From David.von.Oheimb at siemens.com Mon Aug 2 07:44:28 2010 From: David.von.Oheimb at siemens.com (David von Oheimb) Date: Mon, 02 Aug 2010 13:44:28 +0200 Subject: [Avispa-users] Temporal Logic Formula of authentication_on In-Reply-To: <20100727115343.49013kphmhzk4gkk@webmail.tu-harburg.de> References: <20100727115343.49013kphmhzk4gkk@webmail.tu-harburg.de> Message-ID: <4C56AF9C.4030600@siemens.com> Hi Ashar, better state any such questions on the avispa-users mailing list. You are lucky that you are getting a direct response this time ;-) The LTL semantics of (weak) authentication may be found at http://avispa-project.org/delivs/2.1/d2-1.pdf page 34. Here is a slightly improved version reflecting the actual translation to IF: [] (request(A,B,P,M,SID) => B=i || <-> (witness(B,A,P,M))) The LTL semantics of (additional) replay protection is: [] (request(A,B,P,M,SID) => B=i || !(<-> (request(A,B,P,M,SID?) & !(IID=IID?))) where "[]" means "Globally" and "<->" means "At some time earlier" Regards, David On 27.07.2010 11:53, Ashar Javed wrote: > > > *Dear Mr. David von Oheimb, > * > > I hope you are fine. > > Would you please tell me the temporal logic formulas of request, witness > & authentication_on clauses?. > > With Best Regards > > ashar > From enis01amor at yahoo.fr Tue Aug 3 17:14:14 2010 From: enis01amor at yahoo.fr (chikh omar) Date: Tue, 3 Aug 2010 14:14:14 -0700 (PDT) Subject: [Avispa-users] span visuasilization chart Message-ID: <736706.13008.qm@web26005.mail.ukl.yahoo.com> hello, How to set transition and state in order to visualize chart in the span. ? thanks for help ********************************************** Omar Cheikhrouhou Engineer & Researcher @SENS Lab (Software Engineering and Network Security) Higher Institute of Technological Studies - Address : Mahdia's road Km 2.5 Sfax. BP 88 A - 3099 El Bustan Sfax Telephone : (+216)74 237425 Poste : 437?Fax: : (+216)74?431?386 Ph.D @ CES Lab (Computer and Embedded System)-University of Sfax, National School of Engineers BP W, Sfax, 3038, Tunisia , Fax:(+216)74665369 Home page: http://www.ceslab.org/eng/perso.php?id=46 Coordinator C2i @ ISET Sfax (Certified C2i since 2008) -------------- next part -------------- An HTML attachment was scrubbed... URL: From enis01amor at yahoo.fr Thu Aug 5 05:35:02 2010 From: enis01amor at yahoo.fr (Omar Cheikhrouhou (yahoo)) Date: Thu, 5 Aug 2010 10:35:02 +0100 Subject: [Avispa-users] numbering sate and transition? Message-ID: <001a01cb3481$7ef545a0$7cdfd0e0$@yahoo.fr> I would like to know how to number state and transition in order to get a visualized chart in span ? Thanks a lot for clarification -------------- next part -------------- An HTML attachment was scrubbed... URL: From m_barho at encs.concordia.ca Sat Aug 21 05:54:27 2010 From: m_barho at encs.concordia.ca (m_barho at encs.concordia.ca) Date: Sat, 21 Aug 2010 05:54:27 -0400 Subject: [Avispa-users] Why agent A use intruder's public key? Message-ID: <20100821055427.4yypaioqq09w44sg@mail.encs.concordia.ca> Hello All when i compiled the following example from AVISPA manual: %A -> B: {Na.A}_Kb %B -> A: {Nb.xor(Na,B)}_Ka %A -> B: {Nb}_Kb role alice (A,B : agent, Ka,Kb : public_key, Snd,Rcv : channel (dy)) played_by A def= local State : nat, Na : message, Nb : text init State := 0 transition 1. State = 0 /\ Rcv(start) =|> State':= 1 /\ Na' := new() /\ Snd({Na'.A}_Kb) /\ witness(A,B,bob_alice_na,Na') /\ secret(Na',na,{A,B}) 2. State = 1 /\ Rcv({Nb'.xor(Na,B)}_Ka) =|> State':= 2 /\ Snd({Nb'}_Kb) /\ wrequest (A,B,alice_bob_nb,Nb') end role %?????????????????????????????????????????? role bob (B,A : agent, Kb,Ka : public_key, Snd,Rcv : channel (dy)) played_by B def= local State : nat, Na : message, Nb : text init State := 0 transition 1. State = 0 /\ Rcv({Na'.A}_Kb) =|> State':= 1 /\ Nb' := new() /\ Snd({Nb'.xor(Na',B)}_Ka) /\ witness(B,A,alice_bob_nb,Nb') /\ secret(Nb',nb,{A,B}) 2. State = 1 /\ Rcv({Nb}_Kb) =|> State':= 2 /\ wrequest(B,A,bob_alice_na,Na) end role %?????????????????????????????????????????? role session (A,B: agent, Ka, Kb : public_key) def= local SA, RA, SB, RB: channel (dy) composition alice(A,B,Ka,Kb,SA,RA) /\ bob(B,A,Kb,Ka,SB,RB) end role %?????????????????????????????????????????? role environment() def= const a, b, i : agent, ka, kb, ki : public_key, bob_alice_na, alice_bob_nb, na, nb : protocol_id intruder_knowledge = {a,b,i,ka,kb,ki,inv(ki)} composition session(a,b,ka,kb) /\ session(a,i,ka,ki) end role %?????????????????????????????????????????? goal weak_authentication_on alice_bob_nb weak_authentication_on bob_alice_na secrecy_of na, nb end goal %?????????????????????????????????????????? environment() it shows the following attack: ATTACK TRACE i -> (a,6): start (a,6) -> i: {Na(1).a}_ki i -> (b,3): {Na(1) XOR i XOR b.a}_kb (b,3) -> i: {Nb(2).Na(1) XOR i}_ka i -> (a,6): {Nb(2).Na(1) XOR i}_ka (a,6) -> i: {Nb(2)}_ki i -> (i,17): Nb(2) i -> (i,17): Nb(2) What i don't understand, why do agent A encrypts the first message using intruder's public key, while he wants to talk to B and he knows the B's public key? Can anyone help? Regards, Malek