1. Client -> Server : Access-Request
where Access-Request = NAS_ID, NAS_PORT, {Secret_Key}MD5
2. Server -> Client : Access-Accept | Access-Reject | Access-Challenge
3. Client -> Server : Access-Chall-Request
where Access-Chall-Request = {Message}Secret_Key
4. Server -> Client : Access-Accept
5. Client -> Server : Success
In (2.): If Client is authorised, the connection is accepted in which case a Success is returned. If Client is not authorised a failure message is sent out. If Challenge-Response is required to further authenticate the Client, the Server sends an access challenge to the Client.
role client(C,S : agent,
Kcs : symmetric_key,
Md5 : hash_func,
Success, Failure : text,
Access_accept,Access_reject : text,
SND, RCV : channel(dy))
played_by C def=
local State : nat,
NAS_ID , NAS_Port : text,
Chall_Message : text
const kcs : protocol_id,
sec_c_Kcs : protocol_id
init State := 0
transition
s1. State = 0 /\ RCV(start) =|>
State':= 1 /\ NAS_ID':=new() /\ NAS_Port':=new()
/\ SND(NAS_ID'.NAS_Port'.Md5(Kcs))
/\ secret(Kcs,sec_c_Kcs,{C,S})
s2. State = 1 /\ RCV(NAS_ID.Access_accept) =|>
State':= 2 /\ SND(NAS_ID.Success)
s3. State = 1 /\ RCV(NAS_ID.Access_reject) =|>
State':= 3 /\ SND(NAS_ID.Failure)
s4. State = 1 /\ RCV(NAS_ID.Chall_Message') =|>
State':= 4 /\ SND(NAS_ID.{Chall_Message'}_Kcs)
/\ witness(C,S,kcs,Kcs)
s5. State = 4 /\ RCV(NAS_ID.Access_accept) =|>
State':= 5 /\ SND(NAS_ID.Success)
end role
role server(C,S : agent,
Kcs : symmetric_key,
Md5 : hash_func,
Success, Failure : text,
Access_accept,Access_reject : text,
SND, RCV : channel(dy))
played_by S def=
local State : nat,
NAS_ID , NAS_Port : text,
Chall_Message : text
const kcs : protocol_id,
sec_s_Kcs : protocol_id
init State := 11
transition
s1. State = 11 /\ RCV(NAS_ID'.NAS_Port'.Md5(Kcs)) =|>
State':= 12 /\ SND(NAS_ID'.Access_accept)
/\ secret(Kcs,sec_s_Kcs,{C,S})
s2. State = 12 /\ RCV(NAS_ID.Success) =|>
State':= 13
s3. State = 11 /\ RCV(NAS_ID'.NAS_Port'.Md5(Kcs)) =|>
State':= 14 /\ SND(NAS_ID'.Access_reject)
s4. State = 14 /\ RCV(NAS_ID.Failure) =|>
State':= 15
s5. State = 11 /\ RCV(NAS_ID'.NAS_Port'.Md5(Kcs)) =|>
State':= 16 /\ Chall_Message':=new()
/\ SND(NAS_ID'.Chall_Message')
s6. State = 16 /\ RCV(NAS_ID.{Chall_Message}_Kcs) =|>
State':= 17 /\ SND(NAS_ID.Access_accept)
/\ request(S,C,kcs,Kcs)
s7. State = 17 /\ RCV(NAS_ID.Success) =|>
State':= 18
end role
role session(C,S : agent,
Kcs : symmetric_key,
Md5 : hash_func,
Success, Failure : text,
Access_accept,Access_reject : text)
def=
local
S1, S2 : channel (dy),
R1, R2 : channel (dy)
composition
client(C,S,Kcs,Md5,Success,Failure,Access_accept,Access_reject,S1,R1)
/\ server(C,S,Kcs,Md5,Success,Failure,Access_accept,Access_reject,S2,R2)
end role
role environment() def=
const c1,s1 : agent,
md5 : hash_func,
succs, fails : text,
acc_acp, acc_rej : text,
kcsk , kisk, kcik : symmetric_key,
kcs : protocol_id
intruder_knowledge = {c1,s1,md5,kisk,kcik,
succs, fails,
acc_acp, acc_rej
}
composition
session(c1,s1,kcsk,md5,succs,fails,acc_acp,acc_rej)
/\ session(i, s1,kisk,md5,succs,fails,acc_acp,acc_rej)
end role
goal
%secrecy_of Kcs
secrecy_of sec_c_Kcs, sec_s_Kcs
%Server authenticates Client on kcs
authentication_on kcs
end goal
environment()