Keywords

1 Introduction

Suppose that we want to establish the communication connection between two floors of any organization building or between two buildings in the same campus using wireless short-range communicating electronic devices. In the organization each employee has mobile devices and some fixed devices such as printer, computer, etc. We can connect these devices using fixed wired network or by infrastructure access points, but this restricts the mob ability of the devices. Another option is used in base station based network, i.e. cellular network which allows the large communication range; but the limitation is that, these cellular networks are costly and time-consuming deploying networks. Alternatively, at last we need a network that should be fast and cheap in deployment, provide sufficient range for communication, easily scalable, support mob ability, etc., and these features are provided by only one network, i.e., mobile ad hoc network (MANET) [1, 2]. Apart from these types of applications, MANETs are also used in defense, emergency relief operations, environment monitoring, VANETs, WSNs, etc.

With the increasing number of applications, the demand for secure communication is increasing. Due to the fundament characteristics of MANET [3], secure communication is very difficult [4, 5] to achieve, because its nature-like communication medium is open wireless which can easily be accessed by anyone who are coming in the radio range of the communicating devices, nodes are physically vulnerable, less-efficient (processing power, memory) communicating devices, the absence of central authority, free from the constraint of topological structure of network, etc.

Communicating devices used in MANET have limited memory and processing power, because of this asymmetric key based security scheme is not the good solution for implementing security scheme in MANETs. With considering this limitation in mind, in this work symmetric key based authentication mechanism has proposed to ensure the secure communication between the communicating parties. The proposed model secures the network from the well-known and frequently occurred attacks (impersonation, modifies routing information, black hole). In this work, two levels of authentication have been used, first level for hop-to-hop authentication [6, 7] (MD5 algorithm has used for authentication code generation) and second level for end-to-end authentication (SHA1 algorithm has for authentication code generation). Digest_1 is the size of 128 bits generated by the MD5 algorithm and Digest_2 is the size of 160 bit generated by SHA 1 algorithm.

The remainder of this paper is organized as follows: Sect. 2 introduces related work and motivation to do this research. Section 3 describes the proposed methodology. Section 4 explains simulation result and discussion, and finally conclusion is defined in Sect. 5.

2 Related Work and Motivation

In this section, research work done in the field of secure communication in MANETs is discussed. Especially, we cover the mechanisms that have used symmetric key based security schemes. Arya K. V. and Rajput S. S. [8] have proposed the model to secure AODV routing protocol using nested MAC. In this model, the author has also used the concept of key pre-distribution (distribution of symmetric key at the time of network deployment) to overcome the drawback of methods [9] that distributes the keys at run time (when communication connection establishing between the sender and receiver). This method [8] significantly prevents the networks from many attacks (impersonation, modifies routing information, black hole). The limitation of this method is that it works efficiently when the attacker is outsider and work little bit inefficient when attacker is insider, i.e., our genuine node is compromised by the attacker.

Similar concept was used by Rajput S. S. [10] to protect MANETs against frequently occurred attacks. In this particular paper, ZRP routing protocol is used to major the performance of the proposed model. These two papers played the key role in the motivation to do the research in this field.

3 Proposed Security Mechanism

In this model, symmetric key based authentication technique is used for securing the network from various attacks. In this model, two levels of authentication are used to test the integrity of the message. The first level of authentication is used for hop-to-hop authentication and second level of authentication is used for end-to-end authentication. At first level, MD5 algorithm is used to generate 128 bits digest for checking the integrity of the message at each node of the route. SHA 1 is used to generate the 160 bits digest for checking the integrity of the message at the intended receiver of the message.

For speedup, the algorithm key table of size 15 keys (K0–K14) is stored at each node at the time of deployment. These keys are used for generating MAC (MD5) at first level that helps us to check the integrity of the message at the intermediate nodes. For generating MAC code at second level, SHA 1 uses second key generated by the random number generator. Random number generator function uses random four-digit number as seed to generate the second key.

The advantage of making two levels of authentication are to speed up the algorithm compare to Method [1], Method [2], and increase the security level. This mechanism helps us to protect our network from internal as well as external attacks.

The working model of the proposed work is given in Fig. 1. Here we are not discussing the behavior of the attacks in details. Here we are using the same behavior of the attacker as discussed in Method [1] and Method [2]. In working model as shown in Fig. 1, taking four nodes in the route one is sender node S, one is receiver node R, and two intermediate nodes I. Each node has a key table used for the authentication of the message at first level. For better understanding, whole working model is divided into three parts: Process at the Sender, Process at the receiver, and Process at the intermediate nodes.

Fig. 1
figure 1

Working model of proposed algorithm

Full size image

At the sender side: Sender S first generates the message, then first key from the key table for generating the Digest_1 using MD5 is selected according to the value of hop count field in the header of the message. (First_key = Key number (Hop_count mode 15) then random number function call to generate Second_key for creating the second-level authentication code using SHA 1 algorithm then whole message (message + random 4 digit seed + Digest_1 + Digest_2) send to the next node in the route.

At the intermediate nodes, first check the integrity of the message by generating only the Digest_1 of message using the key (First_key = Key number (Hop_count mode 15) and if new Digest_1 equals to the received Digest_1, then message is treated as valid message and then again Digest_1 is created using next key in the key table and message is forwarded to the next hop in the route. If new Digest_1, does not equal the Received Digest_1 then message is treated as invalid message and message is discarded.

At the receiver side: new Digest_1 and Digest_2 is created by using First_key (First_key = Key number (Hop_count mode 15) from the key table and Second_key (generating by random number generator using same seed that has been used by the sender). If both new digest matches with received digest, then only message is received as valid message otherwise discard the invalid message. For more understanding, pseudocode for the proposed model is given in the Algorithm 1

4 Simulation and Result Analysis

To implement proposed model NS2.35 [11] has been used. Simulation parameters are given in Table 1.

Table 1 Simulation parameters
Full size table

In the work, proposed model is compared with original AODV, previous model was proposed by K. V. Arya and S. S. Rajput [8] (named as Method [1]) and another model was proposed by S. S. Rajput et al. [10] (named as Method [2]). Original Method [2] is proposed for the ZRP routing protocol, but in this work we have changes in this model to make it compatible with the AODV routing protocol. Performances of all the models are measured in the presence and absence of the malicious nodes in terms of AE2ED, TP, and PDR.

First we simulate, analyze, and compare the performance all four models, i.e., AODV, Method [1], Method [2], and Proposed in terms of different pause time V/s all four performance parameters (AE2ED, PDR, and Average TP). Simulation results are shown in Figs. 2, 3 and 4 shows that proposed model work better than Method [1] and Method [2] and almost similar than original AODV [12] in the absence of malicious nodes. This is because, in the proposed model at intermediate node only one digest is generating and verifying (Digest_1) while in previous model digest generated two times (used NMAC). It means proposed mechanism increases negligible over head in term of computational complexity.

Fig. 2
figure 2

Pause_Time versus AE2E Delay

Full size image
Fig. 3
figure 3

Pause_Time versus PDR

Full size image
Fig. 4
figure 4

Pause_Time versus Average_TP

Full size image

Comparison of proposed model, AODV, Method [1], and Method [2] in terms of average AE2ED, PDR, Average TP with increasing number of malicious nodes (No_of_Mlcius_Nodes) shown in Figs. 5, 6 and 7. For this fixed pause time = 300 s and number of connections = 10 have been used. Results show that proposed model performing outstanding as comparing to the other three models in the presence of malicious nodes. Out of all malicious nodes in each simulation, 50% nodes are taken as inside attackers and remaining 50% as outside attacker. Simulation results also show that our model perform better in the presence of inside attacker; it means our model significantly overcomes the drawback of Method [1] and Method [2].

Fig. 5
figure 5

AE2E Delay versus No_of_Mlcius_Nodes

Full size image
Fig. 6
figure 6

PDR versus No_of_Mlcius_Nodes

Full size image
Fig. 7
figure 7

Average_TP versus No_of_Mlcius_Nodes

Full size image

5 Conclusion

In this paper, symmetric key based authentication mechanism has been proposed to secure the AODV against various attacks (impersonation, modifies routing information, black hole). Simulation results show that proposed model work better than Method [1] and Method [2] and almost similar than original AODV in the absence of malicious nodes. It means proposed mechanism increases negligibly over head in terms of computational complexity. Results also show that proposed model perform in an outstanding way compared to the other three models in the presence of malicious nodes. Out of all malicious nodes in each simulation, 50% nodes are taken as inside attackers, and remaining 50% as outside attacker. Simulation results also show that our model performs better in the presence of inside attacker; it means our model significantly overcomes the drawback of Method [1] and Method [2].