Fixed obsolete notation in protocol specification files.

Not everything is fixed yet.
However, we fixed:
- 'const' -> 'fresh'
- Removed lines specifying 'runs'
- Removed some specifications of compromised Eve and its long-term keys
  being compromised.
This commit is contained in:
Cas Cremers 2012-05-02 23:01:08 +02:00
parent 2ba0de6abc
commit 727e813c77
93 changed files with 281 additions and 908 deletions

View File

@ -14,8 +14,8 @@ protocol ccitt509-1c(I,R)
{
role I
{
const Ta: Timestamp;
const Na,Xa,Ya: Nonce;
fresh Ta: Timestamp;
fresh Na,Xa,Ya: Nonce;
send_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
# claim_2(I,Nisynch);
# This claim is useless as there are no preceding receive events

View File

@ -15,7 +15,7 @@ protocol ccitt509-ban3(I,R)
{
role I
{
const Na,Xa,Ya: Nonce;
fresh Na,Xa,Ya: Nonce;
var Xb,Nb,Yb: Nonce;
send_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
@ -27,7 +27,7 @@ protocol ccitt509-ban3(I,R)
role R
{
var Na,Xa,Ya: Nonce;
const Xb,Yb,Nb: Nonce;
fresh Xb,Yb,Nb: Nonce;
recv_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
send_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R));

View File

@ -8,7 +8,7 @@ protocol ns3(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -24,7 +24,7 @@ protocol ns3(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr}pk(I) );

View File

@ -9,7 +9,7 @@ protocol nsl3-broken(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {R,ni}pk(R) );
@ -25,7 +25,7 @@ protocol nsl3-broken(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {R,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );

View File

@ -9,7 +9,7 @@ protocol nsl3-broken(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {R,ni}pk(R) );
@ -25,7 +25,7 @@ protocol nsl3-broken(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {R,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );
@ -48,7 +48,7 @@ protocol nsl3(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -64,7 +64,7 @@ protocol nsl3(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );

View File

@ -8,7 +8,7 @@ protocol nsl3(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -24,7 +24,7 @@ protocol nsl3(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );

View File

@ -15,8 +15,8 @@ protocol course2r890year0405ex3(X,Y,I)
{
role I
{
const nx: Nonce;
const ny: Nonce;
fresh nx: Nonce;
fresh ny: Nonce;
send_1(I,X, nx );
read_2(X,I, { I,nx }sk(X) );
@ -44,9 +44,5 @@ protocol course2r890year0405ex3(X,Y,I)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -15,7 +15,7 @@ protocol course2r890year0405ex3(X,Y,I)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_1(I,X, ni );
read_2(X,I, { I,ni }sk(X) );
@ -43,9 +43,5 @@ protocol course2r890year0405ex3(X,Y,I)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -5,7 +5,7 @@ protocol andrewBan(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr,nr2: Nonce;
var kir: SessionKey;
@ -22,8 +22,8 @@ protocol andrewBan(I,R)
role R
{
var ni: Nonce;
const nr,nr2: Nonce;
const kir: SessionKey;
fresh nr,nr2: Nonce;
fresh kir: SessionKey;
read_1(I,R, I,{ni}k(I,R) );
send_2(R,I, {ni,nr}k(I,R) );
@ -36,18 +36,6 @@ protocol andrewBan(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const kee: SessionKey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
run andrewBan.I(Agent,Agent);
run andrewBan.R(Agent,Agent);
run andrewBan.I(Agent,Agent);
run andrewBan.R(Agent,Agent);

View File

@ -5,7 +5,7 @@ protocol andrewLoweBan(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: SessionKey;
@ -22,8 +22,8 @@ protocol andrewLoweBan(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
const kir: SessionKey;
fresh nr: Nonce;
fresh kir: SessionKey;
read_1(I,R, I,ni );
send_2(R,I, {ni,kir,I}k(I,R) );
@ -36,18 +36,6 @@ protocol andrewLoweBan(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const kee: SessionKey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
run andrewLoweBan.I(Agent,Agent);
run andrewLoweBan.R(Agent,Agent);
run andrewLoweBan.I(Agent,Agent);
run andrewLoweBan.R(Agent,Agent);

View File

@ -14,7 +14,7 @@ protocol abreaker(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_!1(I,R, {{I,ni}pk(R)}pk(R) );
@ -33,12 +33,7 @@ protocol abreaker(I,R)
// The agents in the system
const Alice,Bob: Agent;
// An untrusted agent, with leaked information
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -15,7 +15,7 @@ protocol bkebroken(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Key;
@ -28,8 +28,8 @@ protocol bkebroken(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
const kir: Key;
fresh nr: Nonce;
fresh kir: Key;
read_1 (I,R, { ni,I }pk(R) );
send_2 (R,I, { h(ni),nr,kir }pk(I) );
@ -38,11 +38,7 @@ protocol bkebroken(I,R)
}
}
const a,b,e: Agent;
untrusted e;
compromised sk(e);
const ne: Nonce;
run bkebroken.I(a,Agent);
run bkebroken.R(Agent,b);

View File

@ -14,7 +14,7 @@ protocol bkeONE(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Key;
@ -27,8 +27,8 @@ protocol bkeONE(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
const kir: Key;
fresh nr: Nonce;
fresh kir: Key;
read_1 (I,R, { ni,I }pk(R) );
send_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
@ -37,22 +37,10 @@ protocol bkeONE(I,R)
}
}
const a,e: Agent;
untrusted e;
compromised sk(e);
const ne: Nonce;
run bkeONE.I(a,Agent);
run bkeONE.R(Agent,a);
run bkeONE.I(a,Agent);
run bkeONE.R(Agent,a);
run bkeONE.I(a,Agent);
run bkeONE.R(Agent,a);
run bkeONE.I(a,Agent);
run bkeONE.R(Agent,a);
run bkeONE.I(a,Agent);
run bkeONE.R(Agent,a);

View File

@ -15,7 +15,7 @@ protocol bkevariation(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Key;
@ -30,8 +30,8 @@ protocol bkevariation(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
const kir: Key;
fresh nr: Nonce;
fresh kir: Key;
read_1 (I,R, { ni,I }pk(R) );
send_2 (R,I, { hash(ni),nr,kir }pk(I) );
@ -42,14 +42,8 @@ protocol bkevariation(I,R)
}
}
const a,b,e: Agent;
untrusted e;
compromised sk(e);
const ne: Nonce;
run bkevariation.I(a,Agent);
run bkevariation.R(Agent,b);
run bkevariation.I(a,Agent);
run bkevariation.R(Agent,b);

View File

@ -4,17 +4,13 @@
usertype Key;
const pk,hash: Function;
secret sk,unhash: Function;
inversekeys (pk,sk);
inversekeys (hash,unhash);
hashfunction hash;
protocol bke(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Key;
@ -29,8 +25,8 @@ protocol bke(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
const kir: Key;
fresh nr: Nonce;
fresh kir: Key;
read_1 (I,R, { ni,I }pk(R) );
send_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
@ -41,22 +37,10 @@ protocol bke(I,R)
}
}
const a,b,e: Agent;
untrusted e;
compromised sk(e);
const ne: Nonce;
run bke.I(a,Agent);
run bke.R(Agent,b);
run bke.I(a,Agent);
run bke.R(Agent,b);
run bke.I(a,Agent);
run bke.R(Agent,b);
run bke.I(a,Agent);
run bke.R(Agent,b);
run bke.I(a,Agent);
run bke.R(Agent,b);

View File

@ -18,8 +18,8 @@ protocol bkeCE(A,B)
role A
{
var nb: Nonce;
const na: Nonce;
const kab: Key;
fresh na: Nonce;
fresh kab: Key;
read_1 (B,A, B,{ nb,B }pk(A) );
send_2 (A,B, { hash(nb),na,A,kab }pk(B) );
@ -31,7 +31,7 @@ protocol bkeCE(A,B)
role B
{
const nb: Nonce;
fresh nb: Nonce;
var na: Nonce;
var kab: Key;
@ -47,7 +47,5 @@ protocol bkeCE(A,B)
const Alice,Bob,Eve;
compromised sk(Eve);
untrusted Eve;

View File

@ -16,7 +16,7 @@ protocol bkepkCE2(A,B,testnonce)
{
role B
{
const nb: Nonce;
fresh nb: Nonce;
var na: Nonce;
var kab: Key;
@ -28,8 +28,8 @@ protocol bkepkCE2(A,B,testnonce)
role A
{
var nb: Nonce;
const na: Nonce;
const kab: Key;
fresh na: Nonce;
fresh kab: Key;
read_1 (B,A, B,{ nb,B }pk(A) );
send_2 (A,B, { hash(nb),na,A,kab }pk(B) );
@ -46,17 +46,6 @@ protocol bkepkCE2(A,B,testnonce)
const Alice,Bob,Eve;
compromised sk(Eve);
untrusted Eve;
run bkepkCE2.A(Alice,Bob,Alice);
run bkepkCE2.A(Alice,Bob,Alice);
run bkepkCE2.A(Alice,Bob,Alice);
run bkepkCE2.B(Alice,Bob,Alice);
run bkepkCE2.B(Alice,Bob,Alice);
run bkepkCE2.B(Alice,Bob,Alice);
run bkepkCE2.testnonce(Alice,Bob,Alice);
run bkepkCE2.testnonce(Alice,Bob,Alice);
run bkepkCE2.testnonce(Alice,Bob,Alice);

View File

@ -18,7 +18,7 @@ protocol boydNS(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {ni}pk(R),I );
@ -33,7 +33,7 @@ protocol boydNS(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {ni}pk(R),I );
send_2(R,I, {nr}pk(I),hash(ni,R) );
@ -45,11 +45,5 @@ protocol boydNS(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run boydNS.I(Agent,Agent);
run boydNS.R(Agent,Agent);

View File

@ -20,7 +20,7 @@ protocol boyd(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var ks: Macseed;
@ -36,7 +36,7 @@ protocol boyd(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
var ks: Macseed;
read_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );
@ -51,7 +51,7 @@ protocol boyd(I,R,S)
role S
{
var ni,nr: Nonce;
const ks: Macseed;
fresh ks: Macseed;
read_1 (I,S, I,R, ni );
send_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );

View File

@ -29,7 +29,7 @@ protocol bunava13(R0,R1,R2)
{
role R0
{
const n0: Nonce;
fresh n0: Nonce;
var n1,n2: Nonce;
send_1(R0,R1, n0);
@ -42,7 +42,7 @@ protocol bunava13(R0,R1,R2)
role R1
{
const n1: Nonce;
fresh n1: Nonce;
var n0,n2: Nonce;
read_1(R0,R1, n0);
@ -56,7 +56,7 @@ protocol bunava13(R0,R1,R2)
role R2
{
const n2: Nonce;
fresh n2: Nonce;
var n0,n1: Nonce;
read_2(R1,R2, n1,{R1,n0}k(R1,R2) );
@ -68,22 +68,7 @@ protocol bunava13(R0,R1,R2)
}
}
const Alice,Bob,Charlie,David,Frodo,Gerard,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Charlie,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Charlie);
# General scenario, 2 parallel runs of the protocol
run bunava13.R0(Agent,Agent,Agent);
run bunava13.R1(Agent,Agent,Agent);
run bunava13.R2(Agent,Agent,Agent);
run bunava13.R0(Agent,Agent,Agent);
run bunava13.R1(Agent,Agent,Agent);
run bunava13.R2(Agent,Agent,Agent);

View File

@ -30,7 +30,7 @@ protocol bunava14(A,B,C,D)
{
role A
{
const ra: Nonce;
fresh ra: Nonce;
var rb,rc,rd: Nonce;
send_1(A,B, ra);
@ -43,7 +43,7 @@ protocol bunava14(A,B,C,D)
role B
{
const rb: Nonce;
fresh rb: Nonce;
var ra,rc,rd: Nonce;
read_1(A,B, ra);
@ -57,7 +57,7 @@ protocol bunava14(A,B,C,D)
role C
{
const rc: Nonce;
fresh rc: Nonce;
var ra,rb,rd: Nonce;
read_2(B,C, rb,{B,ra}k(B,C) );
@ -71,7 +71,7 @@ protocol bunava14(A,B,C,D)
role D
{
const rd: Nonce;
fresh rd: Nonce;
var ra,rb,rc: Nonce;
read_3(C,D, rc,{C,rb,B,ra}k(C,D) );
@ -83,24 +83,7 @@ protocol bunava14(A,B,C,D)
}
}
const Alice,Bob,Charlie,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Charlie,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Charlie);
# General scenario, 2 parallel runs of the protocol
run bunava14.A(Agent,Agent,Agent,Agent);
run bunava14.B(Agent,Agent,Agent,Agent);
run bunava14.C(Agent,Agent,Agent,Agent);
run bunava14.D(Agent,Agent,Agent,Agent);
run bunava14.A(Agent,Agent,Agent,Agent);
run bunava14.B(Agent,Agent,Agent,Agent);
run bunava14.C(Agent,Agent,Agent,Agent);
run bunava14.D(Agent,Agent,Agent,Agent);

View File

@ -25,7 +25,7 @@ protocol bunava23(R0,R1,R2)
{
role R0
{
const n0: Nonce;
fresh n0: Nonce;
var n1,n2: Nonce;
var T0: Ticket;
@ -39,7 +39,7 @@ protocol bunava23(R0,R1,R2)
role R1
{
const n1: Nonce;
fresh n1: Nonce;
var n0,n2: Nonce;
var T1: Ticket;
@ -54,7 +54,7 @@ protocol bunava23(R0,R1,R2)
role R2
{
const n2: Nonce;
fresh n2: Nonce;
var n0,n1: Nonce;
var T2: Ticket;
@ -67,22 +67,7 @@ protocol bunava23(R0,R1,R2)
}
}
const Alice,Bob,Charlie,David,Frodo,Gerard,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Charlie,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Charlie);
# General scenario
run bunava23.R0(Agent,Agent,Agent);
run bunava23.R1(Agent,Agent,Agent);
run bunava23.R2(Agent,Agent,Agent);
run bunava23.R0(Agent,Agent,Agent);
run bunava23.R1(Agent,Agent,Agent);
run bunava23.R2(Agent,Agent,Agent);

View File

@ -27,7 +27,7 @@ protocol bunava24(A,B,C,D)
{
role A
{
const ra: Nonce;
fresh ra: Nonce;
var rb,rc,rd: Nonce;
var Tacd, Tabd: Ticket;
@ -49,7 +49,7 @@ protocol bunava24(A,B,C,D)
role B
{
const rb: Nonce;
fresh rb: Nonce;
var ra,rc,rd: Nonce;
var Tbad, Tbac: Ticket;
@ -73,7 +73,7 @@ protocol bunava24(A,B,C,D)
role C
{
const rc: Nonce;
fresh rc: Nonce;
var ra,rb,rd: Nonce;
var Tcab,Tcbd: Ticket;
@ -96,7 +96,7 @@ protocol bunava24(A,B,C,D)
role D
{
const rd: Nonce;
fresh rd: Nonce;
var ra,rb,rc: Nonce;
var Tdbc,Tdac: Ticket;
@ -115,24 +115,7 @@ protocol bunava24(A,B,C,D)
}
}
const Alice,Bob,Charlie,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Charlie,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Charlie);
# General scenario
run bunava24.A(Agent,Agent,Agent,Agent);
run bunava24.B(Agent,Agent,Agent,Agent);
run bunava24.C(Agent,Agent,Agent,Agent);
run bunava24.D(Agent,Agent,Agent,Agent);
run bunava24.A(Agent,Agent,Agent,Agent);
run bunava24.B(Agent,Agent,Agent,Agent);
run bunava24.C(Agent,Agent,Agent,Agent);
run bunava24.D(Agent,Agent,Agent,Agent);

View File

@ -6,7 +6,7 @@ protocol carkeybrokenlim(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_1(I,R, I,R );
}
@ -20,13 +20,5 @@ protocol carkeybrokenlim(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const nc: Nonce;
compromised sk(Eve);
run carkeybrokenlim.I(Alice,Bob);
run carkeybrokenlim.R(Alice,Bob);
run carkeybrokenlim.I(Alice,Bob);
run carkeybrokenlim.R(Alice,Bob);

View File

@ -6,7 +6,7 @@ protocol carkeybroken(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_1(I,R, {ni}sk(I) );
}
@ -20,13 +20,5 @@ protocol carkeybroken(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const nc: Nonce;
compromised sk(Eve);
run carkeybroken.I(Agent,Agent);
run carkeybroken.R(Agent,Agent);
run carkeybroken.I(Agent,Agent);
run carkeybroken.R(Agent,Agent);

View File

@ -6,7 +6,7 @@ protocol carkeyni(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_1(I,R, {R,ni}sk(I) );
}
@ -20,13 +20,5 @@ protocol carkeyni(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const nc: Nonce;
compromised sk(Eve);
run carkeyni.I(Agent,Agent);
run carkeyni.R(Agent,Agent);
run carkeyni.I(Agent,Agent);
run carkeyni.R(Agent,Agent);

View File

@ -6,7 +6,7 @@ protocol carkeyni2(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_1(I,R, {R,ni}sk(I) );
send_2(I,R, {R,ni}sk(I) );
@ -22,13 +22,5 @@ protocol carkeyni2(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const nc: Nonce;
compromised sk(Eve);
run carkeyni2.I(Agent,Agent);
run carkeyni2.R(Agent,Agent);
run carkeyni2.I(Agent,Agent);
run carkeyni2.R(Agent,Agent);

View File

@ -7,8 +7,8 @@ protocol ccitt509(I,R)
{
role I
{
const xi,yi: Data;
const ni: Nonce;
fresh xi,yi: Data;
fresh ni: Nonce;
var nr: Nonce;
var yr,xr: Data;
@ -26,8 +26,8 @@ protocol ccitt509(I,R)
{
var xi,yi: Data;
var ni: Nonce;
const nr: Nonce;
const yr,xr: Data;
fresh nr: Nonce;
fresh yr,xr: Data;
read_1(I,R, I,{ni, R, xi, {yi}pk(R) }sk(I) );
send_2(R,I, R,{nr, I, ni, xr, {yr}pk(I) }sk(R) );
@ -40,14 +40,6 @@ protocol ccitt509(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const de: Data;
compromised sk(Eve);
run ccitt509.I(Agent,Agent);
run ccitt509.R(Agent,Agent);
run ccitt509.I(Agent,Agent);
run ccitt509.R(Agent,Agent);

View File

@ -7,7 +7,7 @@ protocol nsl3th1(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {P1,I,ni}pk(R) );
@ -21,7 +21,7 @@ protocol nsl3th1(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {P1,I,ni}pk(R) );
send_1b(R,I, {nr}pk(I) );
@ -32,9 +32,5 @@ protocol nsl3th1(I,R)
}
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -9,7 +9,7 @@ protocol nsl3th1(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {P1,I,ni}pk(R) );
@ -23,7 +23,7 @@ protocol nsl3th1(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {P1,I,ni}pk(R) );
send_1b(R,I, {nr}pk(I) );
@ -34,18 +34,14 @@ protocol nsl3th1(I,R)
}
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
protocol nsl3th2(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {P2,I,ni}pk(R) );
@ -59,7 +55,7 @@ protocol nsl3th2(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {P2,I,ni}pk(R) );
send_1b(R,I, {nr}pk(I) );
@ -70,9 +66,5 @@ protocol nsl3th2(I,R)
}
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -8,7 +8,7 @@ protocol nsl3th3ni(I,R)
{
role I
{
const ni,ni: Nonce;
fresh ni,ni: Nonce;
var nr,nr2: Nonce;
send_1(I,R, {P1,I,ni}pk(R) );
@ -29,7 +29,7 @@ protocol nsl3th3ni(I,R)
role R
{
var ni,ni: Nonce;
const nr,nr2: Nonce;
fresh nr,nr2: Nonce;
read_1(I,R, {P1,I,ni}pk(R) );
send_1b(R,I, {nr}pk(I) );
@ -48,9 +48,5 @@ protocol nsl3th3ni(I,R)
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -8,7 +8,7 @@ protocol nsl3th3nr(I,R)
{
role I
{
const ni,ni2: Nonce;
fresh ni,ni2: Nonce;
var nr,nr: Nonce;
send_1(I,R, {P1,I,ni}pk(R) );
@ -29,7 +29,7 @@ protocol nsl3th3nr(I,R)
role R
{
var ni,ni2: Nonce;
const nr,nr: Nonce;
fresh nr,nr: Nonce;
read_1(I,R, {P1,I,ni}pk(R) );
send_1b(R,I, {nr}pk(I) );
@ -48,9 +48,5 @@ protocol nsl3th3nr(I,R)
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -8,7 +8,7 @@ protocol nsl3th3(I,R)
{
role I
{
const ni,ni2: Nonce;
fresh ni,ni2: Nonce;
var nr,nr2: Nonce;
send_1(I,R, {P1,I,ni}pk(R) );
@ -29,7 +29,7 @@ protocol nsl3th3(I,R)
role R
{
var ni,ni2: Nonce;
const nr,nr2: Nonce;
fresh nr,nr2: Nonce;
read_1(I,R, {P1,I,ni}pk(R) );
send_1b(R,I, {nr}pk(I) );
@ -48,9 +48,5 @@ protocol nsl3th3(I,R)
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -7,7 +7,7 @@ protocol nsl3th2(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {P2,I,ni}pk(R) );
@ -21,7 +21,7 @@ protocol nsl3th2(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {P2,I,ni}pk(R) );
send_1b(R,I, {nr}pk(I) );
@ -32,9 +32,5 @@ protocol nsl3th2(I,R)
}
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -17,13 +17,11 @@ secret k: Function;
/* agents */
const a,b,e: Agent;
/* untrusted e */
untrusted e;
const ne: Nonce;
const kee: SessionKey;
compromised k(e,e);
@ -51,8 +49,8 @@ protocol denningsaccosh(A,S,B)
role S
{
const t: Time;
const kab: SessionKey;
fresh t: Time;
fresh kab: SessionKey;
read_1 (A,S, A,S );
send_2 (S,A, {B, kab, t, { kab, A,t }k(B,S) }k(A,S) );

View File

@ -28,15 +28,11 @@ protocol f4(I,R)
role R
{
const nr: Nonce;
fresh nr: Nonce;
send_!1(R,I, nr );
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -28,15 +28,11 @@ protocol f5(I,R)
role R
{
const nr: Nonce;
fresh nr: Nonce;
send_!1(R,I, nr );
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -8,7 +8,7 @@ protocol r5bound(I,R)
{
var k1: Nonce;
var ni: Nonce;
const k2: Nonce;
fresh k2: Nonce;
read_!1 (I,R, ni );
send_!2 (R,I, { ni }sk(R) );
@ -19,6 +19,4 @@ protocol r5bound(I,R)
}
}
const Alice, Bob: Agent;
const ne: Nonce;

View File

@ -22,7 +22,7 @@ protocol fourway(X,Y)
{
role X
{
const x: Nonce;
fresh x: Nonce;
var y: Nonce;
send_1( X,Y, x,msg1 );
@ -37,7 +37,7 @@ protocol fourway(X,Y)
role Y
{
var x: Nonce;
const y: Nonce;
fresh y: Nonce;
read_1( X,Y, x,msg1 );
send_2( Y,X, y,msg2,hash( ptk,y,msg2 ) );
@ -50,9 +50,4 @@ protocol fourway(X,Y)
}
untrusted Eve;
compromised pmk(Eve,Alice);
compromised pmk(Eve,Bob);
compromised pmk(Alice,Eve);
compromised pmk(Bob,Eve);

View File

@ -18,7 +18,7 @@ protocol fourway(X,Y)
{
role X
{
const x: Nonce;
fresh x: Nonce;
var y: Nonce;
send_1( X,Y, x,msg1 );
@ -33,7 +33,7 @@ protocol fourway(X,Y)
role Y
{
var x: Nonce;
const y: Nonce;
fresh y: Nonce;
read_1( X,Y, x,msg1 );
send_2( Y,X, y,msg2,hash( hash( pmk(X,Y),x,y ),y,msg2 ) );
@ -46,8 +46,3 @@ protocol fourway(X,Y)
}
untrusted Eve;
compromised pmk(Eve,Alice);
compromised pmk(Eve,Bob);
compromised pmk(Alice,Eve);
compromised pmk(Bob,Eve);

View File

@ -14,9 +14,9 @@ protocol gongnonceb(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
const ki: Keypart;
fresh ki: Keypart;
var kr: Keypart;
send_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
@ -32,8 +32,8 @@ protocol gongnonceb(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
const kr: Keypart;
fresh nr: Nonce;
fresh kr: Keypart;
var ki: Keypart;
read_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
@ -59,23 +59,7 @@ protocol gongnonceb(I,R,S)
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const kpe: Keypart;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run gongnonceb.I(Agent,Agent,Simon);
run gongnonceb.R(Agent,Agent,Simon);
run gongnonceb.S(Agent,Agent,Simon);
run gongnonceb.I(Agent,Agent,Simon);
run gongnonceb.R(Agent,Agent,Simon);
run gongnonceb.S(Agent,Agent,Simon);

View File

@ -6,9 +6,9 @@ protocol gongnonce(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
const ki: Keypart;
fresh ki: Keypart;
var kr: Keypart;
send_1 (I,R, I,R,ni );
@ -24,8 +24,8 @@ protocol gongnonce(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
const kr: Keypart;
fresh nr: Nonce;
fresh kr: Keypart;
var ki: Keypart;
read_1 (I,R, I,R,ni );
@ -50,23 +50,7 @@ protocol gongnonce(I,R,S)
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const kpe: Keypart;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run gongnonce.I(Agent,Agent,Simon);
run gongnonce.R(Agent,Agent,Simon);
run gongnonce.S(Agent,Agent,Simon);
run gongnonce.I(Agent,Agent,Simon);
run gongnonce.R(Agent,Agent,Simon);
run gongnonce.S(Agent,Agent,Simon);

View File

@ -4,20 +4,17 @@
// The only requirement on the server communications is that the
// sending of the private key is secret.
const pk: Function; //public-private keys are used to model a secure channel
secret sk: Function; //from the keyserver to the parties
const ibepublic: Function; //publicly known key construction from server
//parameters and recipient name
secret ibesecret: Function;//secret key determined by server for recipient
const param: Function; //public security parameter of server
inversekeys (pk,sk);
inversekeys (ibepublic,ibesecret);
protocol ibe(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
//Note that we are not interested in the order of server messages.
@ -36,7 +33,7 @@ protocol ibe(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_!2(S,R, {ibesecret(param(S),R)}pk(R) );
read_3(I,R, {I,ni}ibepublic(param(S),R) );
@ -59,11 +56,6 @@ protocol ibe(I,R,S)
}
}
const Alice, Bob, Carol, Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
compromised ibesecret(param(Eve),Alice);
compromised ibesecret(param(Eve),Bob);
compromised ibesecret(param(Eve),Carol);

View File

@ -14,7 +14,7 @@ protocol ibe(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
read_1(S,I, param(S) );
send_3(I,R, {ni}ibepublic(param(S),R) );
@ -40,11 +40,7 @@ protocol ibe(I,R,S)
}
}
const Alice, Bob, Carol, Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
compromised ibesecret(param(Eve),Alice);
compromised ibesecret(param(Eve),Bob);
compromised ibesecret(param(Eve),Carol);

View File

@ -6,7 +6,7 @@ protocol isoiec11770213(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Sessionkey;
@ -19,8 +19,8 @@ protocol isoiec11770213(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
const kir: Sessionkey;
fresh nr: Nonce;
fresh kir: Sessionkey;
var T;
read_1 (I,R, ni);
@ -41,23 +41,7 @@ protocol isoiec11770213(I,R,S)
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Ticket;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run isoiec11770213.I(Agent,Agent,Simon);
run isoiec11770213.R(Agent,Agent,Simon);
run isoiec11770213.S(Agent,Agent,Simon);
run isoiec11770213.I(Agent,Agent,Simon);
run isoiec11770213.R(Agent,Agent,Simon);
run isoiec11770213.S(Agent,Agent,Simon);

View File

@ -6,7 +6,7 @@ protocol kaochowPalm(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Sessionkey;
@ -22,7 +22,7 @@ protocol kaochowPalm(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
var kir: Sessionkey;
var T;
@ -38,30 +38,14 @@ protocol kaochowPalm(I,R,S)
role S
{
var ni: Nonce;
const kir: Sessionkey;
fresh kir: Sessionkey;
read_1 (I,S, I,R,ni);
send_2 (S,R, { {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) }k(R,S) );
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Ticket;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run kaochowPalm.I(Agent,Agent,Simon);
run kaochowPalm.R(Agent,Agent,Simon);
run kaochowPalm.S(Agent,Agent,Simon);
run kaochowPalm.I(Agent,Agent,Simon);
run kaochowPalm.R(Agent,Agent,Simon);
run kaochowPalm.S(Agent,Agent,Simon);

View File

@ -6,7 +6,7 @@ protocol kaochow2(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir,kt: Sessionkey;
@ -22,7 +22,7 @@ protocol kaochow2(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
var kir,kt: Sessionkey;
var T: Ticket;
@ -38,30 +38,14 @@ protocol kaochow2(I,R,S)
role S
{
var ni: Nonce;
const kir, kt: Sessionkey;
fresh kir, kt: Sessionkey;
read_1 (I,S, I,R,ni);
send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Ticket;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run kaochow2.I(Agent,Agent,Simon);
run kaochow2.R(Agent,Agent,Simon);
run kaochow2.S(Agent,Agent,Simon);
run kaochow2.I(Agent,Agent,Simon);
run kaochow2.R(Agent,Agent,Simon);
run kaochow2.S(Agent,Agent,Simon);

View File

@ -7,7 +7,7 @@ protocol kaochow3(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir,kt: Sessionkey;
var T2: Ticket;
@ -24,10 +24,10 @@ protocol kaochow3(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
var kir,kt: Sessionkey;
var T: Ticket;
const tr: Timestamp;
fresh tr: Timestamp;
read_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
send_3 (R,I, R, T, {ni, kir}kt, nr, {I,R,tr,kir}k(R,S) );
@ -41,30 +41,14 @@ protocol kaochow3(I,R,S)
role S
{
var ni: Nonce;
const kir, kt: Sessionkey;
fresh kir, kt: Sessionkey;
read_1 (I,S, I,R,ni);
send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Ticket;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run kaochow3.I(Agent,Agent,Simon);
run kaochow3.R(Agent,Agent,Simon);
run kaochow3.S(Agent,Agent,Simon);
run kaochow3.I(Agent,Agent,Simon);
run kaochow3.R(Agent,Agent,Simon);
run kaochow3.S(Agent,Agent,Simon);

View File

@ -6,7 +6,7 @@ protocol kaochow(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Sessionkey;
@ -22,7 +22,7 @@ protocol kaochow(I,R,S)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
var kir: Sessionkey;
var T;
@ -38,30 +38,14 @@ protocol kaochow(I,R,S)
role S
{
var ni: Nonce;
const kir: Sessionkey;
fresh kir: Sessionkey;
read_1 (I,S, I,R,ni);
send_2 (S,R, {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) );
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Ticket;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run kaochow.I(Agent,Agent,Simon);
run kaochow.R(Agent,Agent,Simon);
run kaochow.S(Agent,Agent,Simon);
run kaochow.I(Agent,Agent,Simon);
run kaochow.R(Agent,Agent,Simon);
run kaochow.S(Agent,Agent,Simon);

View File

@ -58,13 +58,13 @@ protocol @swapkey-kst(I,R)
protocol kerberos(C,K,T,S) {
role C {
const n1: Nonce;
const n2: Nonce;
fresh n1: Nonce;
fresh n2: Nonce;
var tgt: Ticket;
var st: Ticket;
var AKey: Sessionkey;
var SKey: Sessionkey;
const t: Text;
fresh t: Text;
send_1(C,K, C,T,n1);
read_2(K,C, tgt, { AKey,n1,T }kck(C,K) );
@ -94,7 +94,7 @@ protocol kerberos(C,K,T,S) {
}
role K {
var n1: Nonce;
const AKey: Sessionkey;
fresh AKey: Sessionkey;
read_1(C,K, C,T,n1);
send_2(K,C, { AKey, C }ktk(T,K), { AKey,n1,T }kck(C,K) );
@ -106,7 +106,7 @@ protocol kerberos(C,K,T,S) {
role T {
var AKey: Sessionkey;
var n2: Nonce;
const SKey: Sessionkey;
fresh SKey: Sessionkey;
read_3(C,T, { AKey, C }ktk(T,K), { C }AKey,C,S,n2 );
send_4(T,C, C,{ SKey, C }kst(S,T), { SKey, n2, S }AKey );
@ -138,27 +138,14 @@ protocol kerberos(C,K,T,S) {
}
const Alice,Bob,Charlie,Eve: Agent;
untrusted Eve;
// C untrusted
compromised kck(Eve,Alice);
compromised kck(Alice,Eve);
// K untrusted
compromised kck(Eve,Alice);
compromised kck(Alice,Eve);
compromised ktk(Eve,Alice);
compromised ktk(Alice,Eve);
// T untrusted
compromised kst(Alice,Eve);
compromised kst(Eve,Alice);
compromised ktk(Eve,Alice);
compromised ktk(Alice,Eve);
// S untrusted
compromised kst(Alice,Eve);
compromised kst(Eve,Alice);

View File

@ -11,12 +11,10 @@
usertype Server, SessionKey, GeneralizedTimestamp, Ticket, TicketKey;
secret k: Function;
const a, b, e: Agent;
const s: Server;
/* give the intruder something to work with */
const ne: Nonce;
const kee: SessionKey;
untrusted e;
compromised k(e,s);
@ -25,7 +23,7 @@ protocol ksl(A,B,S)
{
role A
{
const Na, Ma: Nonce;
fresh Na, Ma: Nonce;
var Nc, Mb: Nonce;
var T: Ticket;
var Kab: SessionKey;
@ -46,10 +44,10 @@ protocol ksl(A,B,S)
role B
{
var Na,Ma: Nonce;
const Nb,Nc,Mb: Nonce;
fresh Nb,Nc,Mb: Nonce;
var Kab: SessionKey;
const Kbb: TicketKey;
const Tb: GeneralizedTimestamp;
fresh Kbb: TicketKey;
fresh Tb: GeneralizedTimestamp;
var T: Ticket;
read_1(A,B, Na, A);
@ -70,14 +68,11 @@ protocol ksl(A,B,S)
role S
{
var Na, Nb: Nonce;
const Kab: SessionKey;
fresh Kab: SessionKey;
read_2(B,S, Na, A, Nb, B );
send_3(S,B, { Nb, A, Kab }k(B,S), { Na,B,Kab }k(A,S) );
}
}
run ksl.A(a,b,s);
run ksl.B(a,b,s);
run ksl.S(a,b,s);

View File

@ -15,7 +15,7 @@ protocol lcbreaker(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var x: Nonce;
@ -33,8 +33,8 @@ protocol lcbreaker(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
const x: Nonce;
fresh nr: Nonce;
fresh x: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );
@ -48,9 +48,5 @@ protocol lcbreaker(I,R)
}
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -15,7 +15,7 @@ protocol lcbreakerS1(I,R)
{
role I
{
const ni,ni2: Nonce;
fresh ni,ni2: Nonce;
var nr: Nonce;
var x: Nonce;
@ -36,8 +36,8 @@ protocol lcbreakerS1(I,R)
role R
{
var ni,ni2: Nonce;
const nr: Nonce;
const x: Nonce;
fresh nr: Nonce;
fresh x: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );
@ -54,10 +54,6 @@ protocol lcbreakerS1(I,R)
}
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -14,7 +14,7 @@ protocol localclaims(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_1(I,R, {ni}pk(R) );
@ -33,13 +33,8 @@ protocol localclaims(I,R)
// The agents in the system
const Alice,Bob: Agent;
// An untrusted agent, with leaked information
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -10,13 +10,11 @@ secret k: Function;
/* agents */
const a,b,e: Agent;
/* untrusted e */
untrusted e;
const ne: Nonce;
const kee: SessionKey;
compromised k(e,e);
@ -36,7 +34,7 @@ protocol nssymmetricamended(A,S,B)
{
role A
{
const na: Nonce;
fresh na: Nonce;
var T1: Ticket;
var T2: Ticket;
var kab: SessionKey;
@ -57,7 +55,7 @@ protocol nssymmetricamended(A,S,B)
role S
{
const kab: SessionKey;
fresh kab: SessionKey;
var na: Nonce;
var nb: Nonce;
@ -68,7 +66,7 @@ protocol nssymmetricamended(A,S,B)
role B
{
var kab: SessionKey;
const nb: Nonce;
fresh nb: Nonce;
read_1(A,B, A );
send_2(B,A, { A,nb }k(B,S) );

View File

@ -9,13 +9,11 @@ secret k: Function;
/* agents */
const a,b,e: Agent;
/* untrusted e */
untrusted e;
const ne: Nonce;
const kee: SessionKey;
compromised k(e,e);
@ -35,7 +33,7 @@ protocol nssymmetric(A,S,B)
{
role A
{
const na: Nonce;
fresh na: Nonce;
var T: Ticket;
var kab: SessionKey;
var nb: Nonce;
@ -51,7 +49,7 @@ protocol nssymmetric(A,S,B)
role S
{
const kab: SessionKey;
fresh kab: SessionKey;
var na: Nonce;
read_1(A,S, A,B,na );
@ -61,7 +59,7 @@ protocol nssymmetric(A,S,B)
role B
{
var kab: SessionKey;
const nb: Nonce;
fresh nb: Nonce;
read_3(A,B, { kab,A }k(B,S) );
send_4(B,A, { nb }kab );

View File

@ -6,7 +6,7 @@ protocol ns3brutus(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -18,7 +18,7 @@ protocol ns3brutus(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr}pk(I) );
@ -31,20 +31,13 @@ const Alice,Bob,Eve : Agent;
/* something like this will later on all be implied by 'untrusted Eve' */
untrusted Eve;
/* const nc: Nonce; */
compromised sk(Eve);
/* fresh nc: Nonce; */
/* pre-defined 10 runs, limit using --max-runs parameters */
/* to be nice to brutus, stupid scenario :( */
run ns3brutus.R(Agent,Bob);
run ns3brutus.I(Alice,Agent);
run ns3brutus.R(Agent,Bob);
run ns3brutus.I(Alice,Agent);
run ns3brutus.R(Agent,Bob);
run ns3brutus.I(Alice,Agent);
run ns3brutus.R(Agent,Bob);
run ns3brutus.I(Alice,Agent);
run ns3brutus.R(Agent,Bob);
run ns3brutus.I(Alice,Agent);

View File

@ -14,7 +14,7 @@ protocol ns3(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -29,7 +29,7 @@ protocol ns3(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr}pk(I) );
@ -43,25 +43,10 @@ protocol ns3(I,R)
// The agents in the system
const Alice,Bob: Agent;
// An untrusted agent, with leaked information
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
// The runs (only needed for the modelchecker algorithm)
run ns3.I(Agent,Agent);
run ns3.R(Agent,Agent);
run ns3.I(Agent,Agent);
run ns3.R(Agent,Agent);
run ns3.I(Agent,Agent);
run ns3.R(Agent,Agent);
run ns3.I(Agent,Agent);
run ns3.R(Agent,Agent);
run ns3.I(Agent,Agent);
run ns3.R(Agent,Agent);

View File

@ -6,7 +6,7 @@ protocol nsl3rep(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -20,7 +20,7 @@ protocol nsl3rep(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
read_6(I,R, {I,ni}pk(R) );
@ -31,13 +31,5 @@ protocol nsl3rep(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const nc: Nonce;
compromised sk(Eve);
run nsl3rep.I(Agent,Agent);
run nsl3rep.R(Agent,Agent);
run nsl3rep.I(Agent,Agent);
run nsl3rep.R(Agent,Agent);

View File

@ -6,7 +6,7 @@ protocol nsl3(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -22,7 +22,7 @@ protocol nsl3(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );
@ -35,9 +35,5 @@ protocol nsl3(I,R)
}
}
const Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);

View File

@ -12,20 +12,16 @@ usertype Server, SessionKey, TimeStamp, TicketKey;
usertype ExpiredTimeStamp;
secret k: Function;
const Alice, Bob, Simon, Eve: Agent;
const Fresh: Function;
const Compromised: Function;
const ne: Nonce;
const kee: SessionKey;
untrusted Eve;
compromised k(Eve,Simon);
protocol neustub(I,R,S)
{
role I
{
const Ni: Nonce;
fresh Ni: Nonce;
var Nr: Nonce;
var T: Ticket;
var Tb: TimeStamp;
@ -46,12 +42,12 @@ protocol neustub(I,R,S)
role R
{
var Ni,Mi: Nonce;
const Nr,Mr: Nonce;
fresh Nr,Mr: Nonce;
var Kir: SessionKey;
const Tb: TimeStamp;
fresh Tb: TimeStamp;
var T: Ticket;
const g: Ticket;
fresh g: Ticket;
read_1(I,R, I, Ni);
send_!2(R,S, R, {I, Ni, Tb, g}k(R,S),Nr);
@ -67,7 +63,7 @@ protocol neustub(I,R,S)
role S
{
var Ni, Nr: Nonce;
const Kir: SessionKey;
fresh Kir: SessionKey;
var Tb: TimeStamp;
var g: Ticket;

View File

@ -12,28 +12,24 @@ usertype Server, SessionKey, TimeStamp, TicketKey;
usertype ExpiredTimeStamp;
secret k: Function;
const Alice, Bob, Simon, Eve: Agent;
const Fresh: Function;
const Compromised: Function;
const ne: Nonce;
const kee: SessionKey;
untrusted Eve;
compromised k(Eve,Simon);
protocol neustub^Repeat(I,R,S)
{
const Kir: SessionKey;
fresh Kir: SessionKey;
role I
{
const Mi: Nonce;
fresh Mi: Nonce;
var Mr: Nonce;
var Kir: SessionKey;
var Tr: TimeStamp;
var Tb: Ticket;
const g: Ticket;
fresh g: Ticket;
var h: Ticket;
read_!chain(R,I, { R,Tr,Kir }k(I,S), Tb);
@ -52,13 +48,13 @@ protocol neustub^Repeat(I,R,S)
role R
{
const Mr: Nonce;
fresh Mr: Nonce;
var Tr: TimeStamp;
var Kir: SessionKey;
var Mi: Nonce;
var g: Ticket;
const h: Ticket;
fresh h: Ticket;
read_5(I,R,Mi,{I,Kir,Tr}k(R,S),g);
send_6(R,I,{Mi,Mr,g,h}Kir);

View File

@ -1,4 +1,4 @@
secret const k : Function;
secret fresh k : Function;
/* Version from the Spore Librairy
http://www.lsv.ens-cachan.fr/spore/otwayRees.html
@ -10,8 +10,8 @@ protocol otwayrees(A,B,S)
{
role A
{
const na : Nonce;
const M : String;
fresh na : Nonce;
fresh M : String;
var kab : SesKey;
send_1(A,B, M,A,B, { na,M,A,B }k(A,S) );
@ -25,7 +25,7 @@ protocol otwayrees(A,B,S)
role B
{
var M : String;
const nb : Nonce;
fresh nb : Nonce;
var kab : SesKey;
var t1,t2;
@ -43,7 +43,7 @@ protocol otwayrees(A,B,S)
{
var na,nb : Nonce;
var M : String;
const kab : SesKey;
fresh kab : SesKey;
read_2(B,S, M,A,B, { na,M,A,B }k(A,S), { nb,M,A,B }k(B,S) );
send_3(S,B, M, { na,kab }k(A,S) , { nb,kab }k(B,S) );
@ -53,14 +53,6 @@ protocol otwayrees(A,B,S)
const Alice, Bob, Eve: Agent;
const Simon: Server;
untrusted Eve;
compromised k(Eve,Simon);
run otwayrees.A(Alice, Agent, Simon);
run otwayrees.B(Agent, Bob, Simon);
run otwayrees.S(Agent, Agent, Simon);
run otwayrees.A(Agent, Agent, Simon);
run otwayrees.B(Agent, Agent, Simon);
run otwayrees.S(Agent, Agent, Simon);

View File

@ -13,7 +13,7 @@ protocol samascbroken(I,R)
{
role R
{
const nr: Nonce;
fresh nr: Nonce;
var kir: Key;
read_!1a (I,R, { kir,I }pk(R) );
@ -29,8 +29,6 @@ protocol samascbroken(I,R)
}
}
const a,b,e: Agent;
untrusted e;
compromised sk(e);
const ne: Nonce;

View File

@ -1,14 +1,12 @@
secret k: Nonce;
const Alice,Bob,Charlie: Agent;
const ne: Nonce;
protocol simplest(I)
{
role I
{
var x: Nonce;
const n: Nonce;
fresh n: Nonce;
read_!1(I,I, x);
send_!2(I,I, n, {n, x}k );

View File

@ -7,8 +7,8 @@ protocol sophkx(I,R)
{
role I
{
const ni: Nonce;
const kir: Sessionkey;
fresh ni: Nonce;
fresh kir: Sessionkey;
var nr: Nonce;
send_1(I,R, ni, {I,kir}pk(R) );
@ -20,20 +20,13 @@ protocol sophkx(I,R)
{
var ni: Nonce;
var kir: Sessionkey;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, ni, {I,kir}pk(R) );
send_2(R,I, {ni}kir );
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const nc: Nonce;
const ke: Sessionkey;
compromised sk(Eve);
run sophkx.I(Agent,Agent);
run sophkx.R(Agent,Agent);
run sophkx.I(Agent,Agent);

View File

@ -6,7 +6,7 @@ protocol soph(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
send_1(I,R, {I,ni}pk(R) );
read_2(R,I, ni );
@ -22,13 +22,5 @@ protocol soph(I,R)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const nc: Nonce;
compromised sk(Eve);
run soph.I(Agent,Agent);
run soph.R(Agent,Agent);
run soph.I(Agent,Agent);
run soph.R(Agent,Agent);

View File

@ -6,7 +6,7 @@ protocol ns3speedtest(I,R)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {I,ni}pk(R) );
@ -18,7 +18,7 @@ protocol ns3speedtest(I,R)
role R
{
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr}pk(I) );
@ -27,23 +27,14 @@ protocol ns3speedtest(I,R)
}
}
const Alice,Bob,Eve : Agent;
/* something like this will later on all be implied by 'untrusted Eve' */
untrusted Eve;
const nc: Nonce;
compromised sk(Eve);
/* pre-defined 10 runs, limit using --max-runs parameters */
run ns3speedtest.I(Alice,Bob);
run ns3speedtest.R(Alice,Bob);
run ns3speedtest.I(Alice,Eve);
run ns3speedtest.R(Eve,Bob);
run ns3speedtest.I(Bob,Alice);
run ns3speedtest.R(Bob,Alice);
run ns3speedtest.I(Bob,Eve);
run ns3speedtest.R(Eve,Alice);
run ns3speedtest.I(Alice,Alice);
run ns3speedtest.R(Bob,Bob);

View File

@ -8,9 +8,9 @@ protocol spliceAShcCJ(C,AS,S)
{
role C
{
const N1,N2: Nonce;
const T: TimeStamp;
const L: LifeTime;
fresh N1,N2: Nonce;
fresh T: TimeStamp;
fresh L: LifeTime;
send_1(C,AS, C, S, N1 );
read_2(AS,C, AS, {AS, C, N1, S, pk(S)}sk(AS) );
@ -34,13 +34,13 @@ protocol spliceAShcCJ(C,AS,S)
role S
{
const N3: Nonce;
fresh N3: Nonce;
var N2: Nonce;
var T: TimeStamp;
var L: LifeTime;
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_3(C,S, C, S, {T, L, {C, N2}pk(S)}sk(C) );
send_4(S,AS, S, C, N3 );
@ -53,14 +53,7 @@ protocol spliceAShcCJ(C,AS,S)
}
}
const Al,Bo,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run spliceAShcCJ.C(Agent,Agent,Agent);
run spliceAShcCJ.AS(Agent,Agent,Agent);
run spliceAShcCJ.S(Agent,Agent,Agent);

View File

@ -8,9 +8,9 @@ protocol spliceAShc(C,AS,S)
{
role C
{
const N1,N2: Nonce;
const T: TimeStamp;
const L: LifeTime;
fresh N1,N2: Nonce;
fresh T: TimeStamp;
fresh L: LifeTime;
send_1(C,AS, C, S, N1 );
read_2(AS,C, AS, {AS, C, N1, S, pk(S)}sk(AS) );
@ -34,13 +34,13 @@ protocol spliceAShc(C,AS,S)
role S
{
const N3: Nonce;
fresh N3: Nonce;
var N2: Nonce;
var T: TimeStamp;
var L: LifeTime;
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_3(C,S, C, S, {C, T, L, {N2}pk(S)}sk(C) );
send_4(S,AS, S, C, N3 );
@ -53,14 +53,7 @@ protocol spliceAShc(C,AS,S)
}
}
const Al,Bo,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run spliceAShc.C(Agent,Agent,Agent);
run spliceAShc.AS(Agent,Agent,Agent);
run spliceAShc.S(Agent,Agent,Agent);

View File

@ -8,9 +8,9 @@ protocol spliceAS(C,AS,S)
{
role C
{
const N1,N2: Nonce;
const T: TimeStamp;
const L: LifeTime;
fresh N1,N2: Nonce;
fresh T: TimeStamp;
fresh L: LifeTime;
send_1(C,AS, C, S, N1 );
read_2(AS,C, AS, {AS, C, N1, pk(S)}sk(AS) );
@ -34,13 +34,13 @@ protocol spliceAS(C,AS,S)
role S
{
const N3: Nonce;
fresh N3: Nonce;
var N2: Nonce;
var T: TimeStamp;
var L: LifeTime;
var ni: Nonce;
const nr: Nonce;
fresh nr: Nonce;
read_3(C,S, C, S, {C, T, L, {N2}pk(S)}sk(C) );
send_4(S,AS, S, C, N3 );
@ -53,14 +53,7 @@ protocol spliceAS(C,AS,S)
}
}
const Al,Bo,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run spliceAS.C(Agent,Agent,Agent);
run spliceAS.AS(Agent,Agent,Agent);
run spliceAS.S(Agent,Agent,Agent);

View File

@ -30,8 +30,8 @@ protocol tls-bm-1(A,B)
{
role A
{
const na: Nonce;
const pmk: Nonce;
fresh na: Nonce;
fresh pmk: Nonce;
var nb: Nonce;
send_1( A,B, msg1 );
@ -47,7 +47,7 @@ protocol tls-bm-1(A,B)
{
var na: Nonce;
var pmk: Nonce;
const nb: Nonce;
fresh nb: Nonce;
read_1( A,B, msg1 );
send_2( B,A, msg2 );
@ -60,6 +60,4 @@ protocol tls-bm-1(A,B)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -30,8 +30,8 @@ protocol tls-bm-1(A,B)
{
role A
{
const na: Nonce;
const pmk: Nonce;
fresh na: Nonce;
fresh pmk: Nonce;
var nb: Nonce;
send_1( A,B, na );
@ -47,7 +47,7 @@ protocol tls-bm-1(A,B)
{
var na: Nonce;
var pmk: Nonce;
const nb: Nonce;
fresh nb: Nonce;
read_1( A,B, na );
send_2( B,A, nb );
@ -60,6 +60,4 @@ protocol tls-bm-1(A,B)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -47,9 +47,9 @@ protocol tls-HSDDM05(X,Y)
{
role X
{
const Nx: Nonce;
const msecret: Nonce;
const pa: Params;
fresh Nx: Nonce;
fresh msecret: Nonce;
fresh pa: Params;
var Ny: Nonce;
var pb: Params;
@ -66,8 +66,8 @@ protocol tls-HSDDM05(X,Y)
var Nx: Nonce;
var msecret: Nonce;
var pa: Params;
const Ny: Nonce;
const pb: Params;
fresh Ny: Nonce;
fresh pb: Params;
read_1( X,Y, msg1 );
send_2( Y,X, msg2 );
@ -79,6 +79,4 @@ protocol tls-HSDDM05(X,Y)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -19,9 +19,9 @@ protocol tls-HSDDM05(X,Y)
{
role X
{
const Nx: Nonce;
const msecret: Nonce;
const pa: Params;
fresh Nx: Nonce;
fresh msecret: Nonce;
fresh pa: Params;
var Ny: Nonce;
var pb: Params;
@ -38,8 +38,8 @@ protocol tls-HSDDM05(X,Y)
var Nx: Nonce;
var msecret: Nonce;
var pa: Params;
const Ny: Nonce;
const pb: Params;
fresh Ny: Nonce;
fresh pb: Params;
read_1( X,Y, X,Nx,pa );
send_2( Y,X, Ny,pb,{ Y,pk(Y) }sk(Terence) );
@ -51,5 +51,3 @@ protocol tls-HSDDM05(X,Y)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -37,9 +37,9 @@ protocol tls-HSDDM05(X,Y)
{
role X
{
const Nx: Nonce;
const msecret: Nonce;
const pa: Params;
fresh Nx: Nonce;
fresh msecret: Nonce;
fresh pa: Params;
var Ny: Nonce;
var pb: Params;
@ -56,8 +56,8 @@ protocol tls-HSDDM05(X,Y)
var Nx: Nonce;
var msecret: Nonce;
var pa: Params;
const Ny: Nonce;
const pb: Params;
fresh Ny: Nonce;
fresh pb: Params;
read_1( X,Y, msg1 );
send_2( Y,X, msg2 );
@ -69,6 +69,4 @@ protocol tls-HSDDM05(X,Y)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -38,9 +38,9 @@ protocol tls-HSDDM05(X,Y)
{
role X
{
const Nx: Nonce;
const msecret: Nonce;
const pa: Params;
fresh Nx: Nonce;
fresh msecret: Nonce;
fresh pa: Params;
var Ny: Nonce;
var pb: Params;
@ -57,8 +57,8 @@ protocol tls-HSDDM05(X,Y)
var Nx: Nonce;
var msecret: Nonce;
var pa: Params;
const Ny: Nonce;
const pb: Params;
fresh Ny: Nonce;
fresh pb: Params;
read_1( X,Y, msg1 );
send_2( Y,X, msg2 );
@ -70,6 +70,4 @@ protocol tls-HSDDM05(X,Y)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -38,9 +38,9 @@ protocol tls-HSDDM05(X,Y)
{
role X
{
const Nx: Nonce;
const msecret: Nonce;
const pa: Params;
fresh Nx: Nonce;
fresh msecret: Nonce;
fresh pa: Params;
var Ny: Nonce;
var pb: Params;
@ -57,8 +57,8 @@ protocol tls-HSDDM05(X,Y)
var Nx: Nonce;
var msecret: Nonce;
var pa: Params;
const Ny: Nonce;
const pb: Params;
fresh Ny: Nonce;
fresh pb: Params;
read_1( X,Y, X,Nx,pa );
send_2( Y,X, Ny,pb,{ Y,pk(Y) }sk(Terence) );
@ -70,6 +70,4 @@ protocol tls-HSDDM05(X,Y)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -41,9 +41,9 @@ protocol tls-HSDDM05(X,Y)
{
role X
{
const Nx: Nonce;
const msecret: Nonce;
const pa: Params;
fresh Nx: Nonce;
fresh msecret: Nonce;
fresh pa: Params;
var Ny: Nonce;
var pb: Params;
@ -60,8 +60,8 @@ protocol tls-HSDDM05(X,Y)
var Nx: Nonce;
var msecret: Nonce;
var pa: Params;
const Ny: Nonce;
const pb: Params;
fresh Ny: Nonce;
fresh pb: Params;
read_1( X,Y, msg1 );
send_2( Y,X, msg2 );
@ -73,6 +73,4 @@ protocol tls-HSDDM05(X,Y)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -19,9 +19,9 @@ protocol tls-HSDDM05(X,Y)
{
role X
{
const Nx: Nonce;
const msecret: Nonce;
const pa: Params;
fresh Nx: Nonce;
fresh msecret: Nonce;
fresh pa: Params;
var Ny: Nonce;
var pb: Params;
@ -38,8 +38,8 @@ protocol tls-HSDDM05(X,Y)
var Nx: Nonce;
var msecret: Nonce;
var pa: Params;
const Ny: Nonce;
const pb: Params;
fresh Ny: Nonce;
fresh pb: Params;
read_1( X,Y, X,Nx,pa );
send_2( Y,X, Ny,pb,{ Y,pk(Y) }sk(Terence) );
@ -51,5 +51,3 @@ protocol tls-HSDDM05(X,Y)
}
untrusted Eve;
compromised sk(Eve);

View File

@ -34,7 +34,6 @@ secret unkeygen: Function;
inversekeys(keygen, unkeygen);
const pa,pb: Params;
const Terence: Agent;
const false,true: Bool;
@ -42,9 +41,9 @@ protocol tlspaulson-avispa(a,b)
{
role a
{
const na: Nonce;
const sid: SessionID;
const pms: Nonce;
fresh na: Nonce;
fresh sid: SessionID;
fresh pms: Nonce;
var nb: Nonce;
var pb: Params;
@ -68,8 +67,8 @@ protocol tlspaulson-avispa(a,b)
var na: Nonce;
var sid: SessionID;
var pms: Nonce;
const nb: Nonce;
const pb: Params;
fresh nb: Nonce;
fresh pb: Params;
read_1( a,b, a,na,sid,pa );
send_2( b,a, nb,sid,pb );
@ -86,11 +85,7 @@ protocol tlspaulson-avispa(a,b)
}
}
const Alice, Bob, Eve: Agent;
untrusted Eve;
compromised sk(Eve);
const ne: Nonce;
const side: SessionID;
const pe: Params;

View File

@ -15,9 +15,6 @@ secret unkeygen: Function;
inversekeys(keygen, unkeygen);
const pa,pb: Params;
const Alice,Bob: Agent;
const Terence: Agent;
const Sally: Agent;
const false,true: Bool;
@ -25,9 +22,9 @@ protocol tlspaulson-avispa(a,b)
{
role a
{
const na: Nonce;
const sid: SessionID;
const pms: Nonce;
fresh na: Nonce;
fresh sid: SessionID;
fresh pms: Nonce;
var nb: Nonce;
var pb: Params;
@ -51,8 +48,8 @@ protocol tlspaulson-avispa(a,b)
var na: Nonce;
var sid: SessionID;
var pms: Nonce;
const nb: Nonce;
const pb: Params;
fresh nb: Nonce;
fresh pb: Params;
read_1( a,b, a,na,sid,pa );
send_2( b,a, nb,sid,pb );
@ -69,10 +66,6 @@ protocol tlspaulson-avispa(a,b)
}
}
const Alice, Bob, Eve: Agent;
untrusted Eve;
compromised sk(Eve);
const ne: Nonce;
const side: SessionID;
const pe: Params;

View File

@ -26,7 +26,6 @@ inversekeys(pk,sk);
inversekeys(hash,unhash);
const pa,pb: Params;
const Terence: Agent;
const false,true: Bool;
@ -34,9 +33,9 @@ protocol tlspaulson(a,b)
{
role a
{
const na: Nonce;
const sid: SessionID;
const pms: Nonce;
fresh na: Nonce;
fresh sid: SessionID;
fresh pms: Nonce;
var nb: Nonce;
var pb: Params;
@ -59,8 +58,8 @@ protocol tlspaulson(a,b)
var na: Nonce;
var sid: SessionID;
var pms: Nonce;
const nb: Nonce;
const pb: Params;
fresh nb: Nonce;
fresh pb: Params;
read_1( a,b, a,na,sid,pa );
send_2( b,a, nb,sid,pb );
@ -76,20 +75,8 @@ protocol tlspaulson(a,b)
}
}
const Alice, Bob, Eve: Agent;
untrusted Eve;
compromised sk(Eve);
const ne: Nonce;
const side: SessionID;
const pe: Params;
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);

View File

@ -11,7 +11,6 @@ inversekeys(pk,sk);
inversekeys(hash,unhash);
const pa,pb: Params;
const Terence: Agent;
const false,true: Bool;
@ -19,9 +18,9 @@ protocol tlspaulson(a,b)
{
role a
{
const na: Nonce;
const sid: SessionID;
const pms: Nonce;
fresh na: Nonce;
fresh sid: SessionID;
fresh pms: Nonce;
var nb: Nonce;
var pb: Params;
@ -44,8 +43,8 @@ protocol tlspaulson(a,b)
var na: Nonce;
var sid: SessionID;
var pms: Nonce;
const nb: Nonce;
const pb: Params;
fresh nb: Nonce;
fresh pb: Params;
read_1( a,b, a,na,sid,pa );
send_2( b,a, nb,sid,pb );
@ -61,19 +60,7 @@ protocol tlspaulson(a,b)
}
}
const Alice, Bob, Eve: Agent;
untrusted Eve;
compromised sk(Eve);
const ne: Nonce;
const side: SessionID;
const pe: Params;
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);
run tlspaulson.a(Agent,Agent);
run tlspaulson.b(Agent,Agent);

View File

@ -9,7 +9,7 @@ protocol tmn(A,B,S)
{
role A
{
const Ka: Key;
fresh Ka: Key;
var Kb: Key;
send_1(A,S, B,{Ka}pk(S) );
@ -21,7 +21,7 @@ protocol tmn(A,B,S)
role B
{
const Kb: Key;
fresh Kb: Key;
read_2(S,B, A );
send_3(B,S, A, { Kb }pk(S) );
@ -46,11 +46,7 @@ const Alice,Bob,Eve,Simon: Agent;
const Ke: Key;
untrusted Eve;
compromised sk(Eve);
# Scenario to recreate an attack in SPORE
run tmn.B (Alice,Bob,Simon);
run tmn.S (Alice,Bob,Simon);

View File

@ -8,7 +8,7 @@ protocol tmn(A,B,S)
{
role A
{
const Ka: Key;
fresh Ka: Key;
var Kb: Key;
send_1(A,S, B,{Ka}pk(S) );
@ -20,7 +20,7 @@ protocol tmn(A,B,S)
role B
{
const Kb: Key;
fresh Kb: Key;
read_2(S,B, A );
send_3(B,S, A, { Kb }pk(S) );
@ -43,14 +43,6 @@ protocol tmn(A,B,S)
const Alice,Bob,Eve,Simon: Agent;
untrusted Eve;
compromised sk(Eve);
run tmn.A (Agent,Agent,Simon);
run tmn.A (Agent,Agent,Simon);
run tmn.B (Agent,Agent,Simon);
run tmn.B (Agent,Agent,Simon);
run tmn.S (Agent,Agent,Simon);
run tmn.S (Agent,Agent,Simon);

View File

@ -5,7 +5,7 @@ protocol unknown2(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: SessionKey;
var T;
@ -21,7 +21,7 @@ protocol unknown2(I,R,S)
role R
{
const nr: Nonce;
fresh nr: Nonce;
var ni: Nonce;
var kir: SessionKey;
@ -36,7 +36,7 @@ protocol unknown2(I,R,S)
role S
{
const kir: SessionKey;
fresh kir: SessionKey;
var ni,nr: Nonce;
read_2(R,S, { I,R,ni,nr }k(R,S) );
@ -50,20 +50,6 @@ protocol unknown2(I,R,S)
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const kee: SessionKey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
run unknown2.I(Agent,Agent,Agent);
run unknown2.R(Agent,Agent,Agent);
run unknown2.S(Agent,Agent,Agent);
run unknown2.R(Agent,Agent,Agent);
run unknown2.I(Agent,Agent,Agent);
run unknown2.S(Agent,Agent,Agent);

View File

@ -1,5 +1,5 @@
usertype SesKey, Server;
secret const k : Function;
secret fresh k : Function;
/* Version from the Brutus reports
*/
@ -8,7 +8,7 @@ protocol wmfbrutus(A,B,S)
{
role A
{
const kab : SesKey;
fresh kab : SesKey;
send_1(A,S, A, { B,kab }k(A,S) );
}
@ -34,15 +34,6 @@ protocol wmfbrutus(A,B,S)
const Alice, Bob, Eve: Agent;
const Simon: Server;
untrusted Eve;
compromised k(Eve,Simon);
run wmfbrutus.A(Agent, Agent, Simon);
run wmfbrutus.B(Agent, Agent, Simon);
run wmfbrutus.A(Agent, Agent, Simon);
run wmfbrutus.B(Agent, Agent, Simon);
run wmfbrutus.A(Agent, Agent, Simon);
run wmfbrutus.B(Agent, Agent, Simon);
run wmfbrutus.S(Agent, Agent, Simon);

View File

@ -5,16 +5,12 @@
usertype Server, SessionKey, Token, Ticket;
secret k: Function;
const Alice, Bob, Charlie, Eve: Agent;
const Simon: Server;
/* give the intruder something to work with */
// Scyther finds an attack using basic type flaws
const ne: Nonce;
const ke: SessionKey;
untrusted Eve;
compromised k(Eve,Simon);
const authToken: Token;
@ -22,7 +18,7 @@ protocol woolamcmv(A,B,S)
{
role A
{
const Na: Nonce;
fresh Na: Nonce;
var Nb: Nonce;
var Kab: SessionKey;
var t1,t2;
@ -41,7 +37,7 @@ protocol woolamcmv(A,B,S)
role B
{
var Na: Nonce;
const Nb: Nonce;
fresh Nb: Nonce;
var Kab: SessionKey;
var t1,t2;
@ -61,7 +57,7 @@ protocol woolamcmv(A,B,S)
role S
{
var Na, Nb: Nonce;
const Kab: SessionKey;
fresh Kab: SessionKey;
read_4(B,S, { A,B, Na,Nb }k(A,S), { A,B,Na,Nb }k(B,S) );
send_5(S,B, { B,Na,Nb,Kab }k(A,S), { A,Na,Nb,Kab }k(B,S) );
@ -70,6 +66,4 @@ protocol woolamcmv(A,B,S)
}
}
run woolamcmv.B(Alice,Bob,Simon);
run woolamcmv.B(Alice,Bob,Simon);

View File

@ -7,13 +7,9 @@
usertype Server, SessionKey, Ticket;
secret k: Function;
const Alice, Bob, Charlie, Eve: Agent;
const Simon: Server;
const ne: Nonce;
const ke: SessionKey;
untrusted Eve;
compromised k(Eve,Simon);
protocol woolampif(A,B,S)
{
@ -28,7 +24,7 @@ protocol woolampif(A,B,S)
role B
{
const Nb: Nonce;
fresh Nb: Nonce;
var T: Ticket;
read_1(A,B, A);
@ -50,6 +46,4 @@ protocol woolampif(A,B,S)
}
}
run woolampif.B(Alice,Bob,Simon);
run woolampif.B(Alice,Bob,Simon);

View File

@ -15,7 +15,7 @@ protocol yahalomBan(A,B,S)
{
role A
{
const na;
fresh na;
var nb;
var ticket;
var kab;
@ -28,7 +28,7 @@ protocol yahalomBan(A,B,S)
role B
{
const nb;
fresh nb;
var na;
var ticket;
var kab;
@ -41,7 +41,7 @@ protocol yahalomBan(A,B,S)
role S
{
const kab;
fresh kab;
var na,nb;
read_2(B,S, B,nb, {A,na}k(B,S) );

View File

@ -5,19 +5,15 @@
usertype Sessionkey;
const Alice,Bob,Simon,Eve : Agent;
secret k : Function;
untrusted Eve;
compromised k(Eve,Simon);
const ne: Nonce;
const kee: Sessionkey;
protocol yahalomlowe(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Sessionkey;
@ -32,7 +28,7 @@ protocol yahalomlowe(I,R,S)
role R
{
const nr: Nonce;
fresh nr: Nonce;
var ni: Nonce;
var kir: Sessionkey;
@ -47,7 +43,7 @@ protocol yahalomlowe(I,R,S)
role S
{
const kir: Sessionkey;
fresh kir: Sessionkey;
var ni,nr: Nonce;
read_2(R,S, {I,ni,nr}k(R,S) );
@ -56,10 +52,5 @@ protocol yahalomlowe(I,R,S)
}
}
run yahalomlowe.I(Agent,Agent,Simon);
run yahalomlowe.R(Agent,Agent,Simon);
run yahalomlowe.S(Agent,Agent,Simon);
run yahalomlowe.I(Agent,Agent,Simon);
run yahalomlowe.R(Agent,Agent,Simon);

View File

@ -5,19 +5,15 @@
usertype Sessionkey, Ticket;
const Alice,Bob,Simon,Eve : Agent;
secret k : Function;
untrusted Eve;
compromised k(Eve,Simon);
const ne: Nonce;
const kee: Sessionkey;
protocol yahalompaulson(I,R,S)
{
role I
{
const ni: Nonce;
fresh ni: Nonce;
var nr: Nonce;
var kir: Sessionkey;
var T: Ticket;
@ -33,7 +29,7 @@ protocol yahalompaulson(I,R,S)
role R
{
const nr: Nonce;
fresh nr: Nonce;
var ni: Nonce;
var kir: Sessionkey;
@ -48,7 +44,7 @@ protocol yahalompaulson(I,R,S)
role S
{
const kir: Sessionkey;
fresh kir: Sessionkey;
var ni,nr: Nonce;
read_2(R,S, R,nr, {I,ni}k(R,S) );
@ -56,10 +52,5 @@ protocol yahalompaulson(I,R,S)
}
}
run yahalompaulson.I(Agent,Agent,Simon);
run yahalompaulson.R(Agent,Agent,Simon);
run yahalompaulson.S(Agent,Agent,Simon);
run yahalompaulson.I(Agent,Agent,Simon);
run yahalompaulson.R(Agent,Agent,Simon);