TY - JOUR
T1 - A rewriting-based inference system for the NRL Protocol Analyzer and its meta-logical properties
AU - Escobar, Santiago
AU - Meadows, Catherine
AU - Meseguer, José
N1 - Funding Information:
We thank David Basin, Hubert Comon, Jean Goubault-Larrecq, Luca Viganò, and the anonymous referees for the useful remarks and suggestions which helped us to improve the paper. Santiago Escobar has been partially supported by the EU (FEDER) and Spanish MEC TIN-2004-7943-C04-02 project, the “Generalitat Valenciana” under Grant GV06/285, and the ICT for EU-India Cross-Cultural Dissemination ALA/95/23/2003/077-054 project.
PY - 2006/11/24
Y1 - 2006/11/24
N2 - The NRL Protocol Analyzer (NPA) is a tool for the formal specification and analysis of cryptographic protocols that has been used with great effect on a number of complex real-life protocols. One of the most interesting of its features is that it can be used to reason about security in face of attempted attacks on low-level algebraic properties of the functions used in a protocol. Indeed, it has been used successfully to either reproduce or discover a number of such attacks. In this paper we give for the first time a precise formal specification of the main features of the NPA inference system: its grammar-based techniques for invariant generation and its backwards reachability analysis method. This formal specification is given within the well-known rewriting framework so that the inference system is specified as a set of rewrite rules modulo an equational theory describing the behavior of the cryptographic algorithms involved. We then use this formalization to prove some important meta-logical properties about the NPA inference system, including the soundness and completeness of the search algorithm and soundness of the grammar generation algorithm. The formalization and soundness and completeness theorems not only provide also a better understanding of the NPA as it currently operates, but provide a modular basis which can be used as a starting point for increasing the types of equational theories it can handle.
AB - The NRL Protocol Analyzer (NPA) is a tool for the formal specification and analysis of cryptographic protocols that has been used with great effect on a number of complex real-life protocols. One of the most interesting of its features is that it can be used to reason about security in face of attempted attacks on low-level algebraic properties of the functions used in a protocol. Indeed, it has been used successfully to either reproduce or discover a number of such attacks. In this paper we give for the first time a precise formal specification of the main features of the NPA inference system: its grammar-based techniques for invariant generation and its backwards reachability analysis method. This formal specification is given within the well-known rewriting framework so that the inference system is specified as a set of rewrite rules modulo an equational theory describing the behavior of the cryptographic algorithms involved. We then use this formalization to prove some important meta-logical properties about the NPA inference system, including the soundness and completeness of the search algorithm and soundness of the grammar generation algorithm. The formalization and soundness and completeness theorems not only provide also a better understanding of the NPA as it currently operates, but provide a modular basis which can be used as a starting point for increasing the types of equational theories it can handle.
UR - http://www.scopus.com/inward/record.url?scp=33750477656&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33750477656&partnerID=8YFLogxK
U2 - 10.1016/j.tcs.2006.08.035
DO - 10.1016/j.tcs.2006.08.035
M3 - Article
AN - SCOPUS:33750477656
SN - 0304-3975
VL - 367
SP - 162
EP - 202
JO - Theoretical Computer Science
JF - Theoretical Computer Science
IS - 1-2
ER -