Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2 CHAPTER 1. INTRODUCTION<br />
Figure 1.1 Example <strong>of</strong> protocol<br />
� A ⇒ B : “Hello, I am A.”<br />
B ⇒ A : “Hi, I am B. Nice to meet you.”<br />
absence <strong>of</strong> the intruder. A simple example <strong>of</strong> protocol is given in Figure 1.1.<br />
This protocol describes the first meeting between two people. In this protocol,<br />
we have two roles “A” (abbreviation <strong>of</strong> “Alice”) <strong>and</strong> “B” (abbreviation <strong>of</strong><br />
“Bob”).<br />
In the scenario, the roles represent abstract participants. In the protocol described<br />
in Figure 1.1, we have two roles “A” (the initiator role) <strong>and</strong> “B” (the<br />
responder role).<br />
We call an execution <strong>of</strong> the protocol any coherent, with respect to the description<br />
<strong>of</strong> that protocol, set <strong>of</strong> exchanges <strong>of</strong> messages between its participants. In<br />
the execution <strong>of</strong> a protocol, the roles are instantiated by concrete participants, also<br />
called agents. When an agent a instantiates a role R, we say that “the agent a plays<br />
the role R”. We remark that a role can be played by many agents <strong>and</strong> any agent<br />
can play many roles or the same role many times. We call session <strong>of</strong> a protocol a<br />
set <strong>of</strong> exchanges <strong>of</strong> messages between the participants <strong>of</strong> the protocol which is<br />
(1) coherent with respect to the description <strong>of</strong> that protocol, (2) can be repeated,<br />
<strong>and</strong> (3) where each role is instantiated only once.<br />
We remark that it is important to take into consideration many instances<br />
<strong>of</strong> the same protocol, <strong>and</strong> thus we talk about execution <strong>of</strong> one session <strong>of</strong> the<br />
protocol, also called run <strong>of</strong> the protocol, <strong>and</strong> execution <strong>of</strong> many sessions <strong>of</strong> the<br />
protocol.<br />
Example 1 The following set <strong>of</strong> exchanges <strong>of</strong> messages<br />
� (1).1 Alice(A) ⇒ Bob(B) : “Hello, I am Alice.”<br />
(1).2 Bob(B) ⇒ Alice(A) : “Hi, I am Bob. Nice to meet you.”<br />
represents an execution <strong>of</strong> one session <strong>of</strong> the protocol described in Example 1.1.<br />
In this execution, we have two concrete participants, “Alice” playing the role “A”<br />
<strong>and</strong> “Bob” playing the role “B”.<br />
Example 2 The following set <strong>of</strong> exchanges <strong>of</strong> messages<br />
⎧<br />
⎪⎨<br />
⎪⎩<br />
(1).1 Alice(A) ⇒ Bob(B) : “Hello, I am Alice.”<br />
(2).1 Bob(A) ⇒ Marlie(B) : “Hello, I am Bob.”<br />
(1).2 Bob(B) ⇒ Alice(A) : “Hi, I am Bob. Nice to meet you.”<br />
(2).2 Marlie(B) ⇒ Bob(A) : “Hi, I am Marlie. Nice to meet you.”<br />
represents an execution <strong>of</strong> two sessions <strong>of</strong> the protocol described in Example 1.1. In this<br />
execution, we have three concrete participants, “Alice”, “Bob” <strong>and</strong> “Marlie”: “Alice”