Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.3. THE MODEL 67<br />
• InA = � x A 1 , x A 2<br />
• OutA = � y A 1 , y A 2<br />
• SA =<br />
�<br />
x A 1<br />
� ,<br />
� ,<br />
?<br />
= ∅, x A 2<br />
?<br />
= enc p (x, P kA), y A 1<br />
?<br />
= enc p (〈A, NA〉, P kB), y A 2<br />
The role B is represented by the following symbolic derivation:<br />
(VB, SB, KB, InB, OutB) with:<br />
• VB = � xB 01, xB 02, xB 03, xB 04, xB 05, xB 06, xB 1 , yB 1<br />
xB 04 < xB 05 < xB 06 < xB 1 < yB 1<br />
• KB = � A, B, NB, KB, K −1<br />
B<br />
• InB = � xB �<br />
1 ,<br />
• OutA = � yB �<br />
1 ,<br />
• SB =<br />
�<br />
x B 1<br />
?<br />
= enc p (y, P kB), y A 1<br />
�<br />
, KA ,<br />
Composition <strong>of</strong> symbolic derivations<br />
�<br />
?<br />
= ∅<br />
� , ordered as follows: x B 01 < x B 02 < x B 03 <<br />
?<br />
= encp (NB, P kπ1(decp (xB 1 ,P k−1<br />
B )))<br />
�<br />
Given two I-symbolic derivations, we show next how to compose them [72].<br />
Definition 41 Let I = 〈F, LI, H〉 be an intruder deduction system, <strong>and</strong> let C1 =<br />
(V1, S1, K1, In1, Out1) <strong>and</strong> C2 = (V2, S2, K2, In2, Out2) be two I-symbolic derivations<br />
with two disjoint sets <strong>of</strong> variables <strong>and</strong> index sets (Ind1,
Change language