This archive accompanies the [DJP12] tech report. This archive contains the
ProVerif models explained therein, and assumes the user is familiar
with the paper's contents.

This archive contains the following ProVerif models of the DLVV08 protocol:
- original model
- fixed original model (using the solutions proposed in the paper,
  per propertie fixes of regular security/privacy properties)
- fixed prescibing privacy model (ditto, per property fixes of prescribing
  privacy properties, evaluates enforced privacy)
- fixed enforced presc privacy model (ditto, per property fixes of enforced
  privacy properties)
- revised model (ditto, combines individual privacy solutions of
  "fixed original model" into one model)

See below for a detailed listing of the contents of this archive.

[DJP12]	  N. Dong, H. Jonker, J. Pang. Formal Analysis of an eHealth Protocol.
Technical report, University of Luxembourg, 2012. Available from
http://satoss.uni.lu/projects/epriv/.

==================================
Original_Model
==================================
Original_Model/Model.pi 
Modelling of DLVV08 protocol with original assumptions
------------------------------------------------------
Original_Model/Secrecy_pt_dr.pi
Verifying secrecy of patient and doctor information
-----------------------------------------------------
Original_Model/Authentication_pt_dr.pi
Verifying authentication of patient and doctor during the patient-doctor sub-protocol
---------------------------------------------------
Original_Model/Authentication_pt_ph.pi
Verifying authentication of patient and pharmacist during the patient-pharmacist sub-protocol
---------------------------------------------------
Original_Model/Dr_Anonymity.pi
Verifying doctor anonymity
-------------------------------------
Original_Model/Pt_Anonymity.pi
Verifying patient anonymity
----------------------------------
Original_Model/Strong_Dr_Anonymity.pi
Verifying strong doctor anonymity
-------------------------------------
Original_Model/Strong_Pt_Anonymity.pi
Verifying strong patient anonymity
------------------------------------
Original_Model/Dr_untraceability.pi
Verifying doctor untraceability
----------------------------------
Original_Model/Pt_untraceability.pi
Verifying patient untraceability
----------------------------------
Original_Model/Strong_Dr_untraceability.pi
Verifying strong doctor untraceability
----------------------------------
Original_Model/Strong_Pt_untraceability.pi
Verifying strong patient untraceability
----------------------------------
Original_Model/Prescribing-privacy.pi
Verifying prescribing-privacy
=====================================================
Fix_Original_Model
(Fixing failed verifications in folder Original_Model)
======================================================
Fix_Original_Model/Secrecy_pt_dr_fix.pi
One way to fix secrecy of patient social security status and doctor pseudonym 
-----------------------------------------------------
Fix_Original_Model/Authentication_pt_dr_fix.pi
One way to fix patient authentication during the patient-doctor sub-protocol
---------------------------------------------
Original_Model/Authentication_pt_ph_fix.pi
One way to fix authentication of patient and pharmacist during the patient-pharmacist sub-protocol
------------------------------------------ 
Fix_Original_Model/Dr_Anonymity_fix.pi
One way to fix doctor anonymity (s4')
-------------------------------------
Fix_Original_Model/Strong_Dr_Anonymity_fix.pi
One way to fix strong doctor anonymity (s4')
-------------------------------------
Fix_Original_Model/Dr_untraceability_fix.pi
One way to fix doctor untraceability (s3')
----------------------------------
Fix_Original_Model/Pt_untraceability_fix.pi
One way to fix patient untraceability (s2', s4", s5', s6')
----------------------------------
Fix_Original_Model/Strong_Dr_untraceability_fix.pi
One way to fix strong doctor untraceability (s3')
----------------------------------
Fix_Original_Model/Strong_Pt_untraceability_fix.pi
One way to fix strong patient untraceability (s2', s4", s5', s6')
----------------------------------
Fix_Original_Model/Prescribing-privacy_fix.pi
One way to fix prescribing-privacy (s4')
==========================================================
Fix-prescribing-privacy_Model (with s4')
===========================================================
Fix-prescribing-privacy_Model/Show-flaw_enforced-prescribing-privacy.pi
Showing that when a doctor communicating with the adversary on chc channel, the
protocol fails the verification of prescribing-privacy with the assumption S4':
doctor credential and doctor anonymous authentication are freshly generated
-----------------------------------------------------
Fix-prescribing-privacy_Model/Ph_independent_prescribing-privacy.pi
Verifying pharmacist independent of prescribing-privacy with the assumption S4':
doctor credential and doctor anonymous authentication are freshly generated
====================================================================
Fix-enforced-prescribing-privacy_Model
====================================================================
Fix-enforced-prescribing-privacy_Model/enforced-prescribing-privacy-fix-privch_s4'.pi
Fixing enforced prescribing-privacy using untappable channels with the assumption
S4;: doctor credential and doctor anonymous authentication are freshly generated
(shown that ProDr'_1 satisfy equivalences)
------------------------------------------------------------------------------
Fix-enforced-prescribing-privacy_Model/enforced-prescribing-privacy-privch_origi.pi
Fixing enforced prescribing-privacy using untappable channels with the original
assumptions (without s4')
(shown that ProDr'_2 satisfy equivalences)
---------------------------------------------------------
Fix-enforced-prescribing-privacy_Model/show-flaw-enforced-prescribing-privacy-fix-chameleon.pi
Showing flaw: a typical ProDr'_3 does not satisfy enforced prescribing-privacy when
using chameleon bit-commitments to fix enforced prescribing-privacy
---------------------------------------------------------
Fix-enforced-prescribing-privacy_Model/show-flaw-ph-ind-enf-pres-priv-privch-origi.pi
Showing flaw: the ProDr'_2, which makes the protocol satisfies enforced prescribing-privacy in the original model with untappable channels, fails the pharmacist independent of enforced prescribing-privacy in the original model (without s4' and untappable channels)
-----------------------------------------------------------------------------
Fix-enforced-prescribing-privacy_Model/show-flaw-ph-ind-enf-pres-priv-privch-s4'.pi
Showing flaw: the ProDr'_1, which makes the protocol satisfies enforced prescribing-privacy (with s4'),
fails the pharmacist independent of enforced prescribing-privacy in the model with s4' and untappable channels
-----------------------------------------------------------------------------
Fix-enforced-prescribing-privacy_Model/ph-ind-pres-priv-privch-s4'.pi
The model with untappable channels and assumption s4' satisfies
pharmacist independent prescribing-privacy
======================================================
Revised_Model (with assumptions s2' s3' s4' s4", s5', s6')
======================================================
Revised_Model/Model_revised.pi
Modelling of the protocol with assumptions s2' s3' s4' s4", s5', s6'
---------------------------------------------------------------------
Revised_Model/Dr_Anonymity_revised.pi
Verifying doctor anonymity with assumptions s2' s3' s4' s4", s5', s6'
----------------------------------------------
Revised_Model/Strong_Dr_Anonymity_revised.pi
Verifying strong doctor anonymity with assumptions s2' s3' s4' s4", s5', s6'
------------------------------------------------------------
Revised_Model/Dr_untraceability_revised.pi
Verifying doctor untraceability with assumptions s2' s3' s4' s4", s5', s6'
----------------------------------
Revised_Model/Pt_untraceability_revised.pi
Verifying patient untraceability with assumptions s2' s3' s4' s4", s5', s6'
----------------------------------
Revised_Model/Strong_Dr_untraceability_revised.pi
Verifying strong doctor untraceability with assumptions s2' s3' s4' s4", s5', s6'
----------------------------------
Revised_Model/Strong_Pt_untraceability_revised.pi
Verifying strong patient untraceability with assumptions s2' s3' s4' s4", s5', s6'
----------------------------------
Revised_Model/Prescribing-privacy_revised.pi
Verifying prescribing-privacy with assumptions s2' s3' s4' s4", s5', s6'
