Formal Analysis of TESLA Protocol in the Timed OTS/CafeOBJ Method

  • Iakovos Ouranos
  • Kazuhiro Ogata
  • Petros Stefaneas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7610)


The Timed Observational Transition System (TOTS)/CafeOBJ method is a version of the OTS/CafeOBJ method for modeling, specification and verification of distributed systems and protocols with real time constraints. In this paper we report on a case study from the field of source authentication protocols, TESLA protocol, to show the application of the method to such complex systems. We prove that our model of the protocol satisfies that the receiver does not accept as authentic any message unless it was actually sent by the sender. To verify the property we have used several other invariants which include timing information. To our knowledge, this is the first time that the method has been applied to the formal analysis of such a complex protocol.


Algebraic Specification Source Authentication TESLA CafeOBJ Timed Observational Transition Systems Formal Verification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ogata, K., Futatsugi, K.: Modeling and Verification of real-time systems based on equations. In: Science of Computer Programming. Elsevier (2007)Google Scholar
  2. 2.
    Ogata, K., Futatsugi, K.: Some Tips on Writing Proof Scores in the OTS/CafeOBJ Method. In: Futatsugi, K., Jouannaud, J.-P., Meseguer, J. (eds.) Goguen Festschrift. LNCS, vol. 4060, pp. 596–615. Springer, Heidelberg (2006)Google Scholar
  3. 3.
    Ogata, K., Futatsugi, K.: Flaw and modification of the iKP electronic payment protocols. IPL 86(2), 57–62 (2003)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Ogata, K., Futatsugi, K.: Equational approach to formal analysis of TLS. In: Proc. 25th ICDCS, pp. 795–804 (2005)Google Scholar
  5. 5.
    Ogata, K., Futatsugi, K.: Proof score approach to analysis of electronic commerce protocols. IJSEKE 20(2), 253–287 (2010)Google Scholar
  6. 6.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient Authentication and Signing of Multicast Streams over Lossy Channels. In: Proc. IEEE Symposium on Security and Privacy, pp. 56–73 (2000)Google Scholar
  7. 7.
    Perrig, A., Tygar, J.D.: Secure Broadcast Authentication. In: Wired and Wireless Networks. Springer (2002)Google Scholar
  8. 8.
    Perrig, A., Canetti, R., Tygar, J.D., Briscoe, B., Song, D.: TESLA: Multicast Source Authentication Transform. IETF RFC 4082 (2005)Google Scholar
  9. 9.
    Diaconescu, R., Futatsugi, K.: CafeOBJ Report. World Scientific, Singapore (1998)Google Scholar
  10. 10.
    Abadi, M., Lamport, L.: An old fashioned recipe for real time. ACM Transactions on Programming Languages and Systems 16(5), 1543–1571 (1994)CrossRefGoogle Scholar
  11. 11.
    Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE Trans. on Inf. Theory 29, 198–208 (1983)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Seino, T., Ogata, K., Futatsugi, K.: A toolkit for generating and displaying proof scores in the OTS/CafeOBJ method. In: Proc. of the 6th RULE. ENTCS. Elsevier (2005)Google Scholar
  13. 13.
    Nakano, M., Ogata, K., Nakamura, M., Futatsugi, K.: Crème: An automatic invariant prover of behavioural specifications. IJSEKE 17(6), 783–804 (2007)Google Scholar
  14. 14.
    Ogata, K., Nakano, M., Kong, W., Futatsugi, K.: Induction-Guided Falsification. In: Liu, Z., Kleinberg, R.D. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 114–131. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Archer, M.: Proving correctness of the basic TESLA multicast stream authentication protocol with TAME. In: Proc. of WITS 2002, Portland (2002)Google Scholar
  16. 16.
    Broadfoot, P., Lowe, G.: Analysing a Stream Authentication Protocol Using Model Checking. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 146–161. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Lomuscio, A., Raimondi, F., Wozna, B.: Verification of the TESLA protocol in MCMAS-X. Fundamenta Informaticae 79(1-2), 473–486 (2007)MathSciNetzbMATHGoogle Scholar
  18. 18.
    Archer, M.: TAME: Using PVS strategies for special-purpose theorem proving. Annals of Mathematics and Artificial Intelligence 29(1-4) (2000)Google Scholar
  19. 19.
    Shankar, N., Owre, S., Rushby, J.M., Stringer-Calvert, D.W.J.: The PVS prover guide. Technical Report, Computer Science Lab., SRI Intl. Menlo Park, CA (1998)Google Scholar
  20. 20.
    Lynch, N., Vaandrager, F.: Forward and backward simulations – Part II: Timing based systems. Information and Computation 128(1), 1–25 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice Hall (1985)Google Scholar
  22. 22.
    Formal Systems Europe Ltd. Failures – Divergence Refinement – FDR2 User Manual (2000)Google Scholar
  23. 23.
    Lomuscio, A., Wozna, B.: A complete and decidable security-specialised logic and its application to the tesla protocol. In: Stone, P., Weiss, G. (eds.) Proc. of the Fifth International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS 2006), pp. 145–152 (2006)Google Scholar
  24. 24.
    Clavel, M., et al.: Maude: Specification and Programming in Rewriting Logic. TCS 285(2), 187–243 (2002)MathSciNetzbMATHCrossRefGoogle Scholar
  25. 25.
    Ölveczky, P.C., Meseguer, J.: Real-Time Maude: A tool for simulating and analyzing real time and hybrid systems. In: 4th WRLA. ENTCS, vol. 36 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Iakovos Ouranos
    • 1
    • 2
  • Kazuhiro Ogata
    • 3
  • Petros Stefaneas
    • 4
  1. 1.Hellenic Civil Aviation Authority, Heraklion AirportGreece
  2. 2.Computer Science DepartmentTechnological Educational Institute of CreteGreece
  3. 3.School of Info. Sci.Japan Adv. Inst. of Sci. and Tech. (JAIST)Japan
  4. 4.School of Appl. Math. and Phys. Sci.National Tech. Univ. of Athens (NTUA)Greece

Personalised recommendations