A Comparison between Strand Spaces and Multiset Rewriting for Security Protocol Analysis

Formal analysis of security protocols is largely based on a set of assumptions commonly referred to asthe Dolev-Yao model. Two formalisms that state the basic assumptions of this model are related here:strand spaces and multiset rewriting with existential quantification. Strand spaces provide a simple andeconomical approach to analysis of completed protocol runs by emphasizing causal interactions amongprotocol participants. The multiset rewriting formalism provides a very precise way of specifying finite-length protocols with unboundedly many instances of each protocol role, such as client, server, initiator, orresponder. A number of modifications to each system are required to produce a meaningful comparison. Inparticular, we extend the strand formalism with a way of incrementally growing bundles in order to emulatean execution of a protocol with parametric strands. The correspondence between the modified formalismsdirectly relates the intruder theory from the multiset rewriting formalism to the penetrator strands. Therelationship we illustrate here between multiset rewriting specifications and strand spaces thus suggestsrefinements to both frameworks, and deepens our understanding of the Dolev-Yao model.