State Space Reduction in the Maude-NRL Protocol Analyzer

  • Santiago Escobar
  • Catherine Meadows
  • José Meseguer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5283)


The Maude-NRL Protocol Analyzer (Maude-NPA) is a tool and inference system for reasoning about the security of cryptographic protocols in which the cryptosystems satisfy different equational properties. It both extends and provides a formal framework for the original NRL Protocol Analyzer, which supported equational reasoning in a more limited way. Maude-NPA supports a wide variety of algebraic properties that includes many crypto-systems of interest such as, for example, one-time pads and Diffie-Hellman. Maude-NPA, like the original NPA, looks for attacks by searching backwards from an insecure attack state, and assumes an unbounded number of sessions. Because of the unbounded number of sessions and the support for different equational theories, it is necessary to develop ways of reducing the search space and avoiding infinite search paths. As a result, we have developed a number of state space reduction techniques. In order for the techniques to prove useful, they need not only to speed up the search, but should not violate soundness so that failure to find attacks still guarantees security. In this paper we describe the state space reduction techniques we use. We also provide soundness proofs, and experimental evaluations of their effect on the performance of Maude-NPA.


Search Space Algebraic Property Cryptographic Protocol Attack State Reachability Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. Int’l Journal of Information Security 4(3), 181–208 (2005)CrossRefGoogle Scholar
  2. 2.
    Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (2001)CrossRefGoogle Scholar
  3. 3.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transaction on Information Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Escobar, S., Meseguer, J., Sasse, R.: Effectively checking or disproving the finite variant property. In: Proc. of Term Rewriting and Applications, RTA 2008. LNCS. Springer, Heidelberg (to appear, 2008)Google Scholar
  5. 5.
    Escobar, S., Meseguer, J., Sasse, R.: Variant narrowing and equational unification. In: Proc. of Rewriting Logic and its Applications, WRLA 2008 (2008)Google Scholar
  6. 6.
    Escobar, S., Hendrix, J., Meadows, C., Meseguer, J.: Diffie-hellman cryptographic reasoning in the Maude-NRL Protocol Analyzer. In: Proc. of Security and Rewriting Techniques, SecReT 2007 (2007)Google Scholar
  7. 7.
    Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties. Theoretical Computer Science 367(1-2) (2006)Google Scholar
  8. 8.
    Escobar, S., Meadows, C., Meseguer, J.: Equational cryptographic reasoning in the maude-nrl protocol analyzer. Electronic Notes in Theoretical Computer Science 171(4), 23–36 (2007)CrossRefGoogle Scholar
  9. 9.
    Escobar, S., Meseguer, J.: Symbolic model checking of infinite-state systems using narrowing. In: Baader, F. (ed.) RTA 2007. LNCS, vol. 4533, pp. 153–168. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Thayer Fabrega, F.J., Herzog, J., Guttman, J.: Strand Spaces: What Makes a Security Protocol Correct? Journal of Computer Security 7, 191–230 (1999)CrossRefGoogle Scholar
  11. 11.
    Meadows, C.: The NRL protocol analyzer: An overview. Journal of logic programming 26(2), 113–131 (1996)CrossRefzbMATHGoogle Scholar
  12. 12.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science 96(1), 73–155 (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Parisi-Presicce, F. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. Higher-Order and Symbolic Computation 20(1-2), 123–160 (2007)CrossRefzbMATHGoogle Scholar
  15. 15.
    Shmatikov, V., Stern, U.: Efficient finite-state analysis for large security protocols. In: 11th Computer Security Foundations Workshop — CSFW-11. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  16. 16.
    Terese (ed.): Term Rewriting Systems. Cambridge University Press, Cambridge (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Santiago Escobar
    • 1
  • Catherine Meadows
    • 2
  • José Meseguer
    • 3
  1. 1.Universidad Politécnica de ValenciaSpain
  2. 2.Naval Research LaboratoryWashingtonUSA
  3. 3.University of Illinois at Urbana-ChampaignUSA

Personalised recommendations