A Neighbor Trust Weight Based Cryptography for Multi Key Distribution for Improving Quality of Service in MANETS

A decentralised MANET is used to construct a dynamic network where there is no central authority and no permanent infrastructure [1]. They communicate with one another in a multi-hop fashion to get past contact coverage and resource limitations [2]. Based on their relative proximity, nodes either make direct connections to one another or act as hosts and routers [3]. Node-to-node data transfer is essential to a functional network. MANETs are especially vulnerable to routing attacks from within the network due to their open topology, decentralised structure [4], and absence of a central authority. This makes complicated network routing a challenging problem in general. Multiple routing assaults [5] are not prevented by the standard approaches to routing in ad hoc networks [6].

External attacks are typically resisted using security schemes due to traditional cryptographic systems. They are, however, ineffective in defending against attacks initiated by internal malevolent nodes [7]. By engaging in various types of packet-forwarding misbehaviors, such malicious nodes can have a significant impact on network security [8]. In such a hostile environment, incorporating the principle of "confidence" and “trust” would allow for forecasting of neighbor node activity [9]. The principle of trust may be useful in competitive environments where nodes would rely on one another to achieve their objectives securely. Trust supervision arrangements have recently been proposed as a feasible security solution for improving MANET routing resolutions by detecting malicious nodes [10].

The acronym ADMA stands for an Autonomous Decentralized Management Architecture [11] that was developed to bring autonomic concepts to MANETs. This feature enables the network to automatically adapt to new conditions without requiring manual intervention [12]. Our system is decentralised and runs in a peer-to-peer fashion, so it doesn't need a central authority to manage the network [13]. With the help of monitoring data and preset high-level policies [14], every mobile node that uses ADMA components can make the right call at the right time [15].

Ad hoc nodes in MANETs independently relay information and command packets they have received from other nodes. Therefore, rogue nodes pose a significant security risk and make it challenging to secure the MANET [16]. This is due to the fact that packet content collected from other nodes is not guaranteed and may be altered or discarded. When it comes to raising Quality of Service (QoS) [17], the routing protocol plays a crucial role. Disruptions to data transmission can occur in MANETs due to the chaotic topology and autonomous behaviour of their nodes [18]. This phenomenon requires a protocol to route to the destination that will find more secure and skilled routes. Routing protocols are ongoing research aimed at enhancing MANET’s security by developing current security systems or proposing new securities [19]. This means that the efficiency and protection of a MANET have to be resolved. The common attacks in MANETs include the loss of packets [20], malicious node injection with fake route information, excluding target node from routing or routing requests attacking the target node [21]. These scenarios trigger inefficient routing and degrade network efficiency. The structure of MANET is depicted in Figure 1.

1.jpg

Figure 1. MANET structure

MANET has a great deal of functionality left to offer as compared to traditional networks such as ARPANETs [22]. This system is insecure because it is vulnerable to both passive and active attacks as well as having a public feature [23]. There are more group problems that remain in MANETs, relative to point-to-to-point systems [24]. The scheme gets inappropriate details to the members of the community and they must keep the content's integrity. Multicast data can be encrypted using a group key [25]. A dynamic group membership is required to allocate the latest key to each member [26]. The main drawbacks of the existing model sis that they are vulnerable to attacks that need to be reduced with the trusted key distribution model for enhanced quality of service [27].

1.1 Key distribution

In mobile ad hoc networks, many modern technologies include group-oriented communication. Multicast is an effective way to support group-oriented applications, particularly with a limited bandwidth and power in the mobile environment. It is necessary to provide secure multicast communication if such applications are to be used in a conflicting environment. The main obstacle for safe multicast communications is key management. The challenging factor of "1 affects n" must be resolved by the multicast key distribution [28]. Multi-cast communications with secure key distribution relies heavily on security services include authentication, data integrity, access control, and group confidentiality. Privacy within the community is the most important backbone for many apps. Sharing a secret enables this security function, but doing so securely is the primary problem of key management in designing secure multi-cast and efficient community systems of communication.

Most of these security services typically rely on coding using traffic coders and coding uses coding keys. Key management involves the development, distribution and update of keys, which is a basic block for stable multi-level applications. Each member holds a key to encrypting and decrypting the multicast data in a secure multicast communication. In order to fulfil the multicast key management criteria, a member must update and distribute to all members when they leave the group.

Encrypting and authenticating data exchanged between nodes in an ad hoc network is crucial to ensuring the privacy of communications. For these security processes to go smoothly, it's important that users agree on a shared set of keys beforehand. Ad hoc mobile network key distribution is made more difficult by MANET constraints than it would be in more traditional networks. Traditional key distribution systems rely on a Certificate Authority (CA) or Trusted Third Party (TTP) to issue users with certificates that may be used to verify the authenticity of public keys. In order to ensure safe communication, the suggested model employs an efficient routing model, and to boost the system's performance, it uses an efficient key distribution model. The introduction section discuss about the MANET routing and quality of service models. Section 2 discuss about the literature review of the traditional models, section 3 discuss about the proposed model for routing and trust level based cryptography model. Section 4 discuss about the results and section 5 concludes the paper.

On any mobile host, a routing protocol is implemented and is thus restricted to each node by resources. Therefore, an effective routing strategy is desirable in order to guarantee connectivity so that nodes can communicate quickly. This routing strategy must minimize the overload of computation on mobile host and network traffic. The following are assumed from the proposed Trust Level based Cryptography Model (ITLCM) and Neighbor Trust Weight based Routing Model (NTWRM) scheme:

• All mobile nodes have the same physical features.

• Network wireless connections are two-way.

• All nodes run in a Secret Auditor Mode (SAM) in order to observe neighboring nodes and their behavior.

• A central auditor node (CAN) is selected from the network to monitor all nodes for their trust factors.

• A cryptography model is used for generation of keys for identification of trusted nodes.

The proposed trust model uses shortest observations to derive neighboring node mistrust by analyzing neighbor nodes packet falling ratios, energy consumption ratios. Furthermore, each node uses a discovery mechanism for attack patterns that detects nodes that are malicious. Recommendations from trusted neighbors to enhance routing decisions are also considered. The CAN is selected based on the computational capabilities, trust factors, energy consumption levels and neighbor feedback rate.

3.1 Neighbor trust weight based routing model (NTWRM)

In the proposed routing method when a network is established, the CAN node is selected and then it calculates the trust factors of all nodes. The nodes whose trust factors are more than the threshold can be considered to involve in routing. The trust factor of each node is calculated as:

$T_R=\sqrt[n]{\prod_{i=1}^n} T_{i, j}$ node $_i$ and node $j \in$ route $\sum_{i=1} \operatorname{Max}(P D R(i))+T h$

$R_{\text {and node}\quad_i}\rightarrow$ node $_j, i \neq j$

$T L=\left(1-\frac{n}{N}\right) \times T_R>T h, \quad n=C A N_{N S}+N_{i s}$

The sender determines the mistrust of the neighbor node by monitoring neighbor's behavior. In particular, if N_J does not forward packets sent by N_i, the node N_i will increase the discrepancy score of its neighboring node so that in further communications, this node will not be allowed to involve in communication. In the proposed routing mode, the values of mistrust are limited between 0 and 1 i.e, 0 for high malicious and 1 for malicious. In the proposed routing model, initially the nodes want to communicate initialize the routing process.

The CAN node is selected and then trust factors are calculated. The nodes with trust factor more than threshold value is considered. The sender will send a RACK to all the valid neighbors by checking their trust factors. The neighbor nodes will acknowledge the sender node only after taking information from the CAN node that the sender is a trusted node. The CAN node will generate keys and distribute them to the nodes involved in communication. The nodes will send their keys to the sender back as an acknowledgement.

The sender will establish the route by considering the acknowledgement key from the neighbor nodes and verifies it from the CAN node and then only updates the routing table. All the available routes from the sender to destination is recorded in the CAN node and only one shortest route is selected. The remaining routes can be used if there is any problem with the considered route. The process is continued till the route toward the destination is completed and the routing table is finalized by the CAN node. The routing process is depicted in Figure 2.

2.jpg

Figure 2. Routing process in proposed model

The node which transmits a packet will check within its coverage that the neighbour transmits a packet within a certain time frame to another node. Otherwise, the value assigned to the neighbour will be reduced and the packet resend instruction is forwarded by the CAN node. The CAN will continuously monitor all the nodes. When the communication is initiated, the Secret Auditor Mode is activated and each node is monitored by its neighbor node and also by CAN node and its trust factor is updated by the CAN node if any malicious behavior is observed. A SAM is used to ensure its neighbour sends the packet to the next hop in the routing table and any intermediate nodes along the way. If the nearby node does not forward the packet in the next hop to the required node, the trust factor of it will be updated by the CAN node. The route selection process is indicated in Figure 3. The packet stays in the buffer of the node, and is then removed from the buffer until transmitted successfully. The trust factor is updated as:

$T f_n=\sum_{i=1}^n tr_i \times D_Y^{X_i}, \quad W(N)_i=\frac{\frac{1}{P D R_{X_i}}}{\sum_{j=1}^n \frac{1}{P L R_{X_{j}}}}, \sum_{i=1}^n W_i>T h$

3.jpg

Figure 3. Route selection procedure

The route trust is also calculated and updated to the CAN node. All the available routes trust factors are calculated and then the highest average trust factor route is considered for communication. The routes trust factors are calculated as:

$\operatorname{RouTr}_{i, j}(t)=\frac{\sum_{i=0}^N T(i) \times T_n(i+1)}{\sum_{i=0}^N T f(i)}>$ Threshold

The routes at the CAN node will be updated when the trust factors are updated. The most trusted route is selected for the communication. The route updating is performed as:

$\operatorname{RouTu}\left(T f_{i j}\right)=\operatorname{RouTr}(N(i)) / \sum_{i=1}^N T f_{i j}$,

$T f_{i j}=\frac{N(i)_{i j}^{i+1}-\min \left\{N(i)_{i j}^j\right\}}{\max _i\left\{N(j+1)_{i j}^i\right\}-\min _j\left\{N(j)_{i j}^j\right\}}+T h$

Algorithm NTWRM

{

Step-1: Create a network with the required nodes to initiate data communication.

Step-2: Calculate the trust factors for each and every node.

Step-3: Identify the node whose trust factor, computational capabilities and energy levels are high and consider it a CAN Node.

Step-4: Activate Secret Auditor Mode

Step-5: The sender will initiate the route identification process by sending RACK to all the trusted neighbor nodes.

Step-6: The neighbor nodes will verify the acknowledgement by considering the information from the CAN node and checks whether CAN node is original or not.

Step-7: The CAN node will generate the keys and distribute to all the trusted neighbor nodes.

Step-8: The neighbor nodes will send keys to the sender as return acknowledgement and the sender verifies the keys from the CAN node.

Step-9: The shortest route having high trust factor is updated in the routing table and the communication is initiated.

Step-10: After communication is completed, deactivate the Secret Auditor Mode.

}

3.2 Trust level based cryptography model (ITLCM)

In the process of routing, the proposed model considers keys for node validation. The keys are calculated using the CAN node. In the proposed work, a Trust Level based Cryptography Model (ITLCM) is introduced that calculates the keys based on the trust levels of the nodes. The keys generated are maintained by the CAN node and these keys are distributed the trusted nodes involved in the communication. The keys once shared will be erased after they are utilized by the nodes for verification. This erasing operation is performed to avoid masquerade attacks in the network. The proposed model generates multiple keys for the nodes involved in communication. The keys once used will not be reused in the proposed model. The keys generated must be unique and security need to be strictly maintained to improve the system performance.

3.3 Key generation process

MANETs are vulnerable to attack because they use wireless connections. Eavesdroppers may gain access to sensitive information for providing network security. Hackers can target the network directly to delete messages, insert false messages, or impersonate a node, violating availability, credibility, authentication, and non-repudiation. Inside a network, compromised nodes may also initiate attacks. A cryptographic key must be exchanged by all authorized network members for safe data communication. When current group members leave the system or new members join the network, this hidden key should be changed. The process of key generation is discussed briefly.

The CAN node will generate the unique keys for all the trusted nodes in the network. Based on the trusted factor of a node, the keys are generated for each node separately.

The keys for a node is generated by the CAN node by considering the two random polynomials where one is prime and other one is a random number that is greater than first polynomial.

The two numbers are considered randomly and considered as:

$\left.PP _{ i }( N ( i ))\right), PPj ( N ( i +1)) \in N ( ID )$,

where PPj( $\left.N ( i +1))> PP _{ i }( N ( i ))\right)$

The two polynomials calculate their values as:

$\left.P P_i(N(i))\right)=\sum_{i=0}^N T h+N(i)_{i, j} \operatorname{Tr} N$ and

$P P_j(N(i+1))=\sum_{i=0}^N P P i(N(i))+T h+T f_{i, j} \operatorname{Tr}^{N-1}$

$\operatorname{Ik}( N ( i ))=\left( K _{ N ( i )} \oplus \operatorname{Rid}\right) \oplus\left( K _{ N ( i +1)} \oplus Rid \right)$

$\oplus \operatorname{Th} \& \operatorname{Tf}( N ( i )) \oplus \operatorname{PP}_{ i }( N ( i ))$

here, Ik is the intermediate key, KN(i) is the key for node I, initially it is the node id and Rid is the Receiver node ID and Th is threshold value and Tf(N(i)) is the trust factor of the node.

$Ik ( N ( i ))=\operatorname{Ik}( N ( i )) \oplus CAN ( ID )$

$\oplus\{$$\left._{Tr(Dest )} \oplus_{\text {Tf (Sender) }}\right\} \oplus \operatorname{Th} \oplus PP _{ j }( N ( i +1))$

The final key for each node is calculated as:

$Fk \left( N ( i )= Ik ( n ( i )) \oplus CAN ( ID ) \oplus PP _{ i }( N ( i ))\right.$

$\oplus PP _{ j }( N ( i +1))+\operatorname{Routr}( N ( ID ))$

For authentication, all of the keys produced are used. Authentication allows a mobile node to verify the identity of the peer node with which it is communicating, preventing an attacker from impersonating a node and obtaining unauthorized access to resources and sensitive data. The proposed model performs the process of routing effectively by using the keys for authentication that improves the security levels of the system.