Maude-NPA

Repository of protocol specifications in Maude-NPA

Home
Denning–Sacco Otway-Rees Amended Needham Schroeder Wide Mouthed Frog Yahalom Carlsen’s Secret Key Initiator ISO 5-pass Authentication Woo and Lam Authentication Kao-Chow Kao-Chow with handshake key Kao-Chow with tickets Secret 06 & 07 Diffie-Hellman
Needham Schroeder Lowe ECB
Needham Schroeder Lowe XOR TMN Wired Equivalent Privacy Smart Cards (SK3)
IBM CCA CCA 0 CCA 0 Küesters IBM’s recommendations to avoid CCA-0’s attack Yubikey
PKCS#11
Choice Protocols Distance-Bounding Protocols Hash Functions Vulnerabilities Contact and links

Needham-Schroeder-Lowe Modified Protocol with ECB

The algebraic property that is used in this protocol is the homomorphism over the encryption. This property is specified as follows: {[x, y]}z= [{x}z, {y}z]. The protocol specification in "Alice-Bob" notation is as follows:
  1. A -> B: Kb:(A,Na)
  2. B -> A: Ka:(B,Nb,Na)
  3. A -> B: Kb:Nb
For this protocol we considered the following executions:
  1. A regular execution of the protocol (denoted by attack-state (0)).
  2. An execution in which the intruder finds out the Session key generated by the server (denoted by attack-state(1)).
  3. An execution where Bob completed the protocol believing that talks to Alice, but it is not so (attack-state (2)).

After the analysis of this protocol in Maude-NPA, the tool found an initial state corresponding to attack-state(0), which shows a completed regular execution of the protocol. However, the tool did not find any initial state for attack-state(1) and attack-state(2) which proves, respectively, that the protocol is secure against an attack to obtain the session key and against an authentication attack.

To download the complete protocol specification in Maude-NPA syntax and outputs, click HERE