FHC-NCTSR: Node Centric Trust Based secure Hybrid Routing Protocol for Ad Hoc Networks

To effectively support communication in such a dynamic networking environment as the ad hoc networks, the routing mechanisms should adapt to secure and trusted route discovery and service quality in data transmission. In this context, the paper proposed a routing protocol called Node Centric Trust based Secure Hybrid Routing Protocol [FHC-NCTSR] that opted to fixed hash chaining for data transmission and node centric trust strategy for secure route discovery. The route discovery is reactive in nature, in contrast to this, data transmission is proactive, hence the protocol FHC-NCTSR termed as hybrid routing protocol. The performance results obtained from simulation environment concluding that due to the fixed hash chaining technique opted by FHC-NCTSR, it is more than one order of magnitude faster than other hash chain based routing protocols such as SEAD in packet delivery. Due to the node centric strategy of route discovery that opted by FHC-NCTSR, it elevated as trusted one against to Rushing, Routing table modification and Tunneling attacks, in contrast other protocols failed to provide security for one or more attacks listed, example is ARIADNE that fails to protect from tunneling attack.


INTRODUCTION
As ad-hoc networks do not rely on existing infrastructure and are self-organizing, they can be rapidly deployed to provide robust communication in a variety of hostile environments.This makes ad hoc networks very appropriate for a broad spectrum of applications ranging from providing tactical communication for the military and emergency response efforts to civilian forums such as convention centers and construction sites.With such diverse applicability, it is not difficult to envision ad hoc networks operating over a wide range of coverage areas, node densities, mobility patterns and traffic behaviors.This potentially wide range of ad hoc network operating configurations poses a challenge for developing efficient routing protocols.On one hand, the effectiveness of a routing protocol increases as network topological information becomes more detailed and up-todate.On the other hand, in an ad hoc network, mobility may cause frequent changes in the set of communication links of a node [1], requiring large and regular exchanges of control information among the network nodes.And if this topological information is used infrequently, the investment by the network may not pay off.Moreover, this is in contradiction with the fact that all updates in the wireless communication environment travel over the air and are, thus, costly in transmission resources.Routing protocols for ad hoc networks can be classified either as proactive, reactive or hybrid.Proactive or table driven protocols continuously evaluate the routes within the network, so that when a packet needs to be forwarded, the route is already known and can be immediately used.Examples of proactive protocols include DSDV [2], TBRPF [3], and WRP [4].In contrast, reactive or on-demand protocols invoke a route determination procedure on an ondemand basis by flooding the network with the route query.Examples of reactive protocols include AODV [5], DSR [6], and TORA [7].The on-demand discovery of routes can result in much less traffic than the proactive schemes, especially when innovative route maintenance schemes are employed.However, the reliance on flooding of the reactive schemes may still lead to a considerable volume of control traffic in the highly versatile ad hoc networking environment.Moreover, because this control traffic is concentrated during the periods of route discovery, the route acquisition delay can be significant.In Section II, we explore the third class of routing protocols the hybrid protocols.

II. PROTOCOL HYBRIDIZATION
The diverse applications of ad hoc network pose a challenge for designing a single protocol that operates efficiently across a wide range of operational conditions and network configurations.Each of the purely proactive or purely reactive protocols described above performs well in a limited region of this range.For example, reactive routing protocols are well suited for networks where the "call to mobility" ratio is relatively low.Proactive routing protocols, on the other hand, are well suited for networks where this ratio is relatively high.The performance of both of the protocol classes degrades when they are applied to regions of ad hoc network space between the two extremes.Given multiple protocols, each suited for a different region of the ad hoc network design space, it makes sense to capitalize on each protocol's strengths by combining them into a single strategy (i.e.hybridization).In the most basic hybrid routing strategy, one of the protocols would be selected based on its suitability for the specific network's characteristics.Although not an elegant solution, such a routing strategy has the potential to perform as well as the best suited protocol for any scenario, and may outperform either protocol over the entire ad hoc network design space.www.ijacsa.thesai.orgHowever, by not using both protocols together, this approach fails to capitalize on the potential synergy that would make the routing strategy perform as well as or better than either protocol alone for any given scenario.A more promising approach for protocol hybridization is to have the base protocols operate simultaneously, but with different "scopes" (i.e., hybridization through multi scoping).For the case of a two-protocol routing strategy, protocol A would operate locally, while the operation of protocol B would be global.The key to this routing strategy is that the local information acquired by protocol A is used by protocol B to operate more efficiently.Thus the two protocols reinforce each other's operation.This routing strategy can be tuned to network behavior simply by adjusting the size of the protocol A's scope.In one extreme configuration, the scope of protocol A is reduced to nothing, leaving protocol B to run by itself.As the scope of protocol A is increased, more information becomes available to protocol B, thereby reducing the overhead produced by protocol B. At the other extreme, protocol A is made global, eliminating the load of protocol B altogether.So, at either extreme, the routing strategy defaults to the operation of an individual protocol.In the wide range of intermediate configurations, the routing strategy performs better than either protocol on its own.The rest of the paper, section II explores the related work, section III discuss the route discovery strategy of FHC-NCTSR and section IV describes the data transmission approach that fallowed by section V, which explores simulations and results discussion.Section VI is conclusion and section VII explores the bibliography.

III. RELATED WORK
There are known techniques for minimizing 'Byzantine' failures caused by nodes that through malice or malfunction exhibit arbitrary behavior such as corrupting, forging, and delaying routing messages.A routing protocol is said to be Byzantine robust when it delivers any packet from a source node to a destination as long as there is at least one valid route [8].However, the complexity of that protocol makes it unsuitable for ad hoc networks.Hauser et al [9] avoid that defect by using hash chains to reveal the status of specific links in a link-state algorithm.Their method also requires synchronization of the nodes.Hu[10] introduced another technique called SEAD that uses a node-unique hash chain that is divided into segments.The segments are used to authenticate hop counts.However, DSDV distributes routing information only periodically.The protocols [8,9,10] failed to perform when networks with hops in large scale due to their computational complexity in hash chain measurement.In many applications, reactive or on demand routing protocols are preferred.With on demand routing, source nodes request routes only as needed.On demand routing protocols performs better with significantly lower overhead than periodic routing protocols in many situations [11].The authentication mechanism of Ariadne [11] is based on TESLA [12].They use only efficient symmetric-key cryptographic primitives.The main drawback of that approach is the requirement of clock synchronization, which is very hard for wireless ad hoc networks.And the protocols [8,9,10,11,12] failed to protect networks from one or more attacks such as tunneling attack.
The protocol FHC-NCTSR proposed in this paper having much scope to perform better in large networks, since its less computational complexity.The node centric and two hop level authentication strategies that opted by FHC-NCTSR helps to deal with various attacks that includes tunneling attack.

IV. ROUTE DISCOVERY PROCESS
Objective of the NCTS-DSR route establishment process is preventing unauthorized hops to join in root during route request process [Here cer n i is because the current node certificate is available at sender node as certificate of one hop node that acts as target for ingress transaction] Step 3: a.If cer n e is null then assumes sender is source and continues step 4.

b. Else If
cer n e is not null and

2) Process of RREQ construction at relay hop node of the source node
Once packet received by next hop (in that packet referred as) then continues the above four steps in sequence with minor changes, described here: n r identified as source node and stop RREP process, collects routing path information.

1) Elliptic Curve Cryptography for constrained environments
To form a cryptographic system using elliptic curves, we need to find a "hard problem" corresponding to factoring the product of two primes or taking the discrete algorithm.

n ECPK n n G n n G n ECPK 
Strength of this key exchange process is to break this scheme, an attacker would need to be able to compute k given G and kG , which is assumed hard and almost not possible in constrained environments

C. Elliptic Curve Encryption/Decryption
The plaintext message m is taken as input in the form of bits of varying length.This message m is encoded and is sent in the cryptographic system as x-y point m P .This point is encrypted as cipher text and subsequently decrypted.The SHA hash function algorithm can be used as Message digestion and Signature authentication and verification for the message.

As
with the key exchange system, an encryption/decryption system requires a point G and an elliptic group E (a, b) as parameters.Each user A selects a private key The implementation of elliptic curve algorithm is done over 163 (2 ) GF for providing security of more than 128 bits.

VI. ROUTING THE DATA PACKETS:
Here in this section we describe the procedure of authentication data packets forwarded from the source node to the destination node, along the selected route, while checking for faulty links.
In DSR, the source route information is carried in each packet header.

A. FHC: Fixed Hash Chaining
An algorithmic description of the FHC for data packet transmission 1.A verification process takes place for egress of each node in routing path.In the interest of route maintenance, every hop in rout contains a cache that maintains hop list describing the route selected using an optimal route selection model.We apply () h f on cache of each hop of the route to verify the integrity of the hop list cached.

Architecture of the proposed protocol
Proposed model provides ting packet contains More particularly, during a route discovery phase, we provide secure route selection, i.e., a shortest intact route, that is, a route without any faulty links.During route maintenance phase, while packets are forwarded, we also detect faulty links based on a time out condition.Receiving an acknowledgement control packet signals successful delivery of a packet.
For packet authentication, we use h f described by Benjamin Arazi et al [21].The hash function encodes a countersign to form a tag.By () h f we mean that the countersign cannot be decoded from the tag and the countersign is used only once, because part of its value lies in its publication after its use.We have adapted that protocol for use in an ad hoc network where multiple packets need to be sent sequentially.Therefore, if a number of packets are sent sequentially, the countersign needs to be refreshed each time.Thus, a single authentication is associated with a stream of future packets that is significant difference between proposed and existing hash chain techniques.The existing models require stream of future events.In addition, the countersign is used to authenticate c p but not for future packets.
As an advantage over prior art asymmetric digital signature or secret countersigns do not need to be known ahead of time or distributed among the nodes after the system becomes operational.It should also be noted, that each countersign is used only one time, because the countersign is published to perform the authentication.
The () h f as implemented by the proposal is ideal for serially communicating packets along a route in an ad hoc network, without requiring the nodes to establish shared secret countersigns beforehand.

B. Data transmission and malicious hop detection
To send a packet i m that is a part of data to be sent to to the h n along the route. Here , and forwards the data packet to the node along the route as specified in the header of the packet header.
During the packet sending process described earlier, if any of the checks fails, then the packet is dropped.If both checks succeed, then the node updates its routing entry associated with s n .If the check at h n , then either In either case, the current hop node h n drops the packet.In our proposed model the authentication tag of each packet limited to two hashes and one countersign; while in the existing models required N authentication tags for a route with N hops.Therefore, our method has a lower communication and storage overhead.model, the packets are always received as in the order they sent.This is because all packets are forwarded along the same route in DSR.In the case of congestion and buffering, the messages are stored in a first-in-first-out buffer according to the order that they are received.

Consequently, hop node
The experiments were conducted using NS 2. We build a simulation network with hops under mobility and count of 50 to 200.The simulation parameters described in table 5. Authentication ensures that the buffer is properly allocated to valid packets.The simulation model aimed to compare ARIADNE [11] and FHC-NCTSR for route establishing phase, SEAD[10] and FHC-NCTSR for data transmission.The performance check of ARIADNE [11] and FHC-NCTS protocols carried out against to the threats listed below.

a) Rushing attack b) Denial of service c) Routing table modification d) Tunneling
The protection against tunneling attack is the advantage of the NCTS-DSR over Ariadne.b) PACKET DELIVERY FRACTION: It is the ratio of data packets delivered to the destinations to those generated by the sources.The PDF tells about the performance of a protocol that how successfully the packets have been delivered.Higher the value gives the better results.c) AVERAGE END TO END DELAY: Average end-toend delay is an average end-to-end delay of data packets.Buffering during route discovery latency, queuing at interface queue, retransmission delays at the MAC and transfer times, may cause this delay.Once the time difference between packets sent and received was recorded, dividing the total time difference over the total number of CBR packets received gave the average end-to-end delay for the received packets.Lower the end to end delay better is the performance of the protocol.d) Packet Loss: It is defined as the difference between the number of packets sent by the source and received by the sink.In our results we have calculated packet loss at network layer as well as MAC layer.The routing protocol forwards the packet to destination if a valid route is known, otherwise it is buffered until a route is available.There are two cases when a packet is dropped: the buffer is full when the packet needs to be buffered and the time exceeds the limit when packet has been buffered.Lower is the packet loss better is the performance of the protocol.e) ROUTING OVERHEAD: Routing overhead has been calculated at the MAC layer which is defined as the ratio of total number of routing packets to data packets.
Figure 3(a) shows the Packet Delivery Ratio (PDR) for FHC-NCTSR, ARIADNE and SEAD.Based on these results it is evident that FHC-NCTSR recovers most of the PDR loss that observed in ARIADNE against to SEAD.The approximate PDR loss recovered by FHC-NCTSR over ARIADNE is 1.5%, which is an average of all pauses.The minimum individual recovery observed is 0.18% and maximum is 2.5%.The packet delivery fraction (PDF) can be expressed as:   This paper was presented an evaluation of security protocols such as QoS-Guided Route Discovery [13], sQos [15], Ariadne [16] and CONFIDANT [17], which are based on reactive DSR approach, and describes their limitations and attacks against these protocols that can be subtle and difficult to discover by informal reasoning about the properties of the protocols.
The proposed a hybrid protocol FHC-NCTSR protocol applies digital signature exchange on the RREQ and RREP that they contribute the neighbors within 2 hops away from a node in computing them and a fixed hash chaining technique was used to achieve scalable data sending process.In route discovery phase, these digital signatures enable the protocol to  .It is relatively easy to calculate Q given k and P , but it is relatively hard to determine k given Q and P .This is called the discrete algorithm problem for elliptic curves.KEY EXCHANGEKey exchange can be done in the following manner.A large integer 2 n q  is picked and elliptic curve parameters a and b .This defines an elliptic curve group of points.Now, pick a base point G = (x1,y1) in E (a,b) whose order is a very large value n.The elliptic curve E and G are the parameters known to all participants.A key exchange between users A and B can be accomplished as follows: a) A selects an integer A n less than n .This is private key of user A. Then user A generates a public key * send a message m p to user B, A chooses a random positive integer k and produces the cipher text m c used public key B ECPK of user B. To decrypt the cipher text, user B multiplies the first point in the pair by secret key of user B and subtracts the result from the second point:  to the first hop of the selected path:1

.
The node then updates its routing entry by recording

1 hn
 does not receive a valid ack after time out, and the node can report a malicious activity at 1 The packet authentication process at d n is identical to the authentication process at any intermediate hop h n .If any of the checks fails, then the packet is dropped.If both checks succeed, the packet is delivered successfully, and schedules the ' ack ' for transmission along the reverse of path of the route.The ack reflects the packet identification number i .The destination node also appends an authentication tag to the ack message for the nodes on the reverse path.The authentication tag bears the same structure as the one generated by the source node.Specifically, when sending i ack , for the packet ' i m ', the destination node randomly selects two countersigns re cs and 1 re cs  , and sends the following information:( by each node along the reverse path of the route.When sending the acknowledgement for packet ' i m ', the destination selects a new countersign 1 re cs  and forwards:

Figure 3 (
b) indicates ARIADNE minimal advantage over FHC-NCTSR in Path optimality.FHC-NCTSR used average 0.019 hops longer than in ARIADNE because of the hop level certification validation process of the FHC-NCTSR that eliminates nodes with invalidate certificate.Here slight advantage of ARIADNE over FHC-NCTSR can be observable.

P
is the fraction of successfully delivered packets,  c is the total number of flow or connections,  f is the unique flow id serving as index,  f R is the count of packets received from flow f  f N is the count of packets transmitted to flow f .

Figure 3 (
Figure 3(c) confirms that FHC-NCTSR is having fewer packets overhead when compared to ARIADNE.Due to stable paths with no compromised or victimized nodes determined by (a) Packet delivery ratio comparison using line chart (b) Bar chart representation of Path optimality (c) A line chart representation of Packet overhead comparison report (d) Mac load comparison represented in bar chart format (e) Hash chaining cost comparison report In fig 3(e) we describe the performance of FHC-NCTSR over ARIADNE and SEAD in terms of Hash chain evaluation cost.Let  be the cost threshold to evaluate each hash in hash chain.We measure the Hash chain evaluation cost as 1 is number of nodes and n is number of hashes, as of the chaining concept of SEAD and ARIADNE z is equal to n but in FHC-NCTSR n always 2 VII.CONCLUSION Here cTs n r is timestamp at current relay node cer n e is certificate carried by RREQ packet thencer n e is valid and continues step 4 else RREQ will be discarded.'cerneis certificate of the node that exists as two hop level to current rely node.[Herecern e for senders node is 'cer n e for current rely node] n r identified as destination node and starts RREP process

TABLE 2 :
ALGORITHM FOR RREQ PACKET EVALUATION AT RELAY NODE THAT IS NOT HOP NODE TO SOURCE NODE cer n e is certificate carried by RREQ packet www.ijacsa.thesai.orgSince the RREP packet constructed at d n , cer n e is null.A. Process of RREP packet validation and construction at first hop node of the destination node

TABLE 3 :
ALGORITHM FOR RREP PACKET EVALUATION AT HOP Here cer n i is cer n r because the current node certificate is available at sender node as certificate of one hop node that acts as target for ingress transaction]Step 4: If cer n e is null then assumes sender is source of the

TABLE 4 :
ALGORITHM FOR RREP PACKET EVALUATION AT RELAY NODE THAT IS NOT HOP NODE TO DESTINATION NODE [Here cer n i is cer n r because the current node certificate is available at sender node as certificate of one hop node that acts as target for ingress transaction] www.ijacsa.thesai.org cs ) ) When a node receives the ack , the node verifies its authenticity and that a timeout is pending for the corresponding data packet.If the ' ack ' is not authentic or a timeout is not pending, the node discards the ack .Otherwise; the node cancels the timeout and forwards the ' ack to the