scyther/spdl/misc/kerberos-rddm.spdl
2007-05-11 21:44:36 +00:00

122 lines
2.2 KiB
Plaintext

/*
* Scyther description of Kerberos as in RDDM'07
*
*/
usertype Sessionkey;
usertype Text;
secret ktk: Function;
secret kck: Function;
secret kst: Function;
protocol kerberos(C,K,T,S) {
role C {
const n1: Nonce;
const n2: Nonce;
var tgt: Ticket;
var st: Ticket;
var AKey: Sessionkey;
var SKey: Sessionkey;
const t: Text;
send_1(C,K, C,T,n1);
read_2(K,C, tgt, { AKey,n1,T }kck(C,K) );
// Stage boundary
send_3(C,T, tgt, { C }AKey,C,S,n2 );
read_4(T,C, C, st, { SKey, n2, S }AKey );
// Stage boundary
send_5(C,S, st, { C,t }SKey );
read_6(S,C, { t }SKey );
// Theorem 5 (a)
// If C,K are honest
claim(C,Reachable);
// Theorem 6 (a)
// If C,K,T are all honest
claim(C,Secret,AKey);
// Theorem 7 (a)
// If C,K,S are all honest
claim(C, Reachable);
// Theorem 8
// If C,K,S are all honest
claim(C, Secret, SKey);
}
role K {
var n1: Nonce;
const AKey: Sessionkey;
read_1(C,K, C,T,n1);
send_2(K,C, { AKey, C }ktk(T,K), { AKey,n1,T }kck(C,K) );
// Theorem 6 (a)
// If C,K,T are all honest
claim_K1(K,Secret,AKey);
}
role T {
var AKey: Sessionkey;
var n2: Nonce;
const SKey: Sessionkey;
read_3(C,T, { AKey, C }ktk(T,K), { C }AKey,C,S,n2 );
send_4(T,C, C,{ SKey, C }kst(S,T), { SKey, n2, S }AKey );
// Theorem 5 (a)
// If C,K are honest
claim(T,Reachable);
// Theorem 6 (a)
// If C,K,T are all honest
claim(T,Secret,AKey);
// My own
claim(T,Secret,SKey);
}
role S {
var t: Text;
var SKey: Sessionkey;
read_5(C,S, { SKey, C }kst(S,T), { C,t }SKey );
send_6(S,C, { t }SKey );
// Theorem 7 (b)
// If C,K,S,T are honest
claim(S, Reachable);
// My own
claim(S, Secret, t);
claim(S, Secret, SKey);
}
}
const Alice,Bob,Charlie,Eve: Agent;
untrusted Eve;
// C untrusted
compromised kck(Eve,Alice);
compromised kck(Alice,Eve);
// K untrusted
compromised kck(Eve,Alice);
compromised kck(Alice,Eve);
compromised ktk(Eve,Alice);
compromised ktk(Alice,Eve);
// T untrusted
compromised kst(Alice,Eve);
compromised kst(Eve,Alice);
compromised ktk(Eve,Alice);
compromised ktk(Alice,Eve);
// S untrusted
compromised kst(Alice,Eve);
compromised kst(Eve,Alice);