Recently, a security model tailored to the specific requirements of MANETs was introduced by Acs, Buttyán, and Vajda. Among the novel characteristics of this security model is that it promises security guarantees under concurrent executions, a feature of crucial practical implication for this type of distributed computation. A novel route discovery algorithm called endairA was also proposed, together with a claimed security proof within the same model. In this paper we show that the security proof for the route discovery algorithm endairA is flawed, and that moreover this algorithm is vulnerable to a {\em hidden channel} attack. We also analyze the security framework that was used for route discovery, and argue that composability is an essential feature for ubiquitous applications. We conclude by discussing some of the major security challenges for route discovery in MANETs.
Category / Keywords: Secure routing, MANET security, concurrent security, subliminal channels, universal composability, provably secure protocols. Publication Info: Submitted to Transactions of Mobile Computing a few weeks ago. Date: received 16 Aug 2007, last revised 24 May 2008 Contact author: burmesetr at cs fsu edu Available format(s): PDF | BibTeX Citation Note: Better motivation and some corrections. Version: 20080524:214409 (All versions of this report) Short URL: ia.cr/2007/324 Discussion forum: Show discussion | Start new discussion