Abstract
Maude-NPA is a symbolic model checker for analyzing cryptographic protocols in the Dolev-Yao strand space model modulo an equational theory defining the cryptographic operations, which starts from an attack state to find counterexamples by performing a backward narrowing reachability analysis. Although Maude-NPA is a powerful analyzer, its running performance can be improved by taking advantage of parallel and/or distributed computing when dealing with non-trivial protocols in which the state space is huge. This paper describes a parallel version of Maude-NPA and a tool that supports it. We report on some experiments of various kinds of protocols that demonstrate that the tool can increase the running performance of Maude-NPA by 30% on average for most non-trivial case studies in which the number of states located at each layer is considerably large.
This work was supported by JST SICORP Grant Number JPMJSC20C2, Japan, by grant S2018/TCS-4339 (BLOQUES-CM) funded by Comunidad de Madrid co-funded by EIE Funds of the European Union, by grant PID2019-108528RB-C22 (ProCode-UCM) funded by MICIN. S. Escobar has been partially supported by the grant RTI2018-094403-B-C32 funded by MCIN/AEI/10.13039/501100011033 and ERDF A way of making Europe, by the grant PROMETEO/2019/098 funded by Generalitat Valenciana, and by the grant PCI2020-120708-2 funded by MICIN/AEI/10.13039/501100011033 and by the European Union NextGenerationEU/PRTR.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_27
Barnat, J., Brim, L., Chaloupka, J.: Parallel breadth-first search LTL model-checking. In: Proceedings of the 18th IEEE International Conference on Automated Software Engineering, pp. 106–115 (2003). https://doi.org/10.1109/ASE.2003.1240299
Barnat, J., et al.: Parallel model checking algorithms for linear-time temporal logic. In: Handbook of Parallel Constraint Reasoning, pp. 457–507. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-63516-3_12
Barnat, J., et al.: DiVinE 3.0 – an explicit-state model checker for multithreaded C & C++ programs. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 863–868. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_60
Basin, D., Mödersheim, S., Viganò, L.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2004). https://doi.org/10.1007/s10207-004-0055-7
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, pp. 82–96 (2001). https://doi.org/10.1109/CSFW.2001.930138
Buluç, A., Madduri, K.: Parallel breadth-first search on distributed memory systems. In: Proceedings of 2011 International Conference for High Performance Computing, Networking, Storage and Analysis, SC 2011, New York, NY, USA. Association for Computing Machinery (2011). https://doi.org/10.1145/2063384.2063471
Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press, Cambridge (2009)
Cremers, C.J.F.: The Scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38
Do, C.M., Phyo, Y., Riesco, A., Ogata, K.: A parallel stratified model checking technique/tool for leads-to properties. In: 2021 7th International Symposium on System and Software Reliability (ISSSR), pp. 155–166 (2021). https://doi.org/10.1109/ISSSR53171.2021.00011
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983). https://doi.org/10.1109/TIT.1983.1056650
Dong, L., Chen, K.: Introduction of cryptographic protocols. In: Cryptographic Protocol, pp. 1–12. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-24073-7_1
Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1), 162–202 (2006). https://doi.org/10.1016/j.tcs.2006.08.035
Escobar, S., Meadows, C., Meseguer, J.: State space reduction in the Maude-NRL protocol analyzer. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 548–562. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_35
Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1
Escobar, S., Meseguer, J.: Symbolic model checking of infinite-state systems using narrowing. In: Baader, F. (ed.) RTA 2007. LNCS, vol. 4533, pp. 153–168. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73449-9_13
Fabrega, F., Herzog, J., Guttman, J.: Strand spaces: why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 160–171 (1998). https://doi.org/10.1109/SECPRI.1998.674832
Goguen, J., Kirchner, C., Kirchner, H., Mégrelis, A., Meseguer, J., Winkler, T.: An introduction to OBJ 3. In: Kaplan, S., Jouannaud, J.-P. (eds.) CTRS 1987. LNCS, vol. 308, pp. 258–263. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-19242-5_22
Holzmann, G.J., Bosnacki, D.: The design of a multicore extension of the SPIN model checker. IEEE Trans. Software Eng. 33(10), 659–674 (2007). https://doi.org/10.1109/TSE.2007.70724
Klop, J.W., Bezem, M., Vrijer, R.C.D.: Term Rewriting Systems. Cambridge University Press, Cambridge (2001)
Kobeissi, N., Nicolas, G., Tiwari, M.: Verifpal: cryptographic protocol analysis for the real world. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 151–202. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_8
Kong, W., Hou, G., Hu, X., Ando, T., Hisazumi, K., Fukuda, A.: Garakabu2: an SMT-based bounded model checker for HSTM designs in ZIPC. J. Inf. Sec. Appl. 31, 61–74 (2016). https://doi.org/10.1016/j.jisa.2016.08.001
Kong, W., Liu, L., Ando, T., Yatsu, H., Hisazumi, K., Fukuda, A.: Facilitating multicore bounded model checking with stateless explicit-state exploration. Comput. J. 58(11), 2824–2840 (2015). https://doi.org/10.1093/comjnl/bxu127
Korf, R.E., Schultze, P.: Large-scale parallel breadth-first search. In: Proceedings of the 20th National Conference on Artificial Intelligence, AAAI 2005, vol. 3, pp. 1380–1385. AAAI Press (2005)
Leiserson, C.E., Schardl, T.B.: A work-efficient parallel breadth-first search algorithm (or how to cope with the nondeterminism of reducers). In: Proceedings of the Twenty-Second Annual ACM Symposium on Parallelism in Algorithms and Architectures, SPAA 2010, New York, NY, USA, pp. 303–314. Association for Computing Machinery (2010). https://doi.org/10.1145/1810479.1810534
Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995). https://doi.org/10.1016/0020-0190(95)00144-2
Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48
Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992). https://doi.org/10.1016/0304-3975(92)90182-F
Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Presicce, F.P. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-64299-4_26
Meseguer, J.: Twenty years of rewriting logic. J. Log. Algebraic Methods Program. 81(7–8), 721–781 (2012). https://doi.org/10.1016/j.jlap.2012.06.003
Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. Electron. Notes Theor. Comput. Sci. 117, 153–182 (2005). https://doi.org/10.1016/j.entcs.2004.06.024. Proceedings of the Fifth International Workshop on Rewriting Logic and Its Applications (WRLA 2004)
Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659
Song, D.X.: Athena: a new efficient automatic checker for security protocol analysis. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 192–202 (1999). https://doi.org/10.1109/CSFW.1999.779773
Yoo, A., Chow, E., Henderson, K., McLendon, W., Hendrickson, B., Catalyurek, U.: A scalable distributed parallel breadth-first search algorithm on BlueGene/L. In: Proceedings of the 2005 ACM/IEEE Conference on Supercomputing, SC 2005, p. 25 (2005). https://doi.org/10.1109/SC.2005.4
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A The Number of States Located at Each Layer
A The Number of States Located at Each Layer
The fourth column in Tables 4–5 shows the number of states located at each layer starting from depth zero up to the depth bound for each protocol, which is a list of natural numbers separated by commas. If the last value in the list is X, it means that there are X states located at the depth bound. Especially, if X is zero, it means that there is no state for the layer. If the last value in the list is of the form \(X + Y\), it means that there are \(X + Y\) states located at the depth bound while Y is the number of initial states (counterexamples).
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Minh Do, C., Riesco, A., Escobar, S., Ogata, K. (2022). Parallel Maude-NPA for Cryptographic Protocol Analysis. In: Bae, K. (eds) Rewriting Logic and Its Applications. WRLA 2022. Lecture Notes in Computer Science, vol 13252. Springer, Cham. https://doi.org/10.1007/978-3-031-12441-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-12441-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-12440-2
Online ISBN: 978-3-031-12441-9
eBook Packages: Computer ScienceComputer Science (R0)