Sending Authenticated Packets

Each key of the key chain is used in one time interval. However many messages are sent in each interval, the key which corresponds to that interval is used to compute the MAC of all those messages. This allows the sender to send packets at any rate and to adapt the sending rate dynamically. The key remains secret for d-1 future intervals. Packets sent in interval $I$_j can hence disclose key $K$_j-d. As soon as the receivers receive that key, they can verify the authenticity of the packets sent in interval $I$_j-d.

The construction of packet $P$_j sent in interval $I$_i is: $\{M$_j |\ MAC(K'_i,M_j) | K_i-d}.

Mj$M$_j MACKiMj$MAC(K\text{'}$_i,M_j) Kimd$K$_i-d

Figure 1 shows the key chain construction and the MAC key derivation. If the disclosure delay is 2 intervals, the packet $P$_j+4 sent in interval $I$_i+2 discloses key $K$_i. From this key, the receiver can also recover $K$_i-1 and verify the MAC of $P$_j, in case $P$_j+3 is lost.

Pj$P$_j Pjp1$P$_j+1 Pjp2$P$_j+2 Pjp3$P$_j+3 Pjp4$P$_j+4 Pjp5$P$_j+5 Pjp6$P$_j+6

Kim1$K$_i-1 Ki$K$_i Kip1$K$_i+1 Kip2$K$_i+2 Kpim1$K\text{'}$_i-1 Kpi$K\text{'}$_i Kpip1$K\text{'}$_i+1 Kpip2$K\text{'}$_i+2

FKi$F(K$_i) FKip1$F(K$_i+1) FKip2$F(K$_i+2) FKip3$F(K$_i+3) FpKim1$F\text{'}(K$_i-1) FpKi$F\text{'}(K$_i) FpKip1$F\text{'}(K$_i+1) FpKip2$F\text{'}(K$_i+2) FpKip3$F\text{'}(K$_i+3)

Iim1$I$_i-1 Ii$I$_i Iip1$I$_i+1 Iip2$I$_i+2

 


Figure 1: TESLA key chain and the derived MAC keys