# Hwang modified Neumann Stubblebine # # Modelled after the description in the SPORE library # http://www.lsv.ens-cachan.fr/spore/neumannStubblebineHwang.html # # Note: # According to SPORE there are no attacks on this protocol, scyther # finds one however. This has to be investigated further. usertype Server, SessionKey, TimeStamp, TicketKey; usertype ExpiredTimeStamp; const Fresh: Function; const Compromised: Function; protocol neustub-Hwang(I,R,S) { role I { fresh Ni,Mi: Nonce; var Nr,Mr: Nonce; var T: Ticket; var Tb: TimeStamp; var Kir: SessionKey; send_1(I,R, I, Ni); read_!3(S,I, { R,Ni,Kir,Tb}k(I,S), T, Nr); send_4(I,R,T,{Nr}Kir); send_5(I,R,Mi,T); read_6(R,I,Mr,{Mi}Kir); send_7(I,R,{Mr}Kir); claim_I1(I,Secret, Kir); claim_I2(I,Niagree); claim_I3(I,Nisynch); claim_I4(I,Empty,(Fresh,Kir)); } role R { var Ni,Mi: Nonce; fresh Nr,Mr: Nonce; var Kir: SessionKey; fresh Tb: TimeStamp; var T: Ticket; read_1(I,R, I, Ni); send_!2(R,S, R, {I, Ni, Tb, Nr}k(R,S)); read_4(I,R,{I,Kir,Tb}k(R,S),{Nr}Kir); read_5(I,R,Mi,T); send_6(R,I,Mr,{Mi}Kir); read_7(I,R,{Mr}Kir); claim_R1(R,Secret, Kir); claim_R2(R,Niagree); claim_R3(R,Nisynch); claim_R4(R,Empty,(Fresh,Kir)); } role S { var Ni, Nr: Nonce; fresh Kir: SessionKey; var Tb: TimeStamp; read_!2(R,S, R, {I,Ni,Tb,Nr}k(R,S)); send_!3(S,I, { R, Ni, Kir, Tb}k(I,S), { I,Kir,Tb}k(R,S),Nr ); } }