// BAN modified version of the yahalom protocol // // Modeled as version in Paulson's paper: // "Relations Between Secrets: Two Formal Analyses of the Yahalom // Protocol" usertype Server; usertype SessionKey; protocol yahalom-BAN-Paulson(A,B,S) { role A { fresh na: Nonce; var nb: Nonce; var ticket: Ticket; var kab: SessionKey; send_1(A,B, A,na); read_3(S,A, {B,kab,na,nb}k(A,S), ticket ); send_4(A,B, ticket, {nb}kab ); claim_5(A, Secret,kab); } role B { fresh nb: Nonce; var na: Nonce; var ticket: Ticket; var kab: SessionKey; read_1(A,B, A,na); send_2(B,S, B, {A,na,nb}k(B,S) ); read_4(A,B, {A,kab}k(B,S) , {nb}kab ); claim_6(B, Secret,kab); } role S { fresh kab: SessionKey; var na,nb: Nonce; read_2(B,S, B, {A,na,nb}k(B,S) ); send_3(S,A, {B,kab,na,nb}k(A,S), {A,kab}k(B,S) ); } }