protocol-analysislisted

Use when analyzing cryptographic protocol security by modeling state machines, enumerating transitions, and identifying desynchronization, replay, downgrade, and session binding vulnerabilities. Covers protocol handshakes, session management, and negotiation integrity. Do not use for implementation-level crypto review (use crypto-review) or post-quantum assessment (use pqc-readiness).
dtsong/agentic-council · ★ 0 · AI & Automation · score 78

Install: claude install-skill dtsong/agentic-council

# Protocol Analysis ## Purpose Model cryptographic protocols as state machines, enumerate state transitions, and identify vulnerabilities including desynchronization, replay attacks, downgrade attacks, and session binding failures. ## Scope Constraints Reads protocol specifications, message sequence diagrams, and implementation source code. Does not modify files or execute code. Does not interact with live protocol endpoints or perform active testing. ## Inputs - Protocol specification or implementation under analysis - Message sequence diagrams or protocol description - Participant roles and trust relationships - Security properties the protocol should provide (authentication, confidentiality, integrity, forward secrecy) - Deployment context (network model, adversary capabilities) ## Input Sanitization No user-provided values are used in commands or file paths. All inputs are treated as read-only analysis targets. ## Procedure ### Step 1: Model Protocol State Machine Define the protocol as a state machine for each participant: - Enumerate all states (initial, waiting, authenticated, established, error, closed) - Define all valid transitions with triggering messages - Identify terminal states and error recovery paths - Document state variables maintained at each state (keys, nonces, sequence numbers) ### Step 2: Enumerate State Transitions For each state transition, document: - Triggering condition (message received, timeout, local event) - Validation checks performe