# Kao Chow Authentication v.1 # # Modelled after the description in the SPORE library # http://www.lsv.ens-cachan.fr/spore/kaoChow1.html # # Note: # This protocol uses a ticket so scyther will only be able to verify # the protocol using the ARACHNE engine (-a) # usertype SessionKey; secret k: Function; const Fresh: Function; const Compromised: Function; protocol kaochow^KeyCompromise(C) { // Read the names of 3 agents and disclose a session between them including // corresponding session key to simulate key compromise role C { const Ni,Nr: Nonce; const Kir: SessionKey; var I,R,S: Agent; read_C1(C,C, I,R,S); send_C2(C,C, (I,R,Ni), {I,R,Ni,Kir}k(I,S), {I,R,Ni,Kir}k(R,S), {Ni}Kir, Nr, {Nr}Kir, Kir ); claim_C3(C,Empty, (Compromised,Kir)); } } protocol kaochow(I,R,S) { role I { const ni: Nonce; var nr: Nonce; var kir: SessionKey; send_1 (I,S, I,R,ni); read_3 (R,I, {I,R,ni,kir}k(I,S), {ni}kir, nr ); send_4 (I,R, {nr}kir ); claim_I1 (I, Nisynch); claim_I2 (I, Niagree); claim_I3 (I, Secret, kir); claim_I4 (I, Empty, (Fresh,kir)); } role R { var ni: Nonce; const nr: Nonce; var kir: SessionKey; var T; read_2 (S,R, T, { I,R,ni,kir }k(R,S) ); send_3 (R,I, T, {ni}kir, nr ); read_4 (I,R, {nr}kir ); claim_R1 (R, Nisynch); claim_R2 (R, Niagree); claim_R3 (R, Secret, kir); claim_R4 (R, Empty, (Fresh,kir)); } role S { var ni: Nonce; const kir: SessionKey; read_1 (I,S, I,R,ni); send_2 (S,R, {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) ); } } const Alice,Bob,Simon,Eve: Agent; untrusted Eve; const ne: Nonce; const te: Ticket; const ke: SessionKey; compromised k(Eve,Eve); compromised k(Eve,Alice); compromised k(Eve,Bob); compromised k(Eve,Simon); compromised k(Alice,Eve); compromised k(Bob,Eve); compromised k(Simon,Eve);