VerifHub

VerifHub allows Verifpal® users to easily share and discuss Verifpal models of cryptographic protocols. The VerifHub service provides unique URIs for each shared model which includes a syntax-highlighted model, an automatically generated diagram and a summary of the analysis results.

Switch to Diagram View

rfc1004.vp

Submitted on 16 Oct 23 19:03 UTC.

attacker[active]

principal Alice[
	knows public a_alice
	knows private k_alice
]

principal Bob[
	knows public a_bob
	knows private k_bob
]

principal Jar[
	knows public a_jar
	knows private k_alice
	knows private k_bob
]

principal Alice[
	generates m1_id
	m1_hash = HASH(a_alice, a_jar, m1_id, a_bob)
	m1_hash_enc = ENC(k_alice, m1_hash)
]

Alice -> Jar: m1_id, m1_hash_enc

principal Jar[
	m1_hash_dec = DEC(k_alice, m1_hash_enc)
	_ = ASSERT(m1_hash_dec, HASH(a_alice, a_jar, m1_id, a_bob))?
	generates kab
	m2_hash = HASH(a_alice, a_jar, m1_id, kab)
	m2_hash_enc = ENC(k_alice, CONCAT(m1_id, m2_hash))
	cookie_a = ENC(k_alice, kab)
	cookie_b = ENC(k_alice, ENC(k_bob, kab))
]

Jar -> Alice: m2_hash_enc, cookie_a, cookie_b

principal Alice[
	m2_id, m2_hash_dec = SPLIT(DEC(k_alice, m2_hash_enc))
	kab_a = DEC(k_alice, cookie_a)
	cookie_b_dec = DEC(k_alice, cookie_b)
	_ = ASSERT(m2_hash_dec, HASH(a_alice, a_jar, m1_id, kab_a))?
	generates x
	generates m3_id
	m3_hash = HASH(a_alice, a_bob, m3_id, kab_a, x)
	m3_hash_enc = ENC(kab_a, CONCAT(m3_id, m3_hash))
]

Alice -> Bob: m3_hash_enc, cookie_b_dec, x

principal Bob[
	kab_b = DEC(k_bob, cookie_b_dec)
	m3_id_, m3_hash_dec = SPLIT(DEC(kab_b, m3_hash_enc))
	_ = ASSERT(m3_hash_dec, HASH(a_alice, a_bob, m3_id_, kab_b, x))?
	generates m4_id
	m4_hash = HASH(a_bob, a_alice, m4_id)
	m4_hash_enc = ENC(kab_b, CONCAT(m4_id, m4_hash))
]

Bob -> Alice: m4_hash_enc

principal Alice[
	m4_id_, m4_hash_dec = SPLIT(DEC(kab_a, m4_hash_enc))
	_ = ASSERT(m4_hash_dec, HASH(a_bob, a_alice, m4_id_))?
]

queries[
	confidentiality? kab
]

Switch to Model View

Title:rfc1004.vp Note over Alice: knows public a_alice\n knows private k_alice\n Note over Bob: knows public a_bob\n knows private k_bob\n Note over Jar: knows public a_jar\n knows private k_alice\n knows private k_bob\n Note over Alice: generates m1_id\n m1_hash = HASH(a_alice, a_jar, m1_id, a_bob)\n m1_hash_enc = ENC(k_alice, m1_hash)\n Alice -> Jar: m1_id, m1_hash_enc Note over Jar: m1_hash_dec = DEC(k_alice, m1_hash_enc)\n _ = ASSERT(m1_hash_dec, HASH(a_alice, a_jar, m1_id, a_bob))?\n generates kab\n m2_hash = HASH(a_alice, a_jar, m1_id, kab)\n m2_hash_enc = ENC(k_alice, CONCAT(m1_id, m2_hash))\n cookie_a = ENC(k_alice, kab)\n cookie_b = ENC(k_alice, ENC(k_bob, kab))\n Jar -> Alice: m2_hash_enc, cookie_a, cookie_b Note over Alice: m2_id, m2_hash_dec = SPLIT(DEC(k_alice, m2_hash_enc))\n kab_a = DEC(k_alice, cookie_a)\n cookie_b_dec = DEC(k_alice, cookie_b)\n _ = ASSERT(m2_hash_dec, HASH(a_alice, a_jar, m1_id, kab_a))?\n generates x\n generates m3_id\n m3_hash = HASH(a_alice, a_bob, m3_id, kab_a, x)\n m3_hash_enc = ENC(kab_a, CONCAT(m3_id, m3_hash))\n Alice -> Bob: m3_hash_enc, cookie_b_dec, x Note over Bob: kab_b = DEC(k_bob, cookie_b_dec)\n m3_id_, m3_hash_dec = SPLIT(DEC(kab_b, m3_hash_enc))\n _ = ASSERT(m3_hash_dec, HASH(a_alice, a_bob, m3_id_, kab_b, x))?\n generates m4_id\n m4_hash = HASH(a_bob, a_alice, m4_id)\n m4_hash_enc = ENC(kab_b, CONCAT(m4_id, m4_hash))\n Bob -> Alice: m4_hash_enc Note over Alice: m4_id_, m4_hash_dec = SPLIT(DEC(kab_a, m4_hash_enc))\n _ = ASSERT(m4_hash_dec, HASH(a_bob, a_alice, m4_id_))?\n

Analysis Results

The model submitter provided the following analysis results:

Query 1 (Confidentiality): FAIL

Please note that these results are not verified to be accurate. The model submitter may choose to provide false analysis results if they so desire. It is strongly recommended that you re-run the analysis of this model locally if you wish to verify the authenticity of the analysis results above.

Discuss This Model

© Copyright 2019- Nadim Kobeissi. All Rights Reserved. “Verifpal” and the “Verifpal” logo/mascot are registered trademarks of Nadim Kobeissi. Verifpal software is provided as free and open source software, licensed under the GPLv3. Verifpal User Manual, as well as this website, are provided under the CC BY-NC-ND 4.0 license. Published by Symbolic Software.