In university, I'm currently learning how to use Scyther to model security protocols. Currently I am trying to understand what is happening in an example protocol given to me which is:
# Key Establishment Protocol
#
usertype SessionKey;
protocol ke11(I,R,S)
{
role I
{
var Kir: SessionKey;
send_1(I,S, R);
recv_2(S,I,{Kir}k(I,S));
claim_I1(I,Running,R,Kir);
send_4(I,R,{I}Kir);
recv_5(R,I,{R}Kir);
claim_I3(I,Commit,R,Kir);
claim_I1(I,Secret,Kir);
}
role R
{
var Kir: SessionKey;
recv_3(S,R, (I,{Kir}k(R,S)));
recv_4(I,R,{I}Kir);
claim_R3(R,Running,I,Kir);
send_5(R,I,{R}Kir);
claim_R2(R,Commit,I,Kir);
claim_R1(R,Secret,Kir);
}
role S
{
fresh Kir : SessionKey;
recv_1(I,S, R);
send_2(S,I, {Kir}k(I,S));
send_3(S,R, I,{Kir}k(R,S));
}
}
This has also been given to me:
1. I → S : R
2. S → I : {Kir}k(I,S)
3. S → R : I,{Kir}k(R,S)
4. R → I : {I}Kir
5. I → R : {R}Kir
From my understanding:
I is sending S the value of RS is sending I the encryption of Kir, which is encrypted using a shared symmetric
key between I and SS is sending R the encryption of Kir, which is encrypted using a shared symmetric
key between R and SI is sending R the value of I encrypted using Kir which it got from decrypting the
value in 2 using the shared symmetric keyR is sending I the value of R encrypted using Kir which it got from decrypting the
value in 3 using the shared symmetric key.
I'm not really sure if this is correct so could someone please comment on if my understanding is correct or not. Specifically, I don't really understand what is being sent when I have written that the value of I or R is being sent (I -> S:R).
Any comments would greatly be appreciated.
Many thanks.
