**Generalized Authentication: AA1**, **ARP**, **AA4**,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>* Send(*X*,*Y*ˆ, *X*ˆ , "ABBH1", *INFOX*, *x*) < Receive(*X*, *X*ˆ ,*Y*ˆ, "ABBH1", *INFOY*, *y*) < (Receive(*X*, *<sup>X</sup>*<sup>ˆ</sup> , *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *mic*1) <sup>∧</sup> Send(*X*, *<sup>Y</sup>*ˆ, *<sup>X</sup>*ˆ, "ABBH5", *INFOX*, *<sup>x</sup>*, *<sup>y</sup>*,*enc*0, *mic*0)) (1) **ARP**, **HASH3**� ,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*X*Receive(*X*, *<sup>X</sup>*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *mic*1) <sup>⊃</sup> <sup>∃</sup>*Z*.Computes(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*))<sup>∧</sup> Sends(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) <sup>&</sup>lt; Receive(*X*, *X*ˆ, *Y*ˆ, "ABBH5", *INFOY*, *y*, *x*,*enc*1, *mic*1) (2) θ*ABBH*,*SI*,1, *HASH*1 KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃ Computes(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) <sup>⊃</sup> Has(*Z*, *ptkX*,*Y*) <sup>⊃</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>X</sup>*<sup>ˆ</sup> <sup>∨</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>Y</sup>*<sup>ˆ</sup> <sup>∨</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>T</sup>*<sup>ˆ</sup> (3) 2, 3, **AA1**, **ΓABBH**,**1**,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>* KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃ Send(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) <sup>⊃</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>Y</sup>*<sup>ˆ</sup> (4)

2, 4,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>* KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃ Computes(*Y*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*))<sup>∧</sup> Send(*Y*, HASH*ptkX*,*<sup>Y</sup>* (*X*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) (5)

5, **HASH1**,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>* Has(*Y*, *ptkX*,*Y*) <sup>∧</sup> Has(*Y*, *<sup>X</sup>*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *mic*1) (6)

5, 6,φ**HONESTY**, θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>* KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃ Send(*Y*, *X*ˆ , *Y*ˆ, "ABBH1", *INFOY*, *y*) < Receive(*Y*,*Y*ˆ, *X*ˆ, "ABBH1", *INFOX*, *x*) < Send(*Y*, *X*ˆ , *Y*ˆ, "ABBH5", *INFOY*, *y*, *x*,*enc*1, *mic*1)

#### 24 Will-be-set-by-IN-TECH 200 Wireless Mesh Networks – Effi cient Link Scheduling, Channel Assignment and Network Planning Strategies A Correctness Proof of a Mesh Security Architecture <sup>25</sup>

2, 7,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>* KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃ Send(*Y*, *X*ˆ, *Y*ˆ, "ABBH5", *INFOY*, *y*, *x*,*enc*1, *mic*1) < Receive(*X*, *X*ˆ, *Y*ˆ, "ABBH5", *INFOY*, *y*, *x*,*enc*1, *mic*1) [5] Braskich, T. & Emeott, S. [2007b]. Initial MSA comment resolution,

A Correctness Proof of a Mesh Security Architecture 201

[6] Braskich, T. & Emeott, S. [2007c]. Key distribution for MSA comment resolution,

[7] Braskich, T. & Emeott, S. [2007d]. Mesh key holder protocol improvements,

[8] Braskich, T., Emeott, S., Barker, C. & Strutt, G. [2007]. An abbreviated handshake with sequential and simultaneous forms, https://mentor.ieee.org/802.11/documents

[9] Braskich, T., Emeott, S. & Kuhlman, D. [2007]. Security requirements for an abbreviated MSA handshake, https://mentor.ieee.org/802.11/documents doc 11-07/0770r0. [10] Cortier, V. [2012]. Secure composition of protocols, *in* S. MÃ ˝udersheim & C. Palamidessi (eds), *Theory of Security and Applications*, Vol. 6993 of *Lecture Notes in Computer Science*,

[11] Cremers, C. [2008]. On the protocol composition logic PCL, *Proc. of the Third ACM Symposium on Information, Computer & Communication Security (ASIACCS '08)*, ACM

[12] Datta, A., Derek, A., J.C.Mitchell & B.Warinschi [2006]. Computationally sound compositional logic for key exchange protocols, *Proceedings of 19th IEEE Computer*

[13] Datta, A., Derek, A., Mitchell, J. C. & Pavlovic, D. [2003a]. Secure protocol composition.,

[14] Datta, A., Derek, A., Mitchell, J. C. & Pavlovic, D. [2005]. A derivation system and

[15] Datta, A., Derek, A., Mitchell, J. C. & Roy, A. [2007]. Protocol composition logic (PCL).,

[16] Datta, A., Derek, A., Mitchell, J. C. & Warinschi, B. [n.d.]. Key exchange protocols:

[17] Datta, A., Derek, A., Mitchell, J. & Pavlovic, D. [2003b]. A derivation system for security protocols and its logical formalization, *16th IEEE Computer Security Foundations Workshop*

[18] Datta, A., Mitchell, J., Roy, A. & Stiller, S. [2011]. Protocol composition logic, *Formal*

[19] Dierks, T. & Rescorla, E. [April 2006]. The Transport Layer Security (TLS) Protocol,

[20] Diffie, W., van Oorschot, P. C. & Wiener, M. J. [1992]. Authentication and authenticated

[21] Durgin, N., Mitchell, J. & Pavlovic, D. [2001]. A compositional logic for proving security properties of protocols, *Proceedings of 14th IEEE Computer Security Foundations Workshop*,

[22] Durgin, N., Mitchell, J. & Pavlovic, D. [2004]. A compositional logic for proving security

compositional logic for security protocols, *J. Comput. Secur.* 13(3): 423–482.

https://mentor.ieee.org/802.11/documents doc 11-07/0564r2.

https://mentor.ieee.org/802.11/documents doc 11-07/0618r0.

https://mentor.ieee.org/802.11/documents doc 11-07/1987r1.

doc 11-07/2535r0.

Press, Tokyo. To appear.

*FMSE*, pp. 11–23.

Springer Berlin / Heidelberg, pp. 29–32.

*Security Foundations Workshop*, pp. 321–334.

*Electr. Notes Theor. Comput. Sci.* 172: 311–358.

URL: *citeseer.ist.psu.edu/datta03derivation.html*

URL: *citeseer.ist.psu.edu/datta06key.html*

*(CWFW-16)*, pp. 109–125.

pp. 241–255.

Security definition, proof method and applications.

*Models and Techniques for Analyzing Security Protocols*, IOS Press.

version 1.1 – RFC 4346, http://tools.ietf.org/html/rfc4346.

key exchanges., *Des. Codes Cryptography* 2(2): 107–125.

URL: *citeseer.ist.psu.edu/article/durgin02compositional.html*

properties of protocols, *J. Comput. Secur.* 11(4): 677–721.

$$\{\mathbf{S}\}$$

$$\begin{array}{l} \text{FS1,ANS} \text{A} \text{B} \text{A} \text{B} \text{B} \text{H} \text{A} \text{B} \\ \text{I} \text{[ABBH}: \text{SIIMO]}\_{\text{X}} \\ \text{FirstSend(X, x, \hat{Y}, \hat{X}, \text{''ABBH1'', INFO}\_{\text{X}}, \text{x)} \end{array} \tag{9}$$

#### 9, **FS2**,θ**ABBH**,**<sup>1</sup>**

[**ABBH** : **SIMO**]*<sup>X</sup>* Send(*X*, *Y*ˆ, *X*ˆ, "ABBH1", *INFOX*, *x*) < Receive(*Y*,*Y*ˆ, *X*ˆ, "ABBH1", *INFOX*, *x*) (10)
