613seq1.spl - 1 INITIATOR 1 RESPONDER : one attack found


AuthenticateINITIATORAliceToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Alice))
{true}


AuthenticateINITIATORBobToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Bob))
{true}


AuthenticateRESPONDERAliceToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Alice))

signal.Commit2.INITIATOR_role.Alice.Alice.Na

Alice believes she has completed a run of the protocol, taking role INITIATOR, with Alice, using data items Na

env.Alice.(Env0,Alice)
signal.Running1.INITIATOR_role.Alice.Alice.Na
intercept.Alice.Alice.(Msg1,Encrypt.(Shared_.(Alice,Alice),<Na,Alice>))
fake.Alice.Alice.(Msg2,Encrypt.(Shared_.(Alice,Alice),<Na,Alice>))
signal.Commit2.INITIATOR_role.Alice.Alice.Na

0.         ->  Alice  : Alice
  Alice believes she is running the protocol, taking role INITIATOR, with Alice, using data items Na
1.  Alice  -> I_Alice : {Na, Alice}{Shared(Alice, Alice)}
2. I_Alice ->  Alice  : {Na, Alice}{Shared(Alice, Alice)}
  Alice believes she has completed a run of the protocol, taking role INITIATOR, with Alice, using data items Na


AuthenticateRESPONDERBobToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Bob))
{true}



613seq2.spl - 1 INITIATOR 1 RESPONDER (Non-self authenticated) 
: no attacks found 


AuthenticateINITIATORAliceToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Alice))
{true}


AuthenticateINITIATORBobToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Bob))
{true}


AuthenticateRESPONDERAliceToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Alice))
{true}


AuthenticateRESPONDERBobToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Bob))
{true}



613seq3.spl - 2 INITIATORS 1 RESPONDER (Non-self authenticated) 
: one attack found 


AuthenticateINITIATORAliceToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Alice))
{true}


AuthenticateINITIATORBobToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Bob))
{true}


AuthenticateRESPONDERAliceToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Alice))
{true}


AuthenticateRESPONDERBobToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Bob))

signal.Running2.RESPONDER_role.Bob.Alice.Nb
signal.Commit2.INITIATOR_role.Alice.Bob.Nb
signal.Commit2.INITIATOR_role.Alice.Bob.Nb

Bob believes he is running the protocol, taking role RESPONDER, with Alice, using data items Nb
  Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Nb
  Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Nb

env.Alice.(Env0,Bob)
signal.Running1.INITIATOR_role.Alice.Bob.Na
comm.Alice.Bob.(Msg1,Encrypt.(Shared_.(Bob,Alice),<Na,Bob>))
signal.Running2.RESPONDER_role.Bob.Alice.Nb
env.Alice.(Env0,Bob)
signal.Running1.INITIATOR_role.Alice.Bob.Na
intercept.Alice.Bob.(Msg1,Encrypt.(Shared_.(Bob,Alice),<Na,Bob>))
comm.Bob.Alice.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Nb,Alice>))
signal.Commit2.INITIATOR_role.Alice.Bob.Nb
fake.Bob.Alice.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Nb,Alice>))
signal.Commit2.INITIATOR_role.Alice.Bob.Nb

0.       -> Alice : Bob
  Alice believes she is running the protocol, taking role INITIATOR, with Bob, using data items Na
1. Alice ->  Bob  : {Na, Bob}{Shared(Bob, Alice)}
  Bob believes he is running the protocol, taking role RESPONDER, with Alice, using data items Nb
0.       -> Alice : Bob
  Alice believes she is running the protocol, taking role INITIATOR, with Bob, using data items Na
1. Alice -> I_Bob : {Na, Bob}{Shared(Bob, Alice)}
2.  Bob  -> Alice : {Nb, Alice}{Shared(Alice, Bob)}
  Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Nb
2. I_Bob -> Alice : {Nb, Alice}{Shared(Alice, Bob)}
  Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Nb



613seq4.spl - 2 INITIATORS 1 RESPONDER (Alice and Bob both act as initiator,
non-self authenticated) : two attacks found 


AuthenticateINITIATORAliceToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Alice))
{true}


AuthenticateINITIATORBobToRESPONDERAgreement_na [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORToRESPONDERAgreement_na(Bob))
{true}


AuthenticateRESPONDERAliceToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Alice))

signal.Commit2.INITIATOR_role.Bob.Alice.Na1

Bob believes he has completed a run of the protocol, taking role INITIATOR, with Alice, using data items Na1

env.Bob.(Env0,Alice)
env.Alice.(Env0,Bob)
signal.Running1.INITIATOR_role.Alice.Bob.Na1
signal.Running1.INITIATOR_role.Bob.Alice.Na2
intercept.Alice.Bob.(Msg1,Encrypt.(Shared_.(Alice,Bob),<Na1,Bob>))
intercept.Bob.Alice.(Msg1,Encrypt.(Shared_.(Alice,Bob),<Na2,Alice>))
fake.Alice.Bob.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Na1,Bob>))
signal.Commit2.INITIATOR_role.Bob.Alice.Na1

0.         ->   Bob   : Alice
0.         ->  Alice  : Bob
  Alice believes she is running the protocol, taking role INITIATOR, with Bob, using data items Na1
  Bob believes he is running the protocol, taking role INITIATOR, with Alice, using data items Na2
1.  Alice  ->  I_Bob  : {Na1, Bob}{Shared(Alice, Bob)}
1.   Bob   -> I_Alice : {Na2, Alice}{Shared(Alice, Bob)}
2. I_Alice ->   Bob   : {Na1, Bob}{Shared(Alice, Bob)}
  Bob believes he has completed a run of the protocol, taking role INITIATOR, with Alice, using data items Na1


AuthenticateRESPONDERBobToINITIATORAgreement_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_nb(Bob))

signal.Commit2.INITIATOR_role.Alice.Bob.Na2

Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Na2

env.Alice.(Env0,Bob)
env.Bob.(Env0,Alice)
signal.Running1.INITIATOR_role.Bob.Alice.Na2
intercept.Bob.Alice.(Msg1,Encrypt.(Shared_.(Alice,Bob),<Na2,Alice>))
signal.Running1.INITIATOR_role.Alice.Bob.Na1
intercept.Alice.Bob.(Msg1,Encrypt.(Shared_.(Alice,Bob),<Na1,Bob>))
fake.Bob.Alice.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Na2,Alice>))
signal.Commit2.INITIATOR_role.Alice.Bob.Na2

0.       ->  Alice  : Bob
0.       ->   Bob   : Alice
  Bob believes he is running the protocol, taking role INITIATOR, with Alice, using data items Na2
1.  Bob  -> I_Alice : {Na2, Alice}{Shared(Alice, Bob)}
  Alice believes she is running the protocol, taking role INITIATOR, with Bob, using data items Na1
1. Alice ->  I_Bob  : {Na1, Bob}{Shared(Alice, Bob)}
2. I_Bob ->  Alice  : {Na2, Alice}{Shared(Alice, Bob)}
  Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Na2