TESLA Security Considerations

The security of TESLA relies on the following assumptions:

• The receiver's clock is time synchronized up to a maximum error of $\Delta$. (We suggest that because of clock drift, the receiver periodically re-synchronizes its clock with the sender.)
• The functions $F,\; F\text{'}$ are secure PRFs, and the function $F$ furthermore provides weak collision resistance.

As long as these assumptions are satisfied, it is computationally intractable for an attacker to forge a TESLA packet that the receivers will authenticate successfully.