TPTP Problem File: SWV237+1.p

View Solutions - Solve Problem

%------------------------------------------------------------------------------
% File     : SWV237+1 : TPTP v9.0.0. Released v3.2.0.
% Domain   : Software Verification (Security)
% Problem  : Visa Security Module (VSM) attack
% Version  : Especial.
% English  : This models the API of the Visa Security Module (VSM). The
%            conjecture allows the discovery of Bond's attack.

% Refs     : [BA01]  Bond & Anderson (2001), API-Level Attacks on Embedded
%          : [Ste06] Steel (2006), Email to G. Sutcliffe
% Source   : [Ste06]
% Names    :

% Status   : Theorem
% Rating   : 0.33 v9.0.0, 0.36 v8.2.0, 0.33 v7.5.0, 0.34 v7.4.0, 0.23 v7.3.0, 0.31 v7.2.0, 0.34 v7.1.0, 0.35 v7.0.0, 0.30 v6.4.0, 0.35 v6.3.0, 0.38 v6.2.0, 0.52 v6.1.0, 0.47 v6.0.0, 0.52 v5.5.0, 0.44 v5.4.0, 0.46 v5.3.0, 0.48 v5.2.0, 0.35 v5.1.0, 0.33 v5.0.0, 0.38 v4.1.0, 0.39 v4.0.1, 0.43 v4.0.0, 0.42 v3.7.0, 0.45 v3.5.0, 0.42 v3.4.0, 0.37 v3.3.0, 0.29 v3.2.0
% Syntax   : Number of formulae    :   25 (  12 unt;   0 def)
%            Number of atoms       :   62 (   3 equ)
%            Maximal formula atoms :    4 (   2 avg)
%            Number of connectives :   37 (   0   ~;   0   |;  24   &)
%                                         (   0 <=>;  13  =>;   0  <=;   0 <~>)
%            Maximal formula depth :    7 (   4 avg)
%            Maximal term depth    :    6 (   2 avg)
%            Number of predicates  :    2 (   1 usr;   0 prp; 1-2 aty)
%            Number of functors    :   14 (  14 usr;  12 con; 0-2 aty)
%            Number of variables   :   42 (  42   !;   0   ?)
% SPC      : FOF_THM_RFO_SEQ

% Comments : The model is originally due to Mike Bond, converted to tptp and
%            re-labelled by Graham Steel.
%------------------------------------------------------------------------------
fof(enc_dec_cancel,axiom,
    ! [U,V] : enc(i(U),enc(U,V)) = V ).

fof(dec_enc_cancel,axiom,
    ! [U,V] : enc(U,enc(i(U),V)) = V ).

fof(double_inverse_cancel,axiom,
    ! [U] : i(i(U)) = U ).

fof(keys_are_symmetric,axiom,
    ! [U] :
      ( p(U)
     => p(i(U)) ) ).

fof(key_translate_from_ZCMK_to_TMK,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(tmk,enc(i(enc(i(zcmk),V)),U))) ) ).

fof(key_translate_from_TMK_to_ZCMK,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(i(enc(i(zcmk),V)),enc(i(tmk),U))) ) ).

fof(receive_working_key_from_switch,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(wk,enc(i(tmk),U))) ) ).

fof(encrypt_a_PIN_derivation_key_under_a_TMK,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(enc(i(tmk),V),enc(i(tmk),U))) ) ).

fof(encrypt_a_stored_comms_key,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(enc(i(tmk),V),enc(i(tc),U))) ) ).

%----This command now removed from normal VSM operation to fix attack
fof(encrypt_clear_key_as_Tcomms_key,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(tc,U)) ) ).

fof(data_encrypt,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(enc(i(tc),U),V)) ) ).

fof(data_decrypt,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(i(enc(i(tc),U)),V)) ) ).

fof(data_translate_PIN_from_local_to_interchange_key,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(enc(i(wk),W),enc(i(enc(i(tmk),V)),U))) ) ).

fof(data_translate_between_interchange_keys,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(enc(i(wk),W),enc(i(enc(i(wk),V)),U))) ) ).

%----Bond unsure if this command actually implemented in VSM
fof(data_translate_PIN_from_local_storage_to_interchange_key,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(enc(i(wk),V),enc(i(lp),U))) ) ).

fof(attacker_can_encrypt,axiom,
    ! [U,V,W] :
      ( ( p(U)
        & p(V)
        & p(W) )
     => p(enc(U,V)) ) ).

%----Initial knowledge of intruder
fof(intruder_knows_1,axiom,
    p(enc(tmk,pp)) ).

fof(intruder_knows_2,axiom,
    p(enc(wk,w)) ).

fof(intruder_knows_3,axiom,
    p(enc(w,t1)) ).

fof(intruder_knows_4,axiom,
    p(enc(lp,t2)) ).

fof(intruder_knows_5,axiom,
    p(enc(tc,k)) ).

fof(intruder_knows_6,axiom,
    p(kk) ).

fof(intruder_knows_7,axiom,
    p(i(kk)) ).

fof(intruder_knows_8,axiom,
    p(a) ).

%----Goal for the attacker is to make a PIN (enc(pp,a))
fof(co1,conjecture,
    p(enc(pp,a)) ).

%------------------------------------------------------------------------------