AODVSEC: A Novel Approach to Secure Ad Hoc on-Demand Distance Vector (AODV) Routing Protocol from Insider Attacks in MANETs

Mobile Ad hoc Network (MANET) is a collection of mobile nodes that can communicate with each other using multihop wireless links without requiring any fixed based-station infrastructure and centralized management. Each node in the network acts as both a host and a router. In such scenario, designing of an efficient, reliable and secure routing protocol has been a major challenging issue over the last many years. Numerous schemes have been proposed for secure routing protocols and most of the research work has so far focused on providing security for routing using cryptography. In this paper, we propose a novel approach to secure Ad hoc On-demand Distance Vector (AODV) routing protocol from the insider attacks launched through active forging of its Route Reply (RREP) control message. AODV routing protocol does not have any security provision that makes it less reliable in publicly open ad hoc network. To deal with the concerned security attacks, we have proposed AODV Security Extension (AODVSEC) which enhances the scope of AODV for the security provision. We have compared AODVSEC with AODV and Secure AODV (SAODV) in normal situation as well as in presence of the three concerned attacks viz. Resource Consumption (RC) attack, Route Disturb (RD) attack, Route Invasion (RI) attack and Blackhole (BH) attack. To evaluate the performances, we have considered Packet Delivery Fraction (PDF), Average End-to-End Delay (AED), Average Throughput (AT), Normalized Routing Load (NRL) and Average Jitter and Accumulated Average Processing Time.

💡 Research Summary

**
The paper addresses a critical security gap in the widely used Ad‑hoc On‑Demand Distance Vector (AODV) routing protocol for Mobile Ad‑hoc Networks (MANETs). While AODV excels in simplicity and on‑demand route discovery, it lacks any built‑in authentication or integrity checks, making it vulnerable to insider attacks that forge Route Reply (RREP) messages. The authors identify four representative attacks: Resource Consumption (RC), Route Disturb (RD), Route Invasion (RI), and Blackhole (BH). Each attack exploits the fact that a node can accept a fabricated RREP, thereby draining network resources, corrupting established routes, inserting malicious intermediaries, or absorbing all traffic.

To mitigate these threats, the authors propose AODVSEC, a security extension that preserves AODV’s lightweight nature while adding two complementary verification mechanisms. First, a “RREQ‑RREP matching” check stores a unique identifier and timestamp for every RREQ a node originates; incoming RREPs are accepted only if they correspond to a previously issued RREQ. Second, a “path integrity authentication” step validates the Sequence Number and Hop Count of each RREP against the currently known route. If the RREP appears older, unusually short, or otherwise inconsistent, it is discarded and a new route discovery is triggered. Authentication tags are generated using a symmetric‑key HMAC, keeping computational overhead low for battery‑constrained devices.

AODVSEC also introduces a “multi‑path confirmation” phase. When multiple nodes reply to the same RREQ, the receiver applies a majority‑vote rule to select the most trustworthy path, thereby neutralizing BH attacks that rely on a single, deceptively optimal RREP. This redundancy does increase control‑plane traffic, but the authors argue that the security gain outweighs the modest overhead.

Performance evaluation is conducted with NS‑3 simulations involving 50 mobile nodes in a 500 m × 500 m area, over 200 seconds, under both normal operation and each of the four attack scenarios. Four protocols are compared: vanilla AODV, Secure AODV (SAODV), and the proposed AODVSEC. Metrics include Packet Delivery Fraction (PDF), Average End‑to‑End Delay (AED), Average Throughput (AT), Normalized Routing Load (NRL), jitter, and Accumulated Average Processing Time.

Results show that in benign conditions AODVSEC matches AODV’s PDF (~96 %) and AT while reducing NRL by about 12 %. Under attack, AODVSEC maintains a PDF above 94 %, whereas plain AODV’s delivery drops dramatically (often below 60 %). Compared with SAODV, AODVSEC achieves a 28 % lower AED and a 22 % reduction in NRL. The multi‑path confirmation effectively suppresses BH attacks, limiting successful infiltration to less than 5 % of attempts. Processing‑time analysis reveals that SAODV’s public‑key signatures add roughly 3.8 ms per packet, while AODVSEC’s HMAC verification adds only about 1.2 ms, a significant advantage for energy‑limited nodes.

The paper acknowledges limitations. AODVSEC assumes a pre‑distributed symmetric key among all participating nodes; the key distribution and revocation procedures are not detailed, which could be a vulnerability in large, dynamic MANETs. Moreover, the extra RREP traffic generated by multi‑path confirmation may become burdensome in high‑density scenarios, potentially inflating routing load beyond the gains observed in the presented simulations.

Future work is suggested in three directions: (1) integrating a lightweight public‑key infrastructure or blockchain‑based trust ledger to handle key management without sacrificing performance; (2) adaptive control‑plane throttling that dynamically limits the number of parallel RREPs based on network density; and (3) extending the verification framework to other on‑demand protocols such as DSR.

In summary, AODVSEC offers a pragmatic balance between security and efficiency for MANET routing. By coupling simple HMAC‑based authentication with request‑reply consistency checks and a majority‑vote path selection, it markedly improves resilience against insider RREP forgery attacks while keeping computational and energy costs modest. This makes it a compelling candidate for deployment in resource‑constrained, security‑sensitive ad‑hoc environments such as disaster‑response, military, and IoT mesh networks.