# Neumann Stubblebine # # Modelled after the description in the SPORE library # http://www.lsv.ens-cachan.fr/spore/neumannStubblebine.html # # Note: # In SPORE this protocol is not described correctly, there are in fact 2 # different protocols (the key establishment protocol and the repeated # authentication protocol) usertype Server, SessionKey, TimeStamp, TicketKey; usertype ExpiredTimeStamp; secret k: Function; const Fresh: Function; const Compromised: Function; const kee: SessionKey; protocol neustub^Repeat(I,R,S) { fresh Kir: SessionKey; role I { fresh Mi: Nonce; var Mr: Nonce; var Kir: SessionKey; var Tr: TimeStamp; var Tb: Ticket; fresh g: Ticket; var h: Ticket; read_!chain(R,I, { R,Tr,Kir }k(I,S), Tb); send_5(I,R,Mi,{I,Kir,Tr}k(R,S),g); read_6(R,I,{Mi,Mr,g,h}Kir); send_7(I,R,{I,Mr}Kir); claim_I0(I,Secret, g); claim_I5(I,Secret, h); claim_I1(I,Secret, Kir); claim_I2(I,Niagree); claim_I3(I,Nisynch); claim_I4(I,Empty,(Fresh,Kir)); } role R { fresh Mr: Nonce; var Tr: TimeStamp; var Kir: SessionKey; var Mi: Nonce; var g: Ticket; fresh h: Ticket; read_5(I,R,Mi,{I,Kir,Tr}k(R,S),g); send_6(R,I,{Mi,Mr,g,h}Kir); read_7(I,R,{I,Mr}Kir); claim_R1(R,Secret, Kir); claim_R5(R,Secret, g); claim_R6(R,Secret, h); claim_R2(R,Niagree); claim_R3(R,Nisynch); claim_R4(R,Empty,(Fresh,Kir)); } role S { } }