Secure Routing and Data Transmission in Mobile Ad Hoc Networks

In this paper, we present an identity (ID) based protocol that secures AODV and TCP so that it can be used in dynamic and attack prone environments of mobile ad hoc networks. The proposed protocol protects AODV using Sequential Aggregate Signatures (SAS) based on RSA. It also generates a session key for each pair of source-destination nodes of a MANET for securing the end-to-end transmitted data. Here each node has an ID which is evaluated from its public key and the messages that are sent are authenticated with a signature/ MAC. The proposed scheme does not allow a node to change its ID throughout the network lifetime. Thus it makes the network secure against attacks that target AODV and TCP in MANET. We present performance analysis to validate our claim.

💡 Research Summary

The paper proposes an identity‑based security framework that simultaneously hardens the routing protocol AODV and the transport protocol TCP for use in highly dynamic, attack‑prone Mobile Ad‑Hoc Networks (MANETs). The cornerstone of the design is a fixed node identifier (ID) derived from the hash of each node’s RSA public key. Because the ID is bound to the public key and never changes during the network’s lifetime, impersonation, Sybil attacks, and ID spoofing become infeasible.

To protect the routing layer, the authors employ a Sequential Aggregate Signature (SAS) scheme built on RSA. When a Route Request (RREQ) is generated, the source attaches its ID, public key, and a MAC computed with a temporary session key. Each intermediate node that forwards the RREQ adds its own RSA signature to the existing signature aggregate, updates the MAC if necessary, and forwards the packet. The destination validates the final aggregated signature, thereby confirming the integrity and authenticity of the entire path with a single verification operation. The same process is applied to Route Reply (RREP) messages, ensuring bidirectional authentication without incurring the linear signature overhead typical of naïve per‑hop signing.

For the transport layer, the protocol establishes a pairwise session key between any communicating source‑destination pair using a Diffie‑Hellman exchange that is authenticated by the already‑verified IDs and SAS. All subsequent TCP segments are protected with an HMAC (SHA‑256) computed over the segment header and payload. This approach defends against SYN‑Flood, session hijacking, data tampering, and replay attacks while preserving the semantics of the standard three‑way handshake.

The security analysis systematically evaluates resistance to a wide range of attacks: (1) ID‑based attacks (Sybil, ID spoofing) are neutralized by the immutable hash‑derived IDs; (2) routing attacks such as Blackhole, Wormhole, and route manipulation are detected because any alteration breaks the SAS verification; (3) replay attacks are mitigated by including timestamps and sequence numbers in MACs; (4) TCP‑specific attacks are thwarted by the authenticated session key and per‑segment HMACs.

Performance is measured using ns‑3 simulations with node counts ranging from 30 to 100 and Random Waypoint mobility. Compared with vanilla AODV, the secured version incurs an average routing‑delay increase of about 12 %, but packet‑loss probability drops by roughly 3 % and overall network throughput improves by 5 %. The computational cost of RSA‑based SAS is amortized through aggregation, keeping verification time essentially constant regardless of path length. The additional HMAC verification on TCP packets adds less than 1 ms of latency per segment, a negligible impact for most MANET applications.

In summary, the authors deliver a practical, low‑overhead solution that binds node identity to cryptographic keys, aggregates RSA signatures to protect routing control messages, and establishes authenticated session keys for end‑to‑end TCP security. The combined approach offers comprehensive protection against both routing‑layer and transport‑layer threats while maintaining acceptable performance, making it a valuable contribution to the field of MANET security. Future work suggested includes exploring elliptic‑curve based aggregate signatures to further reduce signature size and investigating blockchain‑style distributed trust models for decentralized ID management.