Jan Winkelmann
unread,Aug 26, 2021, 2:11:42 PM8/26/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to tamarin...@googlegroups.com
Hi all,
after a long break I'm back on a project where we analyze a project
using Tamarin. This time the context is a protocol where parties
broadcast information to other parties which then update their local
state accordingly and sometimes broadcast a response.
In one of our properties we found an attack trace that doesn't make
sense to us. The facts consumed in the AcceptInvite rewrite rule at
the bottom appear inconsistent. The In(..) fact contains both
pk(~devSK.1) and pk(~devSK), while the !Device facts consumed only use
pk(~devSK). The rule is as follows:
rule AcceptInvite:
let
invTxt = <'invite', fid, InvrVK, InveeVK>
InvrVK = pk(InvrSK)
InveeVK = pk(InveeSK)
invitation = <invTxt, sign(invTxt, InvrSK)>
acceptTxt = <'accept', fid, InveeVK>
acceptMsg = <acceptTxt, sign(acceptTxt, InveeSK)>
in
[
In(invitation),
!Device(InvrVK),
!Device(InveeVK),
!State_IsInFusionID(InveeVK, fid, InvrVK)
]
--[
StateChange_ConsentedToFusionID(InveeVK, fid, InveeVK),
InvitedBy(InvrVK)
]->
[
!State_ConsentsToFusionID(InveeVK, fid, InveeVK),
Out(acceptMsg)
]
I would expect that the InveeVK and InvrVK from the !Device facts
would need to be consistent with the local macro 'invitation'.
However, the InveeVK in the acceptTxt macro is pk(~devSK.1). The fact
that this trace is shown as an attack makes me thing that either our
model is wrong or that I am missing something in how to use Tamarin or
interpret the results. Any insight in why this is shown would be
helpful!
The attack trace and full theory are attached. We are trying to prove
the lemma only_accept_when_invited_trivial.
I am looking forward to your ideas!