616rand1.spl - 1 INITIATOR 1 RESPONDER : no attacks found


SECRET_SPEC [T= SYSTEM\diff(Sigma,Alpha_SECRETS)
{true}


AuthenticateINITIATORAliceToRESPONDERAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORAliceToRESPONDERAgreement_na(Alice))
{true}


AuthenticateINITIATORBobToRESPONDERAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORAliceToRESPONDERAgreement_na(Bob))
{true}

AuthenticateRESPONDERAliceToINITIATORAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_na(Alice))
{true}


AuthenticateRESPONDERBobToINITIATORAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_na(Bob))
{true}



616rand2.spl - 2 INITIATORS 1 RESPONDER : no attacks found


SECRET_SPEC [T= SYSTEM\diff(Sigma,Alpha_SECRETS)
{true}


AuthenticateINITIATORAliceToRESPONDERAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORAliceToRESPONDERAgreement_na(Alice))
{true}


AuthenticateINITIATORBobToRESPONDERAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORAliceToRESPONDERAgreement_na(Bob))
{true}

AuthenticateRESPONDERAliceToINITIATORAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_na(Alice))
{true}


AuthenticateRESPONDERBobToINITIATORAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_na(Bob))
{true}



616rand3.spl - 1 INITIATORS 1 RESPONDER (Alice acts as initiator and responder,
non-self authenticated) : two attacks found


SECRET_SPEC [T= SYSTEM\diff(Sigma,Alpha_SECRETS)
{true}


AuthenticateINITIATORAliceToRESPONDERAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORAliceToRESPONDERAgreement_na(Alice))
{true}


AuthenticateINITIATORBobToRESPONDERAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateINITIATORAliceToRESPONDERAgreement_na(Bob))

signal.Commit1.RESPONDER_role.Alice.Bob.Na.Nb3

Alice believes she has completed a run of the protocol, taking role RESPONDER, with Bob, using data items Na, Nb3

env.Alice.(Env0,Bob)
intercept.Alice.Bob.(Msg1,Sq.<Alice,Encrypt.(Shared_.(Bob,Alice),<Na>)>)
fake.Bob.Alice.(Msg1,Sq.<Bob,Encrypt.(Shared_.(Bob,Alice),<Na>)>)
intercept.Alice.Bob.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Na,Nb3>))
fake.Bob.Alice.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Na,Nb3>))
signal.Running1.INITIATOR_role.Alice.Bob.Na.Nb3
intercept.Alice.Bob.(Msg3,Encrypt.(Shared_.(Alice,Bob),<Nb3>))
fake.Bob.Alice.(Msg3,Encrypt.(Shared_.(Alice,Bob),<Nb3>))
signal.Claim_Secret.Alice.Nb3.{Bob}
signal.Running2.RESPONDER_role.Alice.Bob.Na.Nb3
intercept.Alice.Bob.(Msg4,Encrypt.(Shared_.(Alice,Bob),<Kab3,Nb4>))
signal.Commit1.RESPONDER_role.Alice.Bob.Na.Nb3

0.       -> Alice : Bob
1. Alice -> I_Bob : Alice, {Na}{Shared(Bob, Alice)}
1. I_Bob -> Alice : Bob, {Na}{Shared(Bob, Alice)}
2. Alice -> I_Bob : {Na, Nb3}{Shared(Alice, Bob)}
2. I_Bob -> Alice : {Na, Nb3}{Shared(Alice, Bob)}
  Alice believes she is running the protocol, taking role INITIATOR, with Bob, using data items Na, Nb3
3. Alice -> I_Bob : {Nb3}{Shared(Alice, Bob)}
3. I_Bob -> Alice : {Nb3}{Shared(Alice, Bob)}
  Alice believes Nb3 is a secret shared with Bob
  Alice believes she is running the protocol, taking role RESPONDER, with Bob, using data items Na, Nb3
4. Alice -> I_Bob : {Kab3, Nb4}{Shared(Alice, Bob)}
  Alice believes she has completed a run of the protocol, taking role RESPONDER, with Bob, using data items Na, Nb3


AuthenticateRESPONDERAliceToINITIATORAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_na(Alice))
{true}


AuthenticateRESPONDERBobToINITIATORAgreement_na_nb [T= SYSTEM\diff(Sigma,AlphaAuthenticateRESPONDERToINITIATORAgreement_na(Bob))

signal.Commit2.INITIATOR_role.Alice.Bob.Na.Nb3

Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Na, Nb3

env.Alice.(Env0,Bob)
intercept.Alice.Bob.(Msg1,Sq.<Alice,Encrypt.(Shared_.(Bob,Alice),<Na>)>)
fake.Bob.Alice.(Msg1,Sq.<Bob,Encrypt.(Shared_.(Bob,Alice),<Na>)>)
intercept.Alice.Bob.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Na,Nb3>))
fake.Bob.Alice.(Msg2,Encrypt.(Shared_.(Alice,Bob),<Na,Nb3>))
signal.Running1.INITIATOR_role.Alice.Bob.Na.Nb3
intercept.Alice.Bob.(Msg3,Encrypt.(Shared_.(Alice,Bob),<Nb3>))
fake.Bob.Alice.(Msg3,Encrypt.(Shared_.(Alice,Bob),<Nb3>))
signal.Claim_Secret.Alice.Nb3.{Bob}
signal.Running2.RESPONDER_role.Alice.Bob.Na.Nb3
intercept.Alice.Bob.(Msg4,Encrypt.(Shared_.(Alice,Bob),<Kab3,Nb4>))
fake.Bob.Alice.(Msg4,Encrypt.(Shared_.(Alice,Bob),<Kab3,Nb4>))
signal.Claim_Secret.Alice.Na.{Bob}
signal.Commit2.INITIATOR_role.Alice.Bob.Na.Nb3

0.       -> Alice : Bob
1. Alice -> I_Bob : Alice, {Na}{Shared(Bob, Alice)}
1. I_Bob -> Alice : Bob, {Na}{Shared(Bob, Alice)}
2. Alice -> I_Bob : {Na, Nb3}{Shared(Alice, Bob)}
2. I_Bob -> Alice : {Na, Nb3}{Shared(Alice, Bob)}
  Alice believes she is running the protocol, taking role INITIATOR, with Bob, using data items Na, Nb3
3. Alice -> I_Bob : {Nb3}{Shared(Alice, Bob)}
3. I_Bob -> Alice : {Nb3}{Shared(Alice, Bob)}
  Alice believes Nb3 is a secret shared with Bob
  Alice believes she is running the protocol, taking role RESPONDER, with Bob, using data items Na, Nb3
4. Alice -> I_Bob : {Kab3, Nb4}{Shared(Alice, Bob)}
4. I_Bob -> Alice : {Kab3, Nb4}{Shared(Alice, Bob)}
  Alice believes Na is a secret shared with Bob
  Alice believes she has completed a run of the protocol, taking role INITIATOR, with Bob, using data items Na, Nb3


