Paper 2007/324

Towards provable security for route discovery protocols in mobile ad hoc networks

Mike Burmester and Breno de Medeiros


Mobile ad hoc networks (MANETs) are collections of wireless mobile devices with restricted broadcast range and resources, and no fixed infrastructure. Communication is achieved by relaying data along appropriate routes, that are dynamically discovered and maintained through collaboration between the nodes. Discovery of such routes is a major task, both from an efficiency and from a security point of view. Recently, a security model tailored to the specific requirements of MANETs was introduced by Acs, Buttyán, and Vajda. Among the novel characteristics of this security model is that it promises security guarantees under concurrent executions, a feature of crucial practical implication for this type of distributed computation. A novel route discovery algorithm called endairA was also proposed, together with a claimed security proof within the same model. In this paper we show that the security proof for the route discovery algorithm endairA is flawed, and that moreover this algorithm is vulnerable to a {\em hidden channel} attack. We also analyze the security framework that was used for route discovery, and argue that composability is an essential feature for ubiquitous applications. We conclude by discussing some of the major security challenges for route discovery in MANETs.

Note: Better motivation and some corrections.

Available format(s)
Publication info
Published elsewhere. Submitted to Transactions of Mobile Computing a few weeks ago.
Secure routingMANET securityconcurrent securitysubliminal channelsuniversal composabilityprovably secure protocols.
Contact author(s)
burmesetr @ cs fsu edu
2008-05-24: last of 2 revisions
2007-08-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mike Burmester and Breno de Medeiros},
      title = {Towards provable security for route discovery protocols in mobile ad hoc networks},
      howpublished = {Cryptology ePrint Archive, Paper 2007/324},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.