Wireless Communications and Mobile Computing

Wireless Communications and Mobile Computing / 2020 / Article

Research Article | Open Access

Volume 2020 |Article ID 2740654 | https://doi.org/10.1155/2020/2740654

Rukhsana Kousar, Majed Alhaisoni, Shahbaz Abid Akhtar, Nadir Shah, Aamir Qamar, Ahmad Karim, "A Secure Data Dissemination in a DHT-Based Routing Paradigm for Wireless Ad Hoc Network", Wireless Communications and Mobile Computing, vol. 2020, Article ID 2740654, 32 pages, 2020. https://doi.org/10.1155/2020/2740654

A Secure Data Dissemination in a DHT-Based Routing Paradigm for Wireless Ad Hoc Network

Academic Editor: Pierre-Martin Tardif
Received22 Oct 2019
Revised14 May 2020
Accepted25 May 2020
Published24 Aug 2020

Abstract

Over the past decade, distributed hash table- (DHT-) based routing protocols have been adopted in wireless ad hoc networks (WANETs) to achieve scalability in the route discovery phase by avoiding the flooding mechanism. The security aspects of the routing protocols based on the DHT mechanism are crucial to address and have not been discussed in the existing literature. Therefore, addressing the security issues in DHT-based routing protocols would prevent the service disruption, decrease the traffic overhead, and reduce the packet loss in the network. In this paper, several security issues are identified and elaborated through an example scenario. Moreover, a novel DHT-based routing protocol is proposed that uses a digital signature and the user’s trust in order to swap securely the logical identifiers (LIDs). Trust between nodes is established by the user’s acquaintance and the first visual contact. The proposed protocol vindicates its effectiveness via simulation results in terms of computation time, normalized overhead, percent improvement, and packet delivery ratio.

1. Introduction

Over the last two decades, wireless ad hoc networks (WANETs) and their subdomains such as wireless industrial networks, wireless sensor networks (WSNs), and vehicular ad hoc networks (VANETs) have been successfully implemented in different areas of life (e.g., military communications, emergency situations [1], airports, railway, subways, conferences, campuses [2], and intelligent transportation systems [3]).

Data routing and traffic control are the core of WANETs. Recent studies proved that the DHT-based routing protocols (e.g., 3D-RP [45], M-DART [6], VCP [7], Motion-MX [8], 3DcRP [9], and LA-3D-IS [10]) are better in performance compared to the traditional routing protocols, which use flooding in the route discovery phase (e.g., AODV [11], OLSR [12], and DYMO [13]). The DHT-based routing mechanism [14] avoids/reduces the network-wide flooding in the route discovery phase, thus increasing the scalability in WANETs.

A universal identifier (UID) (i.e., MAC address or IP address) and logical identifier (LID) are used to identify a node in DHT-based routing protocols. Each node sustains its disjointed LID space portion (LSP) of the whole logical space (LS). Each node calculates its LID from predefined LS on the basis of its physical neighboring nodes. Furthermore, a logical identifier structure (LIS) for each node (e.g., ring, chord, or multidimensional structure) retains the path of its 1-hop/2-hop logical neighboring nodes (). Therefore, a logical network is built on the top of a physical network. Each node uses its LID to forward the data packets/control packets in the network. Figure 1 shows the basic working of DHT-based addressing, lookup, and routing mechanisms. A network is established according to 3D routing [4, 5, 15], and the LIDs of nodes are in an ordered three-tuple {x|y|z}-dim, where , , and are values within the range of 0 to ±1024.

Each node in a DHT-based routing protocol stores its LID and other mapping information like UID (IP/MAC addresses) at its anchor node (AN). For this purpose, a hashed function is applied on UID of each node for generating a hashed value to find its AN that is drawn from the LS according to the protocol specification. Node finds its AN that is node having LID closest to the value. To send the data packet to a destination node , a source node first retrieves the LID of the destination node from its AN, say , whose LID is obtained by applying the same hash function at the UID of node . The node then forwards a lookup message towards node that is obtained from the hash value to get the destination node ’s LID. Upon receiving ’s LID, the source node sends the data message to destination node based on the LID of node . To forward the data message, each node compares the node ’s LID with its own and the LIDs of its 1-hop/2-hop . If the LID of destination node is nearest to its own LID, the node itself is the destination node; otherwise, the node forwards the message to a logical neighbor that has the LID nearest to that of the node . The important terms related to DHT-based secure routing in WANETs is shown in Table 1.


SymbolDescription

ANAnchor node(AN) stores the mapping information of other nodes with respect to its LSP
LIDLogical identifier of a node
LSLogical identifier space of node
LSPLS portion of a node
UIDUniversal identifier of a node
Tuple of node i in -axis
Tuple of node i in -axis
Tuple of node i in -axis
LS portion of node i in positive -axis
LS portion of node i in negative -axis
LS portion of node i in positive -axis
LS portion of node i in negative -axis
LS portion of node i in positive -axis
LS portion of node i in negative -axis
, , Three tuples of node k in -, -, and -axis
Joining node m assigned weight to its neighbor node k
Joining node m assigned weight to its neighbor node k
1-hop logical neighbors of a node
User signature
PIPersonal identity of node
PbKThe public key of node
IPIP address of node
PrKThe private key of node
ICIdentity card of node
CCertificate of node
Neighbor list: a list containing LIDs of neighboring node and neighbors of the neighboring nodes
SDSum of difference
LSDLeast sum of difference
, , Three tuples of hashed value or destination’s LID
, , Three tuples of neighbor LID
Hash value
SIISource index information

For instance, node stores the mapping information of node as shown in Figure 1. To communicate with destination node in the network, node simply applies the hash function over the UID of node and gets a hashed value that refers to node ’s LID, that is, AN of node as shown in Figure 1. Node then sends a LID lookup request message (MREQ) containing (LID, UID) and (UID, hashed value) towards node to get node ’s LID. The path followed by MREQ in the network is shown in Figure 1. Now, node sends a mapping reply message (MREP) to node for direct communication. After getting the LID of node , the source node directly communicates with destination node by following the aforementioned method.

In this paper, DHT-based routing protocols are considered that are adopted in the MANETs to achieve scalability by avoiding flooding in the route discovery phase. Addressing the security of a routing protocol is crucial to enhance the reliability of the network [1618]. In the past, researchers have proposed various secure versions of the traditional routing protocols, e.g., S-AODV [19], SOLSR [20], and S-DYMO [21]; a survey of these approaches can be found in [2224]. Node addressing, lookup, and routing mechanisms in the DHT-based routing protocols are different from the traditional routings, which raise new security issues that may degrade the performance and reliability of the network. In this paper, we highlight various security issues associated with the DHT-based routing protocols, and addressing those would prevent service disruption, decrease the traffic overhead, and reduce the packet loss in the network.

In addition, a secure DHT-based routing protocol for WANETs is proposed that uses the digital signature and user’s trust for the node authentication and sophisticated encryption/decryption algorithm to securely transfer the data/control packets among the nodes. To the best of our knowledge, none of the existing literature has debated the security aspects in the context of the DHT-based routings at the network layer, and none has proposed the secure version of any of these protocols.

Our main contribution in this paper is (1)addressing the security issues related to DHT-based routing protocols(2)identifying possible security vulnerabilities from the attacker’s end (a)destination tempering attack(b)false neighborhood attack (i) computation at the joining node(ii) assignment by the neighboring node(c)authentication of the node’s LID(3)devising a novel DHT-based routing protocol to mitigate the threats (a)this protocol uses the digital signature and user’s trust in order to swap securely the LIDs(b)trust between nodes is established by a user’s acquaintance and the first visual contact

In DHT-based routing protocols, the LID computation of a newly joining node is based on the neighboring nodes, and the same is used for the routing of data from the source to the destination node. In case if the neighboring node(s) is not legitimate, the joining node would result in the computation of the falsified LID regarding its physical proximity. Moreover, the same LID is used later in lookup and routing processes that leads to longer routes, increased delay, and packet loss or may completely halt the communication of the DHT-based routing protocol. Initially, we have specifically focused on addressing the security threats discussed in Section 2. The proposed security mechanism has not only successfully addressed the security threats elaborated in Section 2 but also proven to be effective and efficient through simulation.

The rest of the paper is organized as follows: Section 2 identifies and discusses several security vulnerabilities in the DHT-based routing protocols, Section 3 provides a brief description of the existing protocols, Section 4 represents a proposed novel secure DHT-based routing protocol, Section 5 presents an evaluation of proposed protocol by formal methods, and Section 6 discusses simulation results. The paper conclusion and future work have been discussed in Section 7.

2. Security Vulnerabilities in Context of DHT-Based Routing Protocols

The existing protocols that employ the DHT mechanism for routing at the network layer are insecure and vulnerable to several potential security threats. In this section, we identify possible security vulnerabilities, from the attacker’s end in the routing protocols that are using the DHT mechanism, and describe the prerequisites to mitigate these threats. The handling of security vulnerabilities for DHT-based routing protocols is crucial for their smooth functioning and might disrupt entirely the communication among nodes.

Two types of nodes can cause service disruption in the network: (i) malicious node and (ii) compromised node. A node is referred to as malicious if it cannot authenticate itself and prove its legitimacy due to invalid cryptographic information, while a node is referred to as compromised if it is a legitimate node that can authenticate itself and is trusted by the other nodes in the network but is behaving maliciously. We use the term attacker for both malicious and compromised nodes. The following are the attacks that can be initiated by malicious or compromised nodes in DHT-based routing protocols.

2.1. Destination LID Tampering Attack

For a LID lookup message, an attacker can send a modified or generate a LID lookup reply with falsified information by following two ways: (i) An attacker may modify the content of the LID lookup reply message and return to the source with fabricated information. (ii) After receiving a LID lookup request, the attacker as an intermediate node generates the LID lookup reply with falsified information, instead of forwarding the lookup request to the actual AN. More specifically, these scenarios are explained through an example as follows:

The node stores its mapping information at node as shown in Figure 2. To communicate with node , node sends a LID lookup request message (MREQ) containing (LID, UID) and (UID, hashed value) towards node to get node f ’s LID. The path followed by MREQ in the network is shown in Figure 2. For instance, if an intermediate node is malicious or compromised, it can easily disrupt the communication by generating a mapping reply message (MREP) for node and adds its LID (’s LID) along with the UID of node in MREP. Node then sends the MREP towards node . Similarly, suppose the MREQ arrives at the AN. Node generates MREP by adding node ’s LID and sends MREP towards node . After receiving MREP, an attacker can modify the MREP by replacing ’s LID with its own LID (’s LID) and forwards the modified MREP towards node . In either case, upon receiving the MREP, node would take the LID of node in MREP as the LID of the destination node , and thus, the data will be sent to node rather than to node as shown in Figure 2. In this way, by tampering with the destination node ’s LID with its own LID, node would receive all the data packets that are destined for node . This attack is crucial to address because AN is used in all DHT-based routing protocols to achieve communication among nodes.

By tampering with the LIDs in the MREP, it could result in loss/stealing of information that is critical for the communication in the network.

2.2. False Neighborhood Attack

In the routing protocol using the DHT mechanism, LID is allotted to the newly joined node depending on its one-hop neighboring node’s LID [4, 5, 7]. Thus, the newly joining node in the network obtains the LID from its one-hop neighboring nodes. The purpose of assigning the LID to a node is twofold: (i) to arrange nodes in the LIS over the physical topology (PT) with respect to their LIDs; (ii) to route the data/control packets among the nodes of the network.

2.2.1. LID Computation at the Joining Node

In this case, the joining node gets 1-hope/2-hop neighbor information, i.e., their LIDs, and computes its LID, i.e., its relative position, by using its neighbors’ LIDs as proposed in [4, 5, 7]. It is crucial for the joining node to compute an accurate LID as it reflects the physical proximity of the joining node with respect to its logical neighbors in the logical network. Thus, the accurate LID of physical neighboring nodes is crucial for computing the accurate joining node’s LID, which will later be used for lookup and routing of data/control packets. In case a neighboring node is not a legitimate neighbor and the joining node obtains a fake/wrong LID of its neighboring node through a hello message, then it would result in the computation of an incorrect LID of the joining node with reference to its physical proximity. This may lead to the mismatch problem [4, 25] which exaggerates the end-to-end delay and routing overhead that would eventually affect the performance of the DHT-based routing protocol in terms of its reliability. This is a crucial security attack and must be addressed for the smooth functioning of DHT-based routing protocols.

2.2.2. LID Assignment by the Neighbor Node

In this case, a newly joining node acquires the LID from its one-hop neighboring nodes [25]. If the joining node gets nearer to a neighboring node that is a malicious or a compromised node, then the joining node obtains a fake/wrong LID that would not interpret its intraneighbor relationships with its neighboring nodes in the LIS. The compromised neighboring node may assign a falsified LID without considering its LSP, which may affect the forwarding of both the data and control packets. In any DHT-based routing protocol, it is a crucial security attack and must be handled carefully.

2.3. Authentication of a Node’s LID

The existing DHT-based routing protocols cannot verify whether a particular LID belongs to the node or not. For example, in Figure 2, suppose node stores its own LID and UID at AN pretending that LID belongs to node . Thus, the anchor node is unable to verify through any mechanism whether it is node ’s LID or not. In this case, if is a source node and needs to communicate with node , then node requires the LID of destination node from its AN . Node would return the LID of node to source node , which would send the data packet to node .

Although, the above security attacks have been discussed for traditional/non-DHT-based routing protocols, and researchers have given various possible solutions to the above issues. The routing protocols that are using the DHT mechanism cannot deploy those solutions directly at the logical network because their functionality of the DHT-based routing protocol is different from the traditional routing protocol. Traditional routing protocols mainly rely on IP addresses for routing of packets. The above security threats may completely halt the functionality of routing protocols that are using DHT mechanism, and as a result, total communication disruption may occur among nodes. The solution to the above security threats is crucial for the smooth functioning of DHT-based routings. To the best of our knowledge, none of the existing literature provides a secure version of the routing protocol using the DHT mechanism that works at the network layer. This paper is the first to attempt the solution of such security threats in the context of DHT-based routing protocols.

In the existing literature, several protocols have been proposed to address various security aspects, like digital signature, confidentiality, encryption or decryption algorithm, and authentication. Each approach proposed for an aspect has its own advantages and limitations. For example, symmetric key encryption algorithms like DES, AES, 3DES, and public key encryption (i.e., RSA) are different encryption algorithms. The computation overhead for the symmetric key encryption is less compared to the public key encryption. However, it is more challenging and vulnerable to securely handle the exchange of the symmetric keys before communication in symmetric key encryptions.

In the literature, one can find many solutions that use the existing security mechanisms in an efficient way in order to achieve a security service by avoiding/preventing attacks. For example, the RSA encryption algorithm is used for authentication service in [17]. Public key algorithms are preferred in WANETs due to their effectiveness in terms of key management, confidentiality, and authentication, as shown in [17, 2629]. For example, random predistribution of keys (RPK) [30] would not perform well in our target scenario due to the following reasons: (i)First, the random key predistribution schemes that use symmetric cryptography are found susceptible to the replication attack. In a replication attack, the attacker can add more compromised nodes in the network after acquiring some confidential information from the captured nodes. As a result, the attacker gets the network’s control using compromised nodes and deploys those nodes in the network to further exploit the shared secrets. Therefore, the replication attack adversely affects the reliability of the key predistribution schemes that use symmetric cryptography [31](ii)Second, a node has to contact number of existing nodes in order to have a secure channel in RPK. This would incur traffic overhead. By using chain-based authentication for a public key, the scheme avoids traffic overhead for key distribution using 1-hop hello messages of DHT-based routing, as described in Section 4

Public key infrastructure (PKI) is used for the distribution and authentication of a public key for the public key encryption algorithm [30]. However, there are various approaches to implementing PKI in WANETs by addressing different concerns. A few examples are [17, 23, 24, 2630].

Lacuesta et al. [17] achieve the authentication service by using the RSA encryption algorithm. The scheme exchanges the initial data and secret keys for data encryption, based on the trust among the users. The trust among the users is established based on the eye gaze contact. Moreover, they have used the node’s LID and IP to introduce name service that is distributed.

Zhan et al. [26] state that wireless channels cause problems in key generation and key distribution, e.g., the shared secret key encoded bit sequence suffers from an extremely high bit mismatch rate. The authors propose an efficient key generation scheme by using the curve fitting technique to preprocess the channel measurements so that original channel measurements are better during reciprocity.

Filipek and Hudec [27] suggest a secure architecture that is based on a trust model along with PKI, intrusion prevention system (IPS), and firewall for the distributed environment in mobile ad hoc networks (MANETs). Nodes’ trust level defines their privileges L0 to L3 that can be reduced or revoked upon malicious behavior. L0-level node has only the privilege to request the certificate. L1-level nodes are allowed for the end-to-end communication in the network. L2-level nodes can participate in the routing, IPS, and distribution storage. L3-level node is a stand-alone attribute authority (AA) that can certify to other nodes and create its own ecosystem. The certificate is signed by AAs, and every node can verify its validity by applying the AA public key. In the proposed architecture, a firewall serves as security overlay and PKI brings confidentiality and data communication policy enforcement, whereas IPS is essential for controlling nodes and makes sure they follow security policies (PKI and firewall rules). However, the authors do not consider DHT-based routing.

Xia et al. [28] propose a lightweight trust-enhanced ad hoc on-demand multipath distance vector protocol (TeAOMDV) that is an extension of ad hoc on-demand multipath distance vector protocol (AOMDV). This trust framework provides a choice of an optimal two-way trusted route that mitigates the impairment effect from such entities. The monitoring entity collects the passive and local information via a promiscuous mode that is used to evaluate the behavior of interested entities to translate an estimate of the trust. Passive acknowledgment uses the promiscuous mode to monitor the neighbor’s behavior. Local information means the node’s local memory stores the satisfactory evaluation between two neighboring nodes. The proposed technique used a trusted approach into a source routing mechanism. The sending node evaluates the routing path before forwarding the data using features like node reputation or identity information. After satisfactory evaluation, the sender node forwards the packet and stores it in a packet buffer; the senders monitor the packet forwarding in the promiscuous mode. After detecting the successful packet forwarding, the corresponding correct forwarding is increased by 1 and is removed from the packet buffer. This technique reduces the route discovery frequency and routing overhead. However, it would not perform well in a DHT-based routing because the traditional routing (e.g., AODV) is different than a DHT-based routing.

Sathiya and Gomathy [29] state that an intermediate node as an attacker along the path from the source to the destination can interrupt the data access in MANETs. They propose a new solution by using the Beer-Quiche theoretical routing model [32] in which the source node tracks the available path at each stage, the path enduring bandwidth and the attacker policy, that collects the information made available by the previous stage. The source node selects an optimal path for packet broadcasting based on this information. Moreover, they suggest a proper switching mechanism to select multiple paths from the source to destination. Again, they do not consider the DHT-based routing scenario of WANETs.

Fu et al. [31] encounter a replication attack (RA) associated with random predistribution key approaches (RPK). The paper contribution is fivefold. First, the replication attack is modeled; second, the flexibility/operability of the RPK is measured; third, it analyzes, characterizes, and discusses the relationship among the cloned node; fourth, it further evaluates and compares through experiments the efficiency of several approaches against RA; and fifth, it anticipates the consequences that an attacker can obtain by introducing multiple malicious/compromised nodes in the network.

Rajkumar and Narsimha et al. [33] state that the public key certificate is used in MANETs to establish trust between two communicating nodes. So, to augment the network security and reduce attacks generated by the network nodes, it needs to escort an effective mechanism for validation and certificate revocation. The authors proposed a new mechanism that revokes and distributes certificates for a node based on a threshold value which is computed on the trust level. The trust value is based on direct trust () and indirect trust () values. value is computed by where the previous direct trust value of a node is mentioned by , node in node to the inclusion of a recent satisfaction index () with direct neighbor nodes, and shows a constant value. Each node periodically computes its RSI value by where shows that node initiated a percentage of packets that is forwarded by node over the total number of packets provided to and shows that the percentage of expired packets over the total number of packets given to is a constant value that shows the confidence level of stored for . The indirect trust value is calculated as an aggregated trust report received and processed by to . It is computed by where is the degree centrality of the reporting node. Each node calculates its centrality by using where is a set of ith linked nodes, shows constant value, is the sum of nodes and , and is the adjacency matrix of the network. After trust computation, there is a certificate authority (CA) that distributes the secret key to all nodes; thus, misbehaving nodes are eliminated. Moreover, the proposed technique also provides confidentiality, integrity, and secure multipath routing for data transmission in MANET. More specifically, a route request (RREQ) packet is signed with a digital signature for secure route discovery. When the destination receives the RREQ packet, it verifies all the signatures. Then, the destination node sends a route reply (RREP) through the same path. Finally, the path is accepted after verifying the signature by the source node. For secure transmission, a source node encrypts the fragmented message using a soft encryption, and data packets move via multiple paths to the destination. After receiving the encrypted message, the destination node decrypts the message to recover the original message. However, the proposed technique still faces the challenges on how to revoke and validate the certificate at a node.

Rajeswari et al. [34] proposed a secure routing approach that integrates two algorithms called a trust-based next forwarding node selection (TNFNS) algorithm and a fuzzy-based stable and secure routing (FBSSR) algorithm. The proposed mechanism provides a solution to the dynamic nature of MANETs with distinct characteristics like resource constraint, decentralized management, frequent mobility, dynamic topology, and control that leads to additional overhead in the provision of safe and steady routing. In order to enhance security during the routing process, trust values are used to isolate the malicious nodes. Only trusted nodes in the network with high residual energy and link stability perform a stable and secure routing of the network. Another contribution is FBSSR that enhances the AODV routing table with on-demand performance route discovery and route maintenance. The proposed algorithm can improve the overall performance and network lifetime using a fuzzy-based rule system to perform inference for selecting more secure and stable routes. It handles uncertainty in selecting the trusted nodes using qualitative analysis on trust values and link properties. The TNFNS algorithm is developed using network monitoring values and routing table values that increase reliability and data security in the communication process. Moreover, the proposed mechanism is capable of increasing the network performance compared to the related security algorithms.

Brindha et al. [35] proposed the fuzzy enhanced secure multicast routing (FSMR) scheme to make the data more secure in MANETs from active and passive attacks and ensure packet authentication and integrity. The proposed scheme uses an intelligent intrusion detection model to observe the network and system to seek out intrusion activities. Anomaly-based IDS detects both network and computer intrusion and misuse by monitoring system activity and classifying it as either anomalous or normal. Certificateless routing with key generation, signcryption, and unsigncryption are used to authenticate the data and eliminate the intrusion in the network. In a key generation, initially, the main server generates all public parameters of the elliptic curve and publishes them. Each sensor node chooses a private key and calculates the related public key. The sender node performs signcryption; in signcryption, confidentiality and integrity are achieved in a single step that reduces the communication and computation cost and increases the efficiency, whereas encryption and signature need two steps. In unsigncryption, the receiving node decrypts the received signcryption text, extracts the plain text, and verifies the digital signature. The simulation result shows a better performance than existing schemes.

Arulkumaran and Gnanamurthy [36] present a solution for one of the possible attacks in MANETs that is the black hole attack. In the black hole attack, the malevolent node promotes itself such that it has the entire valid routes to its destinations. The proposed mechanism used fuzzy logic technique to detect a black hole attack. Fuzzy logic is mathematical logic in which the prediction values are assigned to an imprecise range of data to handle the problems. Fuzzy logic gives the certificate to only trusted nodes that help to identify misbehaving nodes. AODV uses a fuzzy-based trust model for packet route selection and avoids the black hole attack. Trust value is calculated using immediate neighbor trust values and recommendation trust values. The proposed mechanism gives less end-to-end delay, better throughput, and significant packet delivery ratio.

Liu et al. [37] proposed a security disjoint routing-based verified message (SDRVM) scheme to improve the network performance in terms of data arrival ratio, transmission delay, and consideration of the capacity for determining malevolent nodes and energy efficiency. SDRVM overcomes the energy efficiency issue of the sensor nodes that substantially affects the network security. The proposed scheme establishes two disconnecting dominating sets (a data connected dominating set (CDS) and verified message CDS) that are based on the remaining energy consumption among nodes. SDRVM adopts a method for recording ID information in data packets with an adjustable specified probability (marking as higher or smaller) according to the remaining energy of nodes and for logging ID information in nodes. The nodes include ID information into data packets with a specified probability when nodes send data packets to other nodes. If the node energy is insufficient, the ID information in data packets is locally stored/logged, and the marking probability is reduced. If the node has sufficient energy, the sensor node’s recording probability is increased. The sensor node duty cycle will be increased to fully utilize the energy when the intensity of energy harvesting is strong. Otherwise, to save the energy, the sensor node duty cycle is reduced. Node higher duty cycle in the data CDS reduces the transmission delay. Node lower duty cycle in the v-message CDS saves energy.

Poongodi et al. [38] proposed an effective lightweight security mechanism named resistive to selective drop attack (RSDA). In a selective drop attack, the neighboring nodes are not reliable in message forwarding to the next node. The identification of such nodes is crucial, and segregating them from the network is a challenging task. The RSDA technique detects malevolent nodes in the network under a particular drop attack that overloads a host and stops it from working. The throughput of a host may potentially drop to the minimum level. The elliptic curve digital signature algorithm is used to authenticate the nodes to accomplish reliable routing. The existing protocols of WANETs (e.g., AODV and DSR) can be integrated with the proposed RSDA protocol to achieve reliability in routing.

Mukhedkar and Kolekar [39] addressed the security issue in MANETs and proposed a secure routing protocol encrypted trust-based dolphin glowworm optimization (E-TDGO). This protocol provides security to three phases (i.e., route discovery, optimal path selection, and communication through the selected route) using a trust-based optimization model and advanced encryption standard-128 (AES-128). The trust level and the distance between nodes are utilized to discover number of paths in the first phase to identify a normal user and an attacker. An optimal secure path is then selected from the discovered paths using DGO novel algorithm. Communication begins in the network through an optimal path from the source to destination, and security is ensured by E-TDGO protocol.

The major challenge for PKI is to have a distributed approach for authentication of the public key in WANETs. Table 2 shows the comparative analysis of the existing security approaches. After studying thoroughly all the existing approaches for PKI in WANETs [17, 23, 24, 2630, 31, 3336], we have proposed a chain-based authentication for our targeted scenario. Because both DHT-based routing and WANET are distributed in nature, we have proposed a distributed PKI, as described in Section 4. The existing approaches that employ DHT mechanism for routing are mostly devised to handle the mismatch problem. A mismatch problem occurs if neighbors of a node in the logical network are different from the physical neighbors of the node. Mismatch problem increases the routing overhead and end-to-end delays when routing packets in WANETs [25]. Now we describe how the existing DHT-based routings address the mismatch problem.


PaperApproachEncryption algorithmKey distributionCentral trust authorityAuthenticationConfidentialityIntegrityHash function

[17]Secure self-configured spontaneous network protocolAESRSADistributed CASHA-1
[26]IKM, an ID-based key management schemeRSAThreshold cryptographyCertificatelessSHA-1
[27]Secured routing protocol along with PKI, firewall, and IPSAESRSACentralized certification authority within an ecosystem×SHA-512
[28]Trust-enhanced ad hoc on-demand multipath distance vector protocol (TeAOMDV)××Distributed trust-based mechanism not CA×MAC (message authentication code)
[33]Trust-based certificate revocation for secure routing (TCRSR) protocolThreshold cryptographyThreshold cryptographyChain certificate××
[35]Fuzzy enhanced secure multicast routing (FSMR)--Certificateless
[36]AODV with a fuzzy-based trust modelRSARSACentralized certificate authorityMD4
[38]Resistive to selective drop attack (RSDA)ECC--
[39]Encrypted trust-based dolphin glowworm optimization (E-TDGO)AES-128-Mutual trust relationship×××
[31]Random predistribution key approaches (RDK)×Random prekey distribution--×--
Analytical modeling
[29]Stochastic Beer–Quiche multipath routing (SBQMR), a theoretical model------
Stochastic multipath routing mechanism is adopted based on Beer–Quiche theoretical model
[34]Fuzzy-based stable and secure routing (FBSSR)-------
Trust-based next forwarding node selection algorithm (TNFNS)+analytical analysis

Virtual cord protocol (VCP) [7] connects the nodes in a logical chord based on nodes and LIDs. VCP assumes the LID range that is 0 to 1. In the VCP node, LID value 0 does not have any predecessor node; also, a node with LID 1 does not have any successor node. VCP assigns the LID to the new joining node using its physical neighbors. Consequently, it avoids the mismatch problem.

DART [40] uses a binary tree of M+1 level as the logical network and allocates each node an M-bit logical identifier. The leaves of the logical tree reflect the nodes’ LIDs, and the subtree reflects a node with a common prefix. DART avoids the mismatch problem by assigning physical neighbors in the same subtree structure (i.e., they share a common prefix). For example, Figure 3 shows the binary of 4-bit LID space, where nodes 0000 and 0001 have three common prefix bits at level 1. DART does not avoid completely the mismatch problem, and the result shows that the value of the path increases 30-35% as the size of the network gets larger.

M-DART [6] is an extension of DART. It establishes a tree logical structure and maintains all of its neighboring nodes to reach the destination node. M-DART is unable to evade a complete mismatch problem due to using tree data structure [25]. Figure 3 shows the address space represented as an overlay network built upon the underlying physical topology. Its tree-based structure offers the manageable procedure for address allocation without relying on flooding. M-DART suffers from a mismatch problem due to the inflexible connecting order of its tree-based logical structure.

Caleffi et al. [41] proposed an augmented tree-based routing (ATR) protocol that provides a solution to the scalability problem. In MANETs, hierarchically organized dynamic addressing approaches use a simple and manageable tree-based structure for routing and address space management. These tree-based addressing schemes embedded incomplete information that shows unsatisfactory route selection. In the proposed ATR augment, the tree structure uses storing additional information in the node routing table that allows one to resort to multipath routing. Each node discovers all its possible paths to reach the destination using its neighbor nodes. Figure 4 shows the routing issue in path discovery results of DART and ATR with five nodes for a full mesh network. The path discovery from each node to the two destinations 2 and 4 is shown in a given graph. For the same destination graph, show the multiple paths in ATR, while existing approaches do not provide the shortest path in a very simple network. The proposed mechanism solves the medium instability or bottleneck problem and scalability issue and gains good resilience against node mobility or failure in MANETs.

Caleffi [42] present a scalable DHT-based routing protocol that integrates direct routing and indirect key-based routing at the network layer. The proposed mechanism is able to build an overlay network that improves the p2p performance by agreeing on physical and logical proximity. In addition, the presence of a hostile channel and modest node mobility assure the satisfactory performance whenever the number of nodes grows. The proposed protocol indirect tree-based routing (ITR) allocates an bit string as a location-based identifier to the peer node. Routing is simplified in MANET; each routing table consists of an section and a section. Section shows each bit of the ID, and the section represents the address prefix length that is shared by the forwarder and destination IDs. ITR is capable to forward resource queries without introducing any overlay because logical proximity agrees with physical proximity.

Alvarez-Hamelin et al. [43] connect the nodes in logical -hypercube structure; refers to the dimension of a hypercube. A node has LID and mask value indicating the LID space portion for which the node is responsible. The node connected to those nodes having LID coordinates differs in one dimension. Figure 5 illustrates the connectivity of LID 0000 with the LIDs 0010, 1000, 0001, and 0100. This protocol still does not avoid the mismatch problem. For example, node (0110) and node 1111 are physical neighbors; they are not logical neighbors in the hypercube because their LIDs differ in more than one bit, as shown in Figure 5.

Motion mix [8] maintains 1-hop logical neighbors in an overlay network and is basically designed to handle the overhead in case of the mobility of nodes. It uses past mobility traces of nodes to predict node movement. The motion mix is partially effective against the mismatch problem.

Mesh-DHT [44] uses a 2-dimensional (2D) structure to decrease mismatching between logical and physical networks. This technique uses a link graph to build the 2D structure that is based on the methodology of [25]. The 2D closer coordinate has physically nearby neighbors that attract each other, whereas 2D distant coordinates have physically detached nodes that repulse each other. A new joining node comes to be 1-hop neighbors to the coordinate. Nodes periodically inform each other about the coordinate of its 1-hop neighbors and improve its 2D coordinates up to 2 hops away. Mesh-DHT is unable to provide an ample solution to the ill-matching problem.

Al-Mayouf et al. [45] addressed the following issues: (i) end-to-end route selection for the optimal utilization of network resources in a VANET environment; (ii) maintaining a stable network without congestion, in the existing segment aware-based geographic routing protocol that may result in packet loss, delays, and increased communication overhead in route recovery. The authors have considered both traffic and segment status to propose a real-time interaction-based segment aware routing (RTISAR) algorithm for geographic routing in VANETs towards finding an optimal route to the destination. RTISAR considers traffic segment status when selecting the next intersection. It is based on their connectivity, density, and load of segments. The proposed scheme also considers the cumulative distance to a specific destination that can avoid selecting intersections with low connectivity, sparse density segment, high load segment, and low cumulative distance to the destination. RTISAR outperforms in terms of packet delivery ratio, packet delivery delay, and communication overhead.

Teng et al. [46] proposed a vehicles joint UAV topology discovery (VUTD) scheme to discover the physical topology with low cost and accuracy. Location information is a challenging issue for many IoT applications because most sensor devices are randomly deployed and locations are unknown. A mobile vehicle acts as a mobile anchor to assist adjacent sensor devices in positioning and also collect logical topology information of the IoT systems. Physical topology information is a combination of collected location information and logical topology information. Cloud platform receives this information via vehicles and analyzes it to determine where the physical topology discovery is incomplete. The UAVs act as a flying anchor and require the UAV fly subarea determination (UFSD) algorithm to locate/determine these points. Flight path planning algorithm based on simulating annealing (PPSA) generates a random flight path according to the neighborhood function and compares the flight distance with the old path to determine a better path for UAV flight between areas. The experimental results show that the VUTD scheme has better performance.

Li et al. [47] propose a “machine learning-based code dissemination scheme by selecting reliability mobile vehicles in 5G Networks (MLCD).” Vehicles are hard to manage in 5G networks; improving the program code coverage and its safety is a key challenge. Code disseminators will suffer a large cost of the ground control station (GCS). Therefore, the MLCD scheme chooses vehicles with high degree of reliability and coverage ratio as the code disseminator to deliver code with low cost and high accuracy rate via a genetic algorithm (GA) in a machine learning scheme. Firstly, a historical trajectory dataset is used to calculate the vehicle reliability and is selected to improve the safety degree of code dissemination. Secondly, the vehicle with a higher coverage ratio is preferred to optimize the performance of code dissemination with limited cost. Thirdly, the MLCD scheme is evaluated by both theoretical analysis and experimental studies that show improvement in safety degree of code dissemination process and coverage ratio.

Mahdi et al. [48] presented a comparative review on the clustering techniques working for efficient data aggregation in target tracking applications. Wireless sensor applications are vulnerable to energy limitation during communication. For reducing energy consumption, there are two strategies (clustering and data aggregation) that are widely used to increase the lifetime of the sensor network. Redundant data is produced regularly in target tracking applications. To eliminate the data redundancy, there is need to deploy an effective data aggregation scheme. Authors conduct a comparative study on four existing clustering approaches including dynamic clustering, static clustering, combined clustering, and adaptive clustering. The pros and cons of these techniques are discussed for better choice that depends on various environments. The selection of an appropriate algorithm may reflect positive results in the data aggregation process.

The authors in [4, 5] propose a 3D routing protocol (3D-RP) that addresses the mismatch problem. 3D-LS provides the visualization of a newly joining node, and its associated neighboring nodes represented the main idea of 3D-RP. The 3D logical space is divided into three planes consisting of 6 dimensions and 8 octants. Each node is the resident of 3D-logical space; each node calculates the LID that imitates its intraneighbor connectivity accompanied by neighboring nodes. In 3D-RP, a node calculates its -bit LID from 3D-LS. 3D-RP relies on local information that is obtained through hello messages. A node keeps a dimension parameter (dim) along with its LID. The nodes are put in a group according to their dimensions that assist the packet forwarding. The following paragraph details the node joining process in 3D-RP. Figure 6 shows the Case 1 in which the newly joining node has only one neighboring node ; node avails the first unoccupied dimension of node and computes the LID based on node ’s LID. In the same way, the nodes and use the next two available dimensions of node to compute their LIDs using Equation (22). Nodes , , and are not physically connected in the network, so the node ’s local 3D-LS provides three different dimensions to these nodes to compute their LIDs. Similarly, the nodes and use the interpolation method (Equation (23)) to calculate their LIDs as shown in Case 2 of Figure 6. Also, node uses Equation (24) to calculate its LID corresponding to and , which are nonadjacent neighbors as illustrated in Case 3 of Figure 6. In Case 4, the joining node computes its LID after checking the contiguity of its neighbor nodes , , and as shown in Figure 6.

Figure 7 demonstrates the intraneighbor relationship of node with its physical neighboring nodes in the local 3D logical space of node . The physical links are represented by black dashed lines while the 3D logical space of node is represented by the blue dashed lines. Each node is the resident of 3D-logical space; each node calculates the LID that imitates its intraneighbor connectivity accompanied by neighboring nodes that assist in assigning nodes’ LID such that the nodes that are close in the physical network obtain closest LIDs. In this way, the LID of node is physically close to all of its adjacent neighboring nodes that shows the physical proximity in terms of , , and coordinates. The exact interpretation of the physical proximity in the logical network assists in avoiding the long routes and traffic overhead redundancy and seems to reduce end-to-end delay.

To send a packet in the direction of destination LID , a source node exploits its that has the same dimension value or minimum sum of difference as the destination node and forwards the packet to destination node LID . If there exists no such neighboring node, the packet is forwarded towards the “base node.” A node that is intricate in computing the LID of the newly joining node is referred to as the “base node.” 3D-RP does not provide any viable solution to handle the security issues discussed in Section 2. Moreover, the aforementioned is unable to handle network partitioning that makes it vulnerable to the critical node failures, which directly affects the network end-to-end delay and throughput.

In the past literature, the security issues have been discussed for traditional/non-DHT-based routing protocols in wireless ad hoc networks, and researchers have given various possible solutions to these issues. But deploying those solutions directly at the logically maintained network by a DHT-based routing protocol is inappropriate because the addressing, lookup, and routing in a DHT-based routing protocol is different from the traditional routing protocols that mainly rely on IP addresses for routing of packets at both the control and the data plane. Addressing the security concerns in a DHT-based routing is crucial and may completely halt the functionality of a DHT-based routing protocol that would result in a total communication disruption among nodes. To the best of our knowledge, none of the existing literature provides a secure version of the DHT-based routing protocols that works at the network layer. This paper is the first to attempt the solution of such security threats in the context of DHT-based routing protocols that would prevent service disruption, decrease the traffic overhead, and reduce the packet loss in the network.

4. 3D Secure Routing Protocol (3D-SRP)

To counter the attacks briefed in Section 2, we have devised a secure version of the 3D routing protocol (3D-RP [5]), named as 3D secure routing protocol (3D-SRP). 3D-SRP assumes that public-private key pairs are evenly distributed among the nodes. Each node in the network has a pair of public and private keys and uses the RSA algorithm [17] for encryption and decryption. In 3D-SRP, a node authenticates a public key belonging to a particular node as follows: 3D-SRP uses an identity card (IC) and a certificate (C) for the node identification. IC comprises a public and a private component of a node as shown in Table 3. The public component at each node refers to personal identity (PI) that uniquely identifies a node. PI includes data, e.g., UID LID, , photograph, and user signature. Secure hash algorithm (SHA-1) is used to generate user signature [49] and is encrypted using the node’s private key.


Identity card
Public componentPrivate component

Personal identity (PI)
Public key (PbK)
IP address (IP)
Logical identifier (LID)
User signature (Sig)
Private key (PrK)

The private component comprises the private key () of a node. Security information is generated when the user introduces its PI and is stored relentlessly at the node for future usage. Certificate of a node comprises of a certified IC, signed by another node that certifies it. To get the IC signature of node , node ’s is signed with ’s using the summary function obtained by SHA-1. No centralized certification authority (CA) has been used to validate IC. The integrity and authentication are automatically validated at each node by using the method that is explained in Section 4.1. Any of the trusted nodes can become the CA for a given node that builds a distributed certification authority mechanism between trusted nodes.

In 3D-SRP, each node sends a hello message containing IP, LID, and other related information (e.g., PbK and PI). Each hello message has a sequence number generated by the sending node in order to avoid the replay attack. We assume a connected network topology, i.e., network partition would not occur throughout the network operation. The proposed solution is sensitive to mobility. Handling the mobility of nodes has always been a major challenge in ad hoc networks. DHT-based routing protocols for MANETs do not support high mobility, because a logical network is maintained over the physical topology in DHT-based routing in which each node computes a logical LID in addition to its universal identifier (UID), i.e., IP/MAC address. In case the neighborhood of a node changes or moves to another place, precomputation of its LID reflects its relative position with respect to its new neighborhood. In case of high node mobility, the frequency of the node’s LID recomputation increases which would increase traffic overhead, computation overhead, packet collision, and chances of network inconsistency. This would generate more traffic to update the network status and subsequently increases the end-to-end delay in the network. Therefore, we consider low mobility nodes or connected topology. The following subsections explained the functionality of every component of 3D-SRP.

4.1. Joining Process in 3D-SRP

When joining a network, a node waits for at least three intervals of for hello messages from its neighboring nodes in the network. Figure 8 illustrates the authentication and verification process of the newly joining node and the LID computation afterward based on the number of logical neighboring nodes in 3D-SRP. Upon the expiration of these intervals, the following two cases arise: (i)If node does not receive any hello message from the existing nodes, then it assumes itself as the first node in the network. The node initializes its security parameters, i.e., its public-private keys, and assigns itself LID from 3D LID space; every axis, i.e., , , and , has a range from 1 to . Node obtains a hash value via applying a consistent hash function over its IP address and finds out the hash value closest to its LID, so it becomes the AN of itself and stores its own mapping information (i.e., LID, IP, and others)(ii)In the case where node collects a hello message from at least one of its neighboring nodes, it initializes its public and private keys and starts the authentication process with the existing neighboring nodes as follows

To initiate the authentication process, node chooses an existing neighbor node (e.g., node ) within its transmission range. As node receives of node in the hello message, it sends its signed by ’s . Upon receiving the signed IC of node , node then validates the received data by decrypting with its PrKa and checks the data integrity by verifying the hashed value. This is shown through the following

During this process, node ascertains node ’s trust level using physical gazing to node (as both nodes are assumed to be close physically), which depends on whether node knows node or not. Node then sends its to node . The of node is signed by node ’s , which is received in node ’s . After authentication and verification of ’s IC, node establishes the trust. Figure 9 illustrates the chain of trust and issuance of the certificate after validating the ICs.

Algorithm 1 illustrates the joining process including authentication and verification. After establishing trust with node , node selects another existing neighboring node for establishing mutual trust in the same manner. This process continues until node establishes trust with all of its physical neighboring nodes. In case node is unable to establish trust with any of its 1-hop physical neighboring nodes, then those 1-hop neighboring nodes are excluded from its neighbors’ list and would not be considered for data forwarding and in the LID computation phase.

Required: when node switched on and wants to join the network, it is waiting time interval , physical neighbor list of is denoted with and RSS method is used to measure the distance to each of its neighbor at joining node .
1:    does not receive a message and T expires
2:     Initialize as security parameters
3:          \\ assign a first LID of the network to itself
4:   
5:     Initialize as security parameters
6:          \\ encrypt its IC with neighbor public key & send to
7:          \\after gazing neighbor node send its credential to
8:   
9:   Trust between established after successful exchange of credential information.

After completing the neighbor authentication, node computes its LID as per 3D-RP specification based on its trusted physical neighboring nodes. Algorithm 2 describes the LID computation process in 3D-SRP. A node gets the information about the neighbors of node from the received hello message and finds that it has only one neighbor that is node . Figure 6 shows Case 1 in which node calculates its LID in the first unoccupied dimension of node . In the same way, nodes and compute their LIDs in two different unoccupied dimensions of node . Node assigns its three different dimensions to nodes , , and because they are not physically connected to each other. Figure 6 shows Case 2 with the interpolation method in Equation (23) that is used to calculate the LIDs of nodes and after checking the adjacency with their existing neighbor nodes and . In the same way, node in Case 3 of Figure 6 uses Equation (24) to calculate its LID corresponding to its neighbors and . The node in Case 4 calculates its LID corresponding to its neighbors , , and as shown in Figure 6.

Case 1
Required: information related to neighbor is stored in neighbor table (NT) of , and distance to is measured using RSS at joining node .
1:   then    \\ neighbor count =1 then check neighbor of neighbors
2:        \\ if a neighbor of a neighbor found calculate LID using Equation (22)
3:  else
4:        \\ calculate LID using the first available dimension using Equation (22)
5:  end if
6:      \\ LID computation done
Case 2
Required: information related to neighbors and is stored in neighbor table (NT) of , and distance to and is measured using RSS at joining node .
1:  ifthen      \\adjacent neighbors found
2:      
3:   ifthen             refers to any common neighbor other than
4:            \\ common neighbor found calculate LID using Equation (22)
5:   else
6:      ifthen      \\Collinear found
7:              \\ calculate LID using Equation (23)
8:        return
9:      else
10:              \\ calculate the LID using next available octant using Equation (22)
11:        return
12:      end if
13:   endif
14:  endif
Case 3
Required: information related to neighbors and is stored in neighbor table (NT) of , and distance to and is measured using RSS at joining node .
1:  ifthen     \\ adjacent neighbors not found
2:     
3:    ifthen     \\ common neighbor found among neighbors
4:               \\ calculate LID using Equation (24)
5:    else
6:      ifthen     \\Collinear found
7:               \\ calculate LID using Equation (23)
8:        return
9:      else     \\ calculate the LID using next available octant using Equation (22)
10:          switch to Case 1 (Compute using the available dimension of Ni or Np)
12:
13:      end if
14:    end if
15:  end if
Case 4
Required: information related to neighbors , , and are stored in the neighbor table (NT) of , and distance to , , and is measured using RSS at joining node .
1:  
2:  ifthen
4:        \\ all adjacent neighbors calculate LID using Equation (23)
5:    return
6:  else if
7:    
8:    then
9:    
10:        \\if neighbor is adjacent to others calculate LID using Equation (23)
11:    return
12:  else
13:      \\if neighbor is not adjacent to others calculate LID using Equation (24)
14:  end if

After computing its LID, node obtains the LID of its AN by applying a hash function over its IP address; let us say this produces the hashed value . The is computed from the same 3D space from where the LIDs of nodes are computed. A node can act as AN for multiple nodes. Each node stores its mapping information on AN in DHT-based routing because the source node requires the LID of the destination to forward a packet. Each node performs two major operations: (1)One operation is performed after computing the LID to store its mapping information needed to compute the LID of its primary anchor node (PAN)(2)A node acts as a primary anchor node and stores the mapping information to those nodes whose LID is closest to its LID

Every node uses its 1-hop logical neighbor () information to forward the query towards the same dimension parameter of its with the closest position of every tuple of its LID with the least sum of difference (LSD) to the . Sum of difference (SD) is computed using Equation (7) of each tuple of the ’s LID with the corresponding tuple of , and then using Equation (8) select a next-hop with the LSD. where the sum of difference is ; three tuples of nbr’s LID are , , and ; three tuples of hashed value or the destination’s LID are , , and; the least sum of difference is represented with ; and 1-hop neighbors are represented with . The node simply forwards a message to its base node if the 1-hop neighbors do not exist.

Algorithm 3 illustrates the newly joining node storing its mapping information at the anchor node (AN) after LID computation and its AN LID computation. The node sends a store-index information (SII) message that has as the destination LID in order to store node ’s LID and IP address (collectively called mapping information) at the node (referred as AN of node ). The node whose LID closely matches the would become the AN of node . SII comprises node ’s LID, its IP address, value, and the hash of the message encrypted with as shown in Equation (9).

Required: when joining node , successfully calculate its LID and anchor node (AN) LID after authentication and verification then store its mapping information at AN, routes message to through and as follows:
1: 
2: 
3: 

The is computed to ensure/verify the message integrity. The public key of node is included as plain text in the SII message. In case if a node itself is having a LID that is closest to the , then would store its own mapping information. Otherwise, the SII is forwarded towards the anchor node (AN) based on the destination LID (i.e., ) as follows:

Node then forwards the SII to a neighbor among all of its 1-hop neighboring nodes that have the closest LID to that of . After verifying the message integrity, the receiving node compares the destination LID (i.e., the value of ) with LIDs of itself and 1-hop neighbor nodes. The mapping information of nod (UID, LID, etc.) is stored by node because its hash value is closest to the LID. Otherwise, node computes the signature by computing the hashed value of the message and encrypts with its own private key . The encrypted message is then forwarded to one of its 1-hop neighbors (say node ) having the closest LID to that of value . The process will be repeated at every node on the path until the message arrives at ’s anchor node, say .

For instance, in Figure 1, node with LID applies a hash function on the IP address` of node and computes the hash value that is its PAN value. Node forwards the message to the PAN as follows. Node forwards the query to node with LID that is its base node because 1-hop neighbors of node are not in dimension 1; node has three neighbors , , and with dimension 1 that is the same dim value of .

The sum of the difference of node is calculated using Equation (7) as follows:

Node has the minimum LSD using Equation (8), i.e., . So, node forwards the SII towards node . Finally, node forwards the query towards node with which is closest to the hashed value . Thus, node acts as PAN for node . Node becomes the secondary anchor node (SAN) because it is a 1-hop neighbor of node and the second closest value to the hashed value, so node replicates the mapping information at node , in case PAN moves or fails and the SAN becomes active.

4.2. Lookup and Routing Process in 3D-SRP

The source node obtains the destination node’s LID (say node ) from its anchor node before transmitting a data packet. The source node (say node ) generates a hash of the lookup request message (MREQ) and encrypts with its private key which is used as a signature as shown in Equation (12). The source node computes the by applying a hash function over the node ’s IP address. Node then sends MREQ to the anchor node ascribed for the node in the same manner as a SII message is forwarded.

However, when the anchor node receives the MREQ message, it sends in reply the lookup reply message (MREP) to the source node . The anchor node builds the MREP as shown in Equation (13). MREP includes the mapping information (i.e., LID, IP address, and public key ()) of node . Upon receiving the LID of the node , node sends the data packet towards node in an analogous way as the SII message is forwarded. Using the trusted chain mechanism, the node gets the legitimate LID of the destination node and thus avoids the destination LID tempering attack, described in Section 2.

Upon receiving the MREP, node decrypts the message. The authenticity of the message is ensured by decrypting the hash of the message and comparing it with the initially forwarded message. The same hash value would confirm that the message is not tempered during the course.

4.3. Updating Neighborhood and Trust Chain in 3D-SRP

Each node periodically updates the list of its 1-hop neighboring nodes using hello messages. If the node examines that a neighboring node cannot be trusted anymore, it revokes the certificate of trust associated with that neighboring node and excludes it from the neighbor list. Similarly, if a node, say , receives no hello messages from a neighboring node in a particular time interval, removes that neighbor from its neighbor list. The trust among neighboring nodes in 3D-SRP is established using the trusted chain mechanism. For instance, the trust between nodes and can be established by using the trusted chain, i.e., , , and , where is trust. By using the trusted chain, the anchor node of ensures that the LID and public key of , i.e., , in the SII message belong to node , and thus, node can be trusted. This process avoids authentication of the node’s LID tempering attack, which is described in Section 2.

4.4. Security Evaluation of the Proposed Protocol

This section evaluates the proposed 3D-SRP in terms of various security attacks. The new security authentication and verification algorithms can be easily added to the 3D-SRP that makes it adaptable. To evaluate and analyze the proposed 3D-SRP in the context of practical perspective, Table 4 is added that illustrates the most frequent attacks in the self-organized wireless ad hoc networks and how the proposed 3D-SRP encounters with those attacks. It can be observed that the proposed 3D-SRP provides a high level of security and thus making the network more reliable.


AttacksHow our protocol refuses the attacks

Access to user data in physical devicesUser/password access
Compromised physical devicesVisual identity verification (authentication phase)
Identity impersonationVisual identity verification (authentication phase)
trust policies
Phishing, active spoofing, compromised dataHashing and authentication
Use of trusted chain
Data modification, compromised dataHash function to guarantee data integrity
Lost data because of failure and battery dischargeAuthentication
Compromised nodeUse of algorithm to identify compromised nodes
Change of trust level, trust elimination
Denial of service/data availabilityDistributed data management and storage
Distributed access to data services
Distributed security processes
Loss of connectivityAuthentication

5. Formal Analysis of 3D-SRP

This section presents the proposed model and its analysis for better understanding using high-level petri nets (HLPN), SMT-Lib, and Z3 solver.

5.1. Introduction to HLPN

Petri nets [50] provide a framework to model a discrete event system graphically which can be verified mathematically. High-level Petri nets are used for scientific problems with complex structure, especially stochastic, time, and fuzzy Petri nets which are used for modeling, analysis, and simulation engineering in intelligent task planning, artificial intelligence, managing symbolic and numerical information, and dynamic knowledge representation. In this paper, we have presented the proposed protocol model using high-level Petri nets. HLPN is defined as a seven-tuple , where is a set of places; is a set of transitions, where ; is a flow relation, where ; maps places to data types; transition rule defined by ; label represented by ; and initial marking denoted with . is a net structure. describe the static and semantic information and ensure it is the same throughout the system. HLPN shows various types of tokens for places. These tokens are cross products of two or more types. Places in HLPN have tokens of various types. The incoming flow variables are utilized to enable a certain transition. Each transition must hold a precondition to be enabled. Similarly, transitions are fired through a postcondition that uses variables from the outgoing flows.

5.2. Formal Analysis and Verification

Formal analysis and verification process scrutinize the satisfaction level of the proposed system model by formal specification and its behavior. The bounded model describes the system in terms of rules and its properties. It is used for input parameters on whether after the finite number of steps the system will terminate.

Microsoft Research developed the satisfiability modulo theory library (SMT-Lib) [51] with a Z3 solver to verify the proposed HLPN model. SMT-Lib used the input platform and benchmarking framework to evaluate the proposed system.

The HLPN model and verification tools check the specific properties verified by the HLPN model. HLPN model and verification tools are used to analyze the proposed HLPN model of 3D-SRP. The HLPN model shows the set for places with a circle and set for transition with a rectangular black box in Figure 10. Table 5 illustrates data types for the proposed HLPN model, and Table 6 shows mappings and places defined in the proposed HLPN model.


Data typeDescription

LIDLID of a node
NListA list containing LIDs of neighboring node and neighbors of the neighboring nodes
UIDIP of a node
HvalueHashed value of a node
L1Joining node’s LID
L2Primary anchor node’s LID
L3Secondary anchor node’s LID
HASHashed value of UID of the anchor node
MMessage to send
PrKThe private key of a node
PbKThe public key of a node
RA nonce (random number)
ICIdentity card of a node
CCertificate of a node
CnbrCertificate of a neighboring node


PlaceMapping

φ (CL)P (NList×Cnbr)
φ (node)P (NList×LID×PrK×PbK×C×IC)
φ (LID-UID)P (LID×UID)
φ (NIP)P (UID)
φ (JNH)P (Hvalue)
φ (PS-AN)P (L1×L2×L3×Hvalue×UID×PbK)
φ (LID)P (LID)
φ (LID-SHA)P (LID×HSA)
φ (send)P (M×UID)

The complete working of the proposed 3D-SRP is detailed in Section 4. Here, we define formulae to map on transitions. The proposed system initiated with a joining node receives a hello message from the existing neighboring node in its transmission range; it initializes its public and private keys and starts the authentication process with the existing neighboring nodes. The formulae in Equation (14) and Equation (15) map to the aforesaid transition:

After completing the neighboring authentication, a node computes its LID as per the joining process of 3D-SRP specification based on its trusted physical neighboring nodes. The transition LIDs are calculated via a mathematical rule that is defined as follows:

Every node applies a hash function over the node’s UID to find the AN that stores its mapping information. The rule and transition in

The rule in Equation (18) representing the encrypted message comprising LIDs and UIDs which are placed by the transition LPA at place LID-IP is modeled for checking purposes.