# Amended Needham Schroeder Symmetric Key # # Modelled after the description in the SPORE library # http://www.lsv.ens-cachan.fr/spore/nssk_amended.html # # # Note: # According to SPORE there are no attacks on this protocol, scyther # finds one however. This has to be investigated further. # Model dec that is invertible by inc const dec,inc: Function; inversekeys(dec,inc); usertype SessionKey; const Fresh: Function; const Compromised: Function; protocol needhamschroedersk-amend(I,R,S) { role I { fresh Ni: Nonce; var Nr: Nonce; var Kir: SessionKey; var T,T2: Ticket; send_1(I,R,I); read_2(R,I,T); send_3(I,S,(I,R,Ni,T)); read_4(S,I, {Ni,R,Kir,T2}k(I,S)); send_5(I,R,T2); read_6(R,I,{Nr}Kir); send_7(I,R,{{Nr}dec}Kir); claim_I2(I,Secret,Kir); claim_I3(I,Nisynch); claim_I4(I,Empty,(Fresh,Kir)); } role R { fresh Nr: Nonce; var Kir: SessionKey; read_1(I,R,I); send_2(R,I,{I,Nr}k(R,S)); read_5(I,R,{Kir,Nr,I}k(R,S)); send_6(R,I,{Nr}Kir); read_7(I,R,{{Nr}dec}Kir); claim_R1(R,Secret,Nr); claim_R3(R,Nisynch); claim_R4(R,Empty,(Fresh,Kir)); } role S { var Ni,Nr: Nonce; fresh Kir: SessionKey; read_3(I,S,(I,R,Ni,{I,Nr}k(R,S))); send_4(S,I,{Ni,R,Kir,{Kir,Nr,I}k(R,S)}k(I,S)); } }