scyther/spdl/SPORE/kaochow-v3.spdl
gijs 0f54f2ed23 - Update modeling of needham schroeder to better reflect the modelling in
SPORE:
    - pk is not known to all agents, only pk(Simon) is known
- Use new naming convention:
    - Protocol name starting with an @ means internal protocol
    - For non internal protocols naming is as follows:
      protocolname-variant^subprotocol
    For example: yahalom-Lowe^KeyCompromise meaning the key compromise sub
    protocol of the Lowe variant of the Yahalom protocol.
2005-08-15 13:31:48 +00:00

111 lines
2.7 KiB
Plaintext

# Kao Chow Authentication v.3
#
# Modelled after the description in the SPORE library
# http://www.lsv.ens-cachan.fr/spore/kaoChow3.html
#
# Note:
# This protocol uses a ticket so scyther will only be able to verify
# the protocol using the ARACHNE engine (-a)
#
usertype SessionKey;
usertype ExpiredTimeStamp;
usertype TimeStamp;
secret k: Function;
const Fresh: Function;
const Compromised: Function;
protocol kaochow-3^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
role C {
const Ni,Nr: Nonce;
const Kir,Kt: SessionKey;
const T2: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R,Ni),
{I,R,Ni,Kir,Kt}k(I,S),
{I,R,Ni,Kir,Kt}k(R,S),
{Ni,Kir}Kt,
Nr,
{I,R,T2,Kir}k(R,S),
{Nr,Kir}Kt,
Kir
// Kt
);
claim_C3(C,Empty, (Compromised,Kir));
// claim_C4(C,Empty, (Compromised,Kt));
}
}
protocol kaochow-3(I,R,S)
{
role I
{
const ni: Nonce;
var nr: Nonce;
var kir,kt: SessionKey;
var T2: Ticket;
send_1 (I,S, I,R,ni);
read_3 (R,I, {I,R,ni,kir,kt}k(I,S), {ni, kir}kt, nr, T2 );
send_4 (I,R, {nr,kir}kt, T2 );
claim_I1 (I, Nisynch);
claim_I2 (I, Niagree);
claim_I3 (I, Secret, kir);
claim_I4 (I, Empty, (Fresh,kir));
}
role R
{
var ni: Nonce;
const nr: Nonce;
var kir,kt: SessionKey;
var T: Ticket;
const tr: TimeStamp;
read_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
send_3 (R,I, T, {ni, kir}kt, nr, {I,R,tr,kir}k(R,S) );
read_4 (I,R, {nr,kir}kt, {I,R,tr,kir}k(R,S) );
claim_R1 (R, Nisynch);
claim_R2 (R, Niagree);
claim_R3 (R, Secret, kir);
claim_R4 (R, Empty, (Fresh,kir));
}
role S
{
var ni: Nonce;
const kir, kt: SessionKey;
read_1 (I,S, I,R,ni);
send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
}
}
const Alice,Bob,Simon,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Ticket;
const ke: SessionKey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);
run kaochow-3.I(Agent,Agent,Simon);
run kaochow-3.R(Agent,Agent,Simon);
run kaochow-3.S(Agent,Agent,Simon);
run kaochow-3.I(Agent,Agent,Simon);
run kaochow-3.R(Agent,Agent,Simon);
run kaochow-3.S(Agent,Agent,Simon);