In this paper, we present a methodology for analysing secu- rity protocols using scenario based simulation. A scenario of a potential attack specifies the flow but not the content of messages. Using scenar- ios can reduce the number of protocol runs to be explored during attack searching via simulation. The number of runs can be further reduced by minimizing the number of intruder’s generated messages. The intruder’s ability to generate messages is limited by considering: the expected mes- sage content and type matching. Our approach uses two tools that sup- port the Abstract State Machines method: the AsmetaL for modelling purposes and the AsmetaS for performing the simulation. We propose a simple model for the specification of commutative encryption. Several protocols are examined to show the effectiveness of our method.