Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Rewriting Logic and its Applications

WRLA 2022: Rewriting Logic and Its Applications pp 253–273Cite as

Parallel Maude-NPA for Cryptographic Protocol Analysis

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13252))

Abstract

Maude-NPA is a symbolic model checker for analyzing cryptographic protocols in the Dolev-Yao strand space model modulo an equational theory defining the cryptographic operations, which starts from an attack state to find counterexamples by performing a backward narrowing reachability analysis. Although Maude-NPA is a powerful analyzer, its running performance can be improved by taking advantage of parallel and/or distributed computing when dealing with non-trivial protocols in which the state space is huge. This paper describes a parallel version of Maude-NPA and a tool that supports it. We report on some experiments of various kinds of protocols that demonstrate that the tool can increase the running performance of Maude-NPA by 30% on average for most non-trivial case studies in which the number of states located at each layer is considerably large.

This work was supported by JST SICORP Grant Number JPMJSC20C2, Japan, by grant S2018/TCS-4339 (BLOQUES-CM) funded by Comunidad de Madrid co-funded by EIE Funds of the European Union, by grant PID2019-108528RB-C22 (ProCode-UCM) funded by MICIN. S. Escobar has been partially supported by the grant RTI2018-094403-B-C32 funded by MCIN/AEI/10.13039/501100011033 and ERDF A way of making Europe, by the grant PROMETEO/2019/098 funded by Generalitat Valenciana, and by the grant PCI2020-120708-2 funded by MICIN/AEI/10.13039/501100011033 and by the European Union NextGenerationEU/PRTR.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://github.com/canhminhdo/parallel-maude-npa.

  2. 2.

    http://personales.upv.es/sanesro/Maude-NPA_Protocols/index.html.

References

  1. Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_27

    Chapter  Google Scholar 

  2. Barnat, J., Brim, L., Chaloupka, J.: Parallel breadth-first search LTL model-checking. In: Proceedings of the 18th IEEE International Conference on Automated Software Engineering, pp. 106–115 (2003). https://doi.org/10.1109/ASE.2003.1240299

  3. Barnat, J., et al.: Parallel model checking algorithms for linear-time temporal logic. In: Handbook of Parallel Constraint Reasoning, pp. 457–507. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-63516-3_12

    Chapter  Google Scholar 

  4. Barnat, J., et al.: DiVinE 3.0 – an explicit-state model checker for multithreaded C & C++ programs. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 863–868. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_60

    Chapter  Google Scholar 

  5. Basin, D., Mödersheim, S., Viganò, L.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2004). https://doi.org/10.1007/s10207-004-0055-7

    Article  Google Scholar 

  6. Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, pp. 82–96 (2001). https://doi.org/10.1109/CSFW.2001.930138

  7. Buluç, A., Madduri, K.: Parallel breadth-first search on distributed memory systems. In: Proceedings of 2011 International Conference for High Performance Computing, Networking, Storage and Analysis, SC 2011, New York, NY, USA. Association for Computing Machinery (2011). https://doi.org/10.1145/2063384.2063471

  8. Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1

    Book  MATH  Google Scholar 

  9. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press, Cambridge (2009)

    MATH  Google Scholar 

  10. Cremers, C.J.F.: The Scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38

    Chapter  Google Scholar 

  11. Do, C.M., Phyo, Y., Riesco, A., Ogata, K.: A parallel stratified model checking technique/tool for leads-to properties. In: 2021 7th International Symposium on System and Software Reliability (ISSSR), pp. 155–166 (2021). https://doi.org/10.1109/ISSSR53171.2021.00011

  12. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983). https://doi.org/10.1109/TIT.1983.1056650

    Article  MathSciNet  MATH  Google Scholar 

  13. Dong, L., Chen, K.: Introduction of cryptographic protocols. In: Cryptographic Protocol, pp. 1–12. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-24073-7_1

  14. Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1), 162–202 (2006). https://doi.org/10.1016/j.tcs.2006.08.035

    Article  MathSciNet  MATH  Google Scholar 

  15. Escobar, S., Meadows, C., Meseguer, J.: State space reduction in the Maude-NRL protocol analyzer. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 548–562. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_35

    Chapter  Google Scholar 

  16. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1

    Chapter  MATH  Google Scholar 

  17. Escobar, S., Meseguer, J.: Symbolic model checking of infinite-state systems using narrowing. In: Baader, F. (ed.) RTA 2007. LNCS, vol. 4533, pp. 153–168. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73449-9_13

    Chapter  Google Scholar 

  18. Fabrega, F., Herzog, J., Guttman, J.: Strand spaces: why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 160–171 (1998). https://doi.org/10.1109/SECPRI.1998.674832

  19. Goguen, J., Kirchner, C., Kirchner, H., Mégrelis, A., Meseguer, J., Winkler, T.: An introduction to OBJ 3. In: Kaplan, S., Jouannaud, J.-P. (eds.) CTRS 1987. LNCS, vol. 308, pp. 258–263. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-19242-5_22

    Chapter  Google Scholar 

  20. Holzmann, G.J., Bosnacki, D.: The design of a multicore extension of the SPIN model checker. IEEE Trans. Software Eng. 33(10), 659–674 (2007). https://doi.org/10.1109/TSE.2007.70724

    Article  Google Scholar 

  21. Klop, J.W., Bezem, M., Vrijer, R.C.D.: Term Rewriting Systems. Cambridge University Press, Cambridge (2001)

    MATH  Google Scholar 

  22. Kobeissi, N., Nicolas, G., Tiwari, M.: Verifpal: cryptographic protocol analysis for the real world. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 151–202. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_8

    Chapter  Google Scholar 

  23. Kong, W., Hou, G., Hu, X., Ando, T., Hisazumi, K., Fukuda, A.: Garakabu2: an SMT-based bounded model checker for HSTM designs in ZIPC. J. Inf. Sec. Appl. 31, 61–74 (2016). https://doi.org/10.1016/j.jisa.2016.08.001

    Article  Google Scholar 

  24. Kong, W., Liu, L., Ando, T., Yatsu, H., Hisazumi, K., Fukuda, A.: Facilitating multicore bounded model checking with stateless explicit-state exploration. Comput. J. 58(11), 2824–2840 (2015). https://doi.org/10.1093/comjnl/bxu127

    Article  Google Scholar 

  25. Korf, R.E., Schultze, P.: Large-scale parallel breadth-first search. In: Proceedings of the 20th National Conference on Artificial Intelligence, AAAI 2005, vol. 3, pp. 1380–1385. AAAI Press (2005)

    Google Scholar 

  26. Leiserson, C.E., Schardl, T.B.: A work-efficient parallel breadth-first search algorithm (or how to cope with the nondeterminism of reducers). In: Proceedings of the Twenty-Second Annual ACM Symposium on Parallelism in Algorithms and Architectures, SPAA 2010, New York, NY, USA, pp. 303–314. Association for Computing Machinery (2010). https://doi.org/10.1145/1810479.1810534

  27. Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995). https://doi.org/10.1016/0020-0190(95)00144-2

    Article  MATH  Google Scholar 

  28. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  29. Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992). https://doi.org/10.1016/0304-3975(92)90182-F

    Article  MathSciNet  MATH  Google Scholar 

  30. Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Presicce, F.P. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-64299-4_26

    Chapter  Google Scholar 

  31. Meseguer, J.: Twenty years of rewriting logic. J. Log. Algebraic Methods Program. 81(7–8), 721–781 (2012). https://doi.org/10.1016/j.jlap.2012.06.003

    Article  MathSciNet  MATH  Google Scholar 

  32. Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. Electron. Notes Theor. Comput. Sci. 117, 153–182 (2005). https://doi.org/10.1016/j.entcs.2004.06.024. Proceedings of the Fifth International Workshop on Rewriting Logic and Its Applications (WRLA 2004)

    Article  MATH  Google Scholar 

  33. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659

    Article  MATH  Google Scholar 

  34. Song, D.X.: Athena: a new efficient automatic checker for security protocol analysis. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 192–202 (1999). https://doi.org/10.1109/CSFW.1999.779773

  35. Yoo, A., Chow, E., Henderson, K., McLendon, W., Hendrickson, B., Catalyurek, U.: A scalable distributed parallel breadth-first search algorithm on BlueGene/L. In: Proceedings of the 2005 ACM/IEEE Conference on Supercomputing, SC 2005, p. 25 (2005). https://doi.org/10.1109/SC.2005.4

Download references

Author information

Authors and Affiliations

  1. Japan Advanced Institute of Science and Technology (JAIST), Nomi, Japan

    Canh Minh Do & Kazuhiro Ogata

  2. Universidad Complutense de Madrid, Madrid, Spain

    Adrián Riesco

  3. VRAIN, Universitat Politècnica de València, Valencia, Spain

    Santiago Escobar

Authors
  1. Canh Minh Do
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adrián Riesco
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Santiago Escobar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kazuhiro Ogata
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Canh Minh Do .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Pohang University of Science and Technology, Pohang, Korea (Republic of)

    Kyungmin Bae

A The Number of States Located at Each Layer

A The Number of States Located at Each Layer

The fourth column in Tables 45 shows the number of states located at each layer starting from depth zero up to the depth bound for each protocol, which is a list of natural numbers separated by commas. If the last value in the list is X, it means that there are X states located at the depth bound. Especially, if X is zero, it means that there is no state for the layer. If the last value in the list is of the form \(X + Y\), it means that there are \(X + Y\) states located at the depth bound while Y is the number of initial states (counterexamples).

Table 4. The number of states located at each layer
Full size table
Table 5. The number of states located at each layer
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Minh Do, C., Riesco, A., Escobar, S., Ogata, K. (2022). Parallel Maude-NPA for Cryptographic Protocol Analysis. In: Bae, K. (eds) Rewriting Logic and Its Applications. WRLA 2022. Lecture Notes in Computer Science, vol 13252. Springer, Cham. https://doi.org/10.1007/978-3-031-12441-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-12441-9_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-12440-2

  • Online ISBN: 978-3-031-12441-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation