%0 Journal Article %1 Burmester08 %A Burmester, Mike %A de Medeiros, Breno %D 2008 %J IEEE Transactions on Mobile Computing %K imported %T On the Security of Route Discovery in MANETs %X Mobile ad hoc networks (MANETs) are collections of wireless mobile devices with restricted broadcast range and resources, and no fixed infrastructure. Communication is achieved by relaying data along appropriate routes, that are dynamically discovered and maintained through collaboration between the nodes. Discovery of such routes is a major task, both from an efficiency and from a security point of view. Recently, a security model tailored to the specific requirements of MANETs was introduced by Acs, Buttyán, and Vajda. Among the novel characteristics of this security model is that it promises security guarantees under concurrent executions, a feature of crucial practical implication for this type of distributed computation. A novel route discovery algorithm called endairA was also proposed, together with a claimed security proof within the same model. In this paper we show that the security proof for the route discovery algorithm endairA is flawed, and that moreover this algorithm is vulnerable to a hidden channel attack. We also analyze the security framework that was used for route discovery, and argue that composability is an essential feature for ubiquitous applications. We conclude by discussing some of the major security challenges for route discovery in MANETs.

@article{Burmester08, abstract = {Mobile ad hoc networks (MANETs) are collections of wireless mobile devices with restricted broadcast range and resources, and no fixed infrastructure. Communication is achieved by relaying data along appropriate routes, that are dynamically discovered and maintained through collaboration between the nodes. Discovery of such routes is a major task, both from an efficiency and from a security point of view. Recently, a security model tailored to the specific requirements of MANETs was introduced by Acs, Buttyán, and Vajda. Among the novel characteristics of this security model is that it promises security guarantees under concurrent executions, a feature of crucial practical implication for this type of distributed computation. A novel route discovery algorithm called endairA was also proposed, together with a claimed security proof within the same model. In this paper we show that the security proof for the route discovery algorithm endairA is flawed, and that moreover this algorithm is vulnerable to a hidden channel attack. We also analyze the security framework that was used for route discovery, and argue that composability is an essential feature for ubiquitous applications. We conclude by discussing some of the major security challenges for route discovery in MANETs.}, added-at = {2011-07-15T15:18:02.000+0200}, author = {Burmester, Mike and de Medeiros, Breno}, biburl = {https://www.bibsonomy.org/bibtex/23091f347ba2cdad492cc43237478c5a6/msteele}, file = {:I\:\\My Documents\\Thesis\\Research\\Burmester08.pdf:PDF}, interhash = {40719d6e7260ea11017ce2d17e8678f3}, intrahash = {3091f347ba2cdad492cc43237478c5a6}, journal = {IEEE Transactions on Mobile Computing}, keywords = {imported}, owner = {Matt}, review = {Priority: High Burmester discusses security flaws in the endairA routing protocol and discounts a proof provided for endairA's security properties. The paper also dicusses the "hidden channel" attack which may be a synonym for the "invisible node" attack.}, timestamp = {2011-07-15T15:18:04.000+0200}, title = {{On the Security of Route Discovery in MANETs}}, year = 2008 }