**Author details**

Doug Kuhlman *Motorola Mobility 600 US Hwy 45 E1-40Y Libertyville, IL 60048*

exactly SIMO1X before sending SIMO5Y. We can determine the MIC in SIMO5Y could have only been sent by *Y* if *X*, *Y* and *T* are honest. Since all the variables used in the protocol are contained in the MIC of SIMO5Y, we know that *X* and *Y* share identical variables. Now using the honesty of *Y* we are sure that *Y* sent SIMO1Y and received SIMO1X before sending SIMO5Y and that it was sent exactly as *X* received it. Again if *Y* is honest since *X* and *Y* share variables, then *Y* must have received SIMO1X exactly as *X* had sent it. This gives us

(Receive(*X*, *<sup>X</sup>*<sup>ˆ</sup> , *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *mic*1) <sup>∧</sup> Send(*X*, *<sup>Y</sup>*ˆ, *<sup>X</sup>*ˆ, "ABBH5", *INFOX*, *<sup>x</sup>*, *<sup>y</sup>*,*enc*0, *mic*0))

Receive(*X*, *X*ˆ, *Y*ˆ, "ABBH5", *INFOY*, *y*, *x*,*enc*1, *mic*1) (2)

Has(*Z*, *ptkX*,*Y*) <sup>⊃</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>X</sup>*<sup>ˆ</sup> <sup>∨</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>Y</sup>*<sup>ˆ</sup> <sup>∨</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>T</sup>*<sup>ˆ</sup> (3)

Send(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) <sup>⊃</sup> *<sup>Z</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>Y</sup>*<sup>ˆ</sup> (4)

Send(*Y*, HASH*ptkX*,*<sup>Y</sup>* (*X*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) (5)

Has(*Y*, *ptkX*,*Y*) <sup>∧</sup> Has(*Y*, *<sup>X</sup>*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *mic*1) (6)

(1)

A Correctness Proof of a Mesh Security Architecture 199

(7)

Send(*X*,*Y*ˆ, *X*ˆ , "ABBH1", *INFOX*, *x*) < Receive(*X*, *X*ˆ ,*Y*ˆ, "ABBH1", *INFOY*, *y*) <

[**ABBH** : **SIMO**]*X*Receive(*X*, *<sup>X</sup>*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *mic*1) <sup>⊃</sup> <sup>∃</sup>*Z*.Computes(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*))<sup>∧</sup> Sends(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*<sup>ˆ</sup> ,*Y*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) <sup>&</sup>lt;

Computes(*Z*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*)) <sup>⊃</sup>

Computes(*Y*, HASH*ptkX*,*<sup>Y</sup>* (*X*ˆ, *<sup>Y</sup>*ˆ, "ABBH5", *INFOY*, *<sup>y</sup>*, *<sup>x</sup>*,*enc*1, *INFOX*))<sup>∧</sup>

Send(*Y*, *X*ˆ , *Y*ˆ, "ABBH1", *INFOY*, *y*) < Receive(*Y*,*Y*ˆ, *X*ˆ, "ABBH1", *INFOX*, *x*) <

generalized authentication.

**Generalized Authentication: AA1**, **ARP**, **AA4**,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>*

,θ**ABBH**,**<sup>1</sup>**

KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃

KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃

KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃

KOHonest(*ptkX*,*Y*, {*pmkX*,*Y*, *pmkY*,*X*}) ⊃

Send(*Y*, *X*ˆ , *Y*ˆ, "ABBH5", *INFOY*, *y*, *x*,*enc*1, *mic*1)

**ARP**, **HASH3**�

θ*ABBH*,*SI*,1, *HASH*1

2, 4,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>*

5, **HASH1**,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>*

5, 6,φ**HONESTY**, θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>*

2, 3, **AA1**, **ΓABBH**,**1**,θ**ABBH**,**<sup>1</sup>** [**ABBH** : **SIMO**]*<sup>X</sup>*

Ryan Moriarty<sup>1</sup> *Computer Science Department University of California at Los Angeles*

Tony Braskich, Steve Emeott and Mahesh Tripunitara *Motorola, Schaumburg, IL 60196*
