From justashar at gmail.com Tue Jun 1 09:05:17 2010 From: justashar at gmail.com (Ashar Javed) Date: Tue, 1 Jun 2010 15:05:17 +0200 Subject: [Avispa-users] HLPSL + OFMC Error Message-ID: Hello I hope all are fine. I am working on the VALIDATION OF SMART CARD SECURITY PROTOCOLS USING AVISPA. I have started modeling the protocols in HLPSL. I am in need of your LITTLE GUIDANCE regarding that i.e I am in need of your some valuable comments on HLPSL (Given Below) The HLPSL works fine and AVISPA founds that the PROTOCOL is UNSAFE. The problem is that in role "*ifd*" *State' := 6*. One of the line is */\ ENC_MSG' := {S}_ Kenc'* and it works fine with it but it should be */\ ENC_MSG' := {S'}_Kenc'*. *BY* *ADDING PRIME on S OFMC gives error while Cl-AtSe gives attack found. I do not know WHY OFMC gives error.* With Best Regards ashar %%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%% %%PROTOCOL : SYMMETRIC AUTHENTICATION SCHEME %%PURPOSE : Two Party i.e Interface Device & Integrated Circuit Cards mutual authentication %%REFERENCE : ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf %%REFERENCE : Chapter 8 , Page Number 59-63 %%MODEL AUTHOR : Ashar Javed %%MODEL LIMITATIONS : %% 1) Each Session has a unique Sequence Number & Random Number whenever NEEDED %% 2) No resumption of previous session regarding Instruction bytes (Ins) and Data (Le) %%PROBLEMS CONSIDERED : 2 %% 1) authentication on ifd_icc_msg %% 2) authentication on icc_ifd_msg %% HLPSL (High Level Protocol Specification Language) Specification %% ifd stands for Interface Device role ifd (A, B: agent, KIFD: symmetric_key, Hash : hash_func, SND, RCV: channel (dy)) played_by A def= local State : nat, Kenc : symmetric_key, %% Key for Encryption Kmac : symmetric_key, %% Key for Message Authentication Code SQN_IFD : message, %% Sequence Number (Interface Device) RND_IFD : message, %% Random Challenge (Interface Device) SQN_ICC : message, %% Sequence Number (Integrated Circuit Card) RND_ICC : message, %% Random Challenge (Integrated Circuit Card) Ins : text, %% Instruction Byte P1 : text, %% Parameter Byte 1 P2 : text, %% Parameter Byte 2 Le : text, %% Get all Data S,X : message, %% Symbol Used in Protocol for message ATH_MSG : message, %% Authenticated Message ENC_MSG : message, %% Encrypted Message MUT_AUT_MSG_IFD : message, %% Mutually Authenticated Message Interface Device MUT_AUT_MSG_ICC : message %% Mutually Authenticated Message from ICC init State := 0 transition %% Interface Device as a starting POINT to run the protocl 0. State = 0 /\ RCV(start) =|> State' := 2 /\ Ins' := new() /\ Le' := new() /\ P1' := new() /\ P2' := new() /\ SND(Ins'.Le'.P1'.P2') %% Get Data Command(INS , P1 , P2, Le) 2. State = 2 /\ RCV(SQN_ICC') =|> State' := 4 /\ Ins' := new() /\ Le' := new() /\ SND(Ins'.Le') %% Get Challenge Command(INS , Le) 4. State = 4 /\ RCV(RND_ICC') =|> State' := 6 /\ RND_IFD' := new() /\ SQN_IFD' := new() /\ SQN_ICC' := new() /\ Ins' := new() /\ Le' := new() /\ P1' := new() /\ P2' := new() /\ Kenc' := new() /\ Kmac' := new() /\ X' := xor(RND_IFD' ,xor(SQN_IFD' , xor(SQN_ICC' ,RND_ICC'))) /\ S' := xor(KIFD,X') /\ ENC_MSG' := {S}_Kenc' /\ ATH_MSG' := ({Hash(ENC_MSG')}_Kmac') /\ MUT_AUT_MSG_IFD' := xor(ATH_MSG',ENC_MSG') %% Data /\ SND(Ins'.P1'.P2'.Le'.MUT_AUT_MSG_IFD') /\ witness(A,B,ifd_icc_msg,MUT_AUT_MSG_IFD') %% FINAL MESSAGE FOR MUTUAL AUTHENTICATION FROM IFD 6. State = 6 /\ RCV(Ins'.P1'.P2'.Le'.MUT_AUT_MSG_ICC') =|> State' := 8 /\ request(A,B,icc_ifd_msg ,MUT_AUT_MSG_ICC') end role %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% icc stands for Integrated Circuit Card role icc (A, B: agent, KICC: symmetric_key, Hash : hash_func, SND, RCV: channel (dy)) played_by B def= local State : nat, Kenc : symmetric_key, %% Key for Encryption Kmac : symmetric_key, %% Key for Message Authentication Code SQN_IFD : message, %% Sequence Number (Interface Device) RND_IFD : message, %% Random Challenge (Interface Device) SQN_ICC : message, %% Sequence Number (Integrated Circuit Card) RND_ICC : message, %% Random Challenge (Integrated Circuit Card) Ins : text, %% Instruction Byte P1 : text, %% Parameter Byte 1 P2 : text, %% Parameter Byte 2 Le : text, %% Get all Data R,Y : message, %% Symbol Used in Protocol for message ATH_MSG1 : message, %% Authenticated Message ENC_MSG1 : message, %% Encrypted Message MUT_AUT_MSG_IFD : message, %% Mutually Authenticated Message from IFD MUT_AUT_MSG_ICC : message %% Mutually Authenticated Message from ICC init State := 1 transition 1. State = 1 /\ RCV(Ins'.Le'.P1'.P2') =|> State' := 3 /\ SQN_ICC' := new() /\ SND(SQN_ICC') 3. State = 3 /\ RCV(Ins'.Le') =|> State':= 5 /\ RND_ICC' := new() /\ SND(RND_ICC') 5. State = 5 /\ RCV(Ins'.P1'.P2'.Le'.MUT_AUT_MSG_IFD') =|> State':= 7 /\ SQN_IFD' := new() /\ RND_IFD' := new() /\ SQN_ICC' := new() /\ RND_ICC' := new() /\ Y' := xor(RND_IFD' ,xor(SQN_IFD' , xor(SQN_ICC' , RND_ICC'))) /\ R' := xor(KICC,Y') /\ Kenc' := new() /\ Kmac' := new() /\ ENC_MSG1' := {R}_Kenc' /\ ATH_MSG1' := ({Hash(ENC_MSG1')}_Kmac') /\ MUT_AUT_MSG_ICC' := xor(ATH_MSG1',ENC_MSG1') /\ SND(Ins'.P1'.P2'.Le'.MUT_AUT_MSG_ICC') /\ request(A,B,ifd_icc_msg ,MUT_AUT_MSG_IFD') %% FINAL MESSAGE FOR MUTUAL AUTHENTICATION FROM ICC /\ witness(A,B,icc_ifd_msg,MUT_AUT_MSG_ICC') end role %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% role session(A, B: agent, Hash : hash_func, KIFD, KICC,Kenc,Kmac: symmetric_key ) def= local SIFD, RIFD, SICC, RICC: channel (dy) composition ifd(A,B,KIFD,Hash,SIFD,RIFD) /\ icc(A,B,KICC,Hash,SICC,RICC) end role %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% role environment() def= const a, b : agent, kifd,kicc,kenc,kmac : symmetric_key, h : hash_func, ifd_icc_msg,icc_ifd_msg : protocol_id intruder_knowledge = {a, b, kifd, kicc,ki,kenc,kmac} %% i represents intruder composition session(a,b,h,kifd,kicc,kenc,kmac) /\ session(a,i,h,kifd,ki,kenc,kmac) /\ session(i,b,h,ki,kicc,kenc,kmac) end role %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% goal %% IFD authenticates ICC on ifd_icc_msg authentication_on ifd_icc_msg %% ICC authenticates IFD on icc_ifd_msg authentication_on icc_ifd_msg end goal %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% environment() -------------- next part -------------- An HTML attachment was scrubbed... URL: From wafa.jaballah at gmail.com Sun Jun 6 13:09:53 2010 From: wafa.jaballah at gmail.com (wafa jaballah) Date: Sun, 6 Jun 2010 19:09:53 +0200 Subject: [Avispa-users] help Message-ID: Hello, I'm new to this mailing list and also to formal validation. I have learned some tutorials about programming with HLPSL and (avispa tools), and I have a question about this following code: *N':= tick(tick(tick(t_0)));* *Time/=N;* * * *What means the first and second instructions, (t_0 is a constant ). * * * * * *Best regards,* -- Wafa Ben Jaballah -------------- next part -------------- An HTML attachment was scrubbed... URL: From justashar at gmail.com Sun Jun 6 14:03:34 2010 From: justashar at gmail.com (Ashar Javed) Date: Sun, 6 Jun 2010 20:03:34 +0200 Subject: [Avispa-users] HLPSL of Diffie-Hellman Message-ID: Hello Would anybody tell me that the following HLPSL of *Diffie-Hellman Protocol*is correct or not? With Best Regards ashar %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% role ifd(A ,B : agent, G:text, SND,RCV:channel(dy)) played_by A def= local State :nat, Nf,Nsecret :text, X,K,Y :message init State:=0 transition 1. State=0 /\ RCV(start) =|> State':=2 /\ Nf':=new() /\ X' := exp(G,Nf') /\ SND (X') 2. State=2 /\ RCV(Y') =|> State':=4 /\ K':=exp(Y',Nf) /\ Nsecret':= new() /\ SND({Nsecret'}_K') /\ secret(Nsecret',sec_ifd_dhvalue,{A,B}) end role role icc (B,A:agent, G:text, SND,RCV:channel(dy)) played_by B def= local State : nat, X,Y,K : message, Ni,Nsecret: text init State:=1 transition 1. State=1 /\ RCV(X') =|> State':=3 /\ Ni':=new() /\ Y':=exp(G,Ni') /\ K' := exp(Y',Ni') /\ SND(K') 3. State=3 /\ RCV({Nsecret'}_K') =|> State':=5 end role role session (A,B:agent, G:text) def= local SND_A,RCV_A,SND_B,RCV_B:channel(dy) composition ifd(A,B,G,SND_A,RCV_A) /\ icc(B,A,G,SND_B,RCV_B) end role role environment() def= const a,b:agent, g:text, sec_ifd_dhvalue : protocol_id intruder_knowledge = {a,b,g} composition session(a,b,g) /\ session(a,i,g) /\ session (i,b,g) end role goal secrecy_of sec_ifd_dhvalue end goal environment() -------------- next part -------------- An HTML attachment was scrubbed... URL: From wafa.jaballah at gmail.com Mon Jun 7 07:47:05 2010 From: wafa.jaballah at gmail.com (wafa jaballah) Date: Mon, 7 Jun 2010 13:47:05 +0200 Subject: [Avispa-users] DoS resistance Message-ID: Hello, I want to know if I could satisfy the property of resistance to DoS attack with avispa tools. Is it possible? Is there a mean to do it or Is there a link or a referred paper which uses this tool in order to verify that the implemented scheme offer more resistance to DoS attacks? Because, in many implementations in HLPSL specifications they are dealing only with authentication, secrecy, .. ..Also, I have seen in a presentation in 62th IETF, Minneapolis March 10, 2005, "The AVISPA Project:Automated Validation of Internet Security Protocols and Applications" that avispa can also verify this property : limit to resistance attacks. I really don't know how to begin and deal with this since I have to verify that my scheme offer good resistance to DoS attacks. I will appreciate any help or suggestions, Best Regards -- Wafa Ben Jaballah -------------- next part -------------- An HTML attachment was scrubbed... URL: From wafa.jaballah at gmail.com Tue Jun 8 06:26:42 2010 From: wafa.jaballah at gmail.com (wafa jaballah) Date: Tue, 8 Jun 2010 12:26:42 +0200 Subject: [Avispa-users] heap exhausted Message-ID: Hello, I'm trying to implement a specification for a protocol, and the execution of OFMC gives me the following error: ----- Output error of OFMC : Heap exhausted; Current maximum heap size is 268435456 bytes (256 Mb); use `+RTS -M' to increase it. Please, Has someone encountered this error?What should I have to eliminate it? Best Regards, -- Wafa Ben Jaballah -------------- next part -------------- An HTML attachment was scrubbed... URL: From wafa.jaballah at gmail.com Wed Jun 9 14:17:39 2010 From: wafa.jaballah at gmail.com (wafa jaballah) Date: Wed, 9 Jun 2010 20:17:39 +0200 Subject: [Avispa-users] function definition Message-ID: hello, I'm implementing a specification for a protocol with hslpsl , and want to validate it with avispa tools. My question is : If I want to define a hash function : h which is in range [0...300]. How could I implement it ? More generally how functions are defined? because I haven't found no tutorial indicating the definition of this. Thank You, -- Best Regards, Wafa Ben Jaballah -------------- next part -------------- An HTML attachment was scrubbed... URL: From sirvi.suren at gmail.com Sun Jun 13 10:30:46 2010 From: sirvi.suren at gmail.com (Surendra Sirvi) Date: Sun, 13 Jun 2010 20:00:46 +0530 Subject: [Avispa-users] iso key establishment protocol problem Message-ID: I have tried this iso protocol code with avispa, but none of the backends are able to give output for this. Please tell me if there are any errors in my code. Avispa is unable to give output in ofmc and other backends. I even tried to increase heap size to 1gb but it hangs and doesn't give any output. thanks, surendra role alice( A,B,S : agent, Kas : symmetric_key, SND_BA,RCV_BA : channel(dy)) played_by A def= local State : nat, Na,Nb : text, Kab : symmetric_key init State := 0 transition 1. State = 0 /\ RCV_BA(start) =|> State':= 2 /\ Na' := new() /\ SND_BA(Na') 2. State = 2 /\ RCV_BA({Na.Kab'.B}_Kas.{Nb'.Na}_Kab') =|> State':= 4 /\ SND_BA({Na.Nb'}_Kab') /\ witness(A,B,bob_alice_nb,Nb') /\ request(A,B,alice_bob_na,Na) end role role server( A,B,S : agent, Kas,Kbs : symmetric_key, SND_BS,RCV_BS : channel(dy)) played_by S def= local State : nat, Nb2,Na : text, Kab : symmetric_key init State := 9 transition 1. State = 9 /\ RCV_BS(Nb2'.Na'.A) =|> State':= 11 /\ Kab':= new() /\ SND_BS({Nb2'.Kab'.A}_Kbs.{Na'.Kab'.B}_Kas) /\ secret(Kab',k,{A,B,S}) end role role bob( A,B,S : agent, Kbs : symmetric_key, SND_AB,RCV_AB,SND_SB,RCV_SB : channel(dy)) played_by B def= local State : nat, Na,Nb2,Nb : text, Kab : symmetric_key, X : {text.symmetric_key.agent}_symmetric_key init State := 1 transition 1. State = 1 /\ RCV_AB(Na') =|> State':= 3 /\ Nb2' := new() /\ SND_SB(Nb2'.Na'.A) /\ witness(B,A,alice_bob_na,Na') 2. State = 3 /\ RCV_SB({Nb2.Kab'.A}_Kbs.X') =|> State':=5 /\ Nb':= new() /\SND_AB(X'.{Nb'.Na}_Kab') /\ secret(Nb',nb,{A,B}) 3. State = 5 /\ RCV_AB({Na.Nb}_Kab) =|> State':=7 /\ request(B,A,bob_alice_nb,Nb) end role role session( A,B,S : agent, Kas,Kbs : symmetric_key) def= local SSB, RSB, SBA, RBA, SBS, RBS, SAB, RAB : channel (dy) composition alice(A,B,S,Kas,SBA,RBA) /\ bob (A,B,S,Kbs,SAB,RAB,SSB,RSB) /\ server (A,B,S,Kas,Kbs,SBS,RBS) end role role environment() def= const alice_bob_na,bob_alice_nb,k,nb : protocol_id, kas,kbs,kis : symmetric_key, a,b,s : agent intruder_knowledge = {a,b,s,kis} composition session(a,b,s,kas,kbs) /\ session(a,b,s,kas,kbs) /\ session(a,i,s,kas,kis) /\ session(i,b,s,kis,kbs) end role goal secrecy_of k secrecy_of nb authentication_on alice_bob_na authentication_on bob_alice_nb end goal environment() -- Surendra Sirvi -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjnalli at gmail.com Sun Jun 13 08:00:18 2010 From: jjnalli at gmail.com (jjnalli at gmail.com) Date: 13 Jun 2010 17:30:18 +0530 Subject: [Avispa-users] Save the Whales Message-ID: <20100613120018.7313.qmail@greenpeace.in> Spam detection software, running on the system "leary2.csoft.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see https://csoft.net/contact.html for details. Content preview: Hi , This is unbelievable! Two Greenpeace activists Junicho Sato and Toru Suzuki, known as the Tokyo Two, are on trial and could face a prolonged jail term, simply for exposing large scale embezzlement and corruption with Japan's Whaling Programme. [...] Content analysis details: (6.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.9 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date 0.0 HTML_MESSAGE BODY: HTML included in message 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.5 NULL_IN_BODY FULL: Message has NUL (ASCII 0) byte in message 1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. -------------- next part -------------- An embedded message was scrubbed... From: Subject: Save the Whales Date: 13 Jun 2010 17:30:18 +0530 Size: 2169 URL: From wafa.jaballah at gmail.com Mon Jun 14 13:25:41 2010 From: wafa.jaballah at gmail.com (wafa jaballah) Date: Mon, 14 Jun 2010 19:25:41 +0200 Subject: [Avispa-users] TA4SP output Message-ID: Hello, Could someone please explain me the following output of TA4SP backend of avispa: (what is the meaning of INCONCLUSIVE). I saw in some papers that we have tow results : INCONCLUSIVE or CORRECT. In order to have a correct result (not inconclusive), they suggest increasing the level paramter (Under-Approximation). I don't really know the difference because I have increased it but still inconclusive. What could be probably the error? How could I resolve it. SUMMARY INCONCLUSIVE DETAILS NOT SUPPORTED PROTOCOL C:\SPAN\testsuite\results\tesla.if GOAL SECRECY BACKEND TA4SP COMMENTS some rules may be not fired so TA4SP does not do the verification STATISTICS Translation: 0.04 seconds Your help is very appreciated. -- Best Regards, Wafa Ben Jaballah -------------- next part -------------- An HTML attachment was scrubbed... URL: From wafa.jaballah at gmail.com Wed Jun 23 16:32:30 2010 From: wafa.jaballah at gmail.com (wafa jaballah) Date: Wed, 23 Jun 2010 22:32:30 +0200 Subject: [Avispa-users] execution of a protocol under AVISPA Message-ID: Hello, I have two questions about protocol execution under AVISPA: 1) I want to know if the value of Depth has an impact on the output of the back-end OFMC or cl-ATSE. 2) Also, I want to execute my protocol using SATMC. But, I don't know why windows advertize me that I should open a file satmc.bash? How could I procced to execute the protocol using SATMC because I don't find any tutorial that illustrates this execution. Your help will be very appreciated. -- Best Regards, Wafa Ben Jaballah -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjnalli at gmail.com Thu Jun 24 03:18:49 2010 From: jjnalli at gmail.com (Jiss) Date: 24 Jun 2010 12:48:49 +0530 Subject: [Avispa-users] (no subject) Message-ID: <20100624071849.25724.qmail@greenpeace.in> An HTML attachment was scrubbed... URL: From jjnalli at gmail.com Thu Jun 24 03:20:58 2010 From: jjnalli at gmail.com (Jiss) Date: 24 Jun 2010 12:50:58 +0530 Subject: [Avispa-users] (no subject) Message-ID: <20100624072058.3612.qmail@greenpeace.in> An HTML attachment was scrubbed... URL: From David.von.Oheimb at siemens.com Sat Jun 26 04:55:51 2010 From: David.von.Oheimb at siemens.com (David von Oheimb) Date: Sat, 26 Jun 2010 10:55:51 +0200 Subject: [Avispa-users] Need Guidance Regarding HLPSL In-Reply-To: <20100625204215.18025tmmj6urb04c@webmail.tu-harburg.de> References: <20100625204215.18025tmmj6urb04c@webmail.tu-harburg.de> Message-ID: <4C25C097.8080106@siemens.com> Dear Asahr, > I am in need of your help regarding the HLPSL. I had seen your responses > at the AVISPA mailing list. Now it seems that mailing list is not active > because no one is responding the queries. that's a shame. > I hope that you will help me. > I had written the HLPSL of the smart card security protocol when smart > card used as a type of secure signature creation devices > (ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf). > The HLPSL that I had written works fine in AVISPA and result is that > PROTOCOL is SAFE but I am not sure that I had modeled it correctly or not. This is difficult to say without having a close look at both the informal specification and the formal HLPSL model. Typically, if you are a student, your supervisor should guide/assist you on that. Just one general hint: an important (but not sufficient) check if the model is sensible is to test whether it can be executed to its very end. To check this, you can for example add "SND(Kicc)" in the last step 13. In this case, the model checkers should report a secrecy goal violation. Hope this helps, David > --------------------------------------------------------------------------------------------------------------------------- > > %%PROTOCOL : KEY TRANSPORT PROTOCOL > %%PURPOSE : Device Authentication with Key Transport Scheme > %%REFERENCE : > *ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf* > %%REFERENCE : Chapter *8* , Page Number *38-47* > %%MODEL AUTHOR : Ashar Javed > %%MODEL LIMITATIONS : > %% 1) Key Transport Protocol includes provisions for the optional > exchange of public-key certificates in the %% beginning. This > is not included in the model for now. > %% 2) Public key of authorized certification authority is present in ICC > %%PROBLEMS CONSIDERED : 4 > %% 1) authentication on ifd_icc_msg_signature > %% 2) authentication on icc_ifd_msg_signature > %% 3) authetication on ifd_icc_msg > %% 4) secrecy of sec_ifdkey, sec_icckey > %% HLPSL (High Level Protocol Specification Language) Specification > %% ifd stands for Interface Device > > role ifd (A, B: agent, > Kifd , Kca: public_key, > Hash : hash_func, > SND, RCV: channel (dy)) played_by A def= > local > State : nat, > Kicc : public_key, %% Key for Encryption > RND_IFD : nat, %% Random Challenge (Interface Device) > RND_ICC : nat, %% Random Challenge (Integrated > Circuit Card) > Data : text, %% Get all Data > SIG : message, %% Symbol Used in Protocol for > message > PRND : nat %% Padding Random Number > > const > ok : text, > sn_ifd : nat, > sn_icc : nat, > two_a : nat, > zero_zero : nat, > ae : nat, > b0 : nat, > eight_four : nat, > two_two : nat, > c1 : nat, > a4 : nat, > eight_eight : nat, > eight : nat > init > State := 0 > > transition > > %% Interface Device as a starting POINT to run the protocol > > 0. State = 0 /\ RCV(start) =|> > State' := 2 /\ SND({Hash (A.Kifd)}_inv(Kca)) %% > PK.CAifd.CS_AUTH (Selection of Verification Key by PK.CAifd.CS_AUT) > > 2. State = 2 /\ RCV(ok) =|> > State' := 4 /\ Data' := ({Hash (A.Kifd)}_inv(Kifd)) %% > IFD sends a authorized card verifiable certificate > /\ SND (two_a.zero_zero.ae.Data') %% > PSO (Perform Security Operation) Command > /\ witness(A,B,ifd_icc_msg,Data') > > > > 4. State = 4 /\ RCV(ok) =|> > State' := 6 /\ SND > (b0.eight_four.zero_zero.zero_zero) %% Read Binary > Command > > 6. State = 6 /\ RCV({Hash (B.Kicc)}_inv(Kicc)) =|> > State' := 8 /\ Data' := xor (Hash(inv(Kicc)),Hash(Kifd)) %% > Manage Secret Environment (MSE) > /\ SND (two_two.c1.a4.Data') > > 8. State = 8 /\ RCV(ok) =|> > State' := 10 /\ RND_IFD' := new() > /\ Data' := xor(sn_ifd,RND_IFD') > /\ SND > (eight_eight.zero_zero.zero_zero.Data') %% Internal > Authenticate command > > 10. State = 10 /\ RCV({SIG'}_Kicc) =|> > State' := 12 /\ SND (eight_four.eight) > /\ request(A,B,icc_ifd_msg_signature,SIG') > > > > 12. State = 12 /\ RCV(RND_ICC') =|> > State' := 14 /\ PRND' := new() > /\ SIG' := {(xor(PRND',xor(Kifd, > Hash(xor(PRND',xor(Kifd,Data))))))}_inv(Kifd) > /\ SND ({SIG'}_Kifd) > /\ witness(A,B,ifd_icc_msg_signature,SIG') > /\ secret (Kifd,sec_ifdkey,{A,B}) > > > end role > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > > %% icc stands for Integrated Circuit Card > > role icc (A, B: agent, > Kicc , Kca: public_key, > Hash : hash_func, > SND, RCV: channel (dy)) played_by B def= > > local > State : nat, > Kifd : public_key, %% Key for Encryption > RND_ICC : nat, %% Random Challenge > (Integrated Circuit Card) > PRND : nat, %% Padding Random Number > Data : text, %% Get all Data > SIG : message %% Symbol Used in > Protocol for message > > > const > ok : text, > sn_ifd : nat, > sn_icc : nat, > two_a : nat, > zero_zero : nat, > ae : nat, > b0 : nat, > eight_four : nat, > two_two : nat, > c1 : nat, > a4 : nat, > eight_eight : nat, > eight : nat > > init > State := 1 > > transition > > 1. State = 1 /\ RCV({Hash (A.Kifd)}_inv(Kca)) =|> > State' := 3 /\ SND (ok) > > > 3. State = 3 /\ RCV(two_a.zero_zero.ae.Data') =|> > State':= 5 /\ SND(ok) > /\ request(A,B,ifd_icc_msg,Data') > > > 5. State = 5 /\ RCV(b0.eight_four.zero_zero.zero_zero) =|> > State':= 7 /\ SND ({Hash (B.Kicc)}_inv(Kicc)) %% ICC > Authorized Certificate > > 7. State = 7 /\ RCV(two_two.c1.a4.Data') =|> > State':= 9 /\ SND (ok) %% ICC > Authorized Certificate > > 9. State = 9 /\ RCV(eight_eight.zero_zero.zero_zero.Data') =|> > State':= 11 /\ PRND' := new() > /\ SIG' := {(xor(PRND',xor(Kicc, > Hash(xor(PRND',xor(Kicc,Data'))))))}_inv(Kicc) > /\ SND ({SIG'}_Kicc) > /\ witness(A,B,icc_ifd_msg_signature,SIG') > /\ secret (Kicc,sec_icckey,{A,B}) > > 11. State = 11 /\ RCV(eight_four.eight) =|> > State':= 13 /\ RND_ICC' := new() > /\ SND(RND_ICC') > > 13. State = 13 /\ RCV({SIG'}_Kifd) =|> > State':= 15 /\ SND(ok) > /\ request(A,B,ifd_icc_msg_signature,SIG') > > > end role > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > > role session(A, B: agent, > Hash : hash_func, > Kifd, Kicc , Kca: public_key > ) > > def= > > local SIFD, RIFD, SICC, RICC: channel (dy) > > composition > > ifd(A,B,Kifd,Kca,Hash,SIFD,RIFD) > /\ icc(A,B,Kicc,Kca,Hash,SICC,RICC) > > end role > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > > role environment() def= > > const a, b : agent, > kifd,kicc,kca : public_key, > h : hash_func, > > ifd_icc_msg,icc_ifd_msg_signature,ifd_icc_msg_signature,sec_ifdkey,sec_icckey > : protocol_id > > intruder_knowledge = {a, b, kifd, kicc, kca, ki , inv(ki) , > {i.ki}_inv(kca)} %% i represents intruder > > composition > > session(a,b,h,kifd,kicc,kca) > /\ session(a,i,h,kifd,ki,kca) > /\ session(i,b,h,ki,kicc,kca) > > end role > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > > goal > > > secrecy_of sec_ifdkey,sec_icckey > > %% IFD authenticates ICC on ifd_icc_msg > > authentication_on ifd_icc_msg > > authentication_on icc_ifd_msg_signature > > authentication_on ifd_icc_msg_signature > > end goal > > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > > environment() > From rtanner1 at trinity.edu Tue Jun 29 12:37:38 2010 From: rtanner1 at trinity.edu (Ryan Tanner) Date: Tue, 29 Jun 2010 11:37:38 -0500 Subject: [Avispa-users] Is the source to AVISPA available? Message-ID: <66367F63-D6A1-4D49-A9B0-E3CB3223B2B7@trinity.edu> Hello everyone, I am new to the AVISPA mailing list. I am a student at the University of Houston working this summer on validation of security protocols and I was wondering if the source code to AVISPA is available. I cannot find it on the project website but I'm hoping someone here knows the answer. Thank you all, Ryan Tanner From luca.vigano at univr.it Tue Jun 29 13:02:21 2010 From: luca.vigano at univr.it (Luca Vigano`) Date: Tue, 29 Jun 2010 19:02:21 +0200 Subject: [Avispa-users] Is the source to AVISPA available? In-Reply-To: <66367F63-D6A1-4D49-A9B0-E3CB3223B2B7@trinity.edu> References: <66367F63-D6A1-4D49-A9B0-E3CB3223B2B7@trinity.edu> Message-ID: <3FBD592E-59BB-4800-B928-24E028A97E33@univr.it> Hi Ryan on the main page of the AVISPA project there is a link called "Download the AVISPA Tool", which points to http://www.avispa-project.org/download.html You can also find newer versions of some of the back-ends at www.avantssar.eu. Kind regards, luca. On Jun 29, 2010, at 18:37 , Ryan Tanner wrote: > Hello everyone, > > I am new to the AVISPA mailing list. I am a student at the University of Houston working this summer on validation of security protocols and I was wondering if the source code to AVISPA is available. I cannot find it on the project website but I'm hoping someone here knows the answer. > > Thank you all, > Ryan Tanner > _______________________________________________ > Avispa-users mailing list > Avispa-users at avispa-project.org > http://mail63.csoft.net/mailman/listinfo/avispa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: