Modeling and Verifying the Ariadne Protocol Using CSP Xi Wu 1 , Si Liu 1 , Huibiao Zhu 1 , Yongxin Zhao 1 and Lei Chen 2 1 Shanghai Key Laboratory of Trustworthy Computing, East China Normal University 2 Department of Computer Science and Technology, East China Normal University Email: {xiwu, siliu, hbzhu, yxzhao}@sei.ecnu.edu.cn, lchen@cs.ecnu.edu.cn Abstract—Mobile Ad Hoc Networks (MANETs) are formed dynamically by mobile nodes without the support of prior stationary infrastructures. In such networks, routing protocols, particularly secure ones are always an essential part. Ariadne, an efficient and well-known on-demand secure protocol of MANETs, mainly concerns about how to prevent a malicious node from compromising the route. In this paper, we apply the method of process algebra Communicating Sequential Processes (CSP) to model and reason about the Ariadne protocol, focusing on the process of its route discovery. In our framework, we consider the communication entities as processes, including the initiator, the intermediate nodes and the target. Moreover, we use PAT, a model checker for CSP, to verify whether the model caters for the specification and the non-trivial secure properties, e.g. existence of fake path. Our verification result naturally demonstrates that the fake routing attacks may be present in the Ariadne protocol. Keywords-Formal Verification; CSP; Mobile Ad hoc Net- works; Ariadne; I. I NTRODUCTION Wireless communication technology has become one of the most promising technologies. Mobile Ad Hoc Net- works (MANETs) consist of groups of wireless mobile devices (laptops, PDAs, sensors, etc.), being completely self- configuring and self-organizing, and are independent of any existing fixed infrastructure. Moreover, nodes can move arbi- trarily within, join in, or leave for the network dynamically, which makes the whole network quickly and easily set up as needed. Due to these novel features, MANETs have been widely applied in many fields including military, ambient intelligence and emergency contingencies. In such networks, routing protocols ([5], [6], [16], [19]), particularly secure ones are always an essential part since it is a major concern about how to prevent a malicious node from compromising the route. Malicious nodes may cause some typical security issues such as the attacks of denial-of-service and tunneling which redirect the traffic of the networks, the attacks of spoofing that the intruder node may masquerade as the other nodes, and the attack called fabrication of false routing messages. Ariadne [6], as an extension to the dynamic source routing (DSR) protocol [7], proposed by Hu et al., is a new secure on-demand ad hoc network routing protocol for preventing attackers and security vulnerabilities. Many research efforts have been addressed to analyze and improve the Ariadne protocol. Hu et al. evaluated its performance based on simulation [6]. Sivakumar et al. proposed some modifications to improve its resiliency [17]. All these works, however, do not investigate the protocol using formal methods and may not take into account the security and correctness. In addition, Lin et al. have already found some drawbacks of this protocol [8] and Butty´ an et al. applied a mathematical framework in analyzing the protocol and finding out attacks on it ([1], [3]). They have done well in analyzing the protocol, if only they had given some verifications. In formal literature, as far as we know, only Pura et al. have already modeled the Ariadne protocol using HLPSL and applied AVISPA to validate its security properties [14]. They focus more on the use of the tools than the analysis of the protocol itself. Thus, the research for the Ariadne protocol is still challenging. In this paper, we use formal methods to model the protocol and use the tool to verify whether the model caters for the specification and the non-trivial secure properties. Lowe et al. first apply the method of process algebra Communicating Sequential Processes (CSP) to model and analyze a security protocol, the TMN protocol [10]. CSP is a well-known process algebra in modeling and verifying the reliability and the sercurity in concurrent systems and widely used in ([9], [10], [11], [15]). Moreover, a lot of automated model checkers for analyzing and understanding systems described by CSP have been produced, such as Process Analysis Toolkit (PAT) [18]. Inspired by Lowe’s work, we use CSP to model the Ariadne secure routing protocol. This protocol has two phases: the route discovery and the route maintain. Due to the facts that the route maintain is based on the route discovery and the intrusion tends to occur in the discovery phase, in this paper, we focus on the Ariadne route discovery. We abstract the protocol, that the initiator, the intermediate nodes and the target are described as processes and all of these communication entities share the global clock. It achieves the effect of asymmetric key encryption through clock synchronization and time delay. Besides, we also propose an intruder model in which the intruder can eavesdrop, fake, intercept and deduce the message. Furthermore, by exploring PAT [18], we verify the security properties of the Ariadne protocol 2012 19th IEEE International Conference and Workshops on Engineering of Computer-Based Systems 978-0-7695-4664-3/12 $26.00 © 2012 IEEE DOI 10.1109/ECBS.2012.31 24 2012 IEEE 19th International Conference and Workshops on Engineering of Computer-Based Systems 978-0-7695-4664-3/12 $26.00 © 2012 IEEE DOI 10.1109/ECBS.2012.31 24 2012 IEEE 19th International Conference and Workshops on Engineering of Computer-Based Systems 978-0-7695-4664-3/12 $26.00 © 2012 IEEE DOI 10.1109/ECBS.2012.31 24