A Secure Data Dissemination in a DHT-Based Routing ...
Transcript of A Secure Data Dissemination in a DHT-Based Routing ...
Research ArticleA Secure Data Dissemination in a DHT-Based RoutingParadigm for Wireless Ad Hoc Network
Rukhsana Kousar,1Majed Alhaisoni,2 Shahbaz Abid Akhtar ,1Nadir Shah,1Aamir Qamar,1
and Ahmad Karim3
1Computer Science Department, COMSATS University Islamabad, 44000, Pakistan2Computer Science Department, University of Ha’il, Saudi Arabia3Institute of Computing Department, Bahauddin Zakariya University, Multan, 66000, Pakistan
Correspondence should be addressed to Shahbaz Abid Akhtar; [email protected]
Received 22 October 2019; Revised 14 May 2020; Accepted 25 May 2020; Published 24 August 2020
Academic Editor: Pierre-Martin Tardif
Copyright © 2020 Rukhsana Kousar et al. This is an open access article distributed under the Creative Commons AttributionLicense, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work isproperly cited.
Over the past decade, distributed hash table- (DHT-) based routing protocols have been adopted in wireless ad hoc networks(WANETs) to achieve scalability in the route discovery phase by avoiding the flooding mechanism. The security aspects of therouting protocols based on the DHT mechanism are crucial to address and have not been discussed in the existing literature.Therefore, addressing the security issues in DHT-based routing protocols would prevent the service disruption, decrease thetraffic overhead, and reduce the packet loss in the network. In this paper, several security issues are identified and elaboratedthrough an example scenario. Moreover, a novel DHT-based routing protocol is proposed that uses a digital signature and theuser’s trust in order to swap securely the logical identifiers (LIDs). Trust between nodes is established by the user’s acquaintanceand the first visual contact. The proposed protocol vindicates its effectiveness via simulation results in terms of computationtime, normalized overhead, percent improvement, and packet delivery ratio.
1. Introduction
Over the last two decades, wireless ad hoc networks(WANETs) and their subdomains such as wireless industrialnetworks, wireless sensor networks (WSNs), and vehicularad hoc networks (VANETs) have been successfully imple-mented in different areas of life (e.g., military communica-tions, emergency situations [1], airports, railway, subways,conferences, campuses [2], and intelligent transportationsystems [3]).
Data routing and traffic control are the core of WANETs.Recent studies proved that the DHT-based routing protocols(e.g., 3D-RP [4–5], M-DART [6], VCP [7], Motion-MX [8],3DcRP [9], and LA-3D-IS [10]) are better in performancecompared to the traditional routing protocols, which useflooding in the route discovery phase (e.g., AODV [11],OLSR [12], and DYMO [13]). The DHT-based routingmechanism [14] avoids/reduces the network-wide flooding
in the route discovery phase, thus increasing the scalabilityin WANETs.
A universal identifier (UID) (i.e., MAC address or IPaddress) and logical identifier (LID) are used to identify anode in DHT-based routing protocols. Each node sustainsits disjointed LID space portion (LSP) of the whole logicalspace (LS). Each node calculates its LID from predefined LSon the basis of its physical neighboring nodes. Furthermore,a logical identifier structure (LIS) for each node (e.g., ring,chord, or multidimensional structure) retains the path of its1-hop/2-hop logical neighboring nodes (Lnbr). Therefore, alogical network is built on the top of a physical network. Eachnode uses its LID to forward the data packets/control packetsin the network. Figure 1 shows the basic working of DHT-based addressing, lookup, and routing mechanisms. A net-work is established according to 3D routing [4, 5, 15], andthe LIDs of nodes are in an ordered three-tuple {x|y|z}-dim,where x, y, and z are values within the range of 0 to ±1024.
HindawiWireless Communications and Mobile ComputingVolume 2020, Article ID 2740654, 32 pageshttps://doi.org/10.1155/2020/2740654
Each node in a DHT-based routing protocol stores itsLID and other mapping information like UID (IP/MACaddresses) at its anchor node (AN). For this purpose, ahashed function is applied on UID of each node for gen-erating a hashed value hðvÞ to find its AN that is drawnfrom the LS according to the protocol specification. Nodey finds its AN that is node x having LID closest to the hðvÞ value. To send the data packet to a destination nodeq, a source node s first retrieves the LID of the destinationnode q from its AN, say p, whose LID is obtained byapplying the same hash function at the UID of node q.The node s then forwards a lookup message towards nodep that is obtained from the hash value to get the destina-tion node q’s LID. Upon receiving q’s LID, the sourcenode s sends the data message to destination node q basedon the LID of node q. To forward the data message, eachnode compares the node q’s LID with its own and theLIDs of its 1-hop/2-hop Lnbr. If the LID of destinationnode q is nearest to its own LID, the node itself is the des-tination node; otherwise, the node forwards the message toa logical neighbor that has the LID nearest to that of thenode q. The important terms related to DHT-based securerouting in WANETs is shown in Table 1.
For instance, node l stores the mapping information ofnode f as shown in Figure 1. To communicate with desti-nation node f in the network, node m simply applies thehash function over the UID of node f and gets a hashedvalue that refers to node l’s LID, that is, AN of node f asshown in Figure 1. Node m then sends a LID lookuprequest message (MREQ) containing m (LID, UID) and f(UID, hashed value) towards node l to get node f ’s LID.
The path followed by MREQ in the network is shown inFigure 1. Now, node l sends a mapping reply message(MREP) to node m for direct communication. After gettingthe LID of node f , the source node m directly communi-cates with destination node f by following the aforemen-tioned method.
In this paper, DHT-based routing protocols are consid-ered that are adopted in the MANETs to achieve scalabilityby avoiding flooding in the route discovery phase. Address-ing the security of a routing protocol is crucial to enhancethe reliability of the network [16–18]. In the past, researchershave proposed various secure versions of the traditional rout-ing protocols, e.g., S-AODV [19], SOLSR [20], and S-DYMO[21]; a survey of these approaches can be found in [22–24].Node addressing, lookup, and routing mechanisms in theDHT-based routing protocols are different from the tradi-tional routings, which raise new security issues that maydegrade the performance and reliability of the network. Inthis paper, we highlight various security issues associatedwith the DHT-based routing protocols, and addressing thosewould prevent service disruption, decrease the traffic over-head, and reduce the packet loss in the network.
In addition, a secure DHT-based routing protocol forWANETs is proposed that uses the digital signature anduser’s trust for the node authentication and sophisticatedencryption/decryption algorithm to securely transfer thedata/control packets among the nodes. To the best of ourknowledge, none of the existing literature has debated thesecurity aspects in the context of the DHT-based routingsat the network layer, and none has proposed the secure ver-sion of any of these protocols.
l
s
f
q
h
i
j
p
g
r
m
t
{704|448|1}-1
{-256|-448||1}-2
{1|256|1}-3
{100|-331|100}-1
{1|1|1}-0
{100|-100|100}-1
{-150|50|60}-2
{100|100|100}-1
{256|1|1}-1
{448|1|1}-1
{-256|1|1}-2 {256|448|1}-1
Address format{tuple1|tuple2|tuple3}-dimension parameter
dhi
dsi
dfh
dij
dql
diq
dit
djt
dhj
dip
dqp
dtp
drp dmr
dgp
Source nodeAnchor node (AN)Destination nodeAlphabets are IP addressesf
m
l
Node f sends SII containing its mapping information to its PAN node lNode m sends MREQ packet for node f’s mapping information from its PAN node lNode l sends MREP packet containing node f’s mapping information towards node mNode m sends the data packet to destination node f by using its LID
dmg
Figure 1: Illustration the following process: (i) AN computation; (ii) greedy LID-based routing.
2 Wireless Communications and Mobile Computing
Our main contribution in this paper is
(1) addressing the security issues related to DHT-basedrouting protocols
(2) identifying possible security vulnerabilities from theattacker’s end
(a) destination LID tempering attack
(b) false neighborhood attack
(i) LID computation at the joining node
(ii) LID assignment by the neighboring node
(c) authentication of the node’s LID
(3) devising a novel DHT-based routing protocol to mit-igate the threats
(a) this protocol uses the digital signature and user’strust in order to swap securely the LIDs
(b) trust between nodes is established by a user’sacquaintance and the first visual contact
In DHT-based routing protocols, the LID computation ofa newly joining node is based on the neighboring nodes, andthe same is used for the routing of data from the source to thedestination node. In case if the neighboring node(s) is notlegitimate, the joining node would result in the computationof the falsified LID regarding its physical proximity. More-over, the same LID is used later in lookup and routing pro-cesses that leads to longer routes, increased delay, andpacket loss or may completely halt the communication ofthe DHT-based routing protocol. Initially, we have specifi-cally focused on addressing the security threats discussed inSection 2. The proposed security mechanism has not onlysuccessfully addressed the security threats elaborated in Sec-tion 2 but also proven to be effective and efficient throughsimulation.
The rest of the paper is organized as follows: Section 2identifies and discusses several security vulnerabilities in theDHT-based routing protocols, Section 3 provides a briefdescription of the existing protocols, Section 4 represents aproposed novel secure DHT-based routing protocol, Section5 presents an evaluation of proposed protocol by formalmethods, and Section 6 discusses simulation results. Thepaper conclusion and future work have been discussed inSection 7.
2. Security Vulnerabilities in Context of DHT-Based Routing Protocols
The existing protocols that employ the DHT mechanism forrouting at the network layer are insecure and vulnerable toseveral potential security threats. In this section, we identifypossible security vulnerabilities, from the attacker’s end inthe routing protocols that are using the DHT mechanism,and describe the prerequisites to mitigate these threats. Thehandling of security vulnerabilities for DHT-based routingprotocols is crucial for their smooth functioning and mightdisrupt entirely the communication among nodes.
Two types of nodes can cause service disruption in thenetwork: (i) malicious node and (ii) compromised node. Anode is referred to as malicious if it cannot authenticate itselfand prove its legitimacy due to invalid cryptographic infor-mation, while a node is referred to as compromised if it is alegitimate node that can authenticate itself and is trusted bythe other nodes in the network but is behaving maliciously.We use the term attacker for both malicious and
Table 1: Important terms related to DHT-based secure routing inWANETs.
Symbol Description
ANAnchor node(AN) stores the mapping information
of other nodes with respect to its LSP
LID Logical identifier of a node
LS Logical identifier space of node
LSP LS portion of a node
UID Universal identifier of a node
Tix Tuple of node i in x-axis
Tiy Tuple of node i in y-axis
Tiz Tuple of node i in z-axis
LSPix+ LS portion of node i in positive x-axis
LSPix− LS portion of node i in negative x-axis
LSPiy+ LS portion of node i in positive y-axis
LSPiy− LS portion of node i in negative y-axis
LSPiz+ LS portion of node i in positive z-axis
LSPiz− LS portion of node i in negative z-axis
Tkx , Tky , Tkz Three tuples of node k in x-, y-, and z-axis
WmkJoining node m assigned weight to its neighbor
node k
WmjJoining node m assigned weight to its neighbor
node k
Lnbr 1-hop logical neighbors of a node
Sign User signature
PI Personal identity of node
PbK The public key of node
IP IP address of node
PrK The private key of node
IC Identity card of node
C Certificate of node
NbrListNeighbor list: a list containing LIDs of neighboringnode and neighbors of the neighboring nodes
SD Sum of difference
LSD Least sum of difference
Tdx , Tdy , Tdz Three tuples of hashed value or destination’s LID
Tnbrx , Tnbry ,Tnbrz
Three tuples of neighbor LID
h vð Þ Hash value
SII Source index information
3Wireless Communications and Mobile Computing
compromised nodes. The following are the attacks that canbe initiated by malicious or compromised nodes in DHT-based routing protocols.
2.1. Destination LID Tampering Attack. For a LID lookupmessage, an attacker can send a modified or generate aLID lookup reply with falsified information by followingtwo ways: (i) An attacker may modify the content of theLID lookup reply message and return to the source withfabricated information. (ii) After receiving a LID lookuprequest, the attacker as an intermediate node generatesthe LID lookup reply with falsified information, instead offorwarding the lookup request to the actual AN. More spe-cifically, these scenarios are explained through an exampleas follows:
The node f stores its mapping information at node l asshown in Figure 2. To communicate with node f , node msends a LID lookup request message (MREQ) containing m(LID, UID) and f (UID, hashed value) towards node l toget node f ’s LID. The path followed byMREQ in the networkis shown in Figure 2. For instance, if an intermediate node pis malicious or compromised, it can easily disrupt the com-munication by generating a mapping reply message (MREP)for node m and adds its LID (p’s LID) along with the UID ofnode f in MREP. Node p then sends the MREP towards nodem. Similarly, suppose the MREQ arrives at the AN l. Node lgenerates MREP by adding node f ’s LID and sends MREPtowards node m. After receiving MREP, an attacker p canmodify the MREP by replacing f ’s LID with its own LID(p’s LID) and forwards the modified MREP towards nodem. In either case, upon receiving the MREP, node mwould take the LID of node p in MREP as the LID ofthe destination node f , and thus, the data will be sent tonode p rather than to node f as shown in Figure 2. In thisway, by tampering with the destination node f ’s LID withits own LID, node p would receive all the data packets thatare destined for node f . This attack is crucial to addressbecause AN is used in all DHT-based routing protocolsto achieve communication among nodes.
By tampering with the LIDs in the MREP, it could resultin loss/stealing of information that is critical for the commu-nication in the network.
2.2. False Neighborhood Attack. In the routing protocol usingthe DHT mechanism, LID is allotted to the newly joinednode depending on its one-hop neighboring node’s LID [4,5, 7]. Thus, the newly joining node in the network obtainsthe LID from its one-hop neighboring nodes. The purposeof assigning the LID to a node is twofold: (i) to arrange nodesin the LIS over the physical topology (PT) with respect totheir LIDs; (ii) to route the data/control packets among thenodes of the network.
2.2.1. LID Computation at the Joining Node. In this case, thejoining node gets 1-hope/2-hop neighbor information, i.e.,their LIDs, and computes its LID, i.e., its relative position,by using its neighbors’ LIDs as proposed in [4, 5, 7]. It is cru-cial for the joining node to compute an accurate LID as itreflects the physical proximity of the joining node with
respect to its logical neighbors in the logical network. Thus,the accurate LID of physical neighboring nodes is crucialfor computing the accurate joining node’s LID, which willlater be used for lookup and routing of data/control packets.In case a neighboring node is not a legitimate neighbor andthe joining node obtains a fake/wrong LID of its neighboringnode through a hello message, then it would result in thecomputation of an incorrect LID of the joining node with ref-erence to its physical proximity. This may lead to the mis-match problem [4, 25] which exaggerates the end-to-enddelay and routing overhead that would eventually affect theperformance of the DHT-based routing protocol in termsof its reliability. This is a crucial security attack and must beaddressed for the smooth functioning of DHT-based routingprotocols.
2.2.2. LID Assignment by the Neighbor Node. In this case, anewly joining node acquires the LID from its one-hop neigh-boring nodes [25]. If the joining node gets nearer to a neigh-boring node that is a malicious or a compromised node, thenthe joining node obtains a fake/wrong LID that would notinterpret its intraneighbor relationships with its neighboringnodes in the LIS. The compromised neighboring node mayassign a falsified LID without considering its LSP, whichmay affect the forwarding of both the data and controlpackets. In any DHT-based routing protocol, it is a crucialsecurity attack and must be handled carefully.
2.3. Authentication of a Node’s LID. The existing DHT-basedrouting protocols cannot verify whether a particular LIDbelongs to the node or not. For example, in Figure 2, supposenode p stores its own LID f256j1j1g‐1 and UID at AN l pre-tending that LID f256j1j1g‐1 belongs to node f . Thus, theanchor node l is unable to verify through any mechanismwhether it is node f ’s LID or not. In this case, ifm is a sourcenode and needs to communicate with node f , then node mrequires the LID of destination node f from its AN l. Nodel would return the LID of node p to source node m, whichwould send the data packet to node p.
Although, the above security attacks have been discussedfor traditional/non-DHT-based routing protocols, andresearchers have given various possible solutions to the aboveissues. The routing protocols that are using the DHT mecha-nism cannot deploy those solutions directly at the logical net-work because their functionality of the DHT-based routingprotocol is different from the traditional routing protocol.Traditional routing protocols mainly rely on IP addressesfor routing of packets. The above security threats maycompletely halt the functionality of routing protocols thatare using DHTmechanism, and as a result, total communica-tion disruption may occur among nodes. The solution to theabove security threats is crucial for the smooth functioning ofDHT-based routings. To the best of our knowledge, none ofthe existing literature provides a secure version of the routingprotocol using the DHT mechanism that works at the net-work layer. This paper is the first to attempt the solution ofsuch security threats in the context of DHT-based routingprotocols.
4 Wireless Communications and Mobile Computing
3. Related Work
In the existing literature, several protocols have been pro-posed to address various security aspects, like digital signa-ture, confidentiality, encryption or decryption algorithm,and authentication. Each approach proposed for an aspecthas its own advantages and limitations. For example, sym-metric key encryption algorithms like DES, AES, 3DES, andpublic key encryption (i.e., RSA) are different encryptionalgorithms. The computation overhead for the symmetrickey encryption is less compared to the public key encryption.However, it is more challenging and vulnerable to securelyhandle the exchange of the symmetric keys before communi-cation in symmetric key encryptions.
In the literature, one can find many solutions that use theexisting security mechanisms in an efficient way in order toachieve a security service by avoiding/preventing attacks.For example, the RSA encryption algorithm is used forauthentication service in [17]. Public key algorithms are pre-ferred in WANETs due to their effectiveness in terms of keymanagement, confidentiality, and authentication, as shownin [17, 26–29]. For example, random predistribution of keys(RPK) [30] would not perform well in our target scenario dueto the following reasons:
(i) First, the random key predistribution schemes thatuse symmetric cryptography are found susceptible
to the replication attack. In a replication attack, theattacker can add more compromised nodes in thenetwork after acquiring some confidential informa-tion from the captured nodes. As a result, the attackergets the network’s control using compromised nodesand deploys those nodes in the network to furtherexploit the shared secrets. Therefore, the replicationattack adversely affects the reliability of the keypredistribution schemes that use symmetric cryptog-raphy [31]
(ii) Second, a node has to contact k number of existingnodes in order to have a secure channel in RPK. Thiswould incur traffic overhead. By using chain-basedauthentication for a public key, the scheme avoidstraffic overhead for key distribution using 1-hophello messages of DHT-based routing, as describedin Section 4
Public key infrastructure (PKI) is used for the distribu-tion and authentication of a public key for the public keyencryption algorithm [30]. However, there are variousapproaches to implementing PKI in WANETs by addressingdifferent concerns. A few examples are [17, 23, 24, 26–30].
Lacuesta et al. [17] achieve the authentication service byusing the RSA encryption algorithm. The scheme exchangesthe initial data and secret keys for data encryption, based onthe trust among the users. The trust among the users is
l
s
f
q
h
i
j
g
r
m
t
{704|448|1}−1
{−256|−448||1}−2
{1|256|1}−3
{100|−331|100}−1
{1|1|1}−0
{100|−100|100}−1
{−150|50|60}−2
{100|100|100}−1
{256|1|1}−1
{448|1|1}−1
{−256|1|1}−2 {256|448|1}−1
Address format{tuple1|tuple2|tuple3}-dimension parameter
dhi
dsi
dfh
dij
dql
diq
dit
djt
dhj
dip
dqp
dtp
drpdmr
dgp
dmg
p
Source node
Anchor node (AN)Malicious nodeDestination nodeAlphabets are IP addressesf
m
l
p
Node f sends SII containing its mapping information to its PAN node l
Node m sends MREQ packet for node f’s mapping information from its PAN node l
Node p receives MREQ and sends MREP packet containing its own LID towards node m
Node m sends the data packet to node p by using p’s LID rather than sending it to node f
Figure 2: Illustration of the security vulnerability in lookup and routing: (i) Malicious node p receives MREP/MREQ for node l andpretends as an anchor node for node f or as destination node f . (ii) Malicious node p receives all data packets from node m ratherthan the destination node. (iii) The LID of node r depends on the LID of node p; node p can also temper the LID of node r if itgets malicious.
5Wireless Communications and Mobile Computing
established based on the eye gaze contact. Moreover, theyhave used the node’s LID and IP to introduce name servicethat is distributed.
Zhan et al. [26] state that wireless channels cause prob-lems in key generation and key distribution, e.g., the sharedsecret key encoded bit sequence suffers from an extremelyhigh bit mismatch rate. The authors propose an efficientkey generation scheme by using the curve fitting techniqueto preprocess the channel measurements so that originalchannel measurements are better during reciprocity.
Filipek and Hudec [27] suggest a secure architecturethat is based on a trust model along with PKI, intrusionprevention system (IPS), and firewall for the distributedenvironment in mobile ad hoc networks (MANETs).Nodes’ trust level defines their privileges L0 to L3 thatcan be reduced or revoked upon malicious behavior. L0-level node has only the privilege to request the certificate.L1-level nodes are allowed for the end-to-end communica-tion in the network. L2-level nodes can participate in therouting, IPS, and distribution storage. L3-level node is astand-alone attribute authority (AA) that can certify toother nodes and create its own ecosystem. The certificateis signed by AAs, and every node can verify its validityby applying the AA public key. In the proposed architec-ture, a firewall serves as security overlay and PKI bringsconfidentiality and data communication policy enforce-ment, whereas IPS is essential for controlling nodes andmakes sure they follow security policies (PKI and firewallrules). However, the authors do not consider DHT-basedrouting.
Xia et al. [28] propose a lightweight trust-enhanced adhoc on-demand multipath distance vector protocol(TeAOMDV) that is an extension of ad hoc on-demandmultipath distance vector protocol (AOMDV). This trustframework provides a choice of an optimal two-waytrusted route that mitigates the impairment effect fromsuch entities. The monitoring entity collects the passiveand local information via a promiscuous mode that is usedto evaluate the behavior of interested entities to translatean estimate of the trust. Passive acknowledgment usesthe promiscuous mode to monitor the neighbor’s behavior.Local information means the node’s local memory storesthe satisfactory evaluation between two neighboring nodes.The proposed technique used a trusted approach into asource routing mechanism. The sending node evaluatesthe routing path before forwarding the data using featureslike node reputation or identity information. After satisfac-tory evaluation, the sender node forwards the packet andstores it in a packet buffer; the senders monitor the packetforwarding in the promiscuous mode. After detecting thesuccessful packet forwarding, the corresponding correctforwarding is increased by 1 and is removed from thepacket buffer. This technique reduces the route discoveryfrequency and routing overhead. However, it would notperform well in a DHT-based routing because the tradi-tional routing (e.g., AODV) is different than a DHT-based routing.
Sathiya and Gomathy [29] state that an intermediatenode as an attacker along the path from the source to the des-
tination can interrupt the data access in MANETs. They pro-pose a new solution by using the Beer-Quiche theoreticalrouting model [32] in which the source node tracks the avail-able path at each stage, the path enduring bandwidth and theattacker policy, that collects the information made availableby the previous stage. The source node selects an optimalpath for packet broadcasting based on this information.Moreover, they suggest a proper switching mechanism toselect multiple paths from the source to destination. Again,they do not consider the DHT-based routing scenario ofWANETs.
Fu et al. [31] encounter a replication attack (RA) asso-ciated with random predistribution key approaches (RPK).The paper contribution is fivefold. First, the replicationattack is modeled; second, the flexibility/operability of theRPK is measured; third, it analyzes, characterizes, and dis-cusses the relationship among the cloned node; fourth, itfurther evaluates and compares through experiments theefficiency of several approaches against RA; and fifth, itanticipates the consequences that an attacker can obtainby introducing multiple malicious/compromised nodes inthe network.
Rajkumar and Narsimha et al. [33] state that the publickey certificate is used in MANETs to establish trust betweentwo communicating nodes. So, to augment the network secu-rity and reduce attacks generated by the network nodes, itneeds to escort an effective mechanism for validation andcertificate revocation. The authors proposed a new mecha-nism that revokes and distributes certificates for a node basedon a threshold value which is computed on the trust level.The trust value is based on direct trust (T) and indirect trust(T ′) values. T value is computed by
Txy = Txy prð Þ ∗ ϑ + RSIxy ∗ 1 − ϑð Þ, ð1Þ
where the previous direct trust value of a node is mentionedby TxyðprÞ, node Ny in node Nx to the inclusion of a recentsatisfaction index (RSIxy) with direct neighbor nodes, and ϑ
shows a constant value. Each node periodically computesits RSI value by
RSIxy =%s x, yð Þ −%l x, yð Þ, ð2Þ
where %sðx, yÞ shows that node Nx initiated a percentage ofpackets that is forwarded by node Ny over the total numberof packets provided to Ny and %ðlÞðx, yÞ shows that the per-centage of expired packets over the total number of packetsgiven to Nx is a constant value that shows the confidencelevel of stored Nx for Ny. The indirect trust T ′ value is calcu-lated as an aggregated trust report received and processed byNx to Ny. It is computed by
Txy′ =∑RTnx ∗ ρn ∗ RTnx
∑ρn + RTnx, ð3Þ
6 Wireless Communications and Mobile Computing
where ρn is the degree centrality of the reporting node. Eachnode Nx calculates its centrality by using
Cx =1σ
〠y∈w ið Þ
Cy =1σ〠n
y=1Vx,yCy, ð4Þ
where wðiÞ is a set of ith linked nodes, σ shows constantvalue, n is the sum of nodes and Vx, and j is the adjacencymatrix of the network. After trust computation, there is acertificate authority (CA) that distributes the secret key toall nodes; thus, misbehaving nodes are eliminated. More-over, the proposed technique also provides confidentiality,integrity, and secure multipath routing for data transmis-sion in MANET. More specifically, a route request (RREQ)packet is signed with a digital signature for secure routediscovery. When the destination receives the RREQ packet,it verifies all the signatures. Then, the destination nodesends a route reply (RREP) through the same path. Finally,the path is accepted after verifying the signature by thesource node. For secure transmission, a source nodeencrypts the fragmented message using a soft encryption,and data packets move via multiple paths to the destina-tion. After receiving the encrypted message, the destinationnode decrypts the message to recover the original message.However, the proposed technique still faces the challengeson how to revoke and validate the certificate at a node.
Rajeswari et al. [34] proposed a secure routing approachthat integrates two algorithms called a trust-based nextforwarding node selection (TNFNS) algorithm and afuzzy-based stable and secure routing (FBSSR) algorithm.The proposed mechanism provides a solution to thedynamic nature of MANETs with distinct characteristicslike resource constraint, decentralized management, fre-quent mobility, dynamic topology, and control that leadsto additional overhead in the provision of safe and steadyrouting. In order to enhance security during the routingprocess, trust values are used to isolate the maliciousnodes. Only trusted nodes in the network with high resid-ual energy and link stability perform a stable and securerouting of the network. Another contribution is FBSSRthat enhances the AODV routing table with on-demandperformance route discovery and route maintenance. Theproposed algorithm can improve the overall performanceand network lifetime using a fuzzy-based rule system toperform inference for selecting more secure and stableroutes. It handles uncertainty in selecting the trustednodes using qualitative analysis on trust values and linkproperties. The TNFNS algorithm is developed using net-work monitoring values and routing table values thatincrease reliability and data security in the communicationprocess. Moreover, the proposed mechanism is capable ofincreasing the network performance compared to therelated security algorithms.
Brindha et al. [35] proposed the fuzzy enhanced securemulticast routing (FSMR) scheme to make the data moresecure in MANETs from active and passive attacks andensure packet authentication and integrity. The proposedscheme uses an intelligent intrusion detection model to
observe the network and system to seek out intrusionactivities. Anomaly-based IDS detects both network andcomputer intrusion and misuse by monitoring systemactivity and classifying it as either anomalous or normal.Certificateless routing with key generation, signcryption,and unsigncryption are used to authenticate the data andeliminate the intrusion in the network. In a key generation,initially, the main server generates all public parameters ofthe elliptic curve and publishes them. Each sensor nodechooses a private key and calculates the related public key.The sender node performs signcryption; in signcryption,confidentiality and integrity are achieved in a single step thatreduces the communication and computation cost andincreases the efficiency, whereas encryption and signatureneed two steps. In unsigncryption, the receiving nodedecrypts the received signcryption text, extracts the plaintext, and verifies the digital signature. The simulation resultshows a better performance than existing schemes.
Arulkumaran and Gnanamurthy [36] present a solutionfor one of the possible attacks in MANETs that is the blackhole attack. In the black hole attack, the malevolent nodepromotes itself such that it has the entire valid routes to itsdestinations. The proposed mechanism used fuzzy logic tech-nique to detect a black hole attack. Fuzzy logic is mathemat-ical logic in which the prediction values are assigned to animprecise range of data to handle the problems. Fuzzy logicgives the certificate to only trusted nodes that help to identifymisbehaving nodes. AODV uses a fuzzy-based trust modelfor packet route selection and avoids the black hole attack.Trust value is calculated using immediate neighbor trustvalues and recommendation trust values. The proposedmechanism gives less end-to-end delay, better throughput,and significant packet delivery ratio.
Liu et al. [37] proposed a security disjoint routing-basedverified message (SDRVM) scheme to improve the networkperformance in terms of data arrival ratio, transmissiondelay, and consideration of the capacity for determiningmalevolent nodes and energy efficiency. SDRVM overcomesthe energy efficiency issue of the sensor nodes that substan-tially affects the network security. The proposed schemeestablishes two disconnecting dominating sets (a data con-nected dominating set (CDS) and verified message CDS) thatare based on the remaining energy consumption amongnodes. SDRVM adopts a method for recording ID informa-tion in data packets with an adjustable specified probability(marking as higher or smaller) according to the remainingenergy of nodes and for logging ID information in nodes.The nodes include ID information into data packets with aspecified probability when nodes send data packets to othernodes. If the node energy is insufficient, the ID informationin data packets is locally stored/logged, and the markingprobability is reduced. If the node has sufficient energy, thesensor node’s recording probability is increased. The sensornode duty cycle will be increased to fully utilize the energywhen the intensity of energy harvesting is strong. Otherwise,to save the energy, the sensor node duty cycle is reduced.Node higher duty cycle in the data CDS reduces the trans-mission delay. Node lower duty cycle in the v-messageCDS saves energy.
7Wireless Communications and Mobile Computing
Poongodi et al. [38] proposed an effective lightweightsecurity mechanism named resistive to selective drop attack(RSDA). In a selective drop attack, the neighboring nodesare not reliable in message forwarding to the next node.The identification of such nodes is crucial, and segregatingthem from the network is a challenging task. The RSDAtechnique detects malevolent nodes in the network under aparticular drop attack that overloads a host and stops it fromworking. The throughput of a host may potentially drop tothe minimum level. The elliptic curve digital signature algo-rithm is used to authenticate the nodes to accomplish reliablerouting. The existing protocols of WANETs (e.g., AODV andDSR) can be integrated with the proposed RSDA protocol toachieve reliability in routing.
Mukhedkar and Kolekar [39] addressed the securityissue in MANETs and proposed a secure routing protocolencrypted trust-based dolphin glowworm optimization (E-TDGO). This protocol provides security to three phases(i.e., route discovery, optimal path selection, and communi-cation through the selected route) using a trust-based optimi-zation model and advanced encryption standard-128(AES-128). The trust level and the distance between nodesare utilized to discover k number of paths in the first phaseto identify a normal user and an attacker. An optimal securepath is then selected from the discovered k paths using DGOnovel algorithm. Communication begins in the networkthrough an optimal path from the source to destination,and security is ensured by E-TDGO protocol.
Table 2: Summary of existing approaches.
Paper ApproachEncryptionalgorithm
Keydistribution
Central trustauthority
Authentication Confidentiality Integrity Hash function
[17]Secure self-configuredspontaneous network
protocolAES RSA
DistributedCA
✓ ✓ ✓ SHA-1
[26]IKM, an ID-based keymanagement scheme
RSAThreshold
cryptographyCertificateless ✓ ✓ ✓ SHA-1
[27]Secured routing
protocol along withPKI, firewall, and IPS
AES RSA
Centralizedcertificationauthoritywithin anecosystem
× ✓ ✓ SHA-512
[28]
Trust-enhanced ad hocon-demand multipath
distance vectorprotocol (TeAOMDV)
× ×
Distributedtrust-basedmechanismnot CA
✓ × ✓MAC (messageauthentication
code)
[33]
Trust-based certificaterevocation for securerouting (TCRSR)
protocol
Thresholdcryptography
Thresholdcryptography
Chaincertificate
× ✓ ✓ ×
[35]Fuzzy enhanced secure
multicast routing(FSMR)
- - Certificateless ✓ ✓ ✓ ✓
[36]AODV with a fuzzy-based trust model
RSA RSACentralizedcertificateauthority
✓ ✓ ✓ MD4
[38]Resistive to selectivedrop attack (RSDA)
ECC - - ✓ ✓ ✓ ✓
[39]
Encrypted trust-baseddolphin glowwormoptimization (E-
TDGO)
AES-128 -Mutual trustrelationship
× ✓ × ×
[31]Random
predistribution keyapproaches (RDK)
×Randomprekey
distribution- - × - -
Analytical modeling
[29]
Stochastic Beer–Quiche multipath
routing (SBQMR), atheoretical model
- - - ✓ - - -
Stochastic multipath routing mechanism is adopted based on Beer–Quiche theoretical model
[34]Fuzzy-based stable andsecure routing (FBSSR)
- - - - - - -
Trust-based next forwarding node selection algorithm (TNFNS)+analytical analysis
8 Wireless Communications and Mobile Computing
The major challenge for PKI is to have a distributedapproach for authentication of the public key in WANETs.Table 2 shows the comparative analysis of the existing secu-rity approaches. After studying thoroughly all the existingapproaches for PKI in WANETs [17, 23, 24, 26–30, 31, 33–36], we have proposed a chain-based authentication for ourtargeted scenario. Because both DHT-based routing andWANET are distributed in nature, we have proposed a dis-tributed PKI, as described in Section 4. The existingapproaches that employ DHT mechanism for routing aremostly devised to handle the mismatch problem. Amismatchproblem occurs if neighbors of a node in the logical networkare different from the physical neighbors of the node. Mis-match problem increases the routing overhead and end-to-end delays when routing packets in WANETs [25]. Now wedescribe how the existing DHT-based routings address themismatch problem.
Virtual cord protocol (VCP) [7] connects the nodes in alogical chord based on nodes and LIDs. VCP assumes theLID range that is 0 to 1. In the VCP node, LID value 0 doesnot have any predecessor node; also, a node with LID 1 doesnot have any successor node. VCP assigns the LID to the newjoining node using its physical neighbors. Consequently, itavoids the mismatch problem.
DART [40] uses a binary tree of M+1 level as the logicalnetwork and allocates each node an M-bit logical identifier.The leaves of the logical tree reflect the nodes’ LIDs, andthe subtree reflects a node with a common prefix. DARTavoids the mismatch problem by assigning physical neigh-bors in the same subtree structure (i.e., they share a commonprefix). For example, Figure 3 shows the binary of 4-bit LIDspace, where nodes 0000 and 0001 have three common prefixbits at level 1. DART does not avoid completely the mismatch
problem, and the result shows that the value of the pathincreases 30-35% as the size of the network gets larger.
M-DART [6] is an extension of DART. It establishes atree logical structure and maintains all of its neighboringnodes to reach the destination node. M-DART is unable toevade a complete mismatch problem due to using tree datastructure [25]. Figure 3 shows the address space representedas an overlay network built upon the underlying physicaltopology. Its tree-based structure offers the manageableprocedure for address allocation without relying on flooding.M-DART suffers from a mismatch problem due to the inflex-ible connecting order of its tree-based logical structure.
Caleffi et al. [41] proposed an augmented tree-basedrouting (ATR) protocol that provides a solution to the scal-ability problem. In MANETs, hierarchically organizeddynamic addressing approaches use a simple and manage-able tree-based structure for routing and address space man-agement. These tree-based addressing schemes embeddedincomplete information that shows unsatisfactory routeselection. In the proposed ATR augment, the tree structureuses storing additional information in the node routing tablethat allows one to resort to multipath routing. Each nodediscovers all its possible paths to reach the destination usingits neighbor nodes. Figure 4 shows the routing issue in pathdiscovery results of DART and ATR with five nodes for a fullmesh network. The path discovery from each node to the twodestinations 2 and 4 is shown in a given graph. For the samedestination graph, show the multiple paths in ATR, whileexisting approaches do not provide the shortest path in a verysimple network. The proposed mechanism solves themedium instability or bottleneck problem and scalabilityissue and gains good resilience against node mobility or fail-ure in MANETs.
XXXX
111X
1XXX0XXX
11XX10XX01XX00XX
001X000X 010X 011X 100X 101X 11X0
0001 0010 0011 0100 0101 10100000 11110110 0111 1000 1001 1011 1100 1101 1110
0XXX
00XX
01XX010X
001X
011X
000X
00100011
00010000
01100100
0101
0111
10XX101X
100X1011
1XXX
Level 0
Level 1
Level 2
Level 3
Level 0
Level 1
Level 2
Level 3
Logical network
Physical network
0010
0111
1000
1001 1011
Figure 3: DART logical network over the physical network.
9Wireless Communications and Mobile Computing
Caleffi [42] present a scalable DHT-based routing proto-col that integrates direct routing and indirect key-based rout-ing at the network layer. The proposed mechanism is able tobuild an overlay network that improves the p2p performanceby agreeing on physical and logical proximity. In addition,the presence of a hostile channel and modest node mobilityassure the satisfactory performance whenever the numberof nodes grows. The proposed protocol indirect tree-basedrouting (ITR) allocates an l bit string as a location-basedidentifier to the peer node. Routing is simplified in MANET;each routing table consists of an l section and a k section. Sec-tion l shows each bit of the ID, and the k section representsthe address prefix length that is shared by the forwarderand destination IDs. ITR is capable to forward resourcequeries without introducing any overlay because logicalproximity agrees with physical proximity.
Alvarez-Hamelin et al. [43] connect the nodes in logicald-hypercube structure; d refers to the dimension of a hyper-cube. A node has LID and mask value indicating the LIDspace portion for which the node is responsible. The nodeconnected to those nodes having LID coordinates differs inone dimension. Figure 5 illustrates the connectivity of LID0000 with the LIDs 0010, 1000, 0001, and 0100. This proto-
col still does not avoid the mismatch problem. For example,node (0110) and node 1111 are physical neighbors; they arenot logical neighbors in the hypercube because their LIDsdiffer in more than one bit, as shown in Figure 5.
Motion mix [8] maintains 1-hop logical neighbors in anoverlay network and is basically designed to handle the over-head in case of the mobility of nodes. It uses past mobilitytraces of nodes to predict node movement. The motion mixis partially effective against the mismatch problem.
Mesh-DHT [44] uses a 2-dimensional (2D) structure todecrease mismatching between logical and physical net-works. This technique uses a link graph to build the 2D struc-ture that is based on the methodology of [25]. The 2D closercoordinate has physically nearby neighbors that attract eachother, whereas 2D distant coordinates have physicallydetached nodes that repulse each other. A new joining nodecomes to be 1-hop neighbors to the coordinate. Nodes peri-odically inform each other about the coordinate of its 1-hop neighbors and improve its 2D coordinates up to 2 hopsaway. Mesh-DHT is unable to provide an ample solution tothe ill-matching problem.
Al-Mayouf et al. [45] addressed the following issues: (i)end-to-end route selection for the optimal utilization of
2
1 3 4 5
41325
13
25
4
1 53 4
2
Path discovery of node 2 in DART Path discovery of node 2 in ATR
Path discovery of node 4 in ATRPath discovery of node 4 in DART
1 3 4 5 1
2
Figure 4: Path discovery process in ATR and DART.
0000
0010
1000
0100
1010
0110
1100
0101
1101
0011
0111
1001
0001
111110111110
1000
0100
1010
0110
1100
1101
0011
0
1001
0001
11111011111111 00
Figure 5: Hypercube d = 4.
10 Wireless Communications and Mobile Computing
network resources in a VANET environment; (ii) maintain-ing a stable network without congestion, in the existing seg-ment aware-based geographic routing protocol that mayresult in packet loss, delays, and increased communicationoverhead in route recovery. The authors have consideredboth traffic and segment status to propose a real-timeinteraction-based segment aware routing (RTISAR) algo-rithm for geographic routing in VANETs towards findingan optimal route to the destination. RTISAR considers trafficsegment status when selecting the next intersection. It isbased on their connectivity, density, and load of segments.The proposed scheme also considers the cumulative distanceto a specific destination that can avoid selecting intersectionswith low connectivity, sparse density segment, high load seg-ment, and low cumulative distance to the destination. RTI-SAR outperforms in terms of packet delivery ratio, packetdelivery delay, and communication overhead.
Teng et al. [46] proposed a vehicles joint UAV topologydiscovery (VUTD) scheme to discover the physical topologywith low cost and accuracy. Location information is a chal-lenging issue for many IoT applications because most sensordevices are randomly deployed and locations are unknown.A mobile vehicle acts as a mobile anchor to assist adjacentsensor devices in positioning and also collect logical topologyinformation of the IoT systems. Physical topology informa-tion is a combination of collected location information andlogical topology information. Cloud platform receives thisinformation via vehicles and analyzes it to determine wherethe physical topology discovery is incomplete. The UAVsact as a flying anchor and require the UAV fly subarea deter-mination (UFSD) algorithm to locate/determine thesepoints. Flight path planning algorithm based on simulatingannealing (PPSA) generates a random flight path accordingto the neighborhood function and compares the flight dis-tance with the old path to determine a better path for UAVflight between areas. The experimental results show that theVUTD scheme has better performance.
Li et al. [47] propose a “machine learning-based codedissemination scheme by selecting reliability mobile vehi-cles in 5G Networks (MLCD).” Vehicles are hard to man-age in 5G networks; improving the program code coverageand its safety is a key challenge. Code disseminators will suf-fer a large cost of the ground control station (GCS). There-fore, the MLCD scheme chooses vehicles with high degreeof reliability and coverage ratio as the code disseminator todeliver code with low cost and high accuracy rate via agenetic algorithm (GA) in a machine learning scheme.Firstly, a historical trajectory dataset is used to calculate thevehicle reliability and is selected to improve the safety degreeof code dissemination. Secondly, the vehicle with a highercoverage ratio is preferred to optimize the performance ofcode dissemination with limited cost. Thirdly, the MLCDscheme is evaluated by both theoretical analysis and experi-mental studies that show improvement in safety degree ofcode dissemination process and coverage ratio.
Mahdi et al. [48] presented a comparative review on theclustering techniques working for efficient data aggregationin target tracking applications. Wireless sensor applicationsare vulnerable to energy limitation during communication.
For reducing energy consumption, there are two strategies(clustering and data aggregation) that are widely used toincrease the lifetime of the sensor network. Redundant datais produced regularly in target tracking applications. To elim-inate the data redundancy, there is need to deploy an effectivedata aggregation scheme. Authors conduct a comparativestudy on four existing clustering approaches includingdynamic clustering, static clustering, combined clustering,and adaptive clustering. The pros and cons of these tech-niques are discussed for better choice that depends on vari-ous environments. The selection of an appropriatealgorithm may reflect positive results in the data aggregationprocess.
The authors in [4, 5] propose a 3D routing protocol (3D-RP) that addresses the mismatch problem. 3D-LS providesthe visualization of a newly joining node, and its associatedneighboring nodes represented the main idea of 3D-RP.The 3D logical space is divided into three planes consistingof 6 dimensions and 8 octants. Each node is the resident of3D-logical space; each node calculates the LID that imitatesits intraneighbor connectivity accompanied by neighboringnodes. In 3D-RP, a node calculates its m-bit LID from 3D-LS. 3D-RP relies on local information that is obtainedthrough hellomessages. A node keeps a dimension parameter(dim) along with its LID. The nodes are put in a groupaccording to their dimensions that assist the packet forward-ing. The following paragraph details the node joining processin 3D-RP. Figure 6 shows the Case 1 in which the newly join-ing node p has only one neighboring node i; node p avails thefirst unoccupied dimension of node i and computes the LIDbased on node i’s LID. In the same way, the nodes s and q usethe next two available dimensions of node i to compute theirLIDs using Equation (22). Nodes s, q, and p are not physicallyconnected in the network, so the node i’s local 3D-LS pro-vides three different dimensions to these nodes to computetheir LIDs. Similarly, the nodes l and r use the interpolationmethod (Equation (23)) to calculate their LIDs as shown inCase 2 of Figure 6. Also, node v uses Equation (24) to calcu-late its LID corresponding to s and l, which are nonadjacentneighbors as illustrated in Case 3 of Figure 6. In Case 4, thejoining node t computes its LID after checking the contiguityof its neighbor nodes q, r, and i as shown in Figure 6.
Figure 7 demonstrates the intraneighbor relationship ofnode i with its physical neighboring nodes in the local 3Dlogical space of node i. The physical links are representedby black dashed lines while the 3D logical space of node i isrepresented by the blue dashed lines. Each node is the resi-dent of 3D-logical space; each node calculates the LID thatimitates its intraneighbor connectivity accompanied byneighboring nodes that assist in assigning nodes’ LID suchthat the nodes that are close in the physical network obtainclosest LIDs. In this way, the LID of node i is physically closeto all of its adjacent neighboring nodes that shows the phys-ical proximity in terms of x, y, and z coordinates. The exactinterpretation of the physical proximity in the logical net-work assists in avoiding the long routes and traffic overheadredundancy and seems to reduce end-to-end delay.
To send a packet in the direction of destination LID fxjyjzg‐dim, a source node exploits its Lnbr that has the same
11Wireless Communications and Mobile Computing
dimension value or minimum sum of difference as the desti-nation node and forwards the packet to destination node LIDfxjyjzg‐dim. If there exists no such neighboring node, thepacket is forwarded towards the “base node.” A node that isintricate in computing the LID of the newly joining node isreferred to as the “base node.” 3D-RP does not provide anyviable solution to handle the security issues discussed in Sec-tion 2. Moreover, the aforementioned is unable to handlenetwork partitioning that makes it vulnerable to the criticalnode failures, which directly affects the network end-to-enddelay and throughput.
In the past literature, the security issues have been dis-cussed for traditional/non-DHT-based routing protocols inwireless ad hoc networks, and researchers have given var-ious possible solutions to these issues. But deploying thosesolutions directly at the logically maintained network by aDHT-based routing protocol is inappropriate because theaddressing, lookup, and routing in a DHT-based routingprotocol is different from the traditional routing protocolsthat mainly rely on IP addresses for routing of packets atboth the control and the data plane. Addressing the secu-rity concerns in a DHT-based routing is crucial and maycompletely halt the functionality of a DHT-based routing
protocol that would result in a total communication dis-ruption among nodes. To the best of our knowledge, noneof the existing literature provides a secure version of theDHT-based routing protocols that works at the networklayer. This paper is the first to attempt the solution ofsuch security threats in the context of DHT-based routingprotocols that would prevent service disruption, decreasethe traffic overhead, and reduce the packet loss in thenetwork.
4. 3D Secure Routing Protocol (3D-SRP)
To counter the attacks briefed in Section 2, we have devised asecure version of the 3D routing protocol (3D-RP [5]),named as 3D secure routing protocol (3D-SRP). 3D-SRPassumes that public-private key pairs are evenly distributedamong the nodes. Each node in the network has a pair ofpublic and private keys and uses the RSA algorithm [17] forencryption and decryption. In 3D-SRP, a node authenticatesa public key belonging to a particular node as follows: 3D-SRP uses an identity card (IC) and a certificate (C) for thenode identification. IC comprises a public and a private com-ponent of a node as shown in Table 3. The public component
Case 1: In the case of more distinct neighbors, the remaining 3 dimensions out of the six uses the following formula to assign LIDto nodes.
Case 2: In the case of adjacent neighbor, each joining node compute its LID through interpolation using Equation (23). Also, the joining node uses the sign dimension of the available common contact between adjacent nodes for its LID.
Case 3: In the case of non-adjacent neighbor nodes, each joining node computes its LID using Equation (24) in case the neighbor nodes have any common neighbor node. Also, the joining node sets the dim value to that of the neighbor node that is closest in terms of a number of hops.
i
p
i
p
qs
i
{1|1|1} −0
{1|1|1} −0{1|1|1} -0
Case 1
{257|1|1}−1
{1|256|−1} −3 {150|50|−60} −2
p
s
i {1|1|1} −0
{1|256|−1} −3
Case 2p
qs
i{1|1|1} −0
{1|256|−1} −3
r {64|64|64} −1
{150|50|−60} −2
p
qs
i {1|1|1} −0
{1|256|−1} −3
r
{64|64|64} −1
(22)
(23)
(24)
{150|50|−60} −2
{65|
-65|
65} −
1
l
Case 3
p
qs
i{1|1|1}-0
{257|1|1}−1
{1|256|−1}−3
rl
{65|−65|65}−1
v
{64|64|64}−1
Case 4
{150|50|-60}−2
p
qs
i{1|1|1} -0
{1|256|−1} −3
r
l
v
{150|50|−60} −2{−98|1|1} −1
t
{−100|100|100} −1
{257|1|1}−1 {257|1|1}−1 {257|1|1}−1
{257|1|1}-1
{257|1|1}−1
{65|−65|65}−1
{−98|1|1}−1
{64|64|64}−1
Figure 6: Illustration of the node joining the algorithm of 3D-RP, where m in Equation (23) is the joining node; Lnbr ≥ represents the 1-hoplogical neighboring nods ofm;Wmi andWmj are weights given bym to its neighboring nodes; Lnbr is the number of logical neighbors; Tkx, Tky ,and Tkz are the ordered tuples in x, y, and z dimensions of neighbor’s LID.
12 Wireless Communications and Mobile Computing
at each node refers to personal identity (PI) that uniquelyidentifies a node. PI includes data, e.g., UID LID, PbKn, pho-tograph, and user signature. Secure hash algorithm (SHA-1)is used to generate user signature [49] and is encrypted usingthe node’s private key.
Sign = EncryptPrKnhash nonceð Þð Þ: ð5Þ
The private component comprises the private key (PrKn)of a node. Security information is generated when the userintroduces its PI and is stored relentlessly at the node forfuture usage. Certificate Cij of a node i comprises of a certi-fied IC, signed by another node j that certifies it. To get theIC signature of node i, node i’s is signed with j’s PrKj usingthe summary function obtained by SHA-1. No centralized
certification authority (CA) has been used to validate IC.The integrity and authentication are automatically validatedat each node by using the method that is explained in Section4.1. Any of the trusted nodes can become the CA for a givennode that builds a distributed certification authority mecha-nism between trusted nodes.
In 3D-SRP, each node sends a hello message contain-ing IP, LID, and other related information (e.g., PbK andPI). Each hello message has a sequence number generatedby the sending node in order to avoid the replay attack.We assume a connected network topology, i.e., networkpartition would not occur throughout the network opera-tion. The proposed solution is sensitive to mobility. Han-dling the mobility of nodes has always been a majorchallenge in ad hoc networks. DHT-based routing proto-cols for MANETs do not support high mobility, becausea logical network is maintained over the physical topologyin DHT-based routing in which each node computes alogical LID in addition to its universal identifier (UID),i.e., IP/MAC address. In case the neighborhood of a nodeP changes or P moves to another place, precomputation ofits LID reflects its relative position with respect to its newneighborhood. In case of high node mobility, the fre-quency of the node’s LID recomputation increases whichwould increase traffic overhead, computation overhead,packet collision, and chances of network inconsistency.This would generate more traffic to update the networkstatus and subsequently increases the end-to-end delay in
qs
{1|1|1} −0
{257|1|1}−1
{1|256|−1}−3 {150|50|−60}−2
l
{65|−65|65} −1{64|64|64}−1
t
{−100|100|100}−1
+Z
−Z
−X
+X
−Y
1024
1024
−1024
1024
−1024
−1024
+Y
Nodes
Note: letters i, p, q,...Represent UID addresses of node
Address format{tuple1|tuple2|tuple3}-dimension parameter
I, II, III,..., VIII
II
VIII
V
III
VI
VII
IVI
i
p
{−98|1|1}−1
r
v
dlp dpr
dip
dli
dvl
dsv dis diq
dir
dit
drt
dqt
octants
Figure 7: Illustration of node i’s 3D logical space and its intraneighbor relationships with its neighboring nodes in the physical network.
Table 3: Identity card (IC) generated by the 3D-SRP system at eachnode.
Identity cardPublic component Private component
Personal identity (PI)Public key (PbK)IP address (IP)Logical identifier (LID)User signature (Sig)
Private key (PrK)
13Wireless Communications and Mobile Computing
New node
Any neighbor? (after expiration of time interval)
Gets LID {1|1|1}-0 and adds in ICwith user signature
Applying hash function on IP address to find anchor node (AN)value that is closest to itself then
stores its own mapping information and act as an anchor node (AN) for
it self.
The newly joining node send its own public components and hash value of the identity card (IC) to the neighboring
node (s) using Equation (6)
It decrypts the received information and ensures the data integrity to validate the IC
The verification and authentication process is a chain of trust and an issuance of the certificate after validating the
ICs
Compute its AN and store its LID and other mapping information
End
Valid IC
After IC validation, the neighboring node share its IC along with hash value using Equation (6)
The newly joining node checks neighboring node IC validity
Count neighbor
All adjacent neighbors
Check neighbor of neighbors
Check ifneighbor
adjacent toothers
Adjacent neighbor
Any common neighbor among
neighbors?
Check if neighbor is
colinear to joining node
Check if colinear
Any common neighbor among
neighbors?
Calculate LIDusing Equation
(24)
Calculate LID using first available dimension
Calculate LID using next available dimension
Calculate LID using next available octant
Yes
Yes
YesYes
Yes
Yes
No
No
No
No
No
Case 1 neighbor count 1
Case 4neighborcount 3
Neighbor
count 2
No
Case
3
Case 2
No
Yes
No
LID computation done
The neighbor node (s) gaze physically and using RSS method to calculte the closeness to estabish a trust
The joining process of 3D-SRP (LID computation)
New node establishes trust with all of its physical neighbors and obtains a
certificate
Valid IC
Exclude from neighbor list
All neighbors entertained
Yes
Yes
Yes
Yes No
No
No
No
Now IC comprises PI, IP, LID, PbK, Sig, PrK
The newly joining nodeassumesitself as the first node in thenetwork and generate its
credentials (public key (PbK), private key (PrK)).
The newly joining node generates its credentials (publickey (PbK) and private key (PrK)) after receiving hello
messages from the neighboring node (s) and attempts trustestablishment with all its physical neighbors
Calculate LID using Equation (23)
Yes
Exclude from neighbor list
Figure 8: Illustration of the node authentication/verification and the joining process in 3D-SRP. (i) The newly joining node generates itscredentials after receiving hello messages from the neighboring node(s) and sends its own public components and hash value of theidentity card (IC) to the neighboring node(s). The neighbor node(s) gaze physically and use the RSS method to calculate the closeness toestablish a trust. It decrypts the received information and ensures the data integrity to validate the IC; after IC validation, the neighboringnode share its IC along with hash value. The newly joining node checks its validity. The verification and authentication process is a chainof trust and an issuance of the certificate after validating the ICs. (ii) The joining process of 3D-SRP is according to the joining process of3D-RP as discussed earlier.
14 Wireless Communications and Mobile Computing
the network. Therefore, we consider low mobility nodes orconnected topology. The following subsections explainedthe functionality of every component of 3D-SRP.
4.1. Joining Process in 3D-SRP. When joining a network, anode p waits for at least three intervals of T for hello mes-sages from its neighboring nodes in the network. Figure 8illustrates the authentication and verification process of thenewly joining node and the LID computation afterwardbased on the number of logical neighboring nodes in3D-SRP. Upon the expiration of these intervals, the fol-lowing two cases arise:
(i) If node p does not receive any hellomessage from theexisting nodes, then it assumes itself as the first nodein the network. The node initializes its securityparameters, i.e., its public-private keys, and assignsitself LID f1j1j1g‐0 from 3D LID space; every axis,
i.e., x, y, and z, has a range from 1 to ±2M . Node pobtains a hash value via applying a consistent hashfunction over its IP address and finds out the hashvalue closest to its LID, so it becomes the AN of itselfand stores its ownmapping information (i.e., LID, IP,and others)
(ii) In the case where node p collects a hello messagefrom at least one of its neighboring nodes, it initial-izes its public and private keys and starts the authen-tication process with the existing neighboring nodesas follows
To initiate the authentication process, node p choosesan existing neighbor node (e.g., node a) within its trans-mission range. As node p receives PbKa of node a in thehello message, it sends its ICp signed by a’s PbKa. Uponreceiving the signed IC of node p, node a then validates
Node name
Node LID, IPNode public key
(PbKnode)
Issuer’s name, IP
Issuer’s signature Neighbor node name
Neighbor node LID, IPNeighbor node public
key (PbKnbr)
Issuer’s name
Issuer’s signature ---
----
------
--------
-----------
New-node certificate (C)
Chain of trust(1) Issues certificateafter validating the ICof the new node(2) Establishes trust with the new node
(3) Issues certificate after validating the neighbor trust(4) Establishes trust with the new node
Existing-neighbor certificate
Figure 9: Establishing a chain of trust and issuance of certificate after validating the ICs.
Required: when node Np switched on and wants to join the network, it is waiting time interval T , physical neighbor list of Np isdenoted with NList and RSS method is used to measure the distance to each of its neighbor at joining node Np.1: ifNp does not receive a Hello message and T expires then2: Initialize ICp as security parameters3: LIDp ⟵ f1j1j1g − 0 \\ assign a first LID of the network to itself4: else5: Initialize ICp as security parameters6: Np ⟵Na ∈NList : E ðPbKa, ICp ÞkPbKp \\ Np encrypt its IC with neighbor public key & send to Na
7: Na ⟵Np : EðPbKp, ICaÞkPbKa \\after gazing neighbor node send its credential to Np
8: end if9: Trust between p and a established after successful exchange of credential information.
Algorithm 1: Joining operation with authentication and verification.
15Wireless Communications and Mobile Computing
Case 1Required: information related to neighbor Ni is stored in neighbor table (NT) of Nj, and distance to Ni is measured using RSS at join-ing node Nj.1: if ∃Ni ∈NT : ð∃Nm ∈NbrðNiÞÞ! =Nj then \\ neighbor count =1 then check neighbor of neighbors2: dimj ⟵NextAvailableDimðNm,NiÞ \\ if a neighbor of a neighbor found calculate LID using Equation (22)3: else4: dimj ⟵ firstð dimiÞ \\ calculate LID using the first available dimension using Equation (22)5: end if6: LIDj ⟵ComputeLIDðNi, dimjÞ \\ LID computation doneCase 2Required: information related to neighbors Ni and Np is stored in neighbor table (NT) of Nj, and distance to Ni and Np is measuredusing RSS at joining node Nj.1: if ∃Ni,Np ∈NT : Np ∈NbrðNiÞ andNi ∈Nbr ðNpÞ then \\adjacent neighbors found2: Nbradj ⟵ true3: if ∃Nc ∈Nbr ðNiÞ andNbr ðNpÞ then ∗∗Nc refers to any common neighbor other than Nj
4: octj ⟵NextCommonOctantðNc,Ni,NpÞ \\ common neighbor found calculate LID using Equation(22)5: else6: if CollinearðNj,Ni,NpÞ == true then \\Collinear found7: LIDj ⟵ ComputeLIDðNi,NpÞ \\ calculate LID using Equation (23)8: return9: else10: LIDj ⟵ ComputeLIDðNi,Np, octjÞ \\ calculate the LID using next available octant using Equa-tion (22)11: return12: end if13: endif14: endifCase 3Required: information related to neighbors Ni and Np is stored in neighbor table (NT) of Nj, and distance to Ni and Np is measuredusing RSS at joining node Nj.1: if ∃Ni,Np ∈NT : Np ∉NbrðNiÞ andNi ∉Nbr ðNpÞ then \\ adjacent neighbors not found2: Nbr adj⟵ false3: if ∃Nc ∈Nbr ðNiÞ andNbr ðNpÞ then \\ common neighbor found among neighbors4: LIDj ⟵ ComputeðNi,Np, Nbr adjÞ \\ calculate LID using Equation (24)5: else6: if CollinearðNj,Ni,NpÞ == true then \\Collinear found7: LIDj ⟵ ComputeLIDðNi,NpÞ \\ calculate LID using Equation (23)8: return9: else \\ calculate the LID using next available octant using Equation (22)10: switch to Case 1 (Compute LIDj using the available dimension of Ni or Np)12:13: end if14: end if15: end ifCase 4Required: information related to neighbors Ni, Np, and Nq are stored in the neighbor table (NT) of Nj, and distance to Ni, Np, and Nq
is measured using RSS at joining node Nj.1: NbrCommon⟵ false2: if ∃Ni,Np,Nq ∈NT : Np ∈NbrðNiÞ, NbrðNqÞ andNi ∈NbrðNpÞ, NbrðNqÞNq ∈NbrðNiÞ, NbrðNpÞ then4: LIDj ⟵ ComputeLIDðNi,Np,NqÞ \\ all adjacent neighbors calculate LID using Equation (23)5: return6: else if Ni ∈NbrðNpÞ, NbrðNqÞ andNp ∉NbrðNqÞ andNq ∉NbrðNpÞ or7: Np ∈NbrðNiÞ, NbrðNqÞandNi ∉NbrðNqÞ andNq ∉NbrðNiÞ or8: Nq ∈NbrðNpÞ, NbrðNiÞ andNp ∉NbrðNiÞ andNi ∉NbrðNpÞ then
Algorithm 2: Continued.
16 Wireless Communications and Mobile Computing
the received data by decrypting with its PrKa and checksthe data integrity by verifying the hashed value. This isshown through the following
nodep ⟵ ∀nodea ∈NbrList nodep� �
: EncryptPbKaICp, hash ICp
� �� �,
nodea ⟵ nodep : EncryptPbKp ICa, hash ICað Þð Þ:ð6Þ
During this process, node a ascertains node p’s trustlevel using physical gazing to node p (as both nodes areassumed to be close physically), which depends onwhether node a knows node p or not. Node a then sendsits ICa to node p. The ICa of node a is signed by node p’sPbKp, which is received in node p’s ICp. After authentica-tion and verification of a’s IC, node p establishes the trust.Figure 9 illustrates the chain of trust and issuance of thecertificate after validating the ICs.
Algorithm 1 illustrates the joining process includingauthentication and verification. After establishing trust withnode a, node p selects another existing neighboring nodefor establishing mutual trust in the same manner. This pro-cess continues until node p establishes trust with all of itsphysical neighboring nodes. In case node p is unable to estab-lish trust with any of its 1-hop physical neighboring nodes,then those 1-hop neighboring nodes are excluded from itsneighbors’ list and would not be considered for data forward-ing and in the LID computation phase.
After completing the neighbor authentication, node pcomputes its LID as per 3D-RP specification based on itstrusted physical neighboring nodes. Algorithm 2 describesthe LID computation process in 3D-SRP. A node p gets theinformation about the neighbors of node i from the receivedhello message and finds that it has only one neighbor that isnode p. Figure 6 shows Case 1 in which node p calculates itsLID in the first unoccupied dimension of node i. In the same
way, nodes s and q compute their LIDs in two differentunoccupied dimensions of node i. Node i assigns its threedifferent dimensions to nodes p, s, and q because they arenot physically connected to each other. Figure 6 shows Case2 with the interpolation method in Equation (23) that isused to calculate the LIDs of nodes r and l after checkingthe adjacency with their existing neighbor nodes p and i.In the same way, node v in Case 3 of Figure 6 uses Equation(24) to calculate its LID corresponding to its neighbors s andl. The node t in Case 4 calculates its LID corresponding to itsneighbors r, i, and q as shown in Figure 6.
After computing its LID, node p obtains the LID of itsAN by applying a hash function over its IP address; let ussay this produces the hashed value hðvÞ. The hðvÞ is com-puted from the same 3D space from where the LIDs of nodesare computed. A node can act as AN for multiple nodes.Each node stores its mapping information on AN in DHT-based routing because the source node requires the LID ofthe destination to forward a packet. Each node performstwo major operations:
(1) One operation is performed after computing the LIDto store its mapping information needed to computethe LID of its primary anchor node (PAN)
(2) A node acts as a primary anchor node and stores themapping information to those nodes whose LID isclosest to its LID
Every node uses its 1-hop logical neighbor (Lnbr) informa-tion to forward the query towards the same dimension param-eter of its Lnbr with the closest position of every tuple of itsLID with the least sum of difference (LSD) to the hðvÞ‐dim. Sum of difference (SD) is computed using Equation(7) of each tuple of the Lnbr’s LID with the correspondingtuple of hðvÞ‐dim, and then using Equation (8) select anext-hop Lnbr with the LSD.
9: NbrCommon⟵ true10: LIDj ⟵ComputeLIDðNi,Np,NqÞ \\if neighbor is adjacent to others calculate LID using Equation (23)11: return12: else13: LIDj ⟵ComputeLIDðNi,Np,Nq, NbrCommonÞ \\if neighbor is not adjacent to others calculate LID using Equa-tion (24)14: end if
Algorithm 2: Joining operation (LID computation) in 3D-SRP after authentication and verification.
Required: when joining node Np, successfully calculate its LID and anchor node (AN) LID after authentication and verification thenstore its mapping information at AN,Np routes SII message to Ns through Nqand Nr as follows:1: Np ⟵Nq ∈NList : SIIkE ðPrKp, LIDp, hðvÞ, SHA − IðSIIÞÞkPbKp
2: Nq ⟵Nr ∈NList : SIIkEðPrKq, EðPrKp, LIDp, hðvÞ, SHA − 1ðSIIÞÞÞkPbKpkPbKq
3: Nr ⟵Ns ∈NList : SIIkEðPrKr , EðPrKq, EðPrKp, LIDp, hðvÞ, SHA − 1ðSIIÞÞÞÞkPbKpkPbKqkPbKr
Algorithm 3: Joining process in 3D-SRP store mapping information at anchor node (AN).
17Wireless Communications and Mobile Computing
SDnbr = Tnbrx − Tdxj jð Þ + Tnbry − Tdy
�� ��� �+ Tnbrz − Tdzj jð Þ,
ð7Þ
LSDnbr = minnbr∈LnbrSDnbr, ð8Þwhere the sum of difference is SDnbr; three tuples of nbr’sLID are Tnbrx, Tnbry, and Tnbrz ; three tuples of hashed valueor the destination’s LID are Tdx, Tdy, andTdz ; the least sumof difference is represented with LSDnbr; and 1-hop neigh-bors are represented with Lnbr. The node simply forwardsa message to its base node if the 1-hop neighbors do notexist.
Algorithm 3 illustrates the newly joining node p storingits mapping information at the anchor node (AN) after LIDcomputation and its AN LID computation. The node p sendsa store-index information (SII) message that has hðvÞ as thedestination LID in order to store node p’s LID and IP address(collectively called mapping information) at the node(referred as AN of node p). The node whose LID closelymatches the hðvÞ would become the AN of node p. SII com-prises node p’s LID, its IP address, hðvÞ value, and the hashof the message hashSII encrypted with PrKp as shown inEquation (9).
The hashSII is computed to ensure/verify the messageintegrity. The public key PbKp of node p is included as plaintext in the SII message. In case if a node p itself is having aLID that is closest to the hðvÞ, then p would store its ownmapping information. Otherwise, the SII is forwardedtowards the anchor node (AN) based on the destinationLID (i.e., hðvÞ) as follows:
SIIencrypt nodep� �
= SII EncryptPrKphashSIIð Þ
��� ���PbKp: ð9Þ
Node p then forwards the SII to a neighbor among allof its 1-hop neighboring nodes that have the closest LIDto that of hðvÞ. After verifying the message integrity, thereceiving node q compares the destination LID (i.e., thevalue of hðvÞ) with LIDs of itself and 1-hop neighbornodes. The mapping information of nod p (UID, LID,etc.) is stored by node q because its hash value hðvÞ isclosest to the LID. Otherwise, node q computes the signa-ture by computing the hashed value of the message andencrypts with its own private key PrKq. The encryptedmessage is then forwarded to one of its 1-hop neighbors(say node r) having the closest LID to that of value hðvÞ.The process will be repeated at every node on the pathuntil the message arrives at p’s anchor node, say l.
For instance, in Figure 1, node s with LID f1j256j1g‐3applies a hash function on the IP address` of node s andcomputes the hash value hðsÞ = f150j‐256j1g‐1 that is itsPAN value. Node s forwards the message to the PAN asfollows. Node s forwards the query to node i with LIDf1j1j1g‐0 that is its base node because 1-hop neighborsof node s are not in dimension 1; node i has three neigh-bors q, t, and p with dimension 1 that is the same dimvalue of hðsÞ.
The sum of the difference of node i is calculated usingEquation (7) as follows:
SDq = 100 − 150ð Þj j = 50f g + −100 − −256ð Þj j = 156f g+ 100 − 1j j = 99f g⟶ 50 + 156 + 99f g⟶ 305f g,
SDt = 100 − 150ð Þj j = 50f g + 100 − −256ð Þj j = 356f g+ 100 − 1j j = 99f g⟶ 50 + 356j j + 99f g⟶ 505f g,
SDp = 256 − 150ð Þj j = 106f g + 1 − −256ð Þj j = 257f g+ 1 − 1j j = 0f g⟶ 106 + 257 + 0f g⟶ 363f g,
SDi = 1 − 150j j = 149f g + 1 − −256ð Þj j = 257f g+ 1 − 1 = 0f g⟶ 149 + 2517 + 0f g⟶ 406f g: ð10Þ
Node q has the minimum LSD using Equation (8), i.e.,LSDnbr = f205g. So, node i forwards the SII towards node q.Finally, node q forwards the query towards node l with
SDl = 100 − 150j j = 50f g + −331 − −256ð Þj j = 75f g+ 100 − 1j j = 99f g⟶ 50 + 75 + 99⟶ 224f gf ,
ð11Þ
which is closest to the hashed value f150 ∣ ‐256 ∣ 1g‐1. Thus,node l acts as PAN for node s. Node q becomes the secondaryanchor node (SAN) because it is a 1-hop neighbor of node land the second closest value to the hashed value, so node lreplicates the mapping information at node q, in case PANmoves or fails and the SAN becomes active.
4.2. Lookup and Routing Process in 3D-SRP. The source nodeobtains the destination node’s LID (say node d) from itsanchor node before transmitting a data packet. The sourcenode (say node s) generates a hash of the lookup request mes-sage (MREQ) and encrypts with its private key which is usedas a signature as shown in Equation (12). The source nodecomputes the hðvÞ by applying a hash function over the noded’s IP address. Node s then sends MREQ to the anchor nodeascribed for the node d in the same manner as a SII messageis forwarded.
MREQof Nodesource = MREQ EncryptPrKsource
��� hashMREQ PbKsourcek� �,
hashMREQ = hash SIIð Þ:ð12Þ
However, when the anchor node receives the MREQmessage, it sends in reply the lookup reply message (MREP)to the source node s. The anchor node builds the MREP asshown in Equation (13). MREP includes the mapping infor-mation (i.e., LID, IP address, and public key (PbKd)) of noded. Upon receiving the LID of the node d, node s sends thedata packet towards node d in an analogous way as the SII
18 Wireless Communications and Mobile Computing
message is forwarded. Using the trusted chain mechanism,the node s gets the legitimate LID of the destination node dand thus avoids the destination LID tempering attack,described in Section 2.
MREP of nodedestination = MREP Encryptk PrKdesthashMREP PbKdestk ,
hashMREP = hash MREPð Þ:ð13Þ
Upon receiving the MREP, node s decrypts the message.The authenticity of the message is ensured by decrypting
the hash of the message and comparing it with the initiallyforwarded message. The same hash value would confirm thatthe message is not tempered during the course.
4.3. Updating Neighborhood and Trust Chain in 3D-SRP.Each node periodically updates the list of its 1-hop neighbor-ing nodes using hello messages. If the node examines that aneighboring node cannot be trusted anymore, it revokes thecertificate of trust associated with that neighboring nodeand excludes it from the neighbor list. Similarly, if a node,say p, receives no hello messages from a neighboring nodein a particular time interval, p removes that neighbor from
Table 4: Security evaluation of our protocol.
Attacks How our protocol refuses the attacks
Access to user data in physical devices User/password access
Compromised physical devices Visual identity verification (authentication phase)
Identity impersonationVisual identity verification (authentication phase)
trust policies
Phishing, active spoofing, compromised dataHashing and authentication
Use of trusted chain
Data modification, compromised data Hash function to guarantee data integrity
Lost data because of failure and battery discharge Authentication
Compromised nodeUse of algorithm to identify compromised nodes
Change of trust level, trust elimination
Denial of service/data availabilityDistributed data management and storage
Distributed access to data servicesDistributed security processes
Loss of connectivity Authentication
Z1
CL_C
SR
Z2
Z7
Z13
Z6
Anchor
Z8
Z11
LPA
Z17
Z6
HP
LIDs
Z4Z4
Z12
Z9
Z15
SHA
CL
Z2
Node
Z3
LID-IP
JNH
NIP
PS-AN
LID-SHA
Z16
Z16SPS
Z18
Send
LID
Z14Z14 Z17
Z5
Z10
Z19
Key_Gen
Z19
Figure 10: High-level Petri net model for 3D-SRP.
19Wireless Communications and Mobile Computing
its neighbor list. The trust among neighboring nodes in 3D-SRP is established using the trusted chain mechanism. Forinstance, the trust between nodes r and p can be establishedby using the trusted chain, i.e., q⟷ p, r⟷ q, and r⟷ p,where⟷ is trust. By using the trusted chain, the anchor nodeof d ensures that the LID and public key of p, i.e., PbKp, in theSII message belong to node d, and thus, node d can be trusted.This process avoids authentication of the node’s LID temper-ing attack, which is described in Section 2.
4.4. Security Evaluation of the Proposed Protocol. This sectionevaluates the proposed 3D-SRP in terms of various securityattacks. The new security authentication and verificationalgorithms can be easily added to the 3D-SRP that makes itadaptable. To evaluate and analyze the proposed 3D-SRP inthe context of practical perspective, Table 4 is added thatillustrates the most frequent attacks in the self-organizedwireless ad hoc networks and how the proposed 3D-SRPencounters with those attacks. It can be observed that theproposed 3D-SRP provides a high level of security and thusmaking the network more reliable.
5. Formal Analysis of 3D-SRP
This section presents the proposed model and its analysis forbetter understanding using high-level petri nets (HLPN),SMT-Lib, and Z3 solver.
5.1. Introduction to HLPN. Petri nets [50] provide a frame-work to model a discrete event system graphically whichcan be verified mathematically. High-level Petri nets areused for scientific problems with complex structure, espe-cially stochastic, time, and fuzzy Petri nets which are usedfor modeling, analysis, and simulation engineering in intelli-gent task planning, artificial intelligence, managing symbolicand numerical information, and dynamic knowledge repre-sentation. In this paper, we have presented the proposed pro-tocol model using high-level Petri nets. HLPN is defined as aseven-tuple n = ðp, t, f , φ, r, l,m0Þ, where p is a set of places; tis a set of transitions, where p ∩ t = θ; f is a flow relation,where f ⊆ ðp × tÞ ∪ ðt ∪ pÞ; φ maps places p to data types;transition rule defined by r; f label represented by l; and ini-tial marking denoted with m0. N = ðp, t, f Þ is a net structure.ðφ, r, lÞ describe the static and semantic information andensure it is the same throughout the system. HLPN showsvarious types of tokens for places. These tokens are crossproducts of two or more types. Places in HLPN have tokensof various types. The incoming flow variables are utilized toenable a certain transition. Each transition must hold a pre-condition to be enabled. Similarly, transitions are firedthrough a postcondition that uses variables from the outgo-ing flows.
5.2. Formal Analysis and Verification. Formal analysis andverification process scrutinize the satisfaction level of theproposed system model by formal specification and itsbehavior. The bounded model describes the system interms of rules and its properties. It is used for input param-
eters on whether after the finite number of steps the systemwill terminate.
Microsoft Research developed the satisfiability modulotheory library (SMT-Lib) [51] with a Z3 solver to verify theproposed HLPN model. SMT-Lib used the input platformand benchmarking framework to evaluate the proposedsystem.
The HLPNmodel and verification tools check the specificproperties verified by the HLPN model. HLPN model andverification tools are used to analyze the proposed HLPNmodel of 3D-SRP. The HLPN model shows the set P forplaces with a circle and set T for transition with a rectangularblack box in Figure 10. Table 5 illustrates data types for theproposed HLPN model, and Table 6 shows mappings andplaces defined in the proposed HLPN model.
The complete working of the proposed 3D-SRP isdetailed in Section 4. Here, we define formulae to map ontransitions. The proposed system initiated with a joining
Table 5: Illustration of the data types for the proposed HLPNmodel.
Datatype
Description
LID LID of a node
NListA list containing LIDs of neighboring node and
neighbors of the neighboring nodes
UID IP of a node
Hvalue Hashed value of a node
L1 Joining node’s LID
L2 Primary anchor node’s LID
L3 Secondary anchor node’s LID
HAS Hashed value of UID of the anchor node
M Message to send
PrK The private key of a node
PbK The public key of a node
R A nonce (random number)
IC Identity card of a node
C Certificate of a node
Cnbr Certificate of a neighboring node
Table 6: Illustration of the mappings and places defined in theproposed HLPN model.
Place Mapping
φ (CL) P (NList×Cnbr)
φ (node) P (NList×LID×PrK×PbK×C×IC)φ (LID-UID) P (LID×UID)φ (NIP) P (UID)
φ (JNH) P (Hvalue)
φ (PS-AN) P (L1×L2×L3×Hvalue×UID×PbK)φ (LID) P (LID)
φ (LID-SHA) P (LID×HSA)
φ (send) P (M×UID)
20 Wireless Communications and Mobile Computing
node receives a hello message from the existing neighboringnode in its transmission range; it initializes its publicand private keys and starts the authentication process withthe existing neighboring nodes. The formulae in Equation(14) and Equation (15) map to the aforesaid transition:
R Key Geneð Þ = ∀z19 ∈ Z19,∀z20 ∈ Z20j,Z20 3½ �∶ = Gene SKi z19 2½ �ð ÞΛ,Z20 4½ �∶ = Gene PKi z19 2½ �ð ÞΛ,Z20 5½ �∶ = Gene g Z19 1½ �ð ÞΛ,
Z19 = Z19 ∪ z20 3½ �, z20 4½ �, z20 5½ �f g,Z20 = Z20 ∪ z20 3½ �, z20 4½ �, z20 5½ �f g,
ð14Þ
R CL Cð Þ = ∀z1 ∈ Z1,∀z2 ∈ Z2,∀z3 ∈ Z3j,Z3 = Z3 ∪ z2f g:
ð15Þ
After completing the neighboring authentication, anode computes its LID as per the joining process of 3D-SRP specification based on its trusted physical neighboringnodes. The transition LIDs are calculated via a mathemat-ical rule that is defined as follows:
R LIDsð Þ = ∀z4 ∈ Z4,∀z5 ∈ Z5j,z4 1½ � = NULLΛ z4 2½ �∶ = LID − Rootð ÞΛ,Z4 = Z4 ∪ z4 1½ �, z4 2½ �f gΛ,
z4 1½ � ≠NULLΛ,
z4 2½ �∶ = LID − Setð ÞΛ,Z4 = Z4 ∪ z4 1½ �, z4 2½ �f gΛ,Z5 = Z5 ∪ z4 2½ �f g:
ð16Þ
Every node applies a hash function over the node’sUID to find the AN that stores its mapping information.The rule and transition in
R SHAð Þ = ∀z6 ∈ Z6,∀z7 ∈ Z7j,z7∶ =Hsh z6 2½ �ð ÞΛ,Z7 = Z7 ∪ z7f g:
ð17Þ
The rule in Equation (18) representing the encryptedmessage comprising LIDs and UIDs which are placed bythe transition LPA at place LID-IP is modeled for check-ing purposes.
R LPAð Þ = ∀z8 ∈ Z8,∀z9 ∈ Z9,∀z10 ∈ Z10j,z9 1½ �∶ = encrypt z8 2½ �, z8 3½ �, z8 4½ �ð ÞΛ,
z9 2½ �, z9 3½ �∶ = z10Λ,
Z9 = Z9 ∪ z9 1½ �, z9 2½ �f g:
ð18Þ
The process of selecting the anchor node in 3DSRP isdepicted by the transition in
R Anchorð Þ = ∀z11 ∈ Z11,∀z12 ∈ Z12,∀z13 ∈ Z13j,z13 1½ �∶ = z12 1½ �Λ,z13 4½ �∶ = z11 3½ �Λ,z13 5½ �∶ = z12 2½ �Λ,
Z13 = Z13 ∪z13 1½ �, z13 2½ �, z13 3½ �,
z13 4½ �, z13 5½ �
( ):
ð19Þ
To send a data packet, each node in 3D-SRP obtainsthe destination node’s LID from the destination’s AN.Equation (20) captures the process in the subsequentrule:
R SRð Þ = ∀z14 ∈ Z14,∀z15 ∈ Z15,
z15 1½ �∶ = z14 Λ,
Encrypt z15 2½ �, z15 3½ �, z15 4½ �ð Þ∶ = hash z14ð ÞΛ,Z15 = Z15 ∪ z15 1½ �, z15 2½ �f g:
ð20Þ
Finally, the source node obtained the LID-IP pair ofthe destination node and forwards the data packettowards the destination node’s LID. The transition isdepicted by the following rule:
R SPSð Þ = ∀z16 ∈ Z16,∀z17 ∈ Z17,∀z18 ∈ Z18,
∃z17 1½ �: z16 1½ � = z17 1½ �Λz18 2½ � = z17 5½ �Λ,Z18 = Z18 ∪ z18 1½ �, z18 3½ �f g:
ð21Þ
Table 7: Simulation parameters.
Parameters Their values
Total nodes 50
Radio range 250m
Simulation area 1000∗ 1000mData transmission 64 pps
Total time of simulation 500 sec
Node moving speed 0.5 to 2m/s
Traffic model Random traffic pattern
No. of flows 18
Topology connectivity BonnMotion 2
Propagation model Two-ray ground
Inference model Random waypoint
21Wireless Communications and Mobile Computing
0.5
0.55
0.6
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
0 5 10 15 20
Pack
et d
eliv
ery
ratio
Malicious nodes (%)
Node mobility speed: 0.5 m/s
VCPMDART
3D-SRP3D-RP
(a)
0.5
0.55
0.6
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
0 5 10 15 20
Pack
et d
eliv
ery
ratio
Malicious nodes (%)
Node mobility speed: 1.5 m/s
VCPMDART
3D-SRP3D-RP
(b)
Figure 11: Continued.
22 Wireless Communications and Mobile Computing
5.3. Verification Property. The proposed system model is veri-fied by verification property. This property ensures that theproposed system meets the proposed specification and pro-duces the correct result. The following property is verified:
(1) The system computes and places the node’s LID asstated by the proposed specifications
(2) The AN safely received the encrypted requests aboutthe destination node’s LID. The AN encrypts thevalid LID in the reply message, i.e., in accordancewith the received UID
The proposed protocol is translated by the HLPNmodel and verified via the Z3 solver and SMT-Lib. The
0.5
0.55
0.6
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
0 5 10 15 20
Pack
et d
eliv
ery
ratio
Malicious nodes (%)
Node mobility speed: 1 m/s
VCPMDART
3D-SRP3D-RP
(c)
0.5
0.55
0.6
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
0 5 10 15 20
Pack
et d
eliv
ery
ratio
Malicious nodes (%)
Node mobility speed: 1 m/s
VCPMDART
3D-SRP3D-RP
(d)
Figure 11: Packet delivery ratio against a number of malicious nodes in the network: (a) node mobility speed: 0.5m/s; (b) node mobilityspeed: 0.1m/s; (c) node mobility speed: 1.5m/s; (d) node mobility speed: 2m/s.
23Wireless Communications and Mobile Computing
0
50
100
150
200
250
0 5 10 15 20
Nor
mal
ized
ove
rhea
d
Malicious nodes (%)
Node mobility speed: 0.5 m/s
VCPMDART
3D-SRP3D-RP
(a)
0
50
100
150
200
250
300
0 5 10 15 20
Nor
mal
ized
ove
rhea
d
Malicious nodes (%)
Node mobility speed: 1 m/s
VCPMDART
3D-SRP3D-RP
(b)
Figure 12: Continued.
24 Wireless Communications and Mobile Computing
Z3 solver verifies the performance of the HLPN model asstated by specific properties and practicability.
6. Simulation and Experimental Evaluation
The proposed (3D-SRP) algorithm is simulated using NS-2(version 2.35). We assumed standard values of IEEE802.11 of the last two lower layers. The simulation envi-
ronment is specified as per the values in Table 7. The pro-posed 3D-SRP is collated with M-DART [6], VCP [7], andsimple 3D-RP [4, 5]. The performance of protocols isexamined under various malicious node percentages toinvestigate the following metrics:
(1) Packet delivery ratio (PDR): the ratio of the totalnumber of packets received successfully at the
0
50
100
150
200
250
300
350
0 5 10 15 20
Nor
mal
ized
ove
rhea
d
Malicious nodes (%)
Node mobility speed: 1.5 m/s
VCPMDART
3D-SRP3D-RP
(c)
0
50
100
150
200
250
300
350
400
0 5 10 15 20
Nor
mal
ized
ove
rhea
d
Malicious nodes (%)
Node mobility speed: 2 m/s
VCPMDART
3D-SRP3D-RP
(d)
Figure 12: Normalized overhead against various numbers of malicious nodes in percentage: (a) node mobility peed: 0.5m/s; (b) nodemobility speed: 0.1m/s; (c) node mobility speed: 1.5m/s; (d) node mobility speed: 2m/s.
25Wireless Communications and Mobile Computing
VCP
MDART
3D-RP
0
10
20
30
40
50
60
70
80
90
0 5 10 15 20
% im
prov
emen
t of 3
D-S
RP w
.r.t. V
CP, M
DA
RT,
3D-R
P at
Nod
e mob
ility
spee
d of
0.5
m/s
Malicious nodes (%)
Normalized overheadPacket delivery ratio
(a)
VCP
MDART
3D-RP
0
10
20
30
40
50
60
70
80
90
0 5 10 15 20
% im
prov
emen
t of 3
D-S
RP w
.r.t. V
CP, M
DA
RT,
3D-R
P at
Nod
e mob
ility
spee
d of
1 m
/s
Malicious nodes (%)
Normalized overheadPacket delivery ratio
(b)
Figure 13: Continued.
26 Wireless Communications and Mobile Computing
VCP
MDART
3D-RP
0
10
20
30
40
50
60
70
80%
impr
ovem
ent o
f 3D
-SRP
w.r.
t. VCP
, MD
ART
,3D
-RP
at N
ode m
obili
ty sp
eed
of 1
.5 m
/s
0 5 10 15 20Malicious nodes (%)
Normalized overheadPacket delivery ratio
(c)
VCP
MDART
0
10
20
30
40
50
60
70
80
% im
prov
emen
t of 3
D-S
RP w
.r.t. V
CP, M
DA
RT,
3D-R
P at
Nod
e mob
ility
spee
d of
1.5
m/s
0 5 10 15 20Malicious nodes (%)
Normalized overheadPacket delivery ratio
3D-RP
(d)
Figure 13: % improvement of 3D-SRP over VCP, MDART, and 3D-RP in terms of packet delivery ratio and normalized overhead. Theprotocol name is displayed on the first three bars of each graph, and the pattern is the same for the rest in each graph.
27Wireless Communications and Mobile Computing
destination node to the total number of packets sentby the source node.
(2) Normalized overhead (NO): the ratio of the entirerouting overhead divided via successfully receivedtotal packets at the destination node.
The results are the mean estimates at 95% confidenceinterval. Since most of the confidence intervals are smaller,they show that our simulation results precisely representthe mean/average.
The data packets successfully delivered to the destinationnode are called protocol competence and termed as thepacket delivery ratio. We observe the packet delivery ratioto examine the impact of malicious nods initiating the above-mentioned attacks in the network. The percentage of mali-cious nodes is varied to observe the behavior of the networkand protocols in the presence of mobility.
Figure 11 illustrates that 3D-SRP is capable of deliveringa larger number of packets even with the increased num-ber of malicious nodes. Although the overall overhead of3D-SRP is slightly increased because of the effective nodeauthentication and verification mechanism, increase inthe packet delivery ratio reduces the normalized overhead(NO) for 3D-SRP as compared to 3D-RP, VCP, andMDARTin the presence of malicious nodes and node mobility. Thisshows that in spite of the increased overhead, the capabilityof delivering packets in 3D-SRP is not compromised whichshows the effectiveness of the proposed security mechanismin handling the security issues in the presence of maliciousnodes. Moreover, 3D-SRP is an extension of 3D-RP. 3D-RP’s major focus is to avoid the mismatch problem. VCPand M-DART are proven to be inefficient in handling themismatch problem [25] that is why the impact of variousattacks in terms of routing overhead is severe compared to3D-SRP. The increased routing overhead for VCP and M-DART results in decreasing the packet delivery ratio whichcan be seen in Figure 11.
Normalized overhead is a key metric to determine theeffectiveness of the proposed protocol. Although the overalloverhead is increased for 3D-SRP because of the securitymeasures, the normalized overhead is considerably improvedwhen compared with VCP, M-DART, and 3D-RP because ofthe enhancement in the packet delivery ratio. Figure 12 illus-
trates the normalized overhead (NO) of 3D-SRP, M-DART,3D-RP, and VCP with reference to several node mobilityspeeds and varying number of malicious nodes. Figure 12demonstrates a significant gain in reducing the normalizedoverhead (NO) of 3D-SRP when compared with VCP, M-DART, and 3D-RP, which is evidence of the improvementof the network reliability because of the proposed securitymechanism of 3D-SRP which provides reliable communica-tion of nodes in the presence of malicious nodes, thusincreasing the packet delivery ratio.
Figure 13 demonstrates the percentage improvement innormalized overhead and packet delivery ratio of 3D-SRPat numerous node mobility speeds when compared with3D-RP, VCP, and M-DART. The improvement in the nor-malized overhead of 3D-SRP over M-DART, 3D-RP, andVCP is between 28 and 60%, 16 and 55%, and 42 and 70%,respectively, for a various number of malicious nodes andnode mobility speeds. The increase in the number of mali-cious nodes and node mobility speed successfully deliveredpackets. The variation in the percentage improvement mis-match problem. 3D-RP solves the mismatch problem andproved to be a promising protocol compared to M-DARTand VCP, where M-DART is a multipath protocol thatmakes it better compared to VCP. Because of the effectivenode authentication and verification mechanism in 3D-SRP, it emerges as more promising over 3D-RP in the exis-tence of malevolent nodes. Thus, the percentage of PDRimprovement of 3D-SRP over M-DART, 3D-RP, and VCPis 20 and 48%, 17 and 24%, and 23 and 62%, respectively,at various node mobility speeds.
To get the computation overhead for encryption anddecryption mechanisms in the proposed 3D-SRP, we runRSA encryption and decryption on a system with processorIntel® Core™2 Quad CPU Q8400 at 2.66GHz, Intel Memory(RAM) 4.00GB, 64-bit Operating System (Windows 7 pro-fessional). The computation overhead for one operation isgiven in Figure 14. The computation time for key generationin RSA is the highest. However, the key is generated one timethat is why its overall effect is not so significant. IC encryp-tion and decryption are used for the authentication phaseby a node with its physical neighbors. For a single hop, theencryption and decryption times for the SII message areshown in Figure 14. In case the SII message passes through
050
100150200250300350
keyGeneration
time
ICEncryption
time
ICDecryption
time
SIIEncryption
time
SIIDecryption
time
Com
puta
tion
time i
n m
illise
cond
s
Compution time in milliseconds (ms)
Figure 14: Computation time in 3D-SRP
28 Wireless Communications and Mobile Computing
Table8:Tim
ecomplexityof
joiningop
erationwithauthentication
andverification
.
#Statem
ent
Unit
cost
Operation
coun
tTotalcost
Rem
arks
Tim
ecomplexityof
Algorithm
1
1IfN
pdo
esno
treceiveahello
message
andat
leastthreetimeintervalTexpiresthen
C wait
n−1
n−1
ðÞC
wait
Costof
thewaitinterval
2InitializeIC
pas
security
parameters
C in−1
n−1
ðÞC
iCostof
initialization(identitycard
andkeypair
generation
cost)
3LID
p⟵
11 jj1
fg−
0C a C LID
1 1C a
+C L
IDCostof
access
Costof
storing
4else
5InitializeIC
pas
security
parameters
C in−1
n−1
ðÞC
iCostof
initialization(identitycard
andkeypair
generation
cost)
6N
p⟵
Na∈N
List:E
PbK a
,IC p
�� Pb
K p� �
C E C CE
n2·m k
n2·m
�� C E
k ðÞC C
E
Costof
encryption
Costof
credentialexchange
7N
a⟵
Np:E
PbK p
,IC a
��
C CE
C CE
n2·m k
n2·m
�� C E
k ðÞC C
E
Costof
encryption
Costof
credentialexchange
8endif
Tim
ecomplexityof
Algorithm
3
1N
p⟵
Nq∈N
List:SIIE
PrK p
,LID
p,hv ðÞ,SHA−ISII
ðÞ
��
� �� � Pb
K pC a C E C c
s
n−1
n2·m k
n−1
ðÞC
a
n2·m
�� C E
k ðÞC c
s
Costto
accesstheneighb
orlist
Costof
encryption
Costof
send
ingcredential
2N
q⟵
Nr∈N
List:SIIE k
PrK q
,EPrK p
,LID
p,hv ðÞ,SHA−1SII
ðÞ
��
�� Pb
K p� �
PbK q
� �C a C E C c
s
n−1
n2·m k
n−1
ðÞC
a
n2·m
�� C E
k ðÞC c
s
Costto
accesstheneighb
orlist
Costof
encryption
Costof
send
ingcredential
3N
r⟵
Ns∈N
ListSIIE
PrK r
,EPrK q
,EPrK p
,LID
p,hv ðÞ,SHA−1SII
ðÞ
��
��
��
� �� � Pb
K pPb
K q� �
� � PbK r
C a C E C cs
n−1
n2·m k
n−1
ðÞC
a
n2·m
�� C E
k ðÞC c
s
Costto
accesstheneighb
orlist
Costof
encryption
Costof
send
ingcredential
Add
ingallo
fthecompo
nentsto
find
outtotaltim
ecomplexity.
Totalcom
plexity
=n−1
ðÞC
wait+
n−1
ðÞC
i+C a
+C L
ID+
n−1
ðÞC
i+
n2⋅m
�� C E
+k ðÞC C
E+
n2⋅m
�� C E
+k ðÞC C
E+
n−1
ðÞC
a+
n2⋅m
�� C E
+k ðÞC c
s+
n−1
ðÞC
a+n2
⋅m�
� C E+
k ðÞC c
s+n−1
ðÞC
a+
n2⋅m
�� C E
+k ðÞC c
s=nC
wait−
C wait+
2nC i
−2C
i+C a
+C L
ID+2n2
⋅m�
� C E+2k ðÞC C
E+3n
C a−3C
a+3n2
⋅m�
� C E+3k ðÞC c
s=nC
wait−
C wait+
2nC i
−2C
i+C L
ID+5n2
⋅m�
�C E
+2k ðÞC C
E+3n
C a−2C
a+3k ðÞC c
s:
Worstcasecomplexity
=O
n2⋅m
�� :
29Wireless Communications and Mobile Computing
n number of hops, then the total computation time will beincreased by a factor of n. One can notice that the 3D-SRPalgorithm has extra computational overhead for encryptionand decryption processes as compared to the existing nonse-cure algorithm. However, the delivery ratio and the authenti-cation services offered by 3D-SRP are significant.
Time complexity is used to determine the performance ofan algorithm for different input sizes. The time complexity ofthe proposed 3D-SRP is calculated using its primitive opera-tions and their associated cost. Table 8 shows the analysis ofAlgorithm 1 and Algorithm 3 based on primitive operationcount. Algorithm 1 comprises the decision of hello messagearrival, initialization of security parameters, and the confi-dentiality of credentials during trust establishment, whereasAlgorithm 3 shows the primitive operations of securely stor-ing mapping information at the anchor node (AN). In theproposed 3D-SRP technique, confidentiality and authentica-tion are achieved through public key cryptography (RSA).
RSA uses a modular exponentiation process to computesthe remainder value. When the base value (i.e., plaintext/ci-phertext) is raised to the exponent power (i.e., public key/pri-vate key), then the computed value is divided by the modulusvalue (i.e., the product of prime numbers). The cryptographyalgorithms use modular exponentiation due to its one-wayfunction property. This process required OðexponentÞ timeto perform exponentiation, and we represent the exponentvalue with m. After adding all the primitive operations, thetotal cost in the worst case becomes Oðn2 ·mÞ after ignoringconstant and lower term values.
Space complexity measures the requirement of auxiliarystorage to run the proposed 3D-SRP technique. Data struc-ture size determines the utilization of space, whereas pro-gram statements use fixed memory and they do not rely ondata structures. The proposed 3D-SRP technique utilizes atabular structure (two-dimensional array) to store informa-tion. Therefore, space complexity is ðn2Þ.
7. Conclusions and future work
To provide an efficient, secure, and reliable communicationin a DHT-based routing protocol at the network layer inWANETs, it is imperative to address the security vulnerabil-ities for such protocols. The paper first highlights the majorsecurity threats that could adversely affect the performanceof DHT-based routings. To counter these existing securitythreats, this work introduces a secure DHT-based routingprotocol (3D-SRP). The proposed 3D-SRP ensures secureand reliable communication between the end users and keepsintact the resource-constrained environment (i.e., processingand energy limitations of mobile devices) of WANETs. Itcomprises a secure verification and authentication methodto check the legitimacy of the neighboring nodes that conse-quently improves the packet delivery ratio of the network. Inother words, 3D-SRP furnishes a secure mechanism toobserve legitimate and secure routing paths for lookup androuting of packets.
In the future, the optimization of the duration of hellomessage and energy consumption of proposed 3D-SRP canbe performed. High node mobility would be a major chal-
lenge in DHT-based routing protocols, especially in the pres-ence of a security mechanism. The mobility issue can beexplored in the future along with the security of DHT-based routing protocols. Similarly, future work can be carriedout to address Sybil and Repudiation attacks through a moresophisticated approach.
Data Availability
We have performed simulation, and no dataset has been usedthat can be shared with the journal. The simulated results areplotted, and findings are shared in the paper.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
References
[1] C. Huang, Q. Zhou, and D. Zhang, “Integrated wireless com-munication system using MANET for remote pastoral areasof Tibet,” China Communications, vol. 13, no. 4, pp. 49–57,2016.
[2] N. Shah, S. A. Abid, D. Qian, and W. Mehmood, “A survey ofP2P content sharing in MANETs,” Computers & ElectricalEngineering, vol. 57, pp. 55–68, 2017.
[3] G. Al-kubati, A. Al-dubai, L. Mackenzie, and D. P. Pezaros,“Stable infrastructure-based routing for intelligent transporta-tion systems,” in 2015 IEEE International Conference on Com-munications (ICC), pp. 3394–3399, London, UK, June 2015.
[4] S. Abid, M. Othman, and N. Shah, “Exploiting 3D structure forscalable routing in MANETs,” IEEE Communications Letters,vol. 17, no. 11, pp. 2056–2059, 2013.
[5] S. A. Abid, M. Othman, N. Shah, M. Ali, and A. R. Khan, “3D-RP: a DHT-based routing protocol for MANETs,” The Com-puter Journal, vol. 58, no. 2, pp. 258–279, 2015.
[6] M. Caleffi and L. Paura, “M-DART: multi-path dynamicaddress routing,” Wireless Communications and Mobile Com-puting, vol. 11, no. 3, 409 pages, 2011.
[7] A. Awad, R. German, and F. Dressler, “Exploiting virtual coor-dinates for improved routing performance in sensor net-works,” IEEE Transactions on Mobile Computing, vol. 10,no. 9, pp. 1214–1226, 2011.
[8] S. Shin, U. Lee, F. Dressler, and H. Yoon, “Motion-MiX DHTfor wireless mobile networks,” IEEE Transactions on MobileComputing, vol. 15, no. 12, pp. 3100–3113, 2016.
[9] A. Tahir, S. A. Abid, and N. Shah, “Logical clusters in a DHT-paradigm for scalable routing in MANETs,” Computer Net-works, vol. 128, pp. 142–153, 2017.
[10] S. A. Abid, M. Othman, N. Shah et al., “Merging of DHT-basedlogical networks inMANETs,” Transactions on Emerging Tele-communications Technologies, vol. 26, no. 12, pp. 1347–1367,2015.
[11] C. Perkins, E. Belding-Royer, and S. Das, “Ad hoc On-DemandDistance Vector (AODV) routing,” 2003.
[12] P. Jacquet, P. Mühlethaler, T. Clausen, A. Laouiti, A. Qayyum,and L. Viennot, “Optimized link state routing protocol for adhoc networks,” in Proceedings. IEEE International Multi TopicConference, 2001. IEEE INMIC 2001. Technology for the 21stCentury, pp. 62–68, Lahore, Pakistan, December 2001.
30 Wireless Communications and Mobile Computing
[13] I. D. Chakeres and C. E. Perkins, “Dynamic MANET ondemand (DYMO) routing protocol,” Internet-Draft Version6, no. IETF, 2006.
[14] N. Shah, A. Ahmad,W.Mehmood, D. Qian, and R.Wang, “Anefficient and scalable routing for MANETs,”Wireless PersonalCommunications, vol. 75, no. 2, pp. 987–1004, 2014.
[15] S. Zahid, S. A. Abid, N. Shah, S. A. N. Hussnain, andW. Mehmood, “Distributed partition detection with dynamicreplication management in a DHT-based MANET,” IEEEAccess, vol. 6, pp. 18731–18746, 2018.
[16] M. Yu, M. Zhou, andW. Su, “A secure routing protocol againstbyzantine attacks for MANETs in adversarial environments,”IEEE Transactions on Vehicular Technology, vol. 58, no. 1,pp. 449–460, 2009.
[17] R. Lacuesta, J. Lloret, M. Garcia, and L. Peñalver, “A secureprotocol for spontaneous wireless ad hoc networks creation,”IEEE Transactions on Parallel and Distributed Systems,vol. 24, no. 4, pp. 629–641, 2013.
[18] R. Mayrhofer, F. Ortner, A. Ferscha, and M. Hechinger,“Securing passive objects in mobile ad-hoc peer-to-peer net-works,” Electronic Notes in Theoretical Computer Science,vol. 85, no. 3, pp. 105–121, 2003.
[19] Y. Lin, A. H. M. Rad, V. W. S. Wong, and J. H. Song, “Exper-imental comparisons between SAODV and AODV routingprotocols,” inWMuNeP '05: Proceedings of the 1st ACM work-shop on Wireless multimedia networking and performancemodeling, pp. 113–122, October 2005.
[20] T. Clausen and E. Baccelli, Securing OLSR problem statement.IETF INTERNETDRAFT, draft-clausen-manet-solsr-ps-00.txt, 2005.
[21] M. G. Zapata, Secure Dynamic MANET On-Demand(SDYMO) Routing Protocol, Tech. Univ, Catalonia, 2006.
[22] L. Abusalah, A. Khokhar, and M. Guizani, “A survey of securemobile ad hoc routing protocols,” IEEE Communications Sur-veys & Tutorials, vol. 10, no. 4, pp. 78–93, 2008.
[23] J. Chen and J. Wu, “A survey on applied cryptography insecure mobile ad hoc networks and wireless sensor networks,”in Handbook of Research on Developments and Trends inWireless Sensor Networks, pp. 262–289, IGI Global, 2010.
[24] G. Liu, Z. Yan, and W. Pedrycz, “Data collection for attackdetection and security measurement in mobile ad hoc net-works: a survey,” Journal of Network and Computer Applica-tions, vol. 105, pp. 105–122, 2018.
[25] S. A. Abid, M. Othman, and N. Shah, “A survey on DHT-basedrouting for large-scale mobile ad hoc networks,” ACM Com-puting Surveys, vol. 47, no. 2, pp. 1–46, 2015.
[26] F. Zhan, N. Yao, Z. Gao, and H. Yu, “Efficient key generationleveraging wireless channel reciprocity for MANETs,” Journalof Network and Computer Applications, vol. 103, pp. 18–28,2018.
[27] J. Filipek and L. Hudec, “Security architecture for the mobilead hoc networks,” Journal of Electrical Engineering, vol. 69,pp. 198–204, 2018.
[28] H. Xia, J. Yu, C. L. Tian, Z. K. Pan, and E. Sha, “Light-weighttrust-enhanced on-demand multi-path routing in mobile adhoc networks,” Journal of Network and Computer Applica-tions, vol. 62, pp. 112–127, 2016.
[29] D. Sathiya and B. Gomathy, “Improved security and routingpath learning in MANETs using Beer–Quiche game theoreti-cal model in cloud computing,” Cluster Computing, vol. 22,pp. 21–31, 2019.
[30] S. Misra, S. Goswami, G. P. Pathak, and N. Shah, “Efficientdetection of public key infrastructure-based revoked keys inmobile ad hoc networks,” Wireless Communications andMobile Computing, vol. 11, no. 2, 162 pages, 2011.
[31] H. Fu, S. Kawamura, M. Zhang, and L. Zhang, “Replicationattack on random key pre-distribution schemes for wirelesssensor networks,” Computer Communications, vol. 31, no. 4,pp. 842–857, 2008.
[32] M. Yildiz, Game theory lecture notes lectureshttp://web.mit.edu/14.12/www/02F_lecture1518.pdf.
[33] B. Rajkumar and G. Narsimha, “Trust based certificate revoca-tion for secure routing in MANET,” Procedia Computer Sci-ence, vol. 92, pp. 431–441, 2016.
[34] A. R. Rajeswari, K. Kulothungan, S. Ganapathy, andA. Kannan, “A trusted fuzzy based stable and secure routingalgorithm for effective communication in mobile adhoc net-works,” Peer-to-Peer Networking and Applications, vol. 12,no. 5, pp. 1076–1096, 2019.
[35] V. Brindha, T. Karthikeyan, and P. Manimegalai, “Fuzzyenhanced secure multicast routing for improving authentica-tion in MANET,” Cluster Computing, vol. 22, pp. 9615–9623,2019.
[36] G. Arulkumaran and R. K. Gnanamurthy, “Fuzzy trustapproach for detecting black hole attack in mobile adhoc net-work,” Mobile Networks and Applications, vol. 24, no. 2,pp. 386–393, 2019.
[37] X. Liu, A. Liu, T. Wang et al., “Adaptive data and verified mes-sage disjoint security routing for gathering big data in energyharvesting networks,” Journal of Parallel and Distributed Com-puting, vol. 135, pp. 140–155, 2020.
[38] T. Poongodi, M. S. Khan, R. Patan, A. H. Gandomi, andB. Balusamy, “Robust defense scheme against selective dropattack in wireless ad hoc networks,” IEEE Access, vol. 7,pp. 18409–18419, 2019.
[39] M. M. Mukhedkar and U. Kolekar, “E-TDGO: an encryptedtrust-based dolphin glowworm optimization for secure rout-ing in mobile ad hoc network,” International Journal of Com-munication Systems, vol. 33, no. 7, article e4252, 2020.
[40] J. Eriksson, M. Faloutsos, and S. V. Krishnamurthy, “DART:dynamic address routing for scalable ad hoc and mesh net-works,” IEEE/ACM Trans. Netw., vol. 15, no. 1, pp. 119–132,2007.
[41] M. Caleffi, G. Ferraiuolo, and L. Paura, “Augmented tree-basedrouting protocol for scalable ad hoc networks,” in 2007 IEEEInternatonal Conference on Mobile Adhoc and Sensor, Pisa,Italy, October 2007.
[42] M. Caleffi, “Mobile ad hoc networks: the DHT paradigm,” in2009 IEEE International Conference on Pervasive Computingand Communications, pp. 8-9, Galveston, TX, USA, March2009.
[43] J. I. Alvarez-hamelin, A. C. Viana, and M. D. de Amorim,“DHT-based functionalities using hypercubes,” in Ad-HocNetworking. IFIP International Federation for InformationProcessing, vol 212, K. Agha, Ed., Springer, Boston, MA,USA, 2006.
[44] H.Wirtz, T. Heer, R. Hummen, and K.Wehrle, “Mesh-DHT: alocality-based distributed look-up structure for wireless meshnetworks,” in 2012 IEEE International Conference on Commu-nications (ICC), pp. 653–658, Ottawa, ON, Canada, June 2012.
[45] Y. R. B. Al-Mayouf, N. F. Abdullah, O. A. Mahdi et al., “Real-time intersection-based segment aware routing algorithm for
31Wireless Communications and Mobile Computing
urban vehicular networks,” IEEE Transactions on IntelligentTransportation Systems, vol. 19, no. 7, pp. 2125–2141, 2018.
[46] H. Teng, K. Ota, A. Liu, T. Wang, and S. Zhang, “Vehicles jointUAVs to acquire and analyze data for topology discovery inlarge-scale IoT systems,” Peer-to-Peer Networking and Appli-cations, 2020.
[47] T. Li, M. Zhao, and K. K. L. Wong, “Machine learning basedcode dissemination by selection of reliability mobile vehiclesin 5G networks,” Computer Communications, vol. 152,pp. 109–118, 2020.
[48] O. A. Mahdi, A. W. Abdul Wahab, M. Y. Idna Idris et al., “Acomparison study on node clustering techniques used in targettracking WSNs for efficient data aggregation,” Wireless Com-munications and Mobile Computing, vol. 16, no. 16, 2676pages, 2016.
[49] FIPS 180-1 - secure hash standard, SHA-1, National Institute ofStandards and Technology , 2015, http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf.
[50] T. Murata, “Petri nets: properties, analysis and applications,”Proceedings of the IEEE, vol. 77, no. 4, pp. 541–580, 1989.
[51] L. De Moura and N. Bjørner, “Satisfiability modulo theories:an appetizer,” in Formal Methods: Foundations and Applica-tions. SBMF 2009. Lecture Notes in Computer Science, vol5902, M. V. M. Oliveira and J. Woodcock, Eds., pp. 23–36,Springer, Berlin, Heidelberg, 2009.
32 Wireless Communications and Mobile Computing