Journal of Information Security and Applications 51 (2020) 102425

Contents lists available at ScienceDirect

Journal of Information Security and Applications

journal homepage: www.elsevier.com/locate/jisa

Secure and reliable data forwarding using homomorphic encryption

against blackhole attacks in mobile ad hoc networks
Elbasher Elmahdi, Seong-Moo Yoo∗, Kumar Sharshembiev
Electrical and Computer Enginreering, The University of Alabama in Huntsville, 301 Sparkman Dr NW, Huntsville, AL 35899, USA

a r t i c l e i n f o a b s t r a c t

Keywords: A mobile ad hoc network (MANET) is a dynamic wireless network without any infrastructures. It is vul-
Mobile ad hoc network security nerable to many types of attacks. Thus, security has turned out to be an important factor to facilitate
Secure message transmission
secured communication between mobile nodes in a wireless environment. Recently, many routing pro-
Blackhole attack
tocols have been established. But most of them do not consider the security criteria in their designing.
So, practically any node can maliciously disrupt communication of other nodes. Hence, a new approach
is proposed in this paper to provide reliable and secure data transmission in MANETs under possible
blackhole attacks based on modified ad-hoc on-demand multipath distance vector (AOMDV) protocol. We
divide the message into multiple paths to the destination and use homomorphic encryption scheme for
cryptography technique. The performance of the proposed scheme is stable with very high packet deliv-
ery ratio while that of AOMDV is found to be vulnerable with the intrusion of malicious nodes in the
network. Simulation results show that, compared to the original AOMDV scheme, our proposed scheme
improves considerably the packet delivery ratio and network throughput in the presence of malicious
nodes.
© 2020 Elsevier Ltd. All rights reserved.

1. Introduction In MANETs unique techniques define the network environment

such as network topology is continuously changed, storage is lim-
Each node in a mobile ad hoc network (MANET) is mobile, so ited, wireless links are not secure, and there exist many limitations
the node can join the network, while at the same time other nodes [4]. Due to MANET’s inherent characteristics mentioned above, it is
leave it or fail to connect because they move to a region that is necessary to save or secure data transmission to achieve effective
not in the covering range of the network. Here, each node involves communication in MANETs because most of the routing protocols
in operations such as route discovery or data forwarding in the proposed for MANET’s assume a trusted and reliable environment
network. For this purpose, multiple routing protocols have been and they do not consider the security issues in their initial designs.
proposed. Most of the protocols focus on two types of routing al- The communication in MANETs includes two phases, the route
gorithms: the table-driven type (the proactive type) and the on- discovery phase and the data transmission phase, and both phases
demand type (the reactive type) like AODV, DSDV, DSR, or even are vulnerable to a variety of attacks. In the first phase, adver-
multipath protocols like AOMDV according to the way of discov- saries can disrupt the route discovery by impersonating the desti-
ering and maintaining the routes [1]. Since data forwarding is de- nation, responding with stale routing information, or by distribut-
pendent on each intermediate node, securing data transmission is ing fake control traffic. However, adversaries can also disrupt the
an important issue [2]. data transmission phase and, thus, incur significant data loss by
The security in MANETs has become an active area of research, tampering with, falsely redirecting, or even dropping data traffic
especially for applications such as emergency operations, military [5]. To provide comprehensive security in MANETs, both phases of
applications, vehicular applications, etc. [3]. In such an environ- communication must be protected.
ment, malicious or selfish nodes can disrupt or even deny the In this paper, our concern is secure data transmission by assum-
communications of any node within the networking domain. In ing that routes are already established from a sender to a receiver.
MANETs every node in the network is required to assist in the net- Our proposed scheme is based on ad hoc on-demand multipath
work establishment, its maintenance, and the network operation. distance vector (AOMDV) protocol for discovering active transmis-
sion paths. We have investigated the security of AOMDV protocol,
∗ a multipath extension of the Ad hoc On-Demand Distance Vector
Corresponding author.
E-mail address: [email protected] (S.-M. Yoo). (AODV) routing protocol against blackhole attacks. After discover-

https://doi.org/10.1016/j.jisa.2019.102425
2214-2126/© 2020 Elsevier Ltd. All rights reserved.
2 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425

ing the routes between a source and a destination node, a mes- Wazid et al. [7–9] proposed a new efficient techniques for the
sage is divided into many parts and each part is encrypted us- detection and prevention of multiple attacker nodes in WSNs. In
ing Enhanced Homomorphic Cryptosystem (EHC) [3, 20] before the these techniques, the entire WSN is divided into several clusters
sender transmits a part of the message to the destination [3]. Here, and each cluster has a powerful high-end sensor node, which is
malicious nodes may be contained in the route and may make called a cluster head and is responsible for the detection of at-
blackhole attacks. The problem of the attacks in the AOMDV pro- tacker nodes, if present, in that cluster. Also, these techniques
tocol is addressed in this paper. So, our scheme is not an intrusion are suitable for the resource-constrained sensor nodes due to low
detection or intrusion isolation system, but it is an intrusion avoid- computation and communication overheads. Satav et al. [10] pro-
ance system from malicious nodes. posed a technique to secure route selection in adverse environ-
The idea of this scheme is to assign a set of disjoint paths into a ment in MANETs. The proposed approach added route reliability
set of groups and several active disjoint paths are assigned to each parameter in the routing table to categorize the paths as reliable or
group, where all disjoint paths are connected between a sender unreliable, but this addition increases the computational and stor-
and a receiver. We divide a message into many parts before the age overhead while reduces the packet delivery ratio and end to
message is transmitted, and encrypt each part based on homomor- end delay. This proposal deals with security issues in route discov-
phic encryption scheme. Then, the part of the message is trans- ery stage, but our proposal deals with those in data transmission
mitted to each group in order that only one encrypted part of the stage.
message is able to reach each group. Every node in each group
can receive the same part of the message. Then, even if a part of 2.2. Localized collaboration and information cross-validation
the message is dropped, the part of the message can be delivered
to the destination through another safe path. Thus, the receiver is The main idea of localized collaboration and information cross-
able to receive the whole encrypted parts of the message, combine validation is that local neighboring nodes collaboratively monitor
them, decrypt the whole parts, and recover the whole message. and tolerate each other, while no single node is superior to the
We organize this paper as follows. Sections 2 explains closely others. It exploits localized collaboration and information cross-
related work. Section 3 introduces methodology. The problem to validation to protect the network in a self-organized manner. Yang
be solved in this paper is mentioned in Section 4. Our proposed et al. [11] proposed self-organized network-layer security. It does
scheme is described in Section 5. Section 6 analyzes our analyti- not concern itself with any form of cryptographic security on the
cal model. Section 7 shows the simulation results. Conclusion with messages being routed. Instead, it covers the network from ma-
future work is mentioned in Section 8. licious nodes by detection and reaction to misbehaviors. It is a
network-layer security solution that protects routing and forward-
ing operations in an integrated framework. The main problem with
2. Related work
this scheme is that the energy consumption of this approach is too
large.
In this section, previous methods to secure data forwarding in
MANETs are explained. Securing the data forwarding has received
2.3. Applying cryptographic primitives
relatively less interest in works, although several proposals have
handed out with the problem of secure ad hoc routing. Previous
Chinthanai et al. [12] proposed enhanced adaptive acknowledg-
studies of protecting the data forwarding can be classified into
ment for intrusion detection. It uses a digital signature to pre-
three categories: information spread with end-to-end security, lo-
vent the attacker from fabricating acknowledgment packets. The
calized collaboration and information cross-validation, and apply-
scheme shows higher malicious-behavior-detection rates in certain
ing cryptographic primitives.
situations while not affecting the network performances. Tan et al.
[13] proposed a mechanism to secure data transmission using the
2.1. Information spread with end-to-end security AES cryptographic primitive with the underlying protocol as AODV.
This scheme specifically targets the blackhole attacks with the im-
Some previous studies of protecting the data forwarding based portance of improving network parameters like throughput and
on information spread with end-to-end security. The main idea of packet delivery ratio. Ertaul et al. [14] used elliptic curve cryp-
information spread with end-to-end security is to defend the data tography (ECC) and threshold cryptosystem (TC) to securely deliver
transmission against the malicious behavior of other nodes. It pro- message, splitting the message into a number of pieces before or
vides further protection to secret messages from being compro- after using ECC to encrypt them individually and sending them to
mised when they are delivered across the insecure network. It is the receiver. At the receiving side, each share of the secret is de-
based on information spread and end-to-end security. Papadimi- crypted using ECC to get the original message. The main problem
tratos and Haas [5] proposed secure data transmission scheme in of the previous schemes produces additional routing overhead in
MANETs. It operates just in an end-to-end procedure, exploits the cases of a well-informed adversary.
redundancy of multipath routing and adapts its operation to re- Sultana et al. [15] proposed a method to secure data packet in
main efficient and effective even in highly adverse environments. It spite of blackhole attacks in MANETs through AOMDV routing pro-
operates without limited intuition on the security associations and tocol. ECC has been chosen to secure the packets against black-
network trust and it affords the loss of data along with adjusting hole attacks. The main problem of this proposal is that it does
its operation to the network circumstances. Lou et al. [6] proposed not completely avoid blackhole attacks due to dropping the mes-
a security protocol for reliable data delivery to enhance the data sage even if it is encrypted. In addition, there exist some propos-
confidentiality service in a MANET. The basic idea in this scheme als generating automated mechanisms. They choose the alternate
is to transform a secret message into multiple shares by secret path automatically that will be reliable and secure. Also, Jain et al.
sharing schemes and then deliver the shares via multiple indepen- [16] proposed an improved version of AODV routing protocol us-
dent paths to the destination so that even if a small number of ing homomorphic encryption scheme which prevents pollution at-
nodes are compromised, the whole secret message is not compro- tack and accomplishes in maintaining integrity security standard
mised. The main problem of these schemes is that every node in by following minimum hop count path. It allows an intermediate
the network needs to establish a security association with every node to perform XOR operation on arriving data. The core tech-
other node in the network, thereby increasing overhead. nique involved in this technique is Message Authentication Code
 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425 3

(MAC) based on Universal Hash Function (UHF). However, mini- decryption on the sum of two ciphertexts is the same as addi-
mum hop count path may lead to congestion in network. Ran- tion of two plaintexts represented as E(a + b) = E(a) + E(b). In
gasami et al. proposed a protocol [17] analyzing the usefulness and multiplicative property, performing decryption on the product of
threats that will be faced by the service providers while taking up two ciphertexts is the same as multiplication of the two plaintexts
the homomorphic encryption schemes to provide confidentiality of represented as E(a ∗ b) = E(a) ∗ E(b). In mixed multiplicative prop-
data stored in cloud computing. From this study, they concluded erty, performing decryption on the product of one ciphertext plain-
that homomorphic encryption scheme paves a new way of secur- text is the same as multiplication of two plaintexts, represented as
ing data in cloud and it enables cloud service providers to serve E(a ∗ b) = E(a) ∗ b [21].
the clients in a more efficient way by preserving the data confi- In our proposed scheme, EHC [3, 20] is used as cryptographic
dentiality and integrity. algorithms based on additive homomorphic encryption. The gen-
In summary, most of the previous work for securing AOMDV eral practical structure for the encryption and decryption scenario
protocol in MANETs cannot avoid black hole attacks because an at- of EHC scheme is introduced below. This cryptosystem uses large
tack drops data even if it is encrypted. Our proposed scheme seems number m, where m = p × q. Here p and q are large prime num-
to be more reliable and secure to deliver the encrypted data to the bers, which are kept secret. q is a sharing secret key. That number
destination. m is also a secret key to encrypt the data. Finding a random num-
ber r seems to be an extremely difficult problem because it will
3. Methodology be generated randomly, which is kept secret. In principle, the EHC
scheme consists of three main procedures: the key generation (K),
3.1. Ad hoc on-demand distance vector routing (AODV) the encryption algorithm (E) and the decryption algorithm (D), as
illustrated below.
AODV is an on-demand distance vector routing protocol built Secret Key Generation (K):
on the DSDV algorithm [18]. Also, it is a reactive routing protocol
– p, q ∈ P, where P is prime, and m = p ∗ q.
which means routes are determined only when needed, and it is
– Generate a random number r.
a single path and loop-free protocol. When a source has data to
– The set of original plaintext messages P = Zp = { x : x <
deliver it to a destination in an unknown position in the network,
= p}, Zm = { x : x < m} has the set of ciphertext messages.
then it broadcasts a Route Request message (RREQ) to figure out
– Secret values r, m and q
that destination. In this case, when the route request is received
– Shared Key K = p.
by the intermediate node, a route is created to the destination. If
the receiving node is not the destination node, has not received Encryption (E):
this RREQ previously, and does not have a route to the destination,
it rebroadcasts the RREQ message again. But if the receiving node – x ∈ Zp
has a route to the destination or it is the destination, it creates a – The ciphertext C is calculated as y = Ep (x) = (x + r ×
Route Reply message (RREP) to re-send it back to the source. Af- pq) (mod m).
ter the source receives the RREP message, it maintains the route to Decryption (D):
the destination to utilize it for sending data to the destination. In
case of multiple RREPs are received, then the route with the short- – The plaintext x is recovered as x = Dp (y) = y mod p.
est path is chosen from the source. When data is flowing from the
source to the destination and a route fail is recovered, a RERR is 4. Assumptions and problem statement
sent towards the source. When the source receives the RERR, it
cancels the route and recovers another one if it needs it [19]. To deliver the message reliable and secure from the source
to the destination, we propose a scheme explained in the next
section. Before that, assumptions and problem statement are de-
3.2. Ad hoc on-demand multipath distance vector routing (AOMDV)
scribed here.

The main objective of this paper is to provide a reliable and 4.1. Assumptions
secure AOMDV routing protocol for the data transmission by
means of our proposed scheme. AOMDV shares several character- • In a MANET, there are a sender, a receiver and several dynamic
istics with AODV, based on the distance vector concept. Moreover, nodes between them for forwarding the data.
AOMDV also finds routes on demand using a route discovery pro- • AOMDV protocol is used for the network layer to have a set of
cedure in MANETs. The main difference is the number of routes active disjoint paths between the sender and the receiver.
found in each route discovery, which contributes to solve the prob- • A set of active disjoint paths after route discovery phase be-
lem of link failure in ad hoc networks. AOMDV provides efficient tween the sender and the receiver in the standard multipath
route switching when links break down between the nodes in the routing protocol AOMDV is modified as follows: While the
network by selecting another route from selected routes stored source node starts route discovery to the destination, a pro-
previously instead of initiating a route request process again. So, posed route count parameter is added in the routing table.
in comparison with AODV, AOMDV improves the performance in This proposed parameter will count the active paths between
many aspects, such as the packet delivery ratio, end-to-end delay, source and destination in the routing table. After route discov-
and control overhead of the network [20]. ery process, the source node checks routing table for available
paths and its count {(next hop IP1, hop_count1), (next hop IP2,
3.3. Enhanced homomorphic cryptosystem (EHC) hop_count2), (next hop IP3, hop_count3), …}. Then, the whole
maintained paths in the routing table will be used to combine
Homomorphic encryption is the operation on the encrypted the transmitted parts of the message. Now the source sends the
data which can offer the same results after calculations as the first part of the message through the two or more maintained
working straightly on the clear data. Homomorphic encryption routing paths which have the maximum sequence number or
schemes have the property of additive, multiplicative or mixed minimum hop count in case of the same sequence number in
multiplicative homomorphism. In additive property, performing the routing table. The source also sends the second part of the
4 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425

prepared by adding all important details for the data routing

into each selected path in the topology between the sender and
the receiver.
• Combine these paths into groups G by dividing n by the desired
number of paths in each group by assuming that not less than
two active paths in each group G = (n / 2 or more).
• Before sending the message (code), the sender assigns a unique
message ID (msg-id) to the entire message and divides it by the
number of groups G for dismantling the entire message M/G,
where M is the entire message and G is the number of groups
of combined active disjoint paths.
• Moreover, each part of the entire message m is associated with
a unique part message ID as (msg-sp-id1, msg-sp-id2,…,etc.) is
used at the receiver side to gather the entire message again.
Fig. 1. Node S sends some packets to node D but node n3 drops all data packets.
• Then, the sender encrypts all parts m1, m2, m3, …., etc. of the
entire message using EHC for getting Ep(m1), Ep(m2), Ep(m3),
message to the next two or more paths in the routing table, …, etc., where p is the secret key, and send them to the re-
and so on until the last part of the message is sent. ceiver along with msg-id, msg-sp-id, msg-sp-id-sum through ac-
• We also assume that the shared key p established from EHC is tive disjoint paths in each group, so each group will have only
distributed between the sender and the receiver by using key one encrypted part within the same message ID and message
distribution protocol Elliptic Curve Diffie Hellman (ECDH) algo- part ID.
rithm [22]. • On the receiver side, to know the total number of encrypted
• The message to be sent is a code which is recognized previously parts of the entire message, we use the message part ID sum
by both the sender and the receiver and is uploaded in their (msg-sp-id-sum) within the encrypted parts.
nodes. • The receiver recovers the whole message by adding up all en-
• Malicious nodes (blackhole attackers) are included in the net- crypted parts of the entire message that has the same mes-
work. These nodes cooperate in route discovery phase and for- sage ID using the additive property in homomorphic encryp-
ward all control packets (such as route request, route error, tion scheme Ep(m1) + Ep(m2) + Ep(m3), …, etc. till reaching
route reply) correctly, but silently drops all data packets. the message part IDs sum, msg-sp-id-sum.
• All active paths in each group could be affected by malicious • If the receiver gets a duplicate part of encrypted parts of the
nodes after route discovery phase is completed. message which has the same message id and message part id,
then it will discard the duplicated part.
4.2. Problem statement • Finally, the receiver decrypts the sum of all the encrypted parts
of the message using EHC, X = Dp (Ep(m1) + Ep(m2) + Ep (m3),
In multipath routing protocols like AOMDV, assume that the …, etc.) to recover the original message M.
source node selects the best route to forward packets to the des-
tination node, which includes many malicious nodes. These mali- 5.2. Example scenario
cious nodes, placed on the route, forward the control packets but
drop all data packets. Refer to Fig. 1. Source node S sends packets Refer to Fig. 3:
to destination node D using route {S, n1, n2, n3, n4, D}. Here, node
n3 is malicious and drops the entire data packets passing through • The number of disjoint paths n = 6 between the sender and
it so they do not reach the destination node. receiver.
When the data transmission path includes blackhole attacker, • Number of groups () is
data is not delivered to the destination as the attacker drops it. G = n / two or more paths in each group
Also, when the entire data is sent via the single path without di-
G=6 / 2=3
viding it up and encryption, the attacker gains a complete knowl-
edge about the data. The goal of the proposed scheme is to deliver • The entire message M = 9.
and secure the entire message even if some disjoint paths are not • Parts of the entire message
working due to malicious nodes (blackhole attacks).
m=M/G
5. Proposed Scheme = 9 / 3=3 where m is m 1 = m2 = m3
• The message’s id for the entire message M is msg − id = 1.
In this section, the proposed scheme is introduced. First, we ex-
• The message part ids for the message parts are msg − sp − id1
plain the procedure of the main idea, then a practical example of
= 1, msg − sp − id2 = 2, and msg − sp − id3 = 3.
the proposed scheme.
• So, the message part id’s sum is
5.1. Main idea msg − sp − id − sum = msg − sp − id1 + msg − sp − id2 + msg
−sp − id3
The proposed protocol is implemented by modifying the origi-
= 1+2+3=6
nal protocol AOMDV as explained in the following and as shown in
Fig. 2: • Encrypted the message parts m1,m2,m3 using EHC at the
sender before sending them to the destination:
• A set of active disjoint paths n between a sender and a receiver
are created. In our network topology, n is assumed as the num- We have M = 9 and m1 = m2 = m3 = 9/3 = 3
ber of active routes in the topology, and it is a fixed chosen
Encryption process:
value for creating multiple paths between a sender and a re-
ceiver to send a part of message. The sender routing table is Select p = 11, q = 7 and r (random ) = 2
 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425 5

Fig. 2. The procedure of the proposed scheme.

Then m = p × q = 11 × 7 = 77 • Sending Ep (m1) to group G1, Ep (m2) to group G2 and Ep (m3)

E p (m1 ) = (m1 + r ∗ pq) (mod m ) to group G3 along with clear msg-id, msg-sp-id, and msg-sp-id-
sum to be used to recover the entire message at the receiver
= (3 + 2∗117) (mod 77 )E p (m1 ) = 25
side.
And so on for m2 and m3 • On the receiver side, the receiver adds up all the encrypted
E p (m2 ) = 25 and E p (m3 ) = 25 parts of the entire message with the same msg − id = 1 by
6 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425

5.3. Proposed scheme

Proposed algorithm – the sender procedure

Input: message M, number of active disjoint paths n

Output: Encrypted part of message E(m)
1: Read M, n // read the entire message and
number of active paths between
source and destination.
2: Set r // number of required disjoint active
paths in each group.
3: Set G to n / r // G is the number of groups of
disjoint paths.
4: Set m = M / G // splitting the original message.
5: Set msg-id to 1 // assign ‘message id’ value for the
whole message.
6: msg-sp-id-sum = 0 // initiate value of the sum of
message parts.
7: for (i = 1; i ≤ G; i++)
8: Set msg-sp-id to i // assign ‘id’ to part of the message.
9: Set E(m) to encrypt m // encrypt part of the message.
10: msg-sp-id-sum + = msg-sp-id // add to get the sum of message
split ids.
11: Write msg-id, msg-sp-id, E(m) // buffer output data.
12: end for
13: Write msg-sp-id-sum // attend sum of message split ids to
the buffer of output.
14: Send msg-id, msg-sp-id, //send output data to destination.
msg-sp-id-sum,E(m)

Proposed algorithm – the receiver procedure

Input: msg-id, msg-sp-ids, msg-sp-id-sum, encrypted message E(m)

Output: the original message M
1: Set sum = 0, E(M) = 0
2: While (sum != msg-sp-id-sum) do
3: if (msg-sp-id is duplicated) then // msg-sp-id of encrypted message
is already received.
4: drop E(m) // drop the duplicate encrypted
message.
5: else
Fig. 3. An example of the proposed scheme where n = 6 and G = 3. 6: add E(M)=E(M)+E(m) // add encrypted parts of message.
7: sum = sum+ msg-sp-id // add message split ids of the
encrypted parts.
8: end while
adding message part ids (msg − sp − id1 + msg − sp − id2 + 9: M = decrypt E(M) // decrypt sum of the encrypted
parts to get the original Message.
msg − sp − id3) using the additive property in homomorphic
encryption scheme to reach the sum of message parts msg-sp-
Now, we analyze time complexity of our proposed scheme. In
id-sum = 6. When the received part is duplicated with already
EHC, key generation, encryption, and decryption run in time poly-
received message part ID, then the receiver discards it.
nomial (λ) where λ is a security parameter specifying the bit-
length of the keys. To simply the analysis, let us assume that one
E (m1 ) + E (m2 ) + E (m3 ) = 25 + 25 + 25 = 75 = Y encryption time in EHC is T. Since decryption time in EHC is much
smaller than encryption time, the encryption time dominates, and
T is the execution time in EHC. The overhead of using EHC in our
• Decrypt the sum of the encrypted parts of entire message to
proposed scheme is T × θ (G). Note that G is the number of groups
get the original message at the receiver using EHC.
of disjoint paths, and n is the number of active disjoint paths be-
tween a sender and a receiver.
Decryption process: Next, we analyze the time complexity of the sender’s proce-
dure in our proposed scheme. The initialization steps (1 to 5) take
θ (1), respectively. Encryption steps (6 to 12) repeat G times, so it
Y = E (m1 ) + E (m2 ) + E (m3 ) = 75 and shared key takes T × θ (G) times. So, the computational time complexity of the
p = 11 Dp (Y ) = Y mod p sender’s procedure is T × θ (G). The communicational time com-
plexity in 14 is θ (G) since the sender transmits E(m) and msg-sp-
= 75 mod 11 = 9 = M (The original message)
id G times. The storage for msg-sp-id and E(m) needs θ (G) times,
and the storage for msg-id and msg-sp-id-sum takes θ (1) time. The
In this scheme, the receiver can recover the whole message storage for n paths is θ (n) times. Now, we analyze the time com-
even though the data are dropped through (n /G) − 1 disjoint plexity of the receiver’s procedure in our proposed scheme. The
paths due to blackhole attacks because data is received via another initialization step (1) takes θ (1). The addition steps (2 to 8) take
safe path available in the group. Also, the entire message cannot be θ (G) times. The decryption time (9) takes O(T) times. So, the com-
revealed to an attacker even if the node is compromised because putational time in the receiver’s side is smaller than that in the
the attacker gets only a part of the encrypted message, not the en- sender’s side. The storage requirement in the receiver’s side is also
tire message. Hence, original data is recovered successfully. smaller than that in the sender’s side. Therefore, the time com-
 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425 7

Table 1
Comparison of time complexity between our proposed scheme and the original AOMDV scheme.

Scheme Memory Encryption Decryption Computation Communication

our proposed θ (n) + θ (G) T × θ (G) T × θ (1) T × θ (G) θ (n)

AOMDV θ (n) – – θ (1) O(n)

plexity in the sender’s side is the time complexity in our proposed From this model, the total expected waiting time Wi in Qi just
scheme. for one packet is the mean response time.
In the original AOMDV scheme, the storage requirement for n
paths is θ (n). Neither encryption nor decryption is used. So, the Wi = (1/μ )/(1 − ρ) (3)
computational complexity is O(n). The communicational time com- Let α i be the throughput that can be expected in Qi .
plexity is also O(n) in the worst case. Table 1 summarizes the com-
parison of time complexity between our proposed scheme and the parts o f the data
αi = (4)
original AOMDV scheme. Wi
Now, we can obtain β the throughput of the proposed protocol
6. Analytical model during Wi as follows:


n
In this section, we analyze our proposed algorithm through nu- β= αi (5)
merical modeling. When we assume that a source node has n dis- i=1
joint routes to the destination, we can model each route as a queue
where n is the number of active disjoint paths.
Qi, which has a service rate μi and arrival rate λ from the source
Each route as a queue has a service rate μ equal to 2 pack-
node as shown in Fig. 4. Since a route consists of number of nodes,
ets/second and arrival rate λ equal to 1 packet/second. We assume
the buffer capacity of each route is the sum of buffers in all nodes.
that we have four different scenarios for our MANET topology such
Hence, we use the M/M/1 queue under the assumption that each
as no malicious node (no packet loss), one malicious node into the
queue has an infinite buffer for traffic and the service discipline is
active route, two malicious nodes into two active routes and also,
FCFS. Fig. 4 shows the queue model used in our analysis.
three malicious nodes in the topology, respectively. Table 2 lists the
results of the total throughput obtained from the analytical results
6.1. M/M/1 queue with those obtained from the simulation results.

To analyze the M/M/1 with Poisson arrivals (exponential inter- 6.2. Our example scenario
arrival times) and exponential service times, we need to know only
the mean arrival rate λ and the mean service rate μ. Quantity λ/μ λ = 1 packet/second, μ = 2 packets/second and packet
is called the utilization factor (traffic intensity) of the server and is size = 512 bytes. Waiting time W1 in Q1 just for one packet is the
denoted by ρ . The stability condition of the queue is ρ < 1. Below mean response time .
is a list of properties of M/M/1 queue.
Definition 1 Mean waiting time: Wi = (1/μ )/(1 − ρ ) = (1/2) / (1 − 0.5) = 1 sec
1/μ From our proposal, dividing the first packet for sending it into
E [w ] = ρ (1)
1− ρ M/M/1 queues and the capacity of each queue is one packet per
second, so the source sends three packets to utilize the whole size
Definition 2 Mean response time: of the queue.

E [r ] = (1/μ )/(1 − ρ) (2) 4, 096 bits / 3 (# o f groups ) = 1, 365 bits

Fig. 4. Queue model for the proposed protocol.

8 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425

Table 2
Comparing the throughput obtained from the analytical results with those obtained from
the simulation results.

Number of malicious nodes Numerical results (kbps) Simulation results (kbps)

0 24.57 72
1 20.47 57
2 16.38 59
3 12.28 39
4 8.19 34
5 4.06 24

Table 3 • Packet delivery ratio (%): the proportion of the total number
Simulation parameters.
of packets reached the destination over the number of packets
Simulator Network simulator 2.35 sent by the source.
Number of nodes 100 • Throughput (bits/sec): the amount of data successfully received
Malicious nodes 0, 1, 2, 3, 4, 5 at the destination per second.
Area 1100 m × 1100 m • Packet loss (%): the average number of lost packets during the
Communication range 250 m data transmission process.
Packet size 512 bytes
• Average end-to-end delay (sec): the time taken for a packet to
Interface type Phy/Wireless phy
MAC type IEEE 802.11 reach the destination from the source node.
Queue length 50 packets
Propagation type TwoRayGround Also, we consider node mobility scenarios to analyze the simu-
Routing protocol AOMDV lation results based on the performance metrics as below:
Transport agent UDP
Application agent CBR • Packet delivery ratio (%).
Traffic rate 1 kbps • Throughput (bits/sec).
Simulation time 900 s

7.2. Simulation results

The throughput that can be expected in a single queue such as
7.2.1. Packet delivery ratio
Q1 is:
Refer to Fig. 5. Here, the packet delivery ratio (PDR) is com-
parts o f the data
α1 = = 4096 bits/sec pared between our proposed scheme and the original AOMDV pro-
W1 tocol as a function of malicious nodes (blackhole attackers). When
The total throughput β of all queues Q’s during Wi  s is : one attacker is launched into one of the active routes, PDR is de-
creased in the original AOMDV scheme but there is no big impact

n 
6
β= αi = αi in AOMDV when the number of attackers is increased more than
i=1 i=1 one for a single data transmission flow through the same active
route because the AOMDV scheme utilizes only a single path at a
= α1 + α2 + α3 + α4 + α5 + α6 = 24, 576 bits/sec
time. Hence, the first attacker involved in the single path only will
In this case, n is the number of active disjoint paths between create a big impact and the rest of the attackers will not create any
the source and the destination, and there is no malicious node significant impact since the original data is already dropped. In the
within any of these active paths. But in the case of malicious meantime, our proposed scheme maintains the PDR because the
node’s presence, the throughput for a single queue is zero due to original data is received somehow by using any one of the paths
the dropping of data by the malicious node. from the number of paths in the group. Hence, the original data is
recovered properly. Here, we observe that in the presence of any
7. Performance evaluation
malicious nodes, the packet delivery ratio reduces too much in the
original AOMDV, but it stays holding close in our proposed scheme,
In this section, the simulation results for performance evalua-
tion are presented. First, the simulation methodology and perfor-
mance matrices are explained and then the simulation results are
given.

7.1. Performance methodology and performance metrics

We make a simulation using network simulator (NS-2) [23].

The AOMDV protocol is modified to simulate our proposed scheme
with several malicious nodes. We define 100 nodes for our simula-
tion. Some of those nodes are simulated as blackhole nodes. Each
node in a MANET is assigned an initial position within the simula-
tion dimensions (1100 × 1100 m). The packets are generated using
CBR with packet size 512 bytes for all mobile nodes. 10 m per sec-
ond is used as the mobility of each node. The simulation lasted
900 s. We use IEEE 802.11 MAC protocol. Table 3 lists the simula-
tion parameters.
To evaluate the performance, we simulated the original AOMDV
protocol and our proposed scheme in the following four metrics as
a function of number of attackers: Fig. 5. Impact of packet delivery ratio as a function of malicious nodes.
 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425 9

Fig. 8. Impact of end-to-end delay as a function of malicious nodes.

Fig. 6. Impact of throughput as a function of malicious nodes.

Fig. 7. Impact of packet loss as a function of malicious nodes.

Fig. 9. Impact of packets delivery ratio as a function of node mobility.

and more malicious nodes give less packet delivery. As seen, our
proposed method has shown a good performance in packet deliv- impact because the encrypted message has already dropped by the
ery compared to the original method. first attack. But there is an impact of multiple attackers in the pro-
posed protocol because the scheme utilizes multiple paths simul-
7.2.2. Throughput taneously. Even though the impact is present with higher data loss
In Fig. 6 we compare the throughput of schemes as a function in our proposed scheme by increasing the malicious modes, it de-
of malicious nodes (blackhole attackers). When an active attacker livers almost whole packet to the destination by distributing it into
is present in the network, the amount of data successfully received multiple paths to ensure the entire delivery through safe paths.
at the destination per second is decreased in both schemes be-
cause of the long duration of data transmission. But our proposed
scheme still provides higher throughput than the original AOMDV 7.2.4. End-to-End delay
scheme due to the high PDR when the number of attackers is in- In Fig. 8 we compare the end-to-end delay of both schemes as
creased. Even though our proposed scheme takes more time for a function of blackhole attackers. The delay is higher in our pro-
delivering the packet, it is more reliable to deliver the packet when posed scheme than the original AOMDV scheme when the number
malicious nodes are increased. Here, we observe that throughput is of malicious nodes is increased due to its procedures and secu-
higher in our proposed scheme compared to the original scheme rity features. According to the data packet delivery ratio when the
for the packet transmission. number of malicious nodes is increased, our proposed scheme can
deliver data better than other methods, but it must divide and en-
crypt the message to achieve this feature. Due to this reason, it
7.2.3. Packet loss
takes more delay for the delivery.
The packet loss of the schemes is compared in Fig. 7 as a func-
tion of blackhole attackers. In general, when the number of active
attackers is increased within multipath routing protocols, packet 7.2.5. The impact of mobility on performance
loss is increased. In the original AOMDV protocol, there is slight Fig. 9 depicts the effect of the packet delivery ratio on the node
impact on the packet loss when the attacker is increased more mobility in the presence of the blackhole attack in the network,
than one for a single data transmission because the scheme uti- where node mobility (meter per second m/s) is the rate at which
lizes only a single path at a time. Thus, the first attacker involved the nodes are moving in the network. We observe that AOMDV
in the single path only will create a big impact and the rest of the suffers heavy loss in packets in the presence of a blackhole node,
attackers in the same active route will not create any significant by dropping from above 30% to below 20%. However, our protocol
10 E. Elmahdi, S.-M. Yoo and K. Sharshembiev / Journal of Information Security and Applications 51 (2020) 102425

Supplementary materials

Supplementary material associated with this article can be

found, in the online version, at doi:10.1016/j.jisa.2019.102425.

References

[1] Das M Marina S. On-demand multipath distance vector routing in ad hoc net-
works. Ninth international conference on network protocols ICNP Riverside,
CA, USA. IEEE; 2001.
[2] Zheng Y, Zhao Z, Zhu J. Improved AOMDV with precaution algorithm in wire-
less ad hoc networking. In: IEEE International conference on control and au-
tomation. IEEE; 2009. p. 175–9.
[3] Parmar PV, Padhar SB, Patel SN, Bhatt NI, Jhaveri RH. Survey of various homo-
morphic encryption algorithms and schemes. Int J Comput Appl 2014;91:26–
32. doi:10.5120/15902-5081.
[4] Chlamtac I, Conti M, Liu JJN. Mobile ad hoc networking: imperatives and chal-
lenges. Ad Hoc Netw 2003;1:13–64. doi:10.1016/S1570-8705(03)00013-1.
[5] Papadimitratos P, Haas ZJ. Secure message transmission in mobile ad hoc net-
works. Ad Hoc Netw 2003;1:193–209. doi:10.1016/S1570-8705(03)0 0 018-0.
[6] Lou W, Liu W, Fang Y. SPREAD: enhancing data confidentiality in mobile ad
hoc networks. Proc IEEE INFOCOM 2004;4:2404–13. doi:10.1109/INFCOM.2004.
1354662.
[7] Wazid M, Kumar A. A secure group-based blackhole node detection scheme
Fig. 10. Impact of throughput as a function of node mobility. for hierarchical wireless sensor networks. Wirel Pers Commun 2017;94:1165–
91. doi:10.1007/s11277- 016- 3676- z.
[8] Wazid M, Kumar A. An efficient hybrid anomaly detection scheme us-
ing K-means clustering for wireless sensor networks. Wirel Pers Commun
scheme gives a higher packet delivery ratio, not less than 75% in 2016;90:1971–2000. doi:10.1007/s11277- 016- 3433- 3.
the node mobility 80 m/s even in the presence of a blackhole node. [9] Wazid M, Das AK, Kumari S, Khan MK. Design of sinkhole node detection
mechanism for. Secur Commun Netw 2016;9:4596–614. doi:10.1002/sec.
Also, the effect of the network throughput on the node mobil- [10] Satav P, Jawandhiya P, Thakare V. Secure route selection mechanism in the
ity is depicted in Fig. 10. We observe that the standard AOMDV presence of black hole attack with aomdv routing algorithm. 2018 Fourth in-
protocol under blackhole attack has much lower throughput when ternational conference on computing communication control and automation.
IEEE; 2018.
compared to that of our proposed scheme. Moreover, when an ac-
[11] Yang H, Shu J, Meng X, SCAN SLu. Self-Organized network-layer security in
tive attacker is present and the node mobility is increased in the mobile ad hoc networks. IEEE J Sel Areas Commun 2006;24:261–73.
network, the amount of data successfully received at the destina- [12] Chelvan KC, Sangeetha T, Prabakaran V, Saravanan D. EAACK-A secure intrusion
detection system for. Int J Innov Res Comput Commun Eng 2014;1:3860–6.
tion per second is decreased in both schemes but still our pro-
[13] Tan S. Using cryptographic technique for securing route discovery and data
posed scheme holds very high throughput compared to the origi- transmission from blackhole attack on AODV-based MANET. Int J Netw Distrib
nal protocol. Comput 2014:100–7. doi:10.2991/ijndc.2014.2.2.4.
[14] Ertaul L, Chavan N. Elliptic curve cryptography based threshold cryptogra-
phy (ecc-tc) implementation for manets. IJCSNS Int J Comput Sci Netw Secur
8. Conclusion 2007;7:48–61. http://paper.ijcsns.org/07_book/200704/20070407.pdf.
[15] Sultana J, Ahmed T. Securing AOMDV protocol in mobile adhoc network with
In this paper, we proposed an extended AOMDV scheme to elliptic curve cryptography. 2017 International conference on electrical, com-
puter and communication engineering. IEEE; 2017. doi:10.1109/ECACE.2017.
make data transmission be reliable and secure in the presence 7912964.
of malicious nodes in MANETs by distributing the parts of en- [16] Jain G, Rajawat G. Secure AODV routing protocal based on homorphic digital
tire message into multiple paths and using a homomorphic en- signature. 2nd International conference on contemporary computing and in-
formatics; 2016. doi:10.1109/IC3I.2016.7917980.
cryption method for cryptography. The simulation results show [17] Rangasami K, Vagdevi S. Comparative study of homomorphic encryption meth-
that the proposed scheme provides a higher packet delivery ratio ods for secured data operations in cloud computing. International conference
and throughput, which are good features for the emergency ap- on electrical, electronics, communication, computer, and optimization tech-
niques; 2017.
plications in MANETs. Moreover, the success rate of the proposed [18] Ahmed G, Barskar R, Barskar N. An improved DSDV routing protocol for wire-
scheme to ensure and guarantee the delivery of the packet to the less ad hoc networks. Procedia Technol 2012;6:822–31. doi:10.1016/j.protcy.
target is very high with many active paths in each group of the 2012.10.100.
[19] Liu S, Yang Y, Wang W. Research of AODV routing protocol for ad hoc net-
network.
works1. AASRI Procedia 2013;5:21–31. doi:10.1016/j.aasri.2013.10.054.
Further research will be done in decreasing end-to-end delay to [20] Chen Y, Xiang Z, Jian W, Jiang W. A cross-layer AOMDV routing protocol for
apply this scheme to the emergency applications in MANETs. V2V communication in urban VANET. In: Fifth international conference on mo-
Comment: Earlier version of this paper was presented to IEEE bile ad-hoc and sensor networks; 2009. p. 353–9. doi:10.1109/MSN.2009.30.
[21] Ertaul L, Vaidehi. Implementation of homomorphic encryption schemes for
CCWC (The 8th IEEE Annual Computing and Communication Work- secure packet forwarding in mobile ad hoc networks (MANETs). IJCSNS Int J
shop and Conference), Las Vegas, NV, USA, Jan. 2018. Comput Sci Netw Secur 2007:132–41.
[22] Ahirwal RR, Ahke M. Elliptic curve diffie-hellman key exchange algorithm for
securing hypertext. Inf Wide Area Netw 2013;4:363–8.
Declaration of Competing Interest [23] Teerawat Issariyakul EHE.H. Teerawat Issariyakul. Introduction to network sim-
ulator NS2. second. Springer Science+Business Media; 2012.
None.