Modeling and Analyzing the μTESLA Protocol using CSP

Mengying Wang, Huibiao Zhu, Yongxin Zhao, Si Liu

Shanghai Key Laboratory of Trustworthy ComputingSoftware Engineering Institute, East China Normal University

Email:{mywang,hbzhu,yxzhao,siliu}@sei.ecnu.edu.cn

Abstract—In this paper, we investigate the μTESLA protocoland analyze its broadcast authentication property using processalgebra CSP. All the communication entities of the protocolinvolving the base station, the sensors and the intruder aremodeled as CSP processes respectively. Besides, we also pro-duce a CSP description of the protocol specification in ourframework. Our verification result demonstrates the correct-ness of the protocol and the satisfaction toward the broadcastauthentication property.

I. INTRODUCTION

As a broadcast authentication protocol for wireless sen-

sor networks, μTESLA provides authenticated streaming

broadcast for unsupervised harsh and resource-constrained

environments. It posses several famous features such as

symmetric encryption, quasi-asymmetry, low energy and

high efficiency.

Nowadays, a number of formal methods and techniques

have been developed to model the μTESLA protocol and

check its security properties [1], [2], [4]. Ballardin and

Merro [1] proposed a timed broadcasting calculus tcryp-

toCWS, and as a main application, they presented a formal

specification of μTESLA and proved that such a protocol

enjoyed the timed integrity. In [2], Gorrieri et al. employed

the tCryptoSPA to formally verify the timed integrity of

μTESLA, but differently, their abstraction for timed integrity

was less intuitive. Hopcroft and Lowe [4] constructed a finite

CSP model for the TESLA protocol, and they had analyzed

mostly by hand that the protocol was correct at least when

the system comprising a single sender and a single receiver.

In this paper, we investigate μTESLA protocol and an-

alyze its broadcast authentication property using formal

method CSP [3], [9]. All the communication entities of the

protocol involving the base station and the sensor nodes are

described as CSP processes respectively. The authentication

mechanism is also encoded in our framework to undertake a

comprehensive formal analysis of the protocol. Furthermore,

we propose a Dolev-Yao intruder model, within which an

intruder can overhear, intercept, deduce and forge messages.

In addition, we also produce a CSP specification of the

broadcast authentication property in the protocol. Based on

the trace semantics of CSP, we can verify that the protocol

indeed satisfies such property.

The remainder of this paper is organized as follows.

Section 2 briefly introduces the μTESLA protocol and some

related CSP notations. In Section 3, a CSP description of

the protocol is presented. Then we analyze and verify the

achieved model in terms of refinement approach based on

trace semantics in Section 4. Finally, Section 5 concludes

the paper and presents the future work.

II. PRELIMINARIES

A. The μTESLA Protocol

The μTESLA protocol is usually described as four phases:

sender setup, bootstrapping new receivers, broadcasting au-

thenticated packets and authenticating broadcast packets. Let

A be a receiving node, ∗ represent all nodes in the network

and S be a broadcasting sender. The following will give a

brief overview of the protocol.

Sender setup S chooses the last key KN at random, and

then generates the previous keys by recursively applying the

one-way function F on the latest key. Then S selects a future

time period [T0, TN+δ+1], and divides it into (N + δ + 1)small time intervals with a length of Tint for each one. Note

that, δ is the disclosure delay of keys release. Finally, Sassociates each key of the one-way key chain with one of

the time intervals.

Bootstrapping new receivers A records its local time tR,

and generates a nonce NA to S.

A → S : NA

Once receiving the nonce, S returns a message with the

following information: its current time tS , the first key in

the chain K0, the start time of the first interval T0, the time

interval Tint and the disclosure delay δ. To authenticate data,

as well as to ensure data freshness, S uses the shared secretkey SKA and NA to figure out the MAC.

S → A : Args.Mac(SKA, NA.Args)

where Args = tS .K0.T0.Tint.δ

When A receives this message, it could compute the max-

imum time synchronization error Δ (Δ = tS − tR, defined

in [6]) and obtain the broadcast authentication parameters.

Broadcasting authenticated packets Within the time inter-

val t, S broadcasts a message Mt, and uses the current key

Kt to compute the MAC.

S → ∗ : Mt.Mac(Kt, Mt)

2011 Fifth IEEE International Conference on Theoretical Aspects of Software Engineering

978-0-7695-4506-6/11 $26.00 © 2011 IEEE

DOI 10.1109/TASE.2011.10

247

As soon as A receives this packet, it would perform the safepacket test to ensure S has not disclosed Kt.

The safe packet test is as follows: firstly, A records

its local time tr at which the packet arrived. Then it

calculates the upper bound ts on S’ clock: ts = tr + Δand the maximum interval x which S could be in, namely

x = floor((ts − T0)/Tint). If x < t + δ, which means Shas not disclosed Kt, then A will consider the packet as

safe and store it. Otherwise, it will discard the packet [7].

Authenticating broadcast packets After δ time intervals,

S broadcasts the key Kt.

S → ∗ : Kt

Upon receipt of this key, A checks the legitimacy of

Kt by verifying some earlier authenticated key Ki. Only

when Ki = F t−i(Kt) can A replace the most recently

authenticated key Ki with Kt, and recompute the MACs

to guarantee all packets received during the time interval ito t are not forged or alerted.

B. CSP Notations

In this section, we will give a brief overview of CSP. More

details of CSP can be found in [3], [9].

STOP never engages in any event; SKIP terminates

immediately and then behaves as STOP ; x := e means the

variable x is assigned (value of) e; CHAOS(A) can perform

any sequence of events from A; a → P first engages in

event a, and then behaves exactly as P ; P\A behaves like

P , except each occurrence of any event in A is concealed;

P [[a ← b]] behaves like P , except the event a is renamed

to b; P ; Q is expected to perform P and Q in sequence;

P |||Q behaves like a current run of P and Q without any

barrier synchronization; P � Q and P � Q behaves like

either P or Q, where the selection between them is made

either by the external environment or arbitrarily; P [| A |]Qbehaves like the composed of P and Q interacting in lock-

step synchronization on events from A.

III. MODELING

In order to model the protocol in CSP, we first define

some basic sets and channels.

We define a set of base stations Station and a set of

sensor nodes Node. We assume the existence of the sets Kof keys in key chain, SK of shared secret keys between each

sensor node and the base station, Nonce of nonces, M of

broadcast messages, and T of time intervals. We also define

four types of messages, corresponding to the counterpart of

the protocol.

MSG1 =df {A.S.NA | A ∈ Node, S ∈ Station, NA ∈ Nonce},

MSG2 =df {S.A.Args.Mac(SKA, NA.Args) | S ∈ Station,

A ∈ Node, K0 ∈ K, T0 ∈ T, SKA ∈ SK, NA ∈ Nonce},

MSG3 =df {S. ∗ .Mt.Mac(Kt, Mt) | S ∈ Station, ∗ = Node,

Mt ∈ M, Kt ∈ K},

MSG4 =df {S. ∗ .Kt | S ∈ Station, ∗ = Node, Kt ∈ K},

MSG =df MSG1 ∪MSG2 ∪MSG3 ∪MSG4.

We also declare five channels: comm, fake, intercept,session and fake session.

channel comm, fake, intercept : MSG

channel session, fake session : Station.Node.K

where comm denotes standard communications between

two honest agents; fake and intercept means the message

sender or the receiver is impersonated by the intruder;

session and fake session are used to represent the sen-

sor node successfully authenticate and accept a broadcast

message that is sent from the base station or the intruder.

Figure 1 illustrates the communications in the system via

these channels.

Figure 1. Communications in the System

A. Timer

Since this protocol uses time delay to achieve the effect

of asynchronous encryption and it assumes the local clocks

of both the base station and the sensor nodes to be accurate,

so we need TIMER to simulate a global clock.

TIMER(j) =df (tick → TIMER(j + 1)) �

(time?req → time!j → TIMER(j)).

where j � 0 ∧ j ∈ N.

Note that, when TIMER receives a request req from the

channel time, it responses with the current time j.

B. Base Station

Before performing a run of the protocol, the base station

generates the key chain K, the time intervals T and other

broadcast arguments, such as Tint, δ and so on.

STATION1(S, SK, M, K, T, Tint, δ, N)

=df time!Req → time?ts0 →if(ts0 < T1) then STATION1(S, SK, M, K, T, Tint, δ, N)

else if(ts0 ≥ TN+δ+1) then STOP

else ((comm?A.S.NA → time!Req → time?ts2 →tS := ts2; comm!S.A.Args.Mac(SKA, NA.Args) →SKIP ) � SKIP ) |||

(t := floor((ts0 − T0)/Tint);

if(t ≤ N) then comm!S. ∗ .Mt.Mac(Kt, Mt) → SKIP ;

if((t− δ) ≥ 1) then comm!S. ∗ .Kt−δ → SKIP );

STATION1(S, SK, M, K, T, Tint, δ, N).

The base station sends a request for the current time. If

the time is earlier than T1, then it continues to wait; or

if the time is latter than or equal to TN+δ+1, then it will

immediately terminate; otherwise, it could bootstrap new

248

receivers. Furthermore, it will also broadcast authenticated

packets, and release a previous key so that the receivers

could authenticate the stored broadcasting packets.

C. Sensor Nodes

Each receiver can authenticate broadcast packets only

when it is loosely time synchronized with the base station

and knows the key disclosure schedule of the keys of the

one way key chain. Both of them could be achieved in the

following two-round message exchange.

NODE1(A, SKA)

=df time!Req → time?ts1 →tR := ts1;NA∈Nonce{comm!A.S.NA} →comm?S.A.Args.Mac(SK

′A, N

′A.Args) →

if(Mac(SKA, NA.Args) = Mac(SK′A, N

′A.Args)) then

Δ := tS − tR; NODE2(A, [], Δ, 0, K0, T0, Tint, δ)

else NODE1(A, SKA).

At present, the sensor node has worked out Δ, and also

known the essential broadcasting authentication parameters.

So it begins to receive and authenticate broadcast messages.

NODE2(A, P, Δ, i, Ki, T0, Tint, δ)

=df comm?S. ∗ .Mt.Mac(Kt, Mt) → time!Req →time?ts3 → ts := ts3 + Δ; x := floor((ts − T0)/Tint);

if(x < (t + δ)) then

P := P.AddPacket([t, Mt, Mac(Kt, Mt)]);

if(t− δ ≥ 1) then comm?S. ∗ .Kt−δ →if(F t−δ−i(Kt−δ) = Ki) then

packet := P.GetPacket(t− δ);

if(Mac(Kt−δ, packet[1]) = packet[2]) then

session.S.A.Kt−δ → SKIP ;

P := P.DeletePacket(t− δ);

NODE2(A, P, Δ, t− δ, Kt−δ, T0, Tint, δ)

else NODE2(A, P, Δ, i, Ki, T0, Tint, δ)

else NODE2(A, P, Δ, i, Ki, T0, Tint, δ).

Once receiving the broadcast message Mt, the sensor node

first performs the safe packet test. Only if the test is passed,

would the sensor node buffer the packet. Besides, if Kt−δ

is disclosed and authenticated successfully, would the sensor

node take out all packets received during the time interval

t− δ and authenticate them by recomputing the MACs.

So far, we have ignored the interference from the intruder.

In fact, there indeed exists the possibility of intruder actions.

Take the STATION1 as an example, apart from correct

messages, NA may be faked; Mt, Args and Kt−δ may be

intercepted. We do this via a renaming as [5], and NODE1

is renamed similarly.

D. Intruder

The intruder is defined as the set of facts he knows. The

following set Fact explains all facts that the intruder might

learn: atomic datatypes and MACs.

Fact =df Station∪Node∪K∪SK∪Nonce∪M∪T ∪{Tint, δ, N}∪ {Mac(Kt, Mt)|Kt ∈ K, Mt ∈ M}

∪ {Mac(SKA, NA.Args)| SKA ∈ SK,

NA ∈ Nonce, K0 ∈ K, T0 ∈ T}.

Then we define the inference rules, i.e., the ways in which

the intruder can deduce new facts from what he has known.

(1) {Kt} {Kt−1, Kt−2, Kt−3, ..., K0},

(2) {Kt, Mt} {Mac(Kt, Mt)},

(3) {SKA, NA, Args} {Mac(SKA, NA.Args)},

(4) H {f} ∧H ⊆ H′ ⇒ H

′ {f}.

Here, (1) represents the one-way function F. (2) and (3)

represent the Mac function. (4) represents that if a fact set

{f} could be deduced from a smaller set H , then it can also

be derived from a larger set H′.

Next, we will define the information of a message, i.e., the

facts which will be learned directly by the intruder (without

any further inference).

info(A.S.NA) =df {A, S, NA},

info(S.A.Args.Mac(SKA, NA.Args)) =df

{S, A, tS , K0, T0, Tint, δ, Mac(SKA, NA.Args)},

info(S. ∗ .Mt.Mac(Kt, Mt)) =df {S, ∗, Mt, Mac(Kt, Mt)},

info(S. ∗ .Kt) =df {S, ∗, Kt}.

Since messages are not encrypted, the intruder can read all

message contents, as well as identities of the message sender

and receiver. Moreover, the MACs are also exposed.

In order to better describe the behaviors of the intruder,

we add two channels: deduce and use key. The former can

be used to derive new facts while the latter means that the

intruder uses a known key in a fake session.

channel deduce : Fact.{Fact}channel use key : K

The intruder can overhear or intercept a message so as to

learn all its information; he can fake a message if he knows

all the needed information; he can deduce a new fact from

what he has known; and he can also use a key that he has

known in a fake session.

INTRUDER1(H) =df

�m∈MSGcomm.m → INTRUDER1(H ∪ info(m))

� �m∈MSGintercept.m → INTRUDER1(H ∪ info(m))

� �m∈MSG,info(m)⊆Hfake.m → INTRUDER1(H)

� �f∈Fact,f /∈H,H�{f}deduce.f.H → INTRUDER1(H ∪ {f})� �Kt∈H∩Kuse key.Kt → INTRUDER1(H).

The effects of use key and fake session are the same, so

we rename use key to fake session with the purpose of

running concurrently with the sensor nodes. In addition, we

hide those actions occurring on channel deduce since they

serve as the internal events.

INTRUDER(H) =df INTRUDER1(H)

[[use key ← fake session.S.A]]\{|deduce|}.

E. System and Specification

We first consider a system without the intruder:

SERVER =df STATION(S, [SKA, SKB ], [M1], [K0, K1],

[T0, T1, T2, T3, T4], Tint, 2, 1)[|{|time|}|] TIMER(0),

249

AGENT =df NODE(A, SKA) [|{|time|}|] TIMER(0),

SYSTEM1 =df (SERVER [|{|comm, session|}|] AGENT )

\{tick, |time|}.The base station has been initialized with two shared secret

keys: SKA and SKB , and it wants to send a broadcast

message M1 using K1 at interval [T1, T2). After two time

intervals, i.e., at interval [T3, T4), it will release K1 for

sensor nodes A and B to authenticate M1.

We then add the intruder:

SYSTEM =df SYSTEM1[|ALPH|]INTRUDER({S, A, B, SKB}),ALPH =df {|comm, session, fake, intercept, fake session|}.

The intruder has captured a sensor node B, so as to run the

protocol normally as B. In addition, he can also overhear

messages, intercept messages and even forge messages to

take part in fake sessions with sensor node A.

μTESLA, as a broadcast authentication protocol, guar-

antees that the sensor nodes never accept a message that is

not sent from the base station. Such security property can

be described as:

SPEC =df CHAOS(∑−{|fake session.S.A|}).

Note that∑

is the set of all events. If SYSTEM can refine

SPEC, then the protocol is exactly secure.

IV. VERIFICATION

In order to verify whether the protocol caters for the

broadcast authentication property, we would try to alter or

forge messages. Firstly, we assume the intruder seeks to

forge a broadcast message. We should check whether there

exists a trace, which satisfies the property that messages not

sent from S are accepted by A.

Case I: Before Kt is disclosed, these traces may be (a) or

(b):

(a) 〈comm.A.S.NA, comm.S.A.Args.Mac(SKA, NA.Args),

fake.S. ∗ .M′t .Mac(Kt, M

′t ), comm.S. ∗ .Kt,

fake session.S.A.Kt〉.The intruder means to fake a broadcast message M

′t us-

ing Kt, nonetheless, the trace does not exist in respect

that he does not know Kt, and therefore cannot calculate

Mac(Kt,M′t ) for M

′t .

(b) 〈comm.A.S.NA, fake.S.A.Args′.Mac(SKA, NA.Args

′),

fake.S. ∗ .M′t .Mac(K

′t , M

′t ), fake.S. ∗ .K

′t ,

fake session.S.A.K′t〉.

where Args′= tS .K

′0.T

′0 .T

′int.δ

′.

The intruder is desirous to fake Args′, so as to broadcast M

′t

using his own key disclosure arguments. Whereas this trace

would not exist, for the intruder does not know SKA, and

thus he cannot calculate Mac(SKA, NA.Args′) for Args

′.

Case II: After Kt has been disclosed, these traces may be

(b) or (c):

(c) 〈comm.A.S.NA, comm.S.A.Args.Mac(SKA, NA.Args),

fake.S. ∗ .M′t .Mac(Kt, M

′t ), comm.S. ∗ .Kt,

fake session.S.A.Kt〉.

The intruder directly forges a broadcast message M′t using

a known key Kt. However, the trace does not exist. The

reason is that when A receives M′t , it would find that M

′t is

against the safe packet test, and then drop M′t immediately.

Similarly the case of altering a broadcast message, all

attempts have failed, which demonstrates that the protocol

indeed satisfies such security property.

V. CONCLUSION AND FUTURE WORK

In this paper we have presented a formal model for

the μTESLA protocol using CSP. The Dolev-Yao intruder

which could perform any attacks is also included in our

framework. Furthermore, we have verified the protocol

enjoys the broadcast authentication property in terms of

the trace semantics. In future, we plan to use PAT [10] to

validate our model automatically, so as to strengthen the

reliability.

Acknowledgement This work was supported by the National Ba-

sic Research Program of China (No. 2011CB302904), the National

Natural Science Foundation of China (No. 61061130541 and No.

61021004), China HGJ Significant Project (No. 2009ZX01038-

001-07), and Doctoral Program Foundation of Institutions of

Higher Education of China (No. 200802690018).

REFERENCES

[1] F. Ballardin and M. Merro. A calculus for the analysis ofwireless network security protocols. In Proc. FAST 2010: 7thInternational Workshop on Formal Aspects in Security andTrust, Pisa, Italy, September 16-17, 2010, volume 6561 ofLNCS, pp. 206-222, Springer-Verlag.

[2] R. Gorrieri, F. Martinelli, M. Petrocchi, and A. Vaccarelli.Formal anaylsis of some timed security properties in wirelessprotocols. In Proc. FMOODS 2003: 6th IFIP International Con-ference on Formal Methods for Open Object-based DistributedSystems, Paris, France, November 19-21, 2003, volume 2884of LNCS, pp. 139-154, Springer-Verlag.

[3] C. A. R. Hoare. Communicating Sequential Processes. PrenticeHall International Series in Computer Science, 1985.

[4] P. J. Hopcroft and G. Lowe. Analysing a stream authenticationprotocol using model checking. Int. J. Inf. Sec., 3(1):2C13,2004.

[5] G. Lowe and B. Roscoe. Using CSP to detect errors in thetmn protocol. IEEE Transaction on Software Engineering,23(10):659C669, October 1997.

[6] A. Perrig, R. Canetti, J. D. Tygar, and D. Song. The teslabroadcast authentication protocol, 2002.

[7] A. Perrig, D. X. Song, R. Canetti, J. D. Tygar, and B. Briscoe.Timed efficient stream loss-tolerant authentication (TESLA):Multicast source authentication transform introduction, June2005. Request for Comments.

[8] A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E.Culler. Spins: Security protocols for sensor networks. WirelessNetworks, 8(5):521C534, 2002.

[9] A. W. Roscoe. The Theory and Practice of Concurrency.Prentice Hall International Series in Computer Science, 1997.

[10] J. Sun, Y. Liu, and J. S. Dong. Model checking CSP revisited:Introducing a process analysis toolkit. In Proc. ISoLA 2008:3rd International Symposium on Leveraging Applications ofFormal Methods, Verification and Validation, 13-15 October2008, Porto Sani, Greece, pp. 307-322. Springer-Verlag.

250