 +40,6 @@ protocol ccitt509(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const de: Data;
|
||||
compromised sk(Eve);
|
||||
|
||||
run ccitt509.I(Agent,Agent);
|
||||
run ccitt509.R(Agent,Agent);
|
||||
run ccitt509.I(Agent,Agent);
|
||||
run ccitt509.R(Agent,Agent);
|
||||
|
@ -7,7 +7,7 @@ protocol nsl3th1(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {P1,I,ni}pk(R) );
|
||||
@ -21,7 +21,7 @@ protocol nsl3th1(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {P1,I,ni}pk(R) );
|
||||
send_1b(R,I, {nr}pk(I) );
|
||||
@ -32,9 +32,5 @@ protocol nsl3th1(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -9,7 +9,7 @@ protocol nsl3th1(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {P1,I,ni}pk(R) );
|
||||
@ -23,7 +23,7 @@ protocol nsl3th1(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {P1,I,ni}pk(R) );
|
||||
send_1b(R,I, {nr}pk(I) );
|
||||
@ -34,18 +34,14 @@ protocol nsl3th1(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
protocol nsl3th2(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {P2,I,ni}pk(R) );
|
||||
@ -59,7 +55,7 @@ protocol nsl3th2(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {P2,I,ni}pk(R) );
|
||||
send_1b(R,I, {nr}pk(I) );
|
||||
@ -70,9 +66,5 @@ protocol nsl3th2(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -8,7 +8,7 @@ protocol nsl3th3ni(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni,ni: Nonce;
|
||||
fresh ni,ni: Nonce;
|
||||
var nr,nr2: Nonce;
|
||||
|
||||
send_1(I,R, {P1,I,ni}pk(R) );
|
||||
@ -29,7 +29,7 @@ protocol nsl3th3ni(I,R)
|
||||
role R
|
||||
{
|
||||
var ni,ni: Nonce;
|
||||
const nr,nr2: Nonce;
|
||||
fresh nr,nr2: Nonce;
|
||||
|
||||
read_1(I,R, {P1,I,ni}pk(R) );
|
||||
send_1b(R,I, {nr}pk(I) );
|
||||
@ -48,9 +48,5 @@ protocol nsl3th3ni(I,R)
|
||||
}
|
||||
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -8,7 +8,7 @@ protocol nsl3th3nr(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni,ni2: Nonce;
|
||||
fresh ni,ni2: Nonce;
|
||||
var nr,nr: Nonce;
|
||||
|
||||
send_1(I,R, {P1,I,ni}pk(R) );
|
||||
@ -29,7 +29,7 @@ protocol nsl3th3nr(I,R)
|
||||
role R
|
||||
{
|
||||
var ni,ni2: Nonce;
|
||||
const nr,nr: Nonce;
|
||||
fresh nr,nr: Nonce;
|
||||
|
||||
read_1(I,R, {P1,I,ni}pk(R) );
|
||||
send_1b(R,I, {nr}pk(I) );
|
||||
@ -48,9 +48,5 @@ protocol nsl3th3nr(I,R)
|
||||
}
|
||||
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -8,7 +8,7 @@ protocol nsl3th3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni,ni2: Nonce;
|
||||
fresh ni,ni2: Nonce;
|
||||
var nr,nr2: Nonce;
|
||||
|
||||
send_1(I,R, {P1,I,ni}pk(R) );
|
||||
@ -29,7 +29,7 @@ protocol nsl3th3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni,ni2: Nonce;
|
||||
const nr,nr2: Nonce;
|
||||
fresh nr,nr2: Nonce;
|
||||
|
||||
read_1(I,R, {P1,I,ni}pk(R) );
|
||||
send_1b(R,I, {nr}pk(I) );
|
||||
@ -48,9 +48,5 @@ protocol nsl3th3(I,R)
|
||||
}
|
||||
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -7,7 +7,7 @@ protocol nsl3th2(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {P2,I,ni}pk(R) );
|
||||
@ -21,7 +21,7 @@ protocol nsl3th2(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {P2,I,ni}pk(R) );
|
||||
send_1b(R,I, {nr}pk(I) );
|
||||
@ -32,9 +32,5 @@ protocol nsl3th2(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -17,13 +17,11 @@ secret k: Function;
|
||||
|
||||
/* agents */
|
||||
|
||||
const a,b,e: Agent;
|
||||
|
||||
|
||||
/* untrusted e */
|
||||
|
||||
untrusted e;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
|
||||
compromised k(e,e);
|
||||
@ -51,8 +49,8 @@ protocol denningsaccosh(A,S,B)
|
||||
|
||||
role S
|
||||
{
|
||||
const t: Time;
|
||||
const kab: SessionKey;
|
||||
fresh t: Time;
|
||||
fresh kab: SessionKey;
|
||||
|
||||
read_1 (A,S, A,S );
|
||||
send_2 (S,A, {B, kab, t, { kab, A,t }k(B,S) }k(A,S) );
|
||||
|
@ -28,15 +28,11 @@ protocol f4(I,R)
|
||||
|
||||
role R
|
||||
{
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
send_!1(R,I, nr );
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -28,15 +28,11 @@ protocol f5(I,R)
|
||||
|
||||
role R
|
||||
{
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
send_!1(R,I, nr );
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -8,7 +8,7 @@ protocol r5bound(I,R)
|
||||
{
|
||||
var k1: Nonce;
|
||||
var ni: Nonce;
|
||||
const k2: Nonce;
|
||||
fresh k2: Nonce;
|
||||
|
||||
read_!1 (I,R, ni );
|
||||
send_!2 (R,I, { ni }sk(R) );
|
||||
@ -19,6 +19,4 @@ protocol r5bound(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob: Agent;
|
||||
const ne: Nonce;
|
||||
|
||||
|
@ -22,7 +22,7 @@ protocol fourway(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const x: Nonce;
|
||||
fresh x: Nonce;
|
||||
var y: Nonce;
|
||||
|
||||
send_1( X,Y, x,msg1 );
|
||||
@ -37,7 +37,7 @@ protocol fourway(X,Y)
|
||||
role Y
|
||||
{
|
||||
var x: Nonce;
|
||||
const y: Nonce;
|
||||
fresh y: Nonce;
|
||||
|
||||
read_1( X,Y, x,msg1 );
|
||||
send_2( Y,X, y,msg2,hash( ptk,y,msg2 ) );
|
||||
@ -50,9 +50,4 @@ protocol fourway(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised pmk(Eve,Alice);
|
||||
compromised pmk(Eve,Bob);
|
||||
compromised pmk(Alice,Eve);
|
||||
compromised pmk(Bob,Eve);
|
||||
|
||||
|
@ -18,7 +18,7 @@ protocol fourway(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const x: Nonce;
|
||||
fresh x: Nonce;
|
||||
var y: Nonce;
|
||||
|
||||
send_1( X,Y, x,msg1 );
|
||||
@ -33,7 +33,7 @@ protocol fourway(X,Y)
|
||||
role Y
|
||||
{
|
||||
var x: Nonce;
|
||||
const y: Nonce;
|
||||
fresh y: Nonce;
|
||||
|
||||
read_1( X,Y, x,msg1 );
|
||||
send_2( Y,X, y,msg2,hash( hash( pmk(X,Y),x,y ),y,msg2 ) );
|
||||
@ -46,8 +46,3 @@ protocol fourway(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised pmk(Eve,Alice);
|
||||
compromised pmk(Eve,Bob);
|
||||
compromised pmk(Alice,Eve);
|
||||
compromised pmk(Bob,Eve);
|
||||
|
@ -14,9 +14,9 @@ protocol gongnonceb(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
const ki: Keypart;
|
||||
fresh ki: Keypart;
|
||||
var kr: Keypart;
|
||||
|
||||
send_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
|
||||
@ -32,8 +32,8 @@ protocol gongnonceb(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kr: Keypart;
|
||||
fresh nr: Nonce;
|
||||
fresh kr: Keypart;
|
||||
var ki: Keypart;
|
||||
|
||||
read_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
|
||||
@ -59,23 +59,7 @@ protocol gongnonceb(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kpe: Keypart;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
run gongnonceb.I(Agent,Agent,Simon);
|
||||
run gongnonceb.R(Agent,Agent,Simon);
|
||||
run gongnonceb.S(Agent,Agent,Simon);
|
||||
run gongnonceb.I(Agent,Agent,Simon);
|
||||
run gongnonceb.R(Agent,Agent,Simon);
|
||||
run gongnonceb.S(Agent,Agent,Simon);
|
||||
|
@ -6,9 +6,9 @@ protocol gongnonce(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
const ki: Keypart;
|
||||
fresh ki: Keypart;
|
||||
var kr: Keypart;
|
||||
|
||||
send_1 (I,R, I,R,ni );
|
||||
@ -24,8 +24,8 @@ protocol gongnonce(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kr: Keypart;
|
||||
fresh nr: Nonce;
|
||||
fresh kr: Keypart;
|
||||
var ki: Keypart;
|
||||
|
||||
read_1 (I,R, I,R,ni );
|
||||
@ -50,23 +50,7 @@ protocol gongnonce(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kpe: Keypart;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
run gongnonce.I(Agent,Agent,Simon);
|
||||
run gongnonce.R(Agent,Agent,Simon);
|
||||
run gongnonce.S(Agent,Agent,Simon);
|
||||
run gongnonce.I(Agent,Agent,Simon);
|
||||
run gongnonce.R(Agent,Agent,Simon);
|
||||
run gongnonce.S(Agent,Agent,Simon);
|
||||
|
@ -4,20 +4,17 @@
|
||||
// The only requirement on the server communications is that the
|
||||
// sending of the private key is secret.
|
||||
|
||||
const pk: Function; //public-private keys are used to model a secure channel
|
||||
secret sk: Function; //from the keyserver to the parties
|
||||
const ibepublic: Function; //publicly known key construction from server
|
||||
//parameters and recipient name
|
||||
secret ibesecret: Function;//secret key determined by server for recipient
|
||||
const param: Function; //public security parameter of server
|
||||
inversekeys (pk,sk);
|
||||
inversekeys (ibepublic,ibesecret);
|
||||
|
||||
protocol ibe(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
//Note that we are not interested in the order of server messages.
|
||||
@ -36,7 +33,7 @@ protocol ibe(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_!2(S,R, {ibesecret(param(S),R)}pk(R) );
|
||||
read_3(I,R, {I,ni}ibepublic(param(S),R) );
|
||||
@ -59,11 +56,6 @@ protocol ibe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Carol, Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
compromised ibesecret(param(Eve),Alice);
|
||||
compromised ibesecret(param(Eve),Bob);
|
||||
compromised ibesecret(param(Eve),Carol);
|
||||
|
@ -14,7 +14,7 @@ protocol ibe(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
read_1(S,I, param(S) );
|
||||
send_3(I,R, {ni}ibepublic(param(S),R) );
|
||||
@ -40,11 +40,7 @@ protocol ibe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Carol, Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
compromised ibesecret(param(Eve),Alice);
|
||||
compromised ibesecret(param(Eve),Bob);
|
||||
compromised ibesecret(param(Eve),Carol);
|
||||
|
@ -6,7 +6,7 @@ protocol isoiec11770213(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Sessionkey;
|
||||
|
||||
@ -19,8 +19,8 @@ protocol isoiec11770213(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: Sessionkey;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: Sessionkey;
|
||||
var T;
|
||||
|
||||
read_1 (I,R, ni);
|
||||
@ -41,23 +41,7 @@ protocol isoiec11770213(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
run isoiec11770213.I(Agent,Agent,Simon);
|
||||
run isoiec11770213.R(Agent,Agent,Simon);
|
||||
run isoiec11770213.S(Agent,Agent,Simon);
|
||||
run isoiec11770213.I(Agent,Agent,Simon);
|
||||
run isoiec11770213.R(Agent,Agent,Simon);
|
||||
run isoiec11770213.S(Agent,Agent,Simon);
|
||||
|
@ -6,7 +6,7 @@ protocol kaochowPalm(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Sessionkey;
|
||||
|
||||
@ -22,7 +22,7 @@ protocol kaochowPalm(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir: Sessionkey;
|
||||
var T;
|
||||
|
||||
@ -38,30 +38,14 @@ protocol kaochowPalm(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni: Nonce;
|
||||
const kir: Sessionkey;
|
||||
fresh kir: Sessionkey;
|
||||
|
||||
read_1 (I,S, I,R,ni);
|
||||
send_2 (S,R, { {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
run kaochowPalm.I(Agent,Agent,Simon);
|
||||
run kaochowPalm.R(Agent,Agent,Simon);
|
||||
run kaochowPalm.S(Agent,Agent,Simon);
|
||||
run kaochowPalm.I(Agent,Agent,Simon);
|
||||
run kaochowPalm.R(Agent,Agent,Simon);
|
||||
run kaochowPalm.S(Agent,Agent,Simon);
|
||||
|
@ -6,7 +6,7 @@ protocol kaochow2(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir,kt: Sessionkey;
|
||||
|
||||
@ -22,7 +22,7 @@ protocol kaochow2(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir,kt: Sessionkey;
|
||||
var T: Ticket;
|
||||
|
||||
@ -38,30 +38,14 @@ protocol kaochow2(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni: Nonce;
|
||||
const kir, kt: Sessionkey;
|
||||
fresh kir, kt: Sessionkey;
|
||||
|
||||
read_1 (I,S, I,R,ni);
|
||||
send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
run kaochow2.I(Agent,Agent,Simon);
|
||||
run kaochow2.R(Agent,Agent,Simon);
|
||||
run kaochow2.S(Agent,Agent,Simon);
|
||||
run kaochow2.I(Agent,Agent,Simon);
|
||||
run kaochow2.R(Agent,Agent,Simon);
|
||||
run kaochow2.S(Agent,Agent,Simon);
|
||||
|
@ -7,7 +7,7 @@ protocol kaochow3(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir,kt: Sessionkey;
|
||||
var T2: Ticket;
|
||||
@ -24,10 +24,10 @@ protocol kaochow3(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir,kt: Sessionkey;
|
||||
var T: Ticket;
|
||||
const tr: Timestamp;
|
||||
fresh tr: Timestamp;
|
||||
|
||||
read_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
|
||||
send_3 (R,I, R, T, {ni, kir}kt, nr, {I,R,tr,kir}k(R,S) );
|
||||
@ -41,30 +41,14 @@ protocol kaochow3(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni: Nonce;
|
||||
const kir, kt: Sessionkey;
|
||||
fresh kir, kt: Sessionkey;
|
||||
|
||||
read_1 (I,S, I,R,ni);
|
||||
send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
run kaochow3.I(Agent,Agent,Simon);
|
||||
run kaochow3.R(Agent,Agent,Simon);
|
||||
run kaochow3.S(Agent,Agent,Simon);
|
||||
run kaochow3.I(Agent,Agent,Simon);
|
||||
run kaochow3.R(Agent,Agent,Simon);
|
||||
run kaochow3.S(Agent,Agent,Simon);
|
||||
|
@ -6,7 +6,7 @@ protocol kaochow(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Sessionkey;
|
||||
|
||||
@ -22,7 +22,7 @@ protocol kaochow(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir: Sessionkey;
|
||||
var T;
|
||||
|
||||
@ -38,30 +38,14 @@ protocol kaochow(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni: Nonce;
|
||||
const kir: Sessionkey;
|
||||
fresh kir: Sessionkey;
|
||||
|
||||
read_1 (I,S, I,R,ni);
|
||||
send_2 (S,R, {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
run kaochow.I(Agent,Agent,Simon);
|
||||
run kaochow.R(Agent,Agent,Simon);
|
||||
run kaochow.S(Agent,Agent,Simon);
|
||||
run kaochow.I(Agent,Agent,Simon);
|
||||
run kaochow.R(Agent,Agent,Simon);
|
||||
run kaochow.S(Agent,Agent,Simon);
|
||||
|
@ -58,13 +58,13 @@ protocol @swapkey-kst(I,R)
|
||||
protocol kerberos(C,K,T,S) {
|
||||
|
||||
role C {
|
||||
const n1: Nonce;
|
||||
const n2: Nonce;
|
||||
fresh n1: Nonce;
|
||||
fresh n2: Nonce;
|
||||
var tgt: Ticket;
|
||||
var st: Ticket;
|
||||
var AKey: Sessionkey;
|
||||
var SKey: Sessionkey;
|
||||
const t: Text;
|
||||
fresh t: Text;
|
||||
|
||||
send_1(C,K, C,T,n1);
|
||||
read_2(K,C, tgt, { AKey,n1,T }kck(C,K) );
|
||||
@ -94,7 +94,7 @@ protocol kerberos(C,K,T,S) {
|
||||
}
|
||||
role K {
|
||||
var n1: Nonce;
|
||||
const AKey: Sessionkey;
|
||||
fresh AKey: Sessionkey;
|
||||
|
||||
read_1(C,K, C,T,n1);
|
||||
send_2(K,C, { AKey, C }ktk(T,K), { AKey,n1,T }kck(C,K) );
|
||||
@ -106,7 +106,7 @@ protocol kerberos(C,K,T,S) {
|
||||
role T {
|
||||
var AKey: Sessionkey;
|
||||
var n2: Nonce;
|
||||
const SKey: Sessionkey;
|
||||
fresh SKey: Sessionkey;
|
||||
|
||||
read_3(C,T, { AKey, C }ktk(T,K), { C }AKey,C,S,n2 );
|
||||
send_4(T,C, C,{ SKey, C }kst(S,T), { SKey, n2, S }AKey );
|
||||
@ -138,27 +138,14 @@ protocol kerberos(C,K,T,S) {
|
||||
}
|
||||
|
||||
const Alice,Bob,Charlie,Eve: Agent;
|
||||
untrusted Eve;
|
||||
|
||||
// C untrusted
|
||||
compromised kck(Eve,Alice);
|
||||
compromised kck(Alice,Eve);
|
||||
|
||||
// K untrusted
|
||||
compromised kck(Eve,Alice);
|
||||
compromised kck(Alice,Eve);
|
||||
compromised ktk(Eve,Alice);
|
||||
compromised ktk(Alice,Eve);
|
||||
|
||||
// T untrusted
|
||||
compromised kst(Alice,Eve);
|
||||
compromised kst(Eve,Alice);
|
||||
compromised ktk(Eve,Alice);
|
||||
compromised ktk(Alice,Eve);
|
||||
|
||||
// S untrusted
|
||||
compromised kst(Alice,Eve);
|
||||
compromised kst(Eve,Alice);
|
||||
|
||||
|
||||
|
||||
|
@ -11,12 +11,10 @@
|
||||
usertype Server, SessionKey, GeneralizedTimestamp, Ticket, TicketKey;
|
||||
secret k: Function;
|
||||
|
||||
const a, b, e: Agent;
|
||||
const s: Server;
|
||||
|
||||
/* give the intruder something to work with */
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted e;
|
||||
compromised k(e,s);
|
||||
@ -25,7 +23,7 @@ protocol ksl(A,B,S)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const Na, Ma: Nonce;
|
||||
fresh Na, Ma: Nonce;
|
||||
var Nc, Mb: Nonce;
|
||||
var T: Ticket;
|
||||
var Kab: SessionKey;
|
||||
@ -46,10 +44,10 @@ protocol ksl(A,B,S)
|
||||
role B
|
||||
{
|
||||
var Na,Ma: Nonce;
|
||||
const Nb,Nc,Mb: Nonce;
|
||||
fresh Nb,Nc,Mb: Nonce;
|
||||
var Kab: SessionKey;
|
||||
const Kbb: TicketKey;
|
||||
const Tb: GeneralizedTimestamp;
|
||||
fresh Kbb: TicketKey;
|
||||
fresh Tb: GeneralizedTimestamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(A,B, Na, A);
|
||||
@ -70,14 +68,11 @@ protocol ksl(A,B,S)
|
||||
role S
|
||||
{
|
||||
var Na, Nb: Nonce;
|
||||
const Kab: SessionKey;
|
||||
fresh Kab: SessionKey;
|
||||
|
||||
read_2(B,S, Na, A, Nb, B );
|
||||
send_3(S,B, { Nb, A, Kab }k(B,S), { Na,B,Kab }k(A,S) );
|
||||
}
|
||||
}
|
||||
|
||||
run ksl.A(a,b,s);
|
||||
run ksl.B(a,b,s);
|
||||
run ksl.S(a,b,s);
|
||||
|
||||
|
@ -15,7 +15,7 @@ protocol lcbreaker(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var x: Nonce;
|
||||
|
||||
@ -33,8 +33,8 @@ protocol lcbreaker(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const x: Nonce;
|
||||
fresh nr: Nonce;
|
||||
fresh x: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -48,9 +48,5 @@ protocol lcbreaker(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -15,7 +15,7 @@ protocol lcbreakerS1(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni,ni2: Nonce;
|
||||
fresh ni,ni2: Nonce;
|
||||
var nr: Nonce;
|
||||
var x: Nonce;
|
||||
|
||||
@ -36,8 +36,8 @@ protocol lcbreakerS1(I,R)
|
||||
role R
|
||||
{
|
||||
var ni,ni2: Nonce;
|
||||
const nr: Nonce;
|
||||
const x: Nonce;
|
||||
fresh nr: Nonce;
|
||||
fresh x: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -54,10 +54,6 @@ protocol lcbreakerS1(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -14,7 +14,7 @@ protocol localclaims(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_1(I,R, {ni}pk(R) );
|
||||
|
||||
@ -33,13 +33,8 @@ protocol localclaims(I,R)
|
||||
|
||||
// The agents in the system
|
||||
|
||||
const Alice,Bob: Agent;
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
|
@ -10,13 +10,11 @@ secret k: Function;
|
||||
|
||||
/* agents */
|
||||
|
||||
const a,b,e: Agent;
|
||||
|
||||
|
||||
/* untrusted e */
|
||||
|
||||
untrusted e;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
|
||||
compromised k(e,e);
|
||||
@ -36,7 +34,7 @@ protocol nssymmetricamended(A,S,B)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const na: Nonce;
|
||||
fresh na: Nonce;
|
||||
var T1: Ticket;
|
||||
var T2: Ticket;
|
||||
var kab: SessionKey;
|
||||
@ -57,7 +55,7 @@ protocol nssymmetricamended(A,S,B)
|
||||
|
||||
role S
|
||||
{
|
||||
const kab: SessionKey;
|
||||
fresh kab: SessionKey;
|
||||
var na: Nonce;
|
||||
var nb: Nonce;
|
||||
|
||||
@ -68,7 +66,7 @@ protocol nssymmetricamended(A,S,B)
|
||||
role B
|
||||
{
|
||||
var kab: SessionKey;
|
||||
const nb: Nonce;
|
||||
fresh nb: Nonce;
|
||||
|
||||
read_1(A,B, A );
|
||||
send_2(B,A, { A,nb }k(B,S) );
|
||||
|
@ -9,13 +9,11 @@ secret k: Function;
|
||||
|
||||
/* agents */
|
||||
|
||||
const a,b,e: Agent;
|
||||
|
||||
|
||||
/* untrusted e */
|
||||
|
||||
untrusted e;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
|
||||
compromised k(e,e);
|
||||
@ -35,7 +33,7 @@ protocol nssymmetric(A,S,B)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const na: Nonce;
|
||||
fresh na: Nonce;
|
||||
var T: Ticket;
|
||||
var kab: SessionKey;
|
||||
var nb: Nonce;
|
||||
@ -51,7 +49,7 @@ protocol nssymmetric(A,S,B)
|
||||
|
||||
role S
|
||||
{
|
||||
const kab: SessionKey;
|
||||
fresh kab: SessionKey;
|
||||
var na: Nonce;
|
||||
|
||||
read_1(A,S, A,B,na );
|
||||
@ -61,7 +59,7 @@ protocol nssymmetric(A,S,B)
|
||||
role B
|
||||
{
|
||||
var kab: SessionKey;
|
||||
const nb: Nonce;
|
||||
fresh nb: Nonce;
|
||||
|
||||
read_3(A,B, { kab,A }k(B,S) );
|
||||
send_4(B,A, { nb }kab );
|
||||
|
@ -6,7 +6,7 @@ protocol ns3brutus(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -18,7 +18,7 @@ protocol ns3brutus(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr}pk(I) );
|
||||
@ -31,20 +31,13 @@ const Alice,Bob,Eve : Agent;
|
||||
|
||||
/* something like this will later on all be implied by 'untrusted Eve' */
|
||||
|
||||
untrusted Eve;
|
||||
/* const nc: Nonce; */
|
||||
compromised sk(Eve);
|
||||
/* fresh nc: Nonce; */
|
||||
|
||||
/* pre-defined 10 runs, limit using --max-runs parameters */
|
||||
/* to be nice to brutus, stupid scenario :( */
|
||||
|
||||
run ns3brutus.R(Agent,Bob);
|
||||
run ns3brutus.I(Alice,Agent);
|
||||
run ns3brutus.R(Agent,Bob);
|
||||
run ns3brutus.I(Alice,Agent);
|
||||
run ns3brutus.R(Agent,Bob);
|
||||
run ns3brutus.I(Alice,Agent);
|
||||
run ns3brutus.R(Agent,Bob);
|
||||
run ns3brutus.I(Alice,Agent);
|
||||
run ns3brutus.R(Agent,Bob);
|
||||
run ns3brutus.I(Alice,Agent);
|
||||
|
@ -14,7 +14,7 @@ protocol ns3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -29,7 +29,7 @@ protocol ns3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr}pk(I) );
|
||||
@ -43,25 +43,10 @@ protocol ns3(I,R)
|
||||
|
||||
// The agents in the system
|
||||
|
||||
const Alice,Bob: Agent;
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
// The runs (only needed for the modelchecker algorithm)
|
||||
|
||||
run ns3.I(Agent,Agent);
|
||||
run ns3.R(Agent,Agent);
|
||||
run ns3.I(Agent,Agent);
|
||||
run ns3.R(Agent,Agent);
|
||||
run ns3.I(Agent,Agent);
|
||||
run ns3.R(Agent,Agent);
|
||||
run ns3.I(Agent,Agent);
|
||||
run ns3.R(Agent,Agent);
|
||||
run ns3.I(Agent,Agent);
|
||||
run ns3.R(Agent,Agent);
|
||||
|
||||
|
@ -6,7 +6,7 @@ protocol nsl3rep(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -20,7 +20,7 @@ protocol nsl3rep(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
read_6(I,R, {I,ni}pk(R) );
|
||||
@ -31,13 +31,5 @@ protocol nsl3rep(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run nsl3rep.I(Agent,Agent);
|
||||
run nsl3rep.R(Agent,Agent);
|
||||
run nsl3rep.I(Agent,Agent);
|
||||
run nsl3rep.R(Agent,Agent);
|
||||
|
@ -6,7 +6,7 @@ protocol nsl3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -22,7 +22,7 @@ protocol nsl3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -35,9 +35,5 @@ protocol nsl3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -12,20 +12,16 @@ usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Simon, Eve: Agent;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
protocol neustub(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Tb: TimeStamp;
|
||||
@ -46,12 +42,12 @@ protocol neustub(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Mr: Nonce;
|
||||
fresh Nr,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Tb: TimeStamp;
|
||||
fresh Tb: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
const g: Ticket;
|
||||
fresh g: Ticket;
|
||||
|
||||
read_1(I,R, I, Ni);
|
||||
send_!2(R,S, R, {I, Ni, Tb, g}k(R,S),Nr);
|
||||
@ -67,7 +63,7 @@ protocol neustub(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Tb: TimeStamp;
|
||||
|
||||
var g: Ticket;
|
||||
|
@ -12,28 +12,24 @@ usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Simon, Eve: Agent;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
protocol neustub^Repeat(I,R,S)
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
role I
|
||||
{
|
||||
const Mi: Nonce;
|
||||
fresh Mi: Nonce;
|
||||
var Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
var Tr: TimeStamp;
|
||||
|
||||
var Tb: Ticket;
|
||||
const g: Ticket;
|
||||
fresh g: Ticket;
|
||||
var h: Ticket;
|
||||
|
||||
read_!chain(R,I, { R,Tr,Kir }k(I,S), Tb);
|
||||
@ -52,13 +48,13 @@ protocol neustub^Repeat(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Mr: Nonce;
|
||||
fresh Mr: Nonce;
|
||||
var Tr: TimeStamp;
|
||||
var Kir: SessionKey;
|
||||
var Mi: Nonce;
|
||||
|
||||
var g: Ticket;
|
||||
const h: Ticket;
|
||||
fresh h: Ticket;
|
||||
|
||||
read_5(I,R,Mi,{I,Kir,Tr}k(R,S),g);
|
||||
send_6(R,I,{Mi,Mr,g,h}Kir);
|
||||
|
@ -1,4 +1,4 @@
|
||||
secret const k : Function;
|
||||
secret fresh k : Function;
|
||||
|
||||
/* Version from the Spore Librairy
|
||||
http://www.lsv.ens-cachan.fr/spore/otwayRees.html
|
||||
@ -10,8 +10,8 @@ protocol otwayrees(A,B,S)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const na : Nonce;
|
||||
const M : String;
|
||||
fresh na : Nonce;
|
||||
fresh M : String;
|
||||
var kab : SesKey;
|
||||
|
||||
send_1(A,B, M,A,B, { na,M,A,B }k(A,S) );
|
||||
@ -25,7 +25,7 @@ protocol otwayrees(A,B,S)
|
||||
role B
|
||||
{
|
||||
var M : String;
|
||||
const nb : Nonce;
|
||||
fresh nb : Nonce;
|
||||
var kab : SesKey;
|
||||
var t1,t2;
|
||||
|
||||
@ -43,7 +43,7 @@ protocol otwayrees(A,B,S)
|
||||
{
|
||||
var na,nb : Nonce;
|
||||
var M : String;
|
||||
const kab : SesKey;
|
||||
fresh kab : SesKey;
|
||||
|
||||
read_2(B,S, M,A,B, { na,M,A,B }k(A,S), { nb,M,A,B }k(B,S) );
|
||||
send_3(S,B, M, { na,kab }k(A,S) , { nb,kab }k(B,S) );
|
||||
@ -53,14 +53,6 @@ protocol otwayrees(A,B,S)
|
||||
const Alice, Bob, Eve: Agent;
|
||||
const Simon: Server;
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
run otwayrees.A(Alice, Agent, Simon);
|
||||
run otwayrees.B(Agent, Bob, Simon);
|
||||
run otwayrees.S(Agent, Agent, Simon);
|
||||
|
||||
run otwayrees.A(Agent, Agent, Simon);
|
||||
run otwayrees.B(Agent, Agent, Simon);
|
||||
run otwayrees.S(Agent, Agent, Simon);
|
||||
|
||||
|
@ -13,7 +13,7 @@ protocol samascbroken(I,R)
|
||||
{
|
||||
role R
|
||||
{
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir: Key;
|
||||
|
||||
read_!1a (I,R, { kir,I }pk(R) );
|
||||
@ -29,8 +29,6 @@ protocol samascbroken(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const a,b,e: Agent;
|
||||
|
||||
untrusted e;
|
||||
compromised sk(e);
|
||||
const ne: Nonce;
|
||||
|
@ -1,14 +1,12 @@
|
||||
|
||||
secret k: Nonce;
|
||||
const Alice,Bob,Charlie: Agent;
|
||||
const ne: Nonce;
|
||||
|
||||
protocol simplest(I)
|
||||
{
|
||||
role I
|
||||
{
|
||||
var x: Nonce;
|
||||
const n: Nonce;
|
||||
fresh n: Nonce;
|
||||
|
||||
read_!1(I,I, x);
|
||||
send_!2(I,I, n, {n, x}k );
|
||||
|
@ -7,8 +7,8 @@ protocol sophkx(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
const kir: Sessionkey;
|
||||
fresh ni: Nonce;
|
||||
fresh kir: Sessionkey;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, ni, {I,kir}pk(R) );
|
||||
@ -20,20 +20,13 @@ protocol sophkx(I,R)
|
||||
{
|
||||
var ni: Nonce;
|
||||
var kir: Sessionkey;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, ni, {I,kir}pk(R) );
|
||||
send_2(R,I, {ni}kir );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
const ke: Sessionkey;
|
||||
compromised sk(Eve);
|
||||
|
||||
run sophkx.I(Agent,Agent);
|
||||
run sophkx.R(Agent,Agent);
|
||||
run sophkx.I(Agent,Agent);
|
||||
|
@ -6,7 +6,7 @@ protocol soph(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
read_2(R,I, ni );
|
||||
@ -22,13 +22,5 @@ protocol soph(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run soph.I(Agent,Agent);
|
||||
run soph.R(Agent,Agent);
|
||||
run soph.I(Agent,Agent);
|
||||
run soph.R(Agent,Agent);
|
||||
|
@ -6,7 +6,7 @@ protocol ns3speedtest(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {I,ni}pk(R) );
|
||||
@ -18,7 +18,7 @@ protocol ns3speedtest(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {I,ni}pk(R) );
|
||||
send_2(R,I, {ni,nr}pk(I) );
|
||||
@ -27,23 +27,14 @@ protocol ns3speedtest(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve : Agent;
|
||||
|
||||
/* something like this will later on all be implied by 'untrusted Eve' */
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
/* pre-defined 10 runs, limit using --max-runs parameters */
|
||||
|
||||
run ns3speedtest.I(Alice,Bob);
|
||||
run ns3speedtest.R(Alice,Bob);
|
||||
run ns3speedtest.I(Alice,Eve);
|
||||
run ns3speedtest.R(Eve,Bob);
|
||||
run ns3speedtest.I(Bob,Alice);
|
||||
run ns3speedtest.R(Bob,Alice);
|
||||
run ns3speedtest.I(Bob,Eve);
|
||||
run ns3speedtest.R(Eve,Alice);
|
||||
run ns3speedtest.I(Alice,Alice);
|
||||
run ns3speedtest.R(Bob,Bob);
|
||||
|
@ -8,9 +8,9 @@ protocol spliceAShcCJ(C,AS,S)
|
||||
{
|
||||
role C
|
||||
{
|
||||
const N1,N2: Nonce;
|
||||
const T: TimeStamp;
|
||||
const L: LifeTime;
|
||||
fresh N1,N2: Nonce;
|
||||
fresh T: TimeStamp;
|
||||
fresh L: LifeTime;
|
||||
|
||||
send_1(C,AS, C, S, N1 );
|
||||
read_2(AS,C, AS, {AS, C, N1, S, pk(S)}sk(AS) );
|
||||
@ -34,13 +34,13 @@ protocol spliceAShcCJ(C,AS,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const N3: Nonce;
|
||||
fresh N3: Nonce;
|
||||
var N2: Nonce;
|
||||
var T: TimeStamp;
|
||||
var L: LifeTime;
|
||||
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_3(C,S, C, S, {T, L, {C, N2}pk(S)}sk(C) );
|
||||
send_4(S,AS, S, C, N3 );
|
||||
@ -53,14 +53,7 @@ protocol spliceAShcCJ(C,AS,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Al,Bo,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run spliceAShcCJ.C(Agent,Agent,Agent);
|
||||
run spliceAShcCJ.AS(Agent,Agent,Agent);
|
||||
run spliceAShcCJ.S(Agent,Agent,Agent);
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -8,9 +8,9 @@ protocol spliceAShc(C,AS,S)
|
||||
{
|
||||
role C
|
||||
{
|
||||
const N1,N2: Nonce;
|
||||
const T: TimeStamp;
|
||||
const L: LifeTime;
|
||||
fresh N1,N2: Nonce;
|
||||
fresh T: TimeStamp;
|
||||
fresh L: LifeTime;
|
||||
|
||||
send_1(C,AS, C, S, N1 );
|
||||
read_2(AS,C, AS, {AS, C, N1, S, pk(S)}sk(AS) );
|
||||
@ -34,13 +34,13 @@ protocol spliceAShc(C,AS,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const N3: Nonce;
|
||||
fresh N3: Nonce;
|
||||
var N2: Nonce;
|
||||
var T: TimeStamp;
|
||||
var L: LifeTime;
|
||||
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_3(C,S, C, S, {C, T, L, {N2}pk(S)}sk(C) );
|
||||
send_4(S,AS, S, C, N3 );
|
||||
@ -53,14 +53,7 @@ protocol spliceAShc(C,AS,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Al,Bo,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run spliceAShc.C(Agent,Agent,Agent);
|
||||
run spliceAShc.AS(Agent,Agent,Agent);
|
||||
run spliceAShc.S(Agent,Agent,Agent);
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -8,9 +8,9 @@ protocol spliceAS(C,AS,S)
|
||||
{
|
||||
role C
|
||||
{
|
||||
const N1,N2: Nonce;
|
||||
const T: TimeStamp;
|
||||
const L: LifeTime;
|
||||
fresh N1,N2: Nonce;
|
||||
fresh T: TimeStamp;
|
||||
fresh L: LifeTime;
|
||||
|
||||
send_1(C,AS, C, S, N1 );
|
||||
read_2(AS,C, AS, {AS, C, N1, pk(S)}sk(AS) );
|
||||
@ -34,13 +34,13 @@ protocol spliceAS(C,AS,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const N3: Nonce;
|
||||
fresh N3: Nonce;
|
||||
var N2: Nonce;
|
||||
var T: TimeStamp;
|
||||
var L: LifeTime;
|
||||
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_3(C,S, C, S, {C, T, L, {N2}pk(S)}sk(C) );
|
||||
send_4(S,AS, S, C, N3 );
|
||||
@ -53,14 +53,7 @@ protocol spliceAS(C,AS,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Al,Bo,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
run spliceAS.C(Agent,Agent,Agent);
|
||||
run spliceAS.AS(Agent,Agent,Agent);
|
||||
run spliceAS.S(Agent,Agent,Agent);
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -30,8 +30,8 @@ protocol tls-bm-1(A,B)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const na: Nonce;
|
||||
const pmk: Nonce;
|
||||
fresh na: Nonce;
|
||||
fresh pmk: Nonce;
|
||||
var nb: Nonce;
|
||||
|
||||
send_1( A,B, msg1 );
|
||||
@ -47,7 +47,7 @@ protocol tls-bm-1(A,B)
|
||||
{
|
||||
var na: Nonce;
|
||||
var pmk: Nonce;
|
||||
const nb: Nonce;
|
||||
fresh nb: Nonce;
|
||||
|
||||
read_1( A,B, msg1 );
|
||||
send_2( B,A, msg2 );
|
||||
@ -60,6 +60,4 @@ protocol tls-bm-1(A,B)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -30,8 +30,8 @@ protocol tls-bm-1(A,B)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const na: Nonce;
|
||||
const pmk: Nonce;
|
||||
fresh na: Nonce;
|
||||
fresh pmk: Nonce;
|
||||
var nb: Nonce;
|
||||
|
||||
send_1( A,B, na );
|
||||
@ -47,7 +47,7 @@ protocol tls-bm-1(A,B)
|
||||
{
|
||||
var na: Nonce;
|
||||
var pmk: Nonce;
|
||||
const nb: Nonce;
|
||||
fresh nb: Nonce;
|
||||
|
||||
read_1( A,B, na );
|
||||
send_2( B,A, nb );
|
||||
@ -60,6 +60,4 @@ protocol tls-bm-1(A,B)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -47,9 +47,9 @@ protocol tls-HSDDM05(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const Nx: Nonce;
|
||||
const msecret: Nonce;
|
||||
const pa: Params;
|
||||
fresh Nx: Nonce;
|
||||
fresh msecret: Nonce;
|
||||
fresh pa: Params;
|
||||
var Ny: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -66,8 +66,8 @@ protocol tls-HSDDM05(X,Y)
|
||||
var Nx: Nonce;
|
||||
var msecret: Nonce;
|
||||
var pa: Params;
|
||||
const Ny: Nonce;
|
||||
const pb: Params;
|
||||
fresh Ny: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( X,Y, msg1 );
|
||||
send_2( Y,X, msg2 );
|
||||
@ -79,6 +79,4 @@ protocol tls-HSDDM05(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -19,9 +19,9 @@ protocol tls-HSDDM05(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const Nx: Nonce;
|
||||
const msecret: Nonce;
|
||||
const pa: Params;
|
||||
fresh Nx: Nonce;
|
||||
fresh msecret: Nonce;
|
||||
fresh pa: Params;
|
||||
var Ny: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -38,8 +38,8 @@ protocol tls-HSDDM05(X,Y)
|
||||
var Nx: Nonce;
|
||||
var msecret: Nonce;
|
||||
var pa: Params;
|
||||
const Ny: Nonce;
|
||||
const pb: Params;
|
||||
fresh Ny: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( X,Y, X,Nx,pa );
|
||||
send_2( Y,X, Ny,pb,{ Y,pk(Y) }sk(Terence) );
|
||||
@ -51,5 +51,3 @@ protocol tls-HSDDM05(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
@ -37,9 +37,9 @@ protocol tls-HSDDM05(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const Nx: Nonce;
|
||||
const msecret: Nonce;
|
||||
const pa: Params;
|
||||
fresh Nx: Nonce;
|
||||
fresh msecret: Nonce;
|
||||
fresh pa: Params;
|
||||
var Ny: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -56,8 +56,8 @@ protocol tls-HSDDM05(X,Y)
|
||||
var Nx: Nonce;
|
||||
var msecret: Nonce;
|
||||
var pa: Params;
|
||||
const Ny: Nonce;
|
||||
const pb: Params;
|
||||
fresh Ny: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( X,Y, msg1 );
|
||||
send_2( Y,X, msg2 );
|
||||
@ -69,6 +69,4 @@ protocol tls-HSDDM05(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -38,9 +38,9 @@ protocol tls-HSDDM05(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const Nx: Nonce;
|
||||
const msecret: Nonce;
|
||||
const pa: Params;
|
||||
fresh Nx: Nonce;
|
||||
fresh msecret: Nonce;
|
||||
fresh pa: Params;
|
||||
var Ny: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -57,8 +57,8 @@ protocol tls-HSDDM05(X,Y)
|
||||
var Nx: Nonce;
|
||||
var msecret: Nonce;
|
||||
var pa: Params;
|
||||
const Ny: Nonce;
|
||||
const pb: Params;
|
||||
fresh Ny: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( X,Y, msg1 );
|
||||
send_2( Y,X, msg2 );
|
||||
@ -70,6 +70,4 @@ protocol tls-HSDDM05(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -38,9 +38,9 @@ protocol tls-HSDDM05(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const Nx: Nonce;
|
||||
const msecret: Nonce;
|
||||
const pa: Params;
|
||||
fresh Nx: Nonce;
|
||||
fresh msecret: Nonce;
|
||||
fresh pa: Params;
|
||||
var Ny: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -57,8 +57,8 @@ protocol tls-HSDDM05(X,Y)
|
||||
var Nx: Nonce;
|
||||
var msecret: Nonce;
|
||||
var pa: Params;
|
||||
const Ny: Nonce;
|
||||
const pb: Params;
|
||||
fresh Ny: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( X,Y, X,Nx,pa );
|
||||
send_2( Y,X, Ny,pb,{ Y,pk(Y) }sk(Terence) );
|
||||
@ -70,6 +70,4 @@ protocol tls-HSDDM05(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -41,9 +41,9 @@ protocol tls-HSDDM05(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const Nx: Nonce;
|
||||
const msecret: Nonce;
|
||||
const pa: Params;
|
||||
fresh Nx: Nonce;
|
||||
fresh msecret: Nonce;
|
||||
fresh pa: Params;
|
||||
var Ny: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -60,8 +60,8 @@ protocol tls-HSDDM05(X,Y)
|
||||
var Nx: Nonce;
|
||||
var msecret: Nonce;
|
||||
var pa: Params;
|
||||
const Ny: Nonce;
|
||||
const pb: Params;
|
||||
fresh Ny: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( X,Y, msg1 );
|
||||
send_2( Y,X, msg2 );
|
||||
@ -73,6 +73,4 @@ protocol tls-HSDDM05(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -19,9 +19,9 @@ protocol tls-HSDDM05(X,Y)
|
||||
{
|
||||
role X
|
||||
{
|
||||
const Nx: Nonce;
|
||||
const msecret: Nonce;
|
||||
const pa: Params;
|
||||
fresh Nx: Nonce;
|
||||
fresh msecret: Nonce;
|
||||
fresh pa: Params;
|
||||
var Ny: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -38,8 +38,8 @@ protocol tls-HSDDM05(X,Y)
|
||||
var Nx: Nonce;
|
||||
var msecret: Nonce;
|
||||
var pa: Params;
|
||||
const Ny: Nonce;
|
||||
const pb: Params;
|
||||
fresh Ny: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( X,Y, X,Nx,pa );
|
||||
send_2( Y,X, Ny,pb,{ Y,pk(Y) }sk(Terence) );
|
||||
@ -51,5 +51,3 @@ protocol tls-HSDDM05(X,Y)
|
||||
}
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
@ -34,7 +34,6 @@ secret unkeygen: Function;
|
||||
inversekeys(keygen, unkeygen);
|
||||
|
||||
const pa,pb: Params;
|
||||
const Terence: Agent;
|
||||
const false,true: Bool;
|
||||
|
||||
|
||||
@ -42,9 +41,9 @@ protocol tlspaulson-avispa(a,b)
|
||||
{
|
||||
role a
|
||||
{
|
||||
const na: Nonce;
|
||||
const sid: SessionID;
|
||||
const pms: Nonce;
|
||||
fresh na: Nonce;
|
||||
fresh sid: SessionID;
|
||||
fresh pms: Nonce;
|
||||
var nb: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -68,8 +67,8 @@ protocol tlspaulson-avispa(a,b)
|
||||
var na: Nonce;
|
||||
var sid: SessionID;
|
||||
var pms: Nonce;
|
||||
const nb: Nonce;
|
||||
const pb: Params;
|
||||
fresh nb: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( a,b, a,na,sid,pa );
|
||||
send_2( b,a, nb,sid,pb );
|
||||
@ -86,11 +85,7 @@ protocol tlspaulson-avispa(a,b)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
const ne: Nonce;
|
||||
const side: SessionID;
|
||||
const pe: Params;
|
||||
|
||||
|
@ -15,9 +15,6 @@ secret unkeygen: Function;
|
||||
inversekeys(keygen, unkeygen);
|
||||
|
||||
const pa,pb: Params;
|
||||
const Alice,Bob: Agent;
|
||||
const Terence: Agent;
|
||||
const Sally: Agent;
|
||||
const false,true: Bool;
|
||||
|
||||
|
||||
@ -25,9 +22,9 @@ protocol tlspaulson-avispa(a,b)
|
||||
{
|
||||
role a
|
||||
{
|
||||
const na: Nonce;
|
||||
const sid: SessionID;
|
||||
const pms: Nonce;
|
||||
fresh na: Nonce;
|
||||
fresh sid: SessionID;
|
||||
fresh pms: Nonce;
|
||||
var nb: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -51,8 +48,8 @@ protocol tlspaulson-avispa(a,b)
|
||||
var na: Nonce;
|
||||
var sid: SessionID;
|
||||
var pms: Nonce;
|
||||
const nb: Nonce;
|
||||
const pb: Params;
|
||||
fresh nb: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( a,b, a,na,sid,pa );
|
||||
send_2( b,a, nb,sid,pb );
|
||||
@ -69,10 +66,6 @@ protocol tlspaulson-avispa(a,b)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
const ne: Nonce;
|
||||
const side: SessionID;
|
||||
const pe: Params;
|
||||
|
@ -26,7 +26,6 @@ inversekeys(pk,sk);
|
||||
inversekeys(hash,unhash);
|
||||
|
||||
const pa,pb: Params;
|
||||
const Terence: Agent;
|
||||
const false,true: Bool;
|
||||
|
||||
|
||||
@ -34,9 +33,9 @@ protocol tlspaulson(a,b)
|
||||
{
|
||||
role a
|
||||
{
|
||||
const na: Nonce;
|
||||
const sid: SessionID;
|
||||
const pms: Nonce;
|
||||
fresh na: Nonce;
|
||||
fresh sid: SessionID;
|
||||
fresh pms: Nonce;
|
||||
var nb: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -59,8 +58,8 @@ protocol tlspaulson(a,b)
|
||||
var na: Nonce;
|
||||
var sid: SessionID;
|
||||
var pms: Nonce;
|
||||
const nb: Nonce;
|
||||
const pb: Params;
|
||||
fresh nb: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( a,b, a,na,sid,pa );
|
||||
send_2( b,a, nb,sid,pb );
|
||||
@ -76,20 +75,8 @@ protocol tlspaulson(a,b)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
const ne: Nonce;
|
||||
const side: SessionID;
|
||||
const pe: Params;
|
||||
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
|
||||
|
@ -11,7 +11,6 @@ inversekeys(pk,sk);
|
||||
inversekeys(hash,unhash);
|
||||
|
||||
const pa,pb: Params;
|
||||
const Terence: Agent;
|
||||
const false,true: Bool;
|
||||
|
||||
|
||||
@ -19,9 +18,9 @@ protocol tlspaulson(a,b)
|
||||
{
|
||||
role a
|
||||
{
|
||||
const na: Nonce;
|
||||
const sid: SessionID;
|
||||
const pms: Nonce;
|
||||
fresh na: Nonce;
|
||||
fresh sid: SessionID;
|
||||
fresh pms: Nonce;
|
||||
var nb: Nonce;
|
||||
var pb: Params;
|
||||
|
||||
@ -44,8 +43,8 @@ protocol tlspaulson(a,b)
|
||||
var na: Nonce;
|
||||
var sid: SessionID;
|
||||
var pms: Nonce;
|
||||
const nb: Nonce;
|
||||
const pb: Params;
|
||||
fresh nb: Nonce;
|
||||
fresh pb: Params;
|
||||
|
||||
read_1( a,b, a,na,sid,pa );
|
||||
send_2( b,a, nb,sid,pb );
|
||||
@ -61,19 +60,7 @@ protocol tlspaulson(a,b)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
const ne: Nonce;
|
||||
const side: SessionID;
|
||||
const pe: Params;
|
||||
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
run tlspaulson.a(Agent,Agent);
|
||||
run tlspaulson.b(Agent,Agent);
|
||||
|
@ -9,7 +9,7 @@ protocol tmn(A,B,S)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const Ka: Key;
|
||||
fresh Ka: Key;
|
||||
var Kb: Key;
|
||||
|
||||
send_1(A,S, B,{Ka}pk(S) );
|
||||
@ -21,7 +21,7 @@ protocol tmn(A,B,S)
|
||||
|
||||
role B
|
||||
{
|
||||
const Kb: Key;
|
||||
fresh Kb: Key;
|
||||
|
||||
read_2(S,B, A );
|
||||
send_3(B,S, A, { Kb }pk(S) );
|
||||
@ -46,11 +46,7 @@ const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: Key;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
# Scenario to recreate an attack in SPORE
|
||||
run tmn.B (Alice,Bob,Simon);
|
||||
run tmn.S (Alice,Bob,Simon);
|
||||
|
||||
|
||||
|
@ -8,7 +8,7 @@ protocol tmn(A,B,S)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const Ka: Key;
|
||||
fresh Ka: Key;
|
||||
var Kb: Key;
|
||||
|
||||
send_1(A,S, B,{Ka}pk(S) );
|
||||
@ -20,7 +20,7 @@ protocol tmn(A,B,S)
|
||||
|
||||
role B
|
||||
{
|
||||
const Kb: Key;
|
||||
fresh Kb: Key;
|
||||
|
||||
read_2(S,B, A );
|
||||
send_3(B,S, A, { Kb }pk(S) );
|
||||
@ -43,14 +43,6 @@ protocol tmn(A,B,S)
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
run tmn.A (Agent,Agent,Simon);
|
||||
run tmn.A (Agent,Agent,Simon);
|
||||
run tmn.B (Agent,Agent,Simon);
|
||||
run tmn.B (Agent,Agent,Simon);
|
||||
run tmn.S (Agent,Agent,Simon);
|
||||
run tmn.S (Agent,Agent,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -5,7 +5,7 @@ protocol unknown2(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: SessionKey;
|
||||
var T;
|
||||
@ -21,7 +21,7 @@ protocol unknown2(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var ni: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -36,7 +36,7 @@ protocol unknown2(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const kir: SessionKey;
|
||||
fresh kir: SessionKey;
|
||||
var ni,nr: Nonce;
|
||||
|
||||
read_2(R,S, { I,R,ni,nr }k(R,S) );
|
||||
@ -50,20 +50,6 @@ protocol unknown2(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
run unknown2.I(Agent,Agent,Agent);
|
||||
run unknown2.R(Agent,Agent,Agent);
|
||||
run unknown2.S(Agent,Agent,Agent);
|
||||
run unknown2.R(Agent,Agent,Agent);
|
||||
run unknown2.I(Agent,Agent,Agent);
|
||||
run unknown2.S(Agent,Agent,Agent);
|
||||
|
@ -1,5 +1,5 @@
|
||||
usertype SesKey, Server;
|
||||
secret const k : Function;
|
||||
secret fresh k : Function;
|
||||
|
||||
/* Version from the Brutus reports
|
||||
*/
|
||||
@ -8,7 +8,7 @@ protocol wmfbrutus(A,B,S)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const kab : SesKey;
|
||||
fresh kab : SesKey;
|
||||
|
||||
send_1(A,S, A, { B,kab }k(A,S) );
|
||||
}
|
||||
@ -34,15 +34,6 @@ protocol wmfbrutus(A,B,S)
|
||||
const Alice, Bob, Eve: Agent;
|
||||
const Simon: Server;
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
run wmfbrutus.A(Agent, Agent, Simon);
|
||||
run wmfbrutus.B(Agent, Agent, Simon);
|
||||
run wmfbrutus.A(Agent, Agent, Simon);
|
||||
run wmfbrutus.B(Agent, Agent, Simon);
|
||||
run wmfbrutus.A(Agent, Agent, Simon);
|
||||
run wmfbrutus.B(Agent, Agent, Simon);
|
||||
|
||||
run wmfbrutus.S(Agent, Agent, Simon);
|
||||
|
||||
|
@ -5,16 +5,12 @@
|
||||
usertype Server, SessionKey, Token, Ticket;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Charlie, Eve: Agent;
|
||||
const Simon: Server;
|
||||
|
||||
/* give the intruder something to work with */
|
||||
// Scyther finds an attack using basic type flaws
|
||||
|
||||
const ne: Nonce;
|
||||
const ke: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
const authToken: Token;
|
||||
|
||||
@ -22,7 +18,7 @@ protocol woolamcmv(A,B,S)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const Na: Nonce;
|
||||
fresh Na: Nonce;
|
||||
var Nb: Nonce;
|
||||
var Kab: SessionKey;
|
||||
var t1,t2;
|
||||
@ -41,7 +37,7 @@ protocol woolamcmv(A,B,S)
|
||||
role B
|
||||
{
|
||||
var Na: Nonce;
|
||||
const Nb: Nonce;
|
||||
fresh Nb: Nonce;
|
||||
var Kab: SessionKey;
|
||||
var t1,t2;
|
||||
|
||||
@ -61,7 +57,7 @@ protocol woolamcmv(A,B,S)
|
||||
role S
|
||||
{
|
||||
var Na, Nb: Nonce;
|
||||
const Kab: SessionKey;
|
||||
fresh Kab: SessionKey;
|
||||
|
||||
read_4(B,S, { A,B, Na,Nb }k(A,S), { A,B,Na,Nb }k(B,S) );
|
||||
send_5(S,B, { B,Na,Nb,Kab }k(A,S), { A,Na,Nb,Kab }k(B,S) );
|
||||
@ -70,6 +66,4 @@ protocol woolamcmv(A,B,S)
|
||||
}
|
||||
}
|
||||
|
||||
run woolamcmv.B(Alice,Bob,Simon);
|
||||
run woolamcmv.B(Alice,Bob,Simon);
|
||||
|
||||
|
@ -7,13 +7,9 @@
|
||||
usertype Server, SessionKey, Ticket;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Charlie, Eve: Agent;
|
||||
const Simon: Server;
|
||||
|
||||
const ne: Nonce;
|
||||
const ke: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
protocol woolampif(A,B,S)
|
||||
{
|
||||
@ -28,7 +24,7 @@ protocol woolampif(A,B,S)
|
||||
|
||||
role B
|
||||
{
|
||||
const Nb: Nonce;
|
||||
fresh Nb: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(A,B, A);
|
||||
@ -50,6 +46,4 @@ protocol woolampif(A,B,S)
|
||||
}
|
||||
}
|
||||
|
||||
run woolampif.B(Alice,Bob,Simon);
|
||||
run woolampif.B(Alice,Bob,Simon);
|
||||
|
||||
|
@ -15,7 +15,7 @@ protocol yahalomBan(A,B,S)
|
||||
{
|
||||
role A
|
||||
{
|
||||
const na;
|
||||
fresh na;
|
||||
var nb;
|
||||
var ticket;
|
||||
var kab;
|
||||
@ -28,7 +28,7 @@ protocol yahalomBan(A,B,S)
|
||||
|
||||
role B
|
||||
{
|
||||
const nb;
|
||||
fresh nb;
|
||||
var na;
|
||||
var ticket;
|
||||
var kab;
|
||||
@ -41,7 +41,7 @@ protocol yahalomBan(A,B,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const kab;
|
||||
fresh kab;
|
||||
var na,nb;
|
||||
|
||||
read_2(B,S, B,nb, {A,na}k(B,S) );
|
||||
|
@ -5,19 +5,15 @@
|
||||
|
||||
usertype Sessionkey;
|
||||
|
||||
const Alice,Bob,Simon,Eve : Agent;
|
||||
secret k : Function;
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
const ne: Nonce;
|
||||
const kee: Sessionkey;
|
||||
|
||||
protocol yahalomlowe(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Sessionkey;
|
||||
|
||||
@ -32,7 +28,7 @@ protocol yahalomlowe(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var ni: Nonce;
|
||||
var kir: Sessionkey;
|
||||
|
||||
@ -47,7 +43,7 @@ protocol yahalomlowe(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const kir: Sessionkey;
|
||||
fresh kir: Sessionkey;
|
||||
var ni,nr: Nonce;
|
||||
|
||||
read_2(R,S, {I,ni,nr}k(R,S) );
|
||||
@ -56,10 +52,5 @@ protocol yahalomlowe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
run yahalomlowe.I(Agent,Agent,Simon);
|
||||
run yahalomlowe.R(Agent,Agent,Simon);
|
||||
run yahalomlowe.S(Agent,Agent,Simon);
|
||||
|
||||
run yahalomlowe.I(Agent,Agent,Simon);
|
||||
run yahalomlowe.R(Agent,Agent,Simon);
|
||||
|
||||
|
@ -5,19 +5,15 @@
|
||||
|
||||
usertype Sessionkey, Ticket;
|
||||
|
||||
const Alice,Bob,Simon,Eve : Agent;
|
||||
secret k : Function;
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
const ne: Nonce;
|
||||
const kee: Sessionkey;
|
||||
|
||||
protocol yahalompaulson(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: Sessionkey;
|
||||
var T: Ticket;
|
||||
@ -33,7 +29,7 @@ protocol yahalompaulson(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var ni: Nonce;
|
||||
var kir: Sessionkey;
|
||||
|
||||
@ -48,7 +44,7 @@ protocol yahalompaulson(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const kir: Sessionkey;
|
||||
fresh kir: Sessionkey;
|
||||
var ni,nr: Nonce;
|
||||
|
||||
read_2(R,S, R,nr, {I,ni}k(R,S) );
|
||||
@ -56,10 +52,5 @@ protocol yahalompaulson(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
run yahalompaulson.I(Agent,Agent,Simon);
|
||||
run yahalompaulson.R(Agent,Agent,Simon);
|
||||
run yahalompaulson.S(Agent,Agent,Simon);
|
||||
|
||||
run yahalompaulson.I(Agent,Agent,Simon);
|
||||
run yahalompaulson.R(Agent,Agent,Simon);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user