Using Process Algebra to Design Better Protocols

  • Peter Höfner
Conference paper
Part of the Mathematics for Industry book series (MFI, volume 25)


Protocol design, development and standardisation still follow the lines of rough consensus and running code. This approach yields fast and impressive results in a sense that protocols are actually implemented and shipped, but comes at a price: protocol specifications, which are mainly written in natural languages without presenting a formal specification , are (excessively) long, ambiguous, underspecified and erroneous. These shortcomings are neither new nor surprising, and well documented. It is the purpose of this paper to provide further evidence that formal methods in general and process algebras in particular can overcome these problems. They provide powerful tools that help to analyse and evaluate protocols, already during the design phase. To illustrate this claim, I report how a combination of pen-and-paper analysis, model checking and interactive theorem proving has helped to perform a formal analysis of the Ad hoc On-Demand Vector (AODV) routing protocol.


Process algebra (Routing) Protocol Wireless mesh network Formal specification Verification AODV 



Special thanks goes to all collaborators who contributed to the AODV case study; in particular Timothy Bourke, Ansgar Fehnker, Robert J. van Glabbeek, Annabelle McIver, Marius Portmann, and Wee Lum Tan. Further I would like to thank Robert J. van Glabbeek again for valuable comments on this paper. NICTA is funded by the Australian Government through the Department of Communications and the Australian Research Council through the ICT Centre of Excellence Program.


  1. 1.
    Behrmann, G., David, A., Larsen, K.G.: A Tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) Formal Methods for the Design of Real-Time Systems, Lecture Notes in Computer Science, vol. 3185, pp. 200–236. Springer, Berlin (2004)Google Scholar
  2. 2.
    Bergstra, J.A., Klop, J.W.: Algebra of communicating processes. In: de Bakker, J.W., Hazewinkel, M., Lenstra, J.K. (eds.) Mathematics and Computer Science, CWI Monograph 1, pp. 89–138. North-Holland (1986)Google Scholar
  3. 3.
    Bolognesi, T., Brinksma, E.: Introduction to the ISO specification language LOTOS. Comput. Netw. 14, 25–59 (1987). doi: 10.1016/0169-7552(87)90085-7 Google Scholar
  4. 4.
    Bourke, T., van Glabbeek, R.J., Höfner, P.: A mechanized proof of loop freedom of the (untimed) AODV routing protocol. In: Cassez, F., Raskin, J.F. (eds.) Automated Technology for Verification and Analysis (ATVA’14), Lecture Notes in Computer Science, vol. 8837, pp. 47–63. Springer, Berlin (2014). doi: 10.1007/978-3-319-11936-6_5
  5. 5.
    Bourke, T., van Glabbeek, R.J., Höfner, P.: Mechanizing a process algebra for network protocols. J. Autom. Reason. 56(3), 309–341 (2016). doi: 10.1007/s10817-015-9358-9. (in press)
  6. 6.
    Bradner, S. (ed.): IETF working group guidelines and procedures. RFC 2418 (Best Current Practice) (1998).
  7. 7.
    Bulychev, P., David, A., Larsen, K., Mikučionis, M., Bøgsted P., D., Legay, A., Wang, Z.: UPPAAL-SMC: Statistical model checking for priced timed automata. In: Wiklicky, H., Massink, M. (eds.) Quantitative Aspects of Programming Languages and Systems, EPTCS, vol. 85, pp. 1–16. Open Publishing Association (2012)Google Scholar
  8. 8.
    Chiyangwa, S., Kwiatkowska, M.: A timing analysis of AODV. In: Formal Methods for Open Object-based Distributed Systems (FMOODS’05), Lecture Notes in Computer Science, vol. 3535, pp. 306–322. Springer, Berlin (2005). doi: 10.1007/11494881_20
  9. 9.
    Fehnker, A., van Glabbeek, R.J., Höfner, P., McIver, A.K., Portmann, M., Tan, W.L.: Automated analysis of AODV using UPPAAL. In: Flanagan, C., König, B. (eds.) Tools and Algorithms for the Construction and Analysis of Systems (TACAS ’12), Lecture Notes in Computer Science, vol. 7214, pp. 173–187. Springer, Berlin (2012). doi: 10.1007/978-3-642-28756-5_13
  10. 10.
    Fehnker, A., van Glabbeek, R.J., Höfner, P., McIver, A.K., Portmann, M., Tan, W.L.: A process algebra for wireless mesh networks. In: H. Seidl (ed.) European Symposium on Programming (ESOP ’12), Lecture Notes in Computer Science, vol. 7211, pp. 295–315. Springer, Berlin (2012). doi: 10.1007/978-3-642-28869-2_15
  11. 11.
    Garcia-Luna-Aceves, J.J.: A unified approach to loop-free routing using distance vectors or link states. In: Proceedings of the Symposium on Communications, Architectures & Protocols (SIGCOMM ’89), ACM SIGCOMM Computer Communication Review, vol. 19(4), pp. 212–223. ACM (1989). doi: 10.1145/75246.75268
  12. 12.
    van Glabbeek, R.J., Höfner, P.: SMACCM report: Formal specification of protocols for internal high-assurance network (2015)Google Scholar
  13. 13.
    van Glabbeek, R.J., Höfner, P., Portmann, M., Tan, W.L.: Modelling and verifying the aodv routing protocol. Distributed Computing (2016). (in press)Google Scholar
  14. 14.
    van Glabbeek, R.J., Höfner, P., Tan, W.L., Portmann, M.: Sequence numbers do not guarantee loop freedom—AODV can yield routing loops—. In: Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM ’13), pp. 91–100. ACM, New York (2013). doi: 10.1145/2507924.2507943
  15. 15.
    Griffin, T.G., Sobrinho, J.: Metarouting. SIGCOMM. Comput. Commun. Rev. 35(4), 1–12 (2005). doi: 10.1145/1090191.1080094 CrossRefGoogle Scholar
  16. 16.
    Hales, T.C., Adams, M., Bauer, G., Dang, D.T., Harrison, J., Le Hoang, T., Kaliszyk, C., Magron, V., McLaughlin, S., Nguyen, T.T., Nguyen, T.Q., Nipkow, T., Obua, S., Pleso, J., J., R., Solovyev, A., Ta, A.H.T., Tra, T.N., Trieu, D.T., Urban, J., Vu, K.K., Zumkeller, R.: A formal proof of the Kepler conjecture. CoRR (2015).
  17. 17.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice Hall, Englewood Cliffs (1985)zbMATHGoogle Scholar
  18. 18.
    Höfner, P., McIver, A.: Statistical model checking of wireless mesh routing protocols. In: Brat, G., Rungta, N., Venet, A. (eds.) NASA Formal Methods Symposium (NFM ’13), Lecture Notes in Computer Science, vol. 7871, pp. 322–336. Springer, Berlin (2013). doi: 10.1007/978-3-642-38088-4_22
  19. 19.
    IEEE: IEEE Standard for Information Technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 10: Mesh Networking (2011).
  20. 20.
    IEEE: IEEE Standard for Information Technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2011). (Revision of IEEE Std 802.11-2007)Google Scholar
  21. 21.
    Klein, G., Andronick, J., Elphinstone, K., Heiser, G., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an operating-system kernel. Commun. ACM 53(6), 107–115 (2010). doi: 10.1145/1743546.1743574 CrossRefGoogle Scholar
  22. 22.
    Klensin, J.: Simple mail transfer protocol. RFC 5321 (Draft Standard), Network Working Group (2008).
  23. 23.
    Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. Int. J. Softw. Tools Technol. Transf. 1(1–2), 134–152 (1997)Google Scholar
  24. 24.
    Milner, R.: Communication and Concurrency. Prentice Hall, Upper Saddle River (1989)Google Scholar
  25. 25.
    Mir, S., Pirzada, A.A., Portmann, M.: HOVER: hybrid on-demand distance vector routing for wireless mesh networks. In: Proceedings of the Australasian Conference on Computer Science (ACSC’08), ACSC ’08, pp. 63–71. Australian Computer Society, Inc. (2008)Google Scholar
  26. 26.
    Miskovic, S., Knightly, E.W.: Routing primitives for wireless mesh networks: Design, analysis and experiments. In: Proceedings of the Conference on Information Communications (INFOCOM ’10), pp. 2793–2801. IEEE (2010). doi: 10.1109/INFCOM.2010.5462111
  27. 27.
    Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos network authentication service (v5). RFC 4120 (Standards Track) (2005).
  28. 28.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic, Lecture Notes in Computer Science, vol. 2283. Springer, Berlin (2002)Google Scholar
  29. 29.
    Paulson, L.C.: The foundation of a generic theorem prover. J. Autom. Reason. 5(3), 363–397 (1989). doi: 10.1007/BF00248324 MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Comput. Secur. 6(1–2), 85–128 (1998)CrossRefGoogle Scholar
  31. 31.
    Perkins, C.E., Belding-Royer, E.M., Das, S.: Ad hoc on-demand distance vector (AODV) routing. RFC 3561 (Experimental), Network Working Group (2003).
  32. 32.
    Perkins, C.E., Royer, E.M.: Ad-hoc On-Demand Distance Vector Routing. In: Mobile Computing Systems and Applications (WMCSA ’99), pp. 90–100. IEEE (1999). doi: 10.1109/MCSA.1999.749281
  33. 33.
    Postel, J.B.: Simple mail transfer protocol. RFC 821 (Internet Standard) (1982).
  34. 34.
    Postel, J.B. (ed.): Transmission control protocol. RFC 793 (Internet Standard) (1981).
  35. 35.
    Ramachandran, K., Buddhikot, M., Chandranmenon, G., Miller, S., Belding-Royer, E.M., Almeroth, K.: On the design and implementation of infrastructure mesh networks. In: Proceedings of the IEEE Workshop on Wireless Mesh Networks (WiMesh’05)). IEEE Press (2005)Google Scholar
  36. 36.
    Rekhter, Y., Li, T., Hares, S.: A border gateway protocol 4 (BGP-4). RFC 4271 (Draft Standard), Network Working Group (Errata Exist) (2006).
  37. 37.
    Rivest, R.: The MD5 Message-Digest Algorithm. RFC 1321 (Informational, Errata Exist) (1992).
  38. 38.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session initiation protocol. RFC 4728 (Proposed Standard), Network Working Group (Errata Exist) (2002).
  39. 39.
    Ryan, P., Schneider, S., Goldsmith, M., Lowe, G., Roscoe, A.: The Modelling and Analysis of Security Protocols: The CSP Approach, (first published 2000) edn. Pearson Education (2010)Google Scholar
  40. 40.
    Sen, K., Viswanathan, M., Agha, G.A.: Vesta: A statistical model-checker and analyzer for probabilistic systems. In: Quantitative Evaluaiton of Systems (QEST’05), pp. 251–252. IEEE (2005)Google Scholar
  41. 41.
    Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. SIGCOMM Comput. Commun. Rev. 31(4), 149–160 (2001). doi: 10.1145/964723.383071 CrossRefGoogle Scholar
  42. 42.
    Stoica, I., Morris, R., Liben-Nowell, D., Karger, D.R., Kaashoek, M.F., Dabek, F., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup protocol for internet applications. IEEE/ACM Trans. Netw. 11(1), 17–32 (2003). doi: 10.1109/TNET.2002.808407 CrossRefGoogle Scholar
  43. 43.
    Varadhan, K., Govindan, R., Estrin, D.: Persistent route oscillations in inter-domain routing. Comput. Netw. 32(1), 1–16 (2000). doi: 10.1016/S1389-1286(99)00108-5 CrossRefGoogle Scholar
  44. 44.
    Younes, H.: Verification and planning for stochastic processes with asynchronous events. Ph.D. thesis, Carnegie Mellon University (2004)Google Scholar
  45. 45.
    Zave, P.: Experiences with protocol description. In: Rigorous Protocol Engineering (WRiPE’ 11) (2011)Google Scholar
  46. 46.
    Zave, P.: Using lightweight modeling to understand Chord. SIGCOMM Comput. Commun. Rev. 42(2), 49–57 (2012). doi: 10.1145/2185376.2185383 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Singapore 2017

Authors and Affiliations

  1. 1.NICTA and UNSWSydneyAustralia

Personalised recommendations