From arnab.smtp at gmail.com Sat May 1 02:11:15 2010 From: arnab.smtp at gmail.com (Arnab Chakraborty) Date: Sat, 1 May 2010 11:41:15 +0530 Subject: [Avispa-users] INIT Problem In-Reply-To: References: Message-ID: Here is an extract from my HLPSL specification: *role environment() def= local NHPwdA, NHPwdB, TempA, TempB : message, N : nat, Keyring : (agent.nat.message) set const a, b, s : agent, md5, inr : hash_func, sks : symmetric_key, apasswd, bpasswd, login, ok : text, fake : protocol_id init N := 1 /\ NHPwdA := md5(md5(xor(apasswd, N))) /\ TempA := xor(NHPwdA, md5(sks.a)) /\ NHPwdB := md5(md5(xor(bpasswd, N))) /\ TempB := xor(NHPwdB, md5(sks.b)) /\ Keyring := {a.N.TempA, b.N.TempB} intruder_knowledge = {a, b, s, md5, inr, login, ok} composition session(a, s, apasswd, sks, Keyring) end role* It is generating the following error : *%% Semantical warning: incomplete instantiation of a role call. %% The following variables have no value: apply(md5,apply(md5,xor(apasswd,N))), xor(NHPwdA,apply(md5,pair(sks,a))), apply(md5,apply(md5,xor(bpasswd,N))), xor(NHPwdB,apply(md5,pair(sks,b))), set(pair(a,pair(N,TempA)),pair(b,pair(N,TempB)))* It seems there is something wrong with the *init *section, but I cannot figure out what. Can anyone help, please! Regards, Aki -------------- next part -------------- An HTML attachment was scrubbed... URL: From dikeukaegbu at yahoo.com Sat May 1 04:50:28 2010 From: dikeukaegbu at yahoo.com (Dike Andrew Ukaegbu) Date: Sat, 1 May 2010 01:50:28 -0700 (PDT) Subject: [Avispa-users] [Avispa User] Case study on IKE Message-ID: <706707.97863.qm@web51603.mail.re2.yahoo.com> I am looking for a documentation on a case study for IKE in AVISPA framework. Please where can I find it. I am doing an analysis of the protocol. DIKE ANDREW UKAEGBU From dikeukaegbu at yahoo.com Sun May 2 16:02:23 2010 From: dikeukaegbu at yahoo.com (Dike Andrew Ukaegbu) Date: Sun, 2 May 2010 13:02:23 -0700 (PDT) Subject: [Avispa-users] [Avispa User] Case study on SIP and OTP In-Reply-To: <63046.53098.qm@web27206.mail.ukl.yahoo.com> Message-ID: <604899.98256.qm@web51604.mail.re2.yahoo.com> I am also looking for a documentation on a case study for SIP and OTP in AVISPA framework.Thank you. DIKE ANDREW UKAEGBU Heriot Watt University, Edinburgh, UK +447956970746 ? LIFE IS EITHER A DARING ADVENTURE OR NOTHING AT ALL. --- On Sun, 5/2/10, CHIKOUCHE Noureddine wrote: >From: CHIKOUCHE Noureddine Subject: Re : [Avispa-users] [Avispa User] Case study on IKE To: "Dike Andrew Ukaegbu" Date: Sunday, May 2, 2010, 10:35 AM in paper: http://www.avispa-project.org/delivs/6.1/d6-1.ps --- En date de?: Sam 1.5.10, Dike Andrew Ukaegbu a ?crit?: De: Dike Andrew Ukaegbu Objet: [Avispa-users] [Avispa User] Case study on IKE ?: avispa-users at avispa-project.org Date: Samedi 1 mai 2010, 10h50 I am looking for a documentation on a case study for IKE in AVISPA framework. Please where can I find it. I am doing an analysis of the protocol. DIKE ANDREW UKAEGBU ? ? ? _______________________________________________ Avispa-users mailing list Avispa-users at avispa-project.org http://mail63.csoft.net/mailman/listinfo/avispa-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasone.astorga at ehu.es Fri May 7 04:16:25 2010 From: jasone.astorga at ehu.es (Jasone Astorga) Date: Fri, 7 May 2010 10:16:25 +0200 Subject: [Avispa-users] 2 doubts regarding HLPSL Message-ID: <002101caedbd$9635a3a0$c2a0eae0$@astorga@ehu.es> Good afternoon everybody, I'm a newbie with the HLPSL protocol and after spending some time trying to model a security protocol with HLPSL I'm stuck with two doubts which I've been not able to solve reading the manuals: 1) Is it possible for two different agents to share a variable so that when one of them changes the value of this variable, the other sees the change? This kind of thing in order programming languages is achieved by using global variables or passing arguments by reference, but in HLPSL I'm not sure if it's possible to do something like that. 2) If I have an agent that in a given state will behave differently depending on the current value of a specific variable, how can I model it? For example, suppose that I want to model something like this: "if N=0 do SND(A), if N=1 do SND (B)" Would it be correct to write something like this in HLPSL? 1. State = 0 /\ N = 0 => State' := 1 /\ SND(A) 2. State = 0 /\ N = 1 => State' := 1 /\ SND(B) Or is there an executability problem with the second rule? Many thanks in advance!! Jasone From ychevali at irit.fr Fri May 7 04:20:53 2010 From: ychevali at irit.fr (Yannick Chevalier) Date: Fri, 7 May 2010 10:20:53 +0200 Subject: [Avispa-users] 2 doubts regarding HLPSL In-Reply-To: <885200478814862743@unknownmsgid> References: <885200478814862743@unknownmsgid> Message-ID: On Fri, May 7, 2010 at 10:16 AM, Jasone Astorga wrote: > Good afternoon everybody, > > I'm a newbie with the HLPSL protocol and after spending some time trying to > model a security protocol with HLPSL I'm stuck with two doubts which I've > been not able to solve reading the manuals: > > 1) Is it possible for two different agents to share a variable so that > when one of them changes the value of this variable, the other sees the > change? This kind of thing in order programming languages is achieved by > using global variables or passing arguments by reference, but in HLPSL I'm > not sure if it's possible to do something like that. > it is possible, but only indirectly (a bit like in C): declare a set that contains only one value and pass its name to the two roles. For this to work you will of course need to ensure that there always is at most one element in the set. 2) If I have an agent that in a given state will behave differently > depending on the current value of a specific variable, how can I model it? > For example, suppose that I want to model something like this: "if > N=0 do SND(A), if N=1 do SND (B)" > Would it be correct to write something like this in HLPSL? > > 1. State = 0 /\ N = 0 => > State' := 1 /\ SND(A) > > 2. State = 0 /\ N = 1 => > State' := 1 /\ SND(B) > > Or is there an executability problem with the second rule? > its spirit is correct, but "=>" transitions are reactions to events. You should add a RCV(smthg) (e.g. RCV(start)) to the left-hand side bests, Yannick > Many thanks in advance!! > > Jasone > > _______________________________________________ > Avispa-users mailing list > Avispa-users at avispa-project.org > http://mail63.csoft.net/mailman/listinfo/avispa-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasone.astorga at ehu.es Fri May 7 10:18:12 2010 From: jasone.astorga at ehu.es (Jasone Astorga) Date: Fri, 7 May 2010 16:18:12 +0200 Subject: [Avispa-users] 2 doubts regarding HLPSL In-Reply-To: References: <885200478814862743@unknownmsgid> Message-ID: <004701caedf0$234d1a70$69e74f50$@astorga@ehu.es> Thanks for your quick response. Regarding the second issue, the RCV(smthg) can be exactly the same in both cases: 1. State = 0 /\ N = 0 /\ RCV(A) => State' := 1 /\ SND(A) 2. State = 0 /\ N = 1 /\ RCV(A) => State' := 1 /\ SND(B) The thing is that I have done it like that and when I check it with the satmc --check_only_executability=true, it says that the second rule is not executable... Thanks! Jasone ----------------------------------- De: avispa-users-bounces at avispa-project.org [mailto:avispa-users-bounces at avispa-project.org] En nombre de Yannick Chevalier Enviado el: viernes, 07 de mayo de 2010 10:21 Para: avispa-users at avispa-project.org Asunto: Re: [Avispa-users] 2 doubts regarding HLPSL On Fri, May 7, 2010 at 10:16 AM, Jasone Astorga wrote: Good afternoon everybody, I'm a newbie with the HLPSL protocol and after spending some time trying to model a security protocol with HLPSL I'm stuck with two doubts which I've been not able to solve reading the manuals: 1) ? ? ?Is it possible for two different agents to share a variable so that when one of them changes the value of this variable, the other sees the change? This kind of thing in order programming languages is achieved by using global variables or passing arguments by reference, but in HLPSL I'm not sure if it's possible to do something like that. it is possible, but only indirectly (a bit like in C): declare a set ?that contains only one value and pass its name to the two roles. For this to work you will of course need to ensure that there always is at most? one element in the set. 2) ? ? ?If I have an agent that in a given state will behave differently depending on the current value of a specific variable, how can I model it? ? ? ? ?For example, suppose that I want to model something like this: "if N=0 do SND(A), if N=1 do SND (B)" ? ? ? ?Would it be correct to write something like this in HLPSL? 1. ? ? ?State = 0 /\ N = 0 => ? ? ? ?State' := 1 /\ SND(A) 2. ? ? ?State = 0 /\ N = 1 => ? ? ? ?State' := 1 /\ SND(B) Or is there an executability problem with the second rule? its spirit is correct, but "=>" transitions are reactions to events. You should add a RCV(smthg) (e.g. RCV(start)) to the left-hand side bests, Yannick ? Many thanks in advance!! Jasone _______________________________________________ Avispa-users mailing list Avispa-users at avispa-project.org http://mail63.csoft.net/mailman/listinfo/avispa-users From jasone.astorga at ehu.es Fri May 7 14:05:58 2010 From: jasone.astorga at ehu.es (Jasone Astorga) Date: Fri, 7 May 2010 20:05:58 +0200 Subject: [Avispa-users] HLPSL and timeouts Message-ID: <001e01caee0f$f1d37e10$d57a7a30$@astorga@ehu.es> Dear all, Is there a way of writing time-related events, such as timeouts, in HLPSL? Many thanks! Jasone -------------- next part -------------- An HTML attachment was scrubbed... URL: From sunny.misra007 at gmail.com Tue May 11 05:34:41 2010 From: sunny.misra007 at gmail.com (amit misra) Date: Tue, 11 May 2010 15:04:41 +0530 Subject: [Avispa-users] Protocol simulation OSPA Message-ID: When I m pressing the protocol simulation button in SPAN then the program is hanged and not responding message is displayed there.Can anybody help me out in this code.Please it is urgent for me. Code is : role user(A, S : agent, Skey : symmetric_key, SND_SA, RCV_SA : channel(dy)) played_by A def= local State, N : nat, H : hash_func, HashPasswd, NthResponse, Challenge, Msg1, Msg2, Msg3, Msg4, R : message, Apasswd, Nonce : text init State := 0 /\ N := 1 transition 0. State= 0 /\ RCV_SA(start) =|> State' := 2 /\ Apasswd' := new() /\ HashPasswd' := H(H(xor(Apasswd', N))) /\ SND_SA( A.HashPasswd' ) /\ secret(Apasswd',apasswd, {A, S}) 2. State = 2 /\ RCV_SA( S. ok) =|> State' := 4 /\ SND_SA(A.S.login_request) 4. State = 4 /\ RCV_SA(S.A.N.Challenge') =|> State' := 6 /\ NthResponse' := H( H( xor( Apasswd,N ) ) ) /\ R' := xor( Challenge', NthResponse') /\ Msg1' := xor(H(NthResponse'),xor(H(R'),H(xor(NthResponse',inr(N))))) /\ Msg2' := xor(H(xor(Apasswd,N)),H(H(R'))) /\ Msg3' := xor(H(xor(NthResponse',H(R'))),H(H(xor(Apasswd,inr(N))))) /\ Msg4' := xor(H(H(H(xor(Apasswd,inr(N))))),H(H(H(R')))) /\ SND_SA(Msg1'.Msg2'.Msg3'.Msg4') 6. State = 6 /\ RCV_SA(S.A.Nonce') =|> State' := 8 /\ request( S, A, auth, Nonce') end role role server( S : agent, SKey : symmetric_key, SND_AS, RCV_AS : channel(dy)) played_by S def= local X : agent, State, N : nat, H : hash_func, NthResponse, Challenge, HPasswd, HashPasswd, HR, NthCredential, H2PN1, H3PN1,Hashpasswd : message, Msg1, Msg2, Msg3, Msg4, R : message, Nonce : text init State := 1 /\ N := 1 transition 1. State = 1 /\ RCV_AS( X'.HashPasswd') =|> State' := 3 /\ HPasswd' := xor( HashPasswd', H( SKey, X' )) /\SND_AS(S. ok) 3. State = 3 /\ RCV_AS( X.S.login_request) =|> State' := 5 /\ NthResponse' := HashPasswd /\ R' := new() /\ Challenge' := xor(NthResponse', R') /\ SND_AS(S.X.N.Challenge') 5. State = 5 /\ RCV_AS( Msg1'.Msg2'.Msg3'.Msg4' ) =|> State' := 7 /\ HR' := xor( H( xor( NthResponse, inr(N) ) ), xor( Msg1', H( NthResponse ) ) ) /\ NthCredential' := H( xor( Msg2', H( HR' ) ) ) 7. State = 7 /\ NthResponse = NthCredential --|> State' := 8 /\ H2PN1' := xor( Msg3, H( xor( NthResponse, HR ) ) ) /\ H3PN1' := xor( Msg4, H( H( HR ) ) ) 8. State = 8 /\ H3PN1 = H( H2PN1 ) --|> State' := 9 /\ Nonce' := new() /\ SND_AS(S.X.Nonce') /\ witness( S, X, auth, Nonce') end role role session( A, S : agent, SKey : symmetric_key ) def= local SND_AS, RCV_AS, SND_SA, RCV_SA : channel(dy) composition user(A, S, SKey, SND_SA, RCV_SA) /\ server(S, SKey, SND_AS, RCV_AS) end role role environment() def= const a,b,s : agent, h,inr : hash_func, login_request,ok : text, apasswd,auth : protocol_id, skey : symmetric_key intruder_knowledge = { a,s, h, login_request } composition session(a, s, skey) /\ session(i, s, skey) end role goal secrecy_of apasswd authentication_on auth end goal environment() Please help me out it is so urgent............ Thanks and regards, Amit Mishra M.tech,NIT Hamirpur -------------- next part -------------- An HTML attachment was scrubbed... URL: From arnab.smtp at gmail.com Tue May 11 10:11:12 2010 From: arnab.smtp at gmail.com (Arnab Chakraborty) Date: Tue, 11 May 2010 19:41:12 +0530 Subject: [Avispa-users] Protocol simulation OSPA In-Reply-To: References: Message-ID: Dude, thats my code ... what are you doing with it??? Regards, Aki On Tue, May 11, 2010 at 3:04 PM, amit misra wrote: > When I m pressing the protocol simulation button in SPAN then the program > is hanged and not responding message is displayed there.Can anybody help me > out in this code.Please it is urgent for me. > Code is : > > > role user(A, S : agent, > > Skey : symmetric_key, > > SND_SA, RCV_SA : channel(dy)) > > > > played_by A > > def= > > local > > State, N : nat, > > H : hash_func, > > HashPasswd, NthResponse, Challenge, Msg1, Msg2, Msg3, Msg4, R : message, > > Apasswd, Nonce : text > > > > > > init > > State := 0 /\ N := 1 > > > > transition > > 0. State= 0 /\ RCV_SA(start) =|> > > State' := 2 /\ Apasswd' := new() /\ HashPasswd' := > > H(H(xor(Apasswd', N))) /\ SND_SA( A.HashPasswd' ) > > /\ secret(Apasswd',apasswd, {A, S}) > > > > 2. State = 2 /\ RCV_SA( S. ok) =|> > > State' := 4 /\ SND_SA(A.S.login_request) > > 4. State = 4 /\ RCV_SA(S.A.N.Challenge') =|> > > State' := 6 /\ NthResponse' := H( H( xor( Apasswd,N ) ) ) > > > > /\ R' := xor( Challenge', NthResponse') > > /\ Msg1' := > > xor(H(NthResponse'),xor(H(R'),H(xor(NthResponse',inr(N))))) > > /\ Msg2' := xor(H(xor(Apasswd,N)),H(H(R'))) > > /\ Msg3' := > > xor(H(xor(NthResponse',H(R'))),H(H(xor(Apasswd,inr(N))))) > > /\ Msg4' := > > xor(H(H(H(xor(Apasswd,inr(N))))),H(H(H(R')))) > > /\ SND_SA(Msg1'.Msg2'.Msg3'.Msg4') > > 6. State = 6 /\ RCV_SA(S.A.Nonce') =|> > > State' := 8 /\ request( S, A, auth, Nonce') > > end role > > > > role server( > > S : agent, > > SKey : symmetric_key, > > SND_AS, RCV_AS : channel(dy)) > > > > played_by S > > def= > > local > > X : agent, > > State, N : nat, > > H : hash_func, > > NthResponse, Challenge, HPasswd, HashPasswd, HR, NthCredential, H2PN1, > H3PN1,Hashpasswd : message, > > Msg1, Msg2, Msg3, Msg4, R : message, > > Nonce : text > > init > > State := 1 /\ N := 1 > > > > transition > > 1. State = 1 /\ RCV_AS( X'.HashPasswd') =|> > > State' := 3 /\ HPasswd' := xor( HashPasswd', H( SKey, X' )) /\SND_AS(S. > ok) > > 3. State = 3 /\ RCV_AS( X.S.login_request) =|> > > State' := 5 /\ NthResponse' := HashPasswd > > /\ R' := new() /\ Challenge' := xor(NthResponse', R') /\ > > SND_AS(S.X.N.Challenge') > > 5. State = 5 /\ RCV_AS( Msg1'.Msg2'.Msg3'.Msg4' ) =|> > > State' := 7 /\ HR' := xor( H( xor( NthResponse, inr(N) ) ), xor( Msg1', > > H( NthResponse ) ) ) > > /\ NthCredential' := H( xor( Msg2', H( HR' ) ) ) > > 7. State = 7 /\ NthResponse = NthCredential --|> > > State' := 8 /\ H2PN1' := xor( Msg3, H( xor( NthResponse, HR ) ) ) > > /\ H3PN1' := xor( Msg4, H( H( HR ) ) ) > > > > 8. State = 8 /\ H3PN1 = H( H2PN1 ) --|> > > State' := 9 /\ Nonce' := new() /\ SND_AS(S.X.Nonce') /\ witness( S, X, > > auth, Nonce') > > > > end role > > > > role session( > > A, S : agent, > > SKey : symmetric_key > > ) > > > > def= > > local > > SND_AS, RCV_AS, SND_SA, RCV_SA : channel(dy) > > > > > > composition > > user(A, S, SKey, SND_SA, RCV_SA) > > /\ server(S, SKey, SND_AS, RCV_AS) > > > > end role > > > > role environment() > > def= > > > > const > > a,b,s : agent, > > h,inr : hash_func, > > login_request,ok : text, > > apasswd,auth : protocol_id, > > skey : symmetric_key > > > > intruder_knowledge = { a,s, h, login_request } > > > > > > composition > > session(a, s, skey) > > /\ session(i, s, skey) > > > > end role > > > > goal > > secrecy_of apasswd > > authentication_on auth > > end goal > > > > environment() > > > > Please help me out it is so urgent............ > > > Thanks and regards, > Amit Mishra > M.tech,NIT Hamirpur > > _______________________________________________ > Avispa-users mailing list > Avispa-users at avispa-project.org > http://mail63.csoft.net/mailman/listinfo/avispa-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zahisalima at yahoo.fr Wed May 12 07:22:41 2010 From: zahisalima at yahoo.fr (Zahi Salima) Date: Wed, 12 May 2010 11:22:41 +0000 (GMT) Subject: [Avispa-users] Statistic for AVISPA tools Message-ID: <76268.76110.qm@web24818.mail.ird.yahoo.com> Bonjours, est-ce que se trouve des papiers ou des ?tudes concernant les statistiques de l'utilisation des outils AVISPA par rapport les autres outils (Proverify, S3A, ...) dans la v?rification des protocoles cryptographiques.. Cordialement -------------- next part -------------- An HTML attachment was scrubbed... URL: From Pascal.Lafourcade at imag.fr Wed May 12 08:56:15 2010 From: Pascal.Lafourcade at imag.fr (Pascal LAFOURCADE) Date: Wed, 12 May 2010 14:56:15 +0200 Subject: [Avispa-users] Statistic for AVISPA tools In-Reply-To: <76268.76110.qm@web24818.mail.ird.yahoo.com> References: <76268.76110.qm@web24818.mail.ird.yahoo.com> Message-ID: Hi, Of course I can mention these papers : [CLN09] Cas Cremers, Pascal Lafourcade, and Philippe Nadeau. Comparing State Spaces in Automatic Protocol Analysis .Formal to Practical Security, LNCS, volume 5458/2009, 2009. PDF | PS | Bibtex | Abstract [LTV09] Pascal Lafourcade, Vanessa Terrade and Sylvain Vigier Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties . In Proceedings of the sixth International Workshop on Formal Aspects in Security and Trust (FAST2009), November 2009, Eindhoven, the Netherlands. PDF | PS| Slide | Bibtex| Abstract On May 12, 2010, at 1:22 PM, Zahi Salima wrote: > Bonjours, > > est-ce que se trouve des papiers ou des ?tudes concernant les > statistiques de l'utilisation des outils AVISPA par rapport les > autres outils (Proverify, S3A, ...) dans la v?rification des > protocoles cryptographiques.. > > > Cordialement > > _______________________________________________ > Avispa-users mailing list > Avispa-users at avispa-project.org > http://mail63.csoft.net/mailman/listinfo/avispa-users Pascal Lafourcade -- Ma?tre de Conf?rences ? l'Universit? Joseph Fourier (UFR IMA). Home Page : http://www-verimag.imag.fr/~plafourc/ Bureau : +33 (0) 4 56 52 04 14 Mobile : +33 (0) 6 83 54 90 70 Fax : +33 (0) 4 56 52 03 44 Laboratoire VERIMAG, Equipe Distributed and Complex Systems. Centre Equation CTL1/B4D 2, avenue de Vignate 38610 Gi?res FRANCE -------------- next part -------------- An HTML attachment was scrubbed... URL: From arnab.smtp at gmail.com Mon May 17 14:54:01 2010 From: arnab.smtp at gmail.com (Arnab Chakraborty) Date: Tue, 18 May 2010 00:24:01 +0530 Subject: [Avispa-users] XOR Message-ID: Can anyone tell me a bit about the XOR in HLPSL. The AVISPA manual doesn't provide much information on its usage. Regards, Aki -------------- next part -------------- An HTML attachment was scrubbed... URL: From jwang at whu.edu.cn Wed May 19 12:47:07 2010 From: jwang at whu.edu.cn (jwang whu.edu.cn (jwang)) Date: Wed, 19 May 2010 09:47:07 -0700 Subject: [Avispa-users] About HLPSL Message-ID: HI, Now I want to use AVISPA tools to analysis a protocol,but I have a puzzle about authentication goals.What do "request and witness" mean?When I should use "request" and when I shoud use "witness"?Are there clear interpretation about authentication? Help me,thank you. Best, Juan -------------- next part -------------- An HTML attachment was scrubbed... URL: From ychevali at irit.fr Wed May 19 12:58:35 2010 From: ychevali at irit.fr (Yannick Chevalier) Date: Wed, 19 May 2010 18:58:35 +0200 Subject: [Avispa-users] About HLPSL In-Reply-To: References: Message-ID: Hi, the role of witness and request facts is to validate the existence of an injective function from events that correspond to the reception of a message to events that *witness* the sending of the message. When in the specification you want to store the fact that a message payload M is sent, use a witness with the parts of the message you want to keep track of. When you receive a message and want to query whether there is a matching witness fact, use a request fact with parts matching those of the witness fact you have written. If you do not want to test for injective authentication (and thus agree to not detect replay attacks) you can use the weak version of the request. The semantics is then only to validate the existence of a function from request to matching witness facts... best regards, Yannick On Wed, May 19, 2010 at 6:47 PM, jwang whu.edu.cn (jwang) wrote: > HI, > > Now I want to use AVISPA tools to analysis a protocol,but I have a puzzle > about authentication goals.What do "request and witness" mean?When I should > use "request" and when I shoud use "witness"?Are there clear interpretation > about authentication? > > Help me,thank you. > > Best, > Juan > > > _______________________________________________ > Avispa-users mailing list > Avispa-users at avispa-project.org > http://mail63.csoft.net/mailman/listinfo/avispa-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arnab.smtp at gmail.com Wed May 19 15:36:54 2010 From: arnab.smtp at gmail.com (Arnab Chakraborty) Date: Thu, 20 May 2010 01:06:54 +0530 Subject: [Avispa-users] About HLPSL In-Reply-To: References: Message-ID: Dear Juan, Yannick has given a very proper description of "request and witness". The way I understand *authentication* is that, sometimes (actually most of the times) while specifying a protocol it is very important to make sure that the *receiver* gets the exact message sent by the *sender*. When such an *authentication* goal is to specified in HLPSL, we use the *request* and *witness*. When a sender sends any message, he/she may issue a *witness* to denote that he/she needs the message to be correctly delivered to the receiver. On the other hand, the receiver should issue a *request* to answer the *witness*. A *witness *of the form: *witness( A, B, authNonce, Nonce')* signifies that, I am agent *A*, and I am sending a *Nonce* to agent *B* and I want to ensure that agent* B *received the exact value of* Nonce* I sent. A corresponding *request *would be of the form: *request( B, A, authNonce, Nonce')* signifies that, I am agent *B*, and I received a *Nonce* from agent *A* and I want to ensure that agent* A *sent me this value of* *the* Nonce* which I received. The *authNonce* is a constant *protocol_id *which is to identify the "witness-and-request" statements in the goals section. Although I have no idea about the internal workings of AVISPA, I like to think that when a *witness* occurs, AVISPA stores the value (note it is the value and not the name of the variable) somewhere, and compares it with the value from the *request*. If the values match, the *authentication* goal is not violated, else it is time to redesign your protocol. In the AVISPA manual it is advised to put the *witness* and *request* sections in the transitions when the values are generated and received, respectively. Note that through the *request *and *witness* sections no actual information exchange between the agents take place, that is, they do not contribute to the proceedings of the session (or protocol), it is just a way to find detect a possible attack. At first authentication goals may seems illogical but they do turn out to be very useful. For example, authentication goals can be very effectively used to point out attacks which cause one participating agent to reach the end of his/her transitions believing that he/she participated in a legal session, while the other agent may not have completed the transitions or even participated in the session. Hope I helped you. Cheers, Aki On Wed, May 19, 2010 at 10:17 PM, jwang whu.edu.cn (jwang) wrote: > HI, > > Now I want to use AVISPA tools to analysis a protocol,but I have a puzzle > about authentication goals.What do "request and witness" mean?When I should > use "request" and when I shoud use "witness"?Are there clear interpretation > about authentication? > > Help me,thank you. > > Best, > Juan > > > _______________________________________________ > Avispa-users mailing list > Avispa-users at avispa-project.org > http://mail63.csoft.net/mailman/listinfo/avispa-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jwang at whu.edu.cn Wed May 19 18:03:18 2010 From: jwang at whu.edu.cn (jwang whu.edu.cn (jwang)) Date: Wed, 19 May 2010 15:03:18 -0700 Subject: [Avispa-users] About AVISPA Message-ID: Hi, Can I define some new function in AVISPA? For example,ksig=psha1(k,?).How to describe the function "psha1"? Looking forward to your reply as soon as possible.Thank you for your help. Best, Juan -------------- next part -------------- An HTML attachment was scrubbed... URL: From zahisalima at yahoo.fr Thu May 20 10:12:19 2010 From: zahisalima at yahoo.fr (Zahi Salima) Date: Thu, 20 May 2010 14:12:19 +0000 (GMT) Subject: [Avispa-users] Detect of Attacks in HLPSL Message-ID: <781685.58176.qm@web24805.mail.ird.yahoo.com> Hello, How detect of attacks in HLPSL (technics and approaches) ? , for cases : the secrecy and authentication. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sunny.misra007 at gmail.com Fri May 21 02:08:20 2010 From: sunny.misra007 at gmail.com (amit misra) Date: Fri, 21 May 2010 11:38:20 +0530 Subject: [Avispa-users] Data is not recieved when I am using the XOR Message-ID: hi, Can anybody please help me out in handling the XOR function,i have simply implemented the program to send and recieve message using XOR but the message is not recived at user side. role user(A,S : agent, PK,SKey : symmetric_key, SND, RCV : channel(dy)) played_by A def= local State, N : nat , H : hash_func , HashPasswd, NthResponse, Challenge,K : message, Apasswd, Nonce : text init State := 0 /\ N := 1 transition 0. State= 0 /\ RCV(start) =|> State' := 2 /\ Apasswd' := new() /\ HashPasswd' := H(H(xor(Apasswd', N))) /\ SND( A.{HashPasswd'}_PK) 2. State = 2 /\ RCV(S.{K'}_PK) =|> State' := 4 /\ SND(A.S.{K'}_PK) end role role server( S : agent, PK,SKey : symmetric_key, SND, RCV : channel(dy)) played_by S def= local X : agent, State, N : nat, H : hash_func, NthResponse,HashPasswd: message, K: message, Nonce : text init State := 1 /\ N := 1 transition 1. State = 1 /\ RCV(X'.{HashPasswd'}_PK) =|> State' := 3 /\ SND(S.{ xor(HashPasswd',H(SKey.X'))}_PK) 3. State = 3 /\ RCV( X.S.{K}_PK) =|> State' := 5 /\ SND(S.ok) end role role session( A, S : agent, PK,SKey : symmetric_key) def= local SND, RCV : channel(dy) composition user(A, S,PK,SKey, SND, RCV) /\ server(S,PK,SKey, SND, RCV) end role role environment() def= const a,s : agent, h : hash_func, inr : hash_func, login_request, ok : text, apasswd, auth : protocol_id, pk,skey : symmetric_key intruder_knowledge = { a,s,h,login_request } composition session(a, s, pk,skey) /\ session(i,a,pk,skey) end role goal secrecy_of apasswd authentication_on auth end goal environment() -- Thanks and regards Amit Mishra -------------- next part -------------- An HTML attachment was scrubbed... URL: From jwang at whu.edu.cn Fri May 21 17:07:03 2010 From: jwang at whu.edu.cn (jwang whu.edu.cn (jwang)) Date: Fri, 21 May 2010 14:07:03 -0700 Subject: [Avispa-users] How to define new function in AVISPA Message-ID: Hi, Can AVISPA define some new function,for example k2=psha1(k1,?),which means that the key k2 is derived by the function psha1 whose two argumnets are key k1 and the nonce ?.But I do not know how to describe the psha1 function in HLPSL?I know HLPSL can describe hash function. Looking forward to your help. Sincerely, Juan -------------- next part -------------- An HTML attachment was scrubbed... URL: From sunny.misra007 at gmail.com Sat May 29 01:36:24 2010 From: sunny.misra007 at gmail.com (amit misra) Date: Sat, 29 May 2010 11:06:24 +0530 Subject: [Avispa-users] Please help me in handling the XOR function..... Message-ID: Hi, I am trying to simulate the protocol in which when I am sending the message containing XOR hen only some part of the massage is recieved at reciver side.For example in following code role user(A, S : agent, Skey : symmetric_key, SND_SA, RCV_SA : channel(dy)) played_by A def= local State, N : nat , Hash : hash_func , HashPasswd, NthResponse, Challenge, Msg1, Msg2, Msg3,K : message, Apasswd, Nonce : text, SKey : symmetric_key init State := 0 /\ N := 1 transition 0. State= 0 /\ RCV_SA(start) =|> State' := 2 /\ Apasswd' := new() /\ HashPasswd' := Hash(Hash(xor(Apasswd', N))) /\ SND_SA( A.HashPasswd' ) /\ secret(Apasswd',apasswd, {A, S}) 2. State = 2 /\ RCV_SA(S.NthResponse') =|> State' := 4 /\ SND_SA(A.S.login_request) 4. State = 4 /\ RCV_SA(S.ok) =|> State' := 6 /\ Msg1' := xor (HashPasswd,xor(HashPasswd,Hash(NthResponse))) /\ Msg2' := xor(Msg1',Hash(xor(Apasswd',N))) /\ Msg3' := xor(Hash(Msg1'),Hash(Hash(Apasswd',inr(N)))) /\ SND_SA(Msg1'.Msg2'.Msg3') 6. State = 6 /\ RCV_SA(S.A.Nonce') =|> State' := 8 /\ request( S, A, auth, Nonce') end role role server( S : agent, SKey : symmetric_key, SND_AS, RCV_AS : channel(dy)) played_by S def= local X : agent, State, N : nat, Hash : hash_func, NthResponse,HashPasswd,HR,NthCredential, H2PN1, H3PN1: message, Msg1, Msg2, Msg3,R,K: message, Nonce : text init State := 1 /\ N := 1 transition 1. State = 1 /\ RCV_AS(X'.HashPasswd') =|> State' := 3 /\ K' := (xor(HashPasswd',Hash(SKey.X'))) /\ SND_AS(S.K') 3. State = 3 /\ RCV_AS( X.S.login_request) =|> State' := 5 /\ SND_AS(S.ok) 5. State = 5 /\ RCV_AS( Msg1'.Msg2'.Msg3') =|> State' := 7 /\ HR' := xor( Msg1',Hash( HashPasswd )) /\ NthCredential' := xor( Msg2', HR' ) /\ Nonce' := new() /\ SND_AS(S.X.Nonce') /\ witness( S, X,auth, Nonce') end role role session( A, S : agent, SKey : symmetric_key) def= local SND_AS, RCV_AS, SND_SA, RCV_SA : channel(dy) composition user(A, S, SKey, SND_SA, RCV_SA) /\ server(S, SKey, SND_AS, RCV_AS) end role role environment() def= const a,s : agent, h : hash_func, inr : hash_func, login_request, ok : text, apasswd, auth : protocol_id, skey : symmetric_key intruder_knowledge = { a,s,h,login_request } composition session(a, s, skey) /\ session(i, s, skey) /\ session(i,a,skey) end role goal secrecy_of apasswd authentication_on auth end goal environment() In this code when the server send the message SND_SA(S.K') to the user then only h(skey.a) is recieved at the user end.If anybody knows the problem with code please tell me.................. Thanking You -- Amit Mishra -------------- next part -------------- An HTML attachment was scrubbed... URL: