Sequential Protocol Composition in Maude-NPA

  • Santiago Escobar
  • Catherine Meadows
  • José Meseguer
  • Sonia Santiago
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6345)


Protocols do not work alone, but together, one protocol relying on another to provide needed services. Many of the problems in cryptographic protocols arise when such composition is done incorrectly or is not well understood. In this paper we discuss an extension to the Maude-NPA syntax and operational semantics to support dynamic sequential composition of protocols, so that protocols can be specified separately and composed when desired. This allows one to reason about many different compositions with minimal changes to the specification. Moreover, we show that, by a simple protocol transformation, we are able to analyze and verify this dynamic composition in the current Maude-NPA tool. We prove soundness and completeness of the protocol transformation with respect to the extended operational semantics, and illustrate our results on some examples.


Model Check Operational Semantic Security Protocol Protocol Transformation Cryptographic Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anlauff, M., Pavlovic, D., Waldinger, R., Westfold, S.: Proving authentication properties in the protocol derivation assistant. In: Proc. of Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (2006)Google Scholar
  2. 2.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: STOC, pp. 494–503 (2002)Google Scholar
  3. 3.
    Capkun, S., Hubaux, J.P.: Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communication 24(2) (February 2006)Google Scholar
  4. 4.
    Cervesato, I., Meadows, C., Pavlovic, D.: An encapsulated authentication logic for reasoning about key establishment protocols. In: IEEE Computer Security Foundations Workshop (2005)Google Scholar
  5. 5.
    Cortier, V., Delaune, S.: Safely composing security protocols. Formal Methods in System Design 34(1), 1–36 (2009)MATHCrossRefGoogle Scholar
  6. 6.
    Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: Secure protocol composition. In: Proc. Mathematical Foundations of Programming Semantics. ENTCS, vol. 83 (2003)Google Scholar
  7. 7.
    Desmedt, Y.: Major security problems with the “unforgeable” (Feige-)Fiat-Shamir Proofs of identity and how to overcome them. In: Securicom 88, 6th Worldwide Congress on Computer and Communications Security and Protection, Paris, France, March 1988, pp. 147–159 (1988)Google Scholar
  8. 8.
    Doghim, S., Guttman, J., Thayer, F.J.: Searching for Shapes in Cryptographic Protocols. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 523–537. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Durgin, N., Mitchell, J., Pavlovic, D.: A Compositional Logic for Program Correctness. In: Fifteenth Computer Security Foundations Workshop — CSFW-14, Cape Breton, NS, Canada, June 11-13, IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  10. 10.
    Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1-2), 162–202 (2006)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: Cryptographic protocol analysis modulo equational properties. In: FOSAD 2008/2009 Tutorial Lectures, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)Google Scholar
  12. 12.
    Escobar, S., Meadows, C., Meseguer, J., Santiago, S.: Sequential Protocol Composition in Maude-NPA. Technical Report DSIC-II/06/10, Universidad Politécnica de Valencia (June 2010)Google Scholar
  13. 13.
    Thayer Fabrega, F.J., Herzog, J., Guttman, J.: Strand Spaces: What Makes a Security Protocol Correct? Journal of Computer Security 7, 191–230 (1999)Google Scholar
  14. 14.
    Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: Proc. of the 5th IFIP International Working Conference on Dependable Computing for Critical Applications, pp. 79–99. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  15. 15.
    Guttman, J.: Security protocol design via authentication tests. In: Proc. Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  16. 16.
    Guttman, J.D., Herzog, J.C., Swarup, V., Thayer, F.J.: Strand spaces: From key exchange to secure location. In: Workshop on Event-Based Semantics (2008)Google Scholar
  17. 17.
    Guttman, J.D., Thayer, F.J.: Protocol independence through disjoint encryption. In: CSFW, pp. 24–34 (2000)Google Scholar
  18. 18.
    Harkins, D., Carrel, D.: The Internet Key Exchange (IKE), IETF RFC 2409 (November 1998)Google Scholar
  19. 19.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Parisi-Presicce, F. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998)Google Scholar
  22. 22.
    TeReSe (ed.): Term Rewriting Systems. Cambridge University Press, Cambridge (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Santiago Escobar
    • 1
  • Catherine Meadows
    • 2
  • José Meseguer
    • 3
  • Sonia Santiago
    • 1
  1. 1.DSIC-ELPUniversidad Politécnica de ValenciaSpain
  2. 2.Naval Research LaboratoryWashingtonUSA
  3. 3.University of Illinois at Urbana-ChampaignUSA

Personalised recommendations