DSSAM: Digitally Signed Secure Acknowledgement Method for Mobile Ad-hoc Network

Mobile Ad-hoc Networks (MANETs) is an infrastructure-less, self-motivated, arbitrary, self-configuring, rapidly changing, multi-hop network that is self-possessing wireless bandwidth-conscious links without centrally managed router support. In such a network, wireless media is easy to snoop. It is firm to the surety to access any node, easier to insertion of bad elements or attackers for malicious activities in the network. Therefore, security issues become one of the significant considerations for such kind of networks. The deployment of an effective intrusion detection system is important in order to provide protection against various attacks. In this paper, a Digitally Signed Secure Acknowledgement Method (DSSAM) with the use of the RSA digital signature has been proposed and simulated. Three different parameters are considered viz. secure acknowledgment, node authentication and packet authentication for study. This article observes the DSSAM performance and compares it with two existing standard methods, namely, Watchdog and 2-ACK under standard Dynamic Source Routing (DSR) routing environment. In the end, it is noticed that the rate of detection of malicious behaviour is better in the case of the proposed method. However, associated overheads are high. A trade-off between performance and overhead has been considered.


Introduction
The MANETs is a decentralized kind of network, where nodes of the network relay packet to each other on the concept of the store and forward, i.e. nodes may also act as routers finding and maintaining routes to one another.Here, nodes can participate freely and leave without centralized control.
Generally, due to the varying velocity of mobile nodes, the network topology may variate arbitrarily and rapidly in an irregular way.Therefore, the phenomenon of frequent link breakage is quite common.
The moments of nodes are independent of one another, unlike others which use committed nodes to endorse functions such as network management, packet forwarding, and routing [1].These functions are distributed to all available nodes by the ad-hoc networks since the ambiance causes the nodes to be easily captured and compromised.Hence, it is essential to provide security measures [2,3].Therefore, security in MANET is a crucial consideration.In addition, the routing of operations could also be easily compromised if safety measures are not integrated into the network functions.
In general, in MANETs, routing protocols are designed with assumptions that every participating node will fully cooperate with each other.This network does not have any type of centrally administrative services.All networks that function such as network control, routing, forwarding packets, including switching, etc. are communicated between terminals (nodes) either in cooperation or independently.Therefore, coordination between nodes is rather solicited.However, due to its transparent characteristics and restricted on-hand battery power of nodes, malicious activities can also be done in this network.Moreover, the MANETs structure may differ based on their various applications from static, small to dynamic, highly mobile in nature (vehicular, FANET, etc), and largescale network which is highly energy constrained [4,5].
In the MANET environment, the array of mobile wireless nodes is interconnected either for generic aims such as time-critical applications like tactical, law enforcement and emergency operations or for distinct goals like only shares their resources for ensuring global connectivity [6].However, few resources, for example battery power are consumed rapidly as participating nodes have to perform network functioning tasks.When a node's power is taken as one of the most significant in such an environment, so there may chances that nodes may deny sharing their own resources in order to save battery power or to get benefit from other nodes [8].These participating nodes are termed as misbehaving or selfish nodes and their activities are called misbehaviour or selfishness [10].This kind of network is a cooperative network.So, in order to provide good cooperation among participant nodes, an already significant amount of control overheads packets is needed.Therefore, security measures are generally not implemented in the protocols to keep the overhead low, i.e. nodes are not checked for maliciousness.Due to this reason, MANETs are easy targets for attackers.The attackers perform the malicious activity in one and most common way by injecting non-cooperative nodes into the network.
Therefore, the development and implementation of the intrusion detection system become one of the prime duties in this network.
Already, various techniques [7,9,[11][12][13][14][15][16][17][18][19][20] have further presented in the literature study in order to identify and reduce the effect of such misbehaviour or selfish nodes in a MANET, and VANET (vehicular ad-hoc network) environment.I.e.inspections of past works cover intrusion detection and prevention techniques.Many of these techniques have been evaluated based on performance metrics and routing schemes of MANETs.Among various techniques, Watchdog, Pathrater, and 2-ACK [11,23] are highlighted one, which can significantly identify and reduce the impact of network maliciousness, respectively.Watchdog provides the mechanism to recognize bad elements in the network by overhearing the wireless transmission media and is the passive type of overhearing method, while, the Pathrater technique does not allow malicious nodes to participate in the process of route determination.2-ACK security scheme reduces the bad effect of such immoral elements.From a previously reported works, one can observe that still various issues like obscure and receiver collision, false behaviour, limited transmission range, etc. still need to be addressed and can be considered as a weakness of most highlighted security techniques.
Our proposed system uses the cryptographic mechanism to make the network secure and try to overcome the above-mentioned weakness.Three important security aspect of MANET has been considered viz.secure acknowledgment, node authentication, and packet authentication.Our presented DSSAM performs better, in the sense of identification of malicious nodes and its activities, but with the cost of the significant amount of overheads.

Motivations and Principal Contributions
Since the last few decades, the outlook of wireless networking is drastically changing due to fast growth in wireless technologies and requirements of new wireless services and various applications as well.The wireless industries have experienced unexcelled growth, from satellite broadcasts into countless households to Wireless Personal Area Networks (WPAN) [13], VANET [15], WSN [16], etc. Consequently, the cost of wireless access falls, hence it can replace wired access in many aspects.
One of the greatest advantages of wireless is to provide connectivity among users while roaming.
However, the distance between users is limited due to the short distance of transmitter or their vicinity to Wireless Access Point (WAP) [13].Later, in the 70's onward era, the development of MANET has overcome this problem by involving intermediate nodes to forward data packets to the outside range of nodes [1][2].
One of the most vibrant and rapidly growing fields nowadays is the MANET.It is also called as the wireless mobile multi-hop or mobile packet radio network.In this realm, significant research is going on since last nearly fifty years in order to its betterment.Due to infrastructure-less, selfconfiguring, self-motivated properties of MANET, it has got possible future applications in different fields such as tactical environments, emergency operations, home and enterprise, commercial, civilian environments, traffic environment [19], location-aware services, and extension of coverage, etc [8,14].This network is vulnerable due to its important features such as distributed service, open medium, autonomous terminal, dynamic topology, lightweight terminals, asymmetrical communication, fluctuating link capacity and constrained capability, etc [27].These above fundamental characteristics introduce several challenges for researchers in the MANET environment, where security issue is one of the significant issues.MANET can maximize its Quality of Service (QoS) parameters such as throughput, Packet Delivery Fraction (PDF), etc. by using all the intermediate nodes accessible to route and then forwarding packets.However, the node can consequently behave badly by refusing to supply providers or shedding down the packets in the community due to the fact of its selfishness, malicious exercise, etc. [28][29].Identifying and preventing misbehaving nodes from them can be one of the biggest challenges for a network like that.The principal contributions of the current research article are as follows: a. State-of-the-art of various user authentication schemes as well as intrusion detection strategies, have been analysed for the MANET and WSN environment.f.To provide secure authentication and an acknowledgment mechanism in MANET, we proposed DSSAM that is based on RSA digital signature.This scheme overcomes the weakness of existing intrusion detection techniques such as receiver collision, false identity problem, etc.
g. Finally, the proposed authentication approach has been compared with the current techniques.
This research article is structured as follows: immediate subsequent section presents background with a literature survey on co-related work in this area followed by a discussion of intrusion detection techniques in the next section.Moreover, after that digital signature with its needs, including signature creation and verification steps have been discussed in the next section followed by problem definition and the proposed method.Further, performance evaluations of DSSAM, Watchdog, and 2-ack have been made through a simulation study followed by results and discussion.At last, it comes to its conclusion and possible future scope.

Literature Survey
The conveyed work in the state-of-the-art of secure acknowledgment in MANET, WSN and related domain by several scientists and researchers has been presented in this section.
The work in [23] explained routing misbehaviour in MANETs and suggested a 2-ACK technique for identifying and minimizing the impact of selfish nodes in the routing.2-ACK is based on a simple 2-hop acknowledgment packet that is returned by the next-hop link recipient.The 2-ACK mechanism operates as an alternative routing scheme strategy for detecting routing misconduct and reducing its adverse effects.The 2-ACK mechanism solves several problems, including limited transmission powers, ambiguous collisions and receiver collisions.The 2-ACK scheme can be used efficiently in DSR in MANET.Trust Aware Routing Protocol (TARP) as an advanced security routing mechanism based on the level of trust was presented and evaluated [24].TARP is a technique that allows for the search of safe routes in MANET.The authors measured the trust parameter based on a defined set of parameters and used it in TARP.The study shows that TARP will improve an ad-hoc network's defense and rising routing congestion while preserving a reasonable route discovery period and an appropriate pause.The routing traffic relates specifically to the collection of nodes that meet the sender's requirements.Two techniques of Watchdog and Pathrater are explained in [11] that helps to increase ad-hoc network throughput.Both methods are extensions of DSR algorithms to reduce the impact of ad-hoc network routing misconduct.Watchdog identifies nodes that are misbehaved, and the Pathrater strategy helps to redirect protocols to prevent packet movement of those nodes.The yield of these two strategies improves the efficiency of a relatively mobile network by 17 percent, thus growing the ratio of overhead transmission to data transmission from 9 percent to 17 percent of the regular routing protocol.
The black hole attacks are a serious problem widespread in mobile ad-hoc networks [25].Work focuses on the vulnerabilities of MANET and it looks at the black hole attacks.They portrayed the creation of an enhanced algorithm called Radical Watchdog and Pathrater for recognizing and removing Black Hole Attacks.In the article [26], the authors introduced a scheme called cluster-based trust to alleviate the internal attacks.In this research, the network is divided into cluster groups.Every cluster is certified as having the cluster head.The node decides the trust value and delivers it to the head of the cluster for their one-hop neighbours.In addition, the cluster head gives its participant nodes the certificate of confidence.This mechanism gives a good fraction of packet delivery and resilience to internal attacks.A novel technique is proposed to secure MANETs by addressing network configuration and security issues during the response and recovery phase [27].This work analysed the threats to security and presented the security goals to be achieved and set up a stable key management system in an ad-hoc communication environment.A MANET-based algorithm for effective security and trust management is provided in [28].In the sense that the produced nonce is not easily detectable, the time-based nonce is produced at specific time intervals that give the suggested approach reliability.
It has been compared with the already existing trust-based approach and finds better detection performance of the security threat in MANET.Several techniques are discussed in [29], for example, reverse engineering, repacking, and hex editing to circumvent the host anti-virus signatures.
Comprehensive comparison studies were conducted of various methods where malware could get the hosts from outside of the networks.A new honey-net based intrusion detection technique is also discussed.In MANETs, a complete survey of Intrusion Detection Systems (IDSs) is well presented in [30,31].They categorize the architectures for intrusion detection framework in the MANET, and each one is ideal for evaluating and comparing various network infrastructures on node cooperation.
Similarly in another research [21], authors proposed pseudonym generation based genetic algorithm to solve the location privacy problem in vehicular ad-hoc network, and thus guarantees un-traceability by an adversary.Further, authors of [22], study the physical layer security issues in vehicular environment.They shows that how the secrecy capacity and secrecy outage probability of a vehicular network can improved with respect to the source power, eavesdropper distance.
Due to vast applications of WSNs, it is ensuring that the only permitted availability of information is accessible via sensor nodes is often an open challenge.In this review work [32,33], twenty-two features have been presented in which a secure user authentication mechanism should be in place, and then seven possible schemes were tested against the features specified.The analysis has been started from Wong's work [34] in 2006 and has been concluded at Vaidya et al.'s technique implemented in 2012 [35].In each scheme the user impersonation and gateway nodes (GWN) bypass attacks and are likely.There is almost no scheme like that provides consumer confidentiality and repairability in case of failure or theft of smart cards.A scheme that only withstands an impersonation attack by a sensor node and a parallel session attack [36].The replication attack and the fake verifier attack can only be taken on scheme suggested by Wong et al.'s and Tseng et al.'s in [34,37].Yoo et al.'s scheme offer mutual authentication between SN and GWN, and Khan-Alghatbar's scheme achieves success in mutual authentication between users and GWN and even SN and GWN [36,38].
Just one scheme avoids DoS attack and offers hidden parameter protection to the gateway node.In short, no scheme is completely protected to all available features and all the strategies meet no authentication feature.The network communication security is one of the most important challenges in WSN [39].HWSNs has optimized network capacity and introduced High-resource Network Sensor Nodes.An efficient adaptive authentication and key management schemes are being proposed for HWSNs in this article.The proposed protocol provides the authentication and key management for HWSNs along with optimization of security level, memory consumption, computational complexity, and overhead coordination which in effect enhances energy efficiency.The key distribution algorithm described here for producing dynamic keys focuses on pre-existing information.Therefore, the exchange of keys does not involve a secure channel, and the process of sharing.Therefore, it increases security and energy efficiency.
We carry out an extensive literature review and make an analysis of the existing techniques for the identification and removal of different forms of attacks within the ad-hoc network.Our work culminates with the design of a digitally signed secure acknowledgment algorithm for enhanced security in the ad-hoc network.It aims to tackle Watchdog's restricted communication power and collision problems with receivers with better securing the system by securing acknowledgment, node authentication and packet authentication with digital signature technique.

Preliminary Studies
The presence of attackers in the network cannot be taken too lightly.Therefore, the basic functionality of different attacks that may impact the various securing schemes of MANET needs to be understood.
In this section, few essential parameters such as security goals, attack models and usability attributes have been discussed.Moreover, this section also describes the various intrusion detection schemes like Watchdog, 2-Ack.These preliminary studies are indeed needed for a better understanding of our proposed security mechanism: DSSAM.

Security Goals, Security Attack Models and Usability Attributes:
This sub-section presents various attacks that are supposed to be resisted by MANETs.Also list outs various useful features that should offers by the proposed authentication method in order to provide an amicable and a reliable security mechanism.The different security goals such as confidentiality, integrity, availability, end to end authentication, etc. may be threatened by various security attacks [33,40].The comparative study of various security attacks in terms of their target and its prevention is illustrated in Table 1 [41].

Security Goals (SG):
The different kinds of security goals are as given: a. SG1.Confidentiality: All communicating individuals (i.e.approved parties) can understand the content of a message.
b. SG2.Integrity: Guarantee that the message received at another individual is the same as the message originally sent by the sender when the message is inserted into the network (i.e., the message will not be modified in any way).
c. SG3.Availability: Message shall be made accessible only to authorized entities.
d. SG4.Authentication: Guarantee that anyone sending or accessing the sensitive message has to be approved.f.SA6.Repudiation: It's something of a particular kind of attack from the one that has been mentioned before.SA6 is conducted by either source or destination on one of the two permitted communication parties within the MANET.The message sender denies later that he sent the message in this case, or the receiver can later deny that he received the message.

Security Attack (SA) Models
g. SA7.DoS: It is an aggressive kind of attack and generally very normal.It can slow it down or completely disrupt a system/network service [30].In this scenario, attackers may initiate several ways to reach the target.We can inject too many fake requests into the network that the server crashes due to the heavy traffic load.If the intruder succeeds in launching this attempt, then the node of MANET is irresponsive, and no one can link to it.

Intrusion Detection Techniques in MANETs
Each node in MANETs presumes that other nodes work together to transmit and receive data.This paves the attackers the opportunity to respond and carry out the malicious operation with few compromised nodes on the network.To address this problem three important functions viz.prevention, detection, and recovery have been considered [31].These functions provide three-layered security to MANETs.This section discusses the intrusion detection system usually the second security layer [32].

Watchdog Method
The Watchdog methodology acts as a DSR extension.The feature named Watchdog that detects mischievous nodes; it has also built a component called Pathrater that calculates a path for these nodes to flee.Each node must execute certain modules on the network.Often Watchdog listens promiscuously for transmission of the next node.This also checks that the node is forwarding the received packet correctly.The Watchdog enables the feature of detection if the node has altered with the payload.The major question for this method is how it will perform, so the solution is to fit the listened packet to the freshly sent packet buffer.The Pathrater module processes data that the Watchdog receives to score the efficiency of any other node in the network knows and calculates a route metric derived by comparing the node scores in the route.The packets should then be routed through direction with the highest metric.This program can never be turned against the network because such conduct will be detected easily.Node X (mischievous) may falsely complain that node B does not forward packets in a route A-X-B-C-D.Nonetheless, acknowledgment of a message from A to D is moving accurately from D to A (Node X cannot leave packets or their acknowledgment, because both A & B will consider this malfeasance), and then A is conscious that B is not misconducting because it's part of the route.
Considering the name of the path as A -B -C.The drawback of this framework is that in some subsequent situations the Watchdog operating in node A may fail to identify a node that is misbehaving.
 There may be a packet clash in A when A is listening to B. In this scenario, A can not say if the co llision was triggered by B transmitting the packet (well-behaving) or by transmitting another node when B has not transmitted the packet (misbehaving);  A listen to the B forwarding to C, it seems that B correctly transmits the packet.Node A, however, cannot determine whether it has been received by C or crash in C and B did not re-send (misbehaving) the packet.
 Node B can change its transmission capacity (misbehaving) to allow A to identify that B is transmitting a packet to C but that C is not receiving it.
 Nodes B and C (both of which are misbehaving) will cooperate with the launch of an attack.Node transfers a packet to C appropriately, but it does not say C drops the packet.
 Node B can lose packets at such a lower rate than A's Watchdog's minimum threshold for misbehaviour.
The above-described method can be better understood with the block diagram of

2-ACK method
It is a network layer strategy for detecting links that are misbehaving and mitigating their impact.This technique can be implemented as an extension to establish routing protocols such as DSR in MANETs already.A 2-ACK packet is assigned a fixed two hops path in the opposite way of the network traffic route.To overcome the weakness of Watchdog, Liu et al [23] proposed a 2-ACK method.It aims to overcome Watchdog's limited transmitting power and collision problems with receivers.It responds as acknowledges on each data packet transmitted over two hops distance and all three consecutive nodes alongside the path from source to destination.In this way, it detects misbehaving links.Suppose three consecutive nodes (triplet) alongside a path are N1, N2, and N3.Node N1 will deliver packet 1 to N2, and N2 will deliver the same to N3.
Upon receiving the packet, N3 generates a 2-ACK packet containing the reverse path between N3 and N1 and return to N1.This message, when received by N1, shows packet successfully communicated from N1 to N3 or else, if this 2-ACK packet is not delivered within a predefined time, all N2 and N3 nodes will be identified as malicious.The same procedure applies in the remaining route to each of the three successive nodes.A considerable amount of unfavourable overhead network was added to the acknowledgment process in order to process each packet transmission [42,43].
The above method we can better understand with a block diagram and a more explicit working approach.Figure 3 exhibits the working model of the 2-ACK method.In the route discovery process of the MANETs DSR system, the path from a source node (S) to a destination node (D) finds out.
When N1 delivers a data packet to N2, and N2 transfers it to N3, it is uncertain if N3 receives the data packet successfully or not.There is such confusion, even when no nodes are misbehaving.The problem gets even more serious in open MANETs with potential nodes that misbehaved.The 2-ACK scheme Each ID will remain on the list for τ seconds at N1, the reception timeout for 2-ACK.Before the expiration of the time if a 2-ACK packet matching to this ID, the ID will be deleted from the list.
Alternatively, the ID would be deleted at the end of its timeout period, incrementing a counter called Cmis.Once N3 encounters a data packet, it determines if it will send a 2-ACK packet to N1. 2-ACK packets must accept only a fraction of the data packets to reduce the extra overhead routing caused by the 2-ACK method.Such a percentage is called the Ratio (Rack) identification factor.By adjusting the Rack, we can efficiently balance the overhead for 2-ACK packet transfers.Node N1 watches the behaviour of node N2 and N3 for a time called Tobs.At the end of the observation period, N1 calculates the sum of missing 2-ACK packets as Cmis / Cpkts and compares them with a Rmis threshold.When the ratio is greater than Rmis, it is deemed to be misbehavioural and N1 sends out a RERR packet (or misbehavioural notification).Since only a fraction of the obtained data packets is identified, Rmis will satisfy Rmis > (1-Rack) with the goal of removing false alarms triggered by such a partial acknowledgment technique.The node obtains or overhears such a RERR marks the N2 as misbehaving connection N3 and adds such misbehaving links to the blacklist it maintains.If a node later begins its own data flow, it stops using these connections as part of its route as misbehaving.As shown in Figure 5, the pseudo-coded 2-ACK method is given for the 2-ACK packet sender side (N3) and the observing node side (N1) with the formal way of representing the 2-ACK execution process.

Digital Signature
In the conventional signature scheme, a handwritten signature is embodied with the documents which specify that this person is responsible for it.The importance of signature can be seen in everyday circumstances, such as contract signing, money withdrawn from the bank, letter writing, etc.One of the most identification and authentication mechanisms in a now day's digital world is the digital signature.It is a process to sign a message that is stored in electronic form, and then this signed message can be sent to the network towards its destination.It allows source users to create a code for the message that acts as a signature.A digital signature for any message can be created in the public key setup by taking a message hash value and encrypting it or signing it using a private key of its own.Basically, digital signature guarantees the integrity of the message and signer's identity.The digital signature scheme mainly offers some set of security abilities that very hard to implement in any other way.

Needs of Digital Signature
In general, the message authentication defends two communicating parties from any other third party that is exchanging the message with each other.But still, it does not provide the protection between them against each other.There may be numerous forms of the dispute between two parties could that are as follows: a. Receiving party (Bob) may create a different message and claim that it has come from source party (Alice).For this, Bob creates a message and attached an authentication code with this message by using a shared key, which was shared by Alice and Bob, previously.b.After sending the message, later Alice can deny that he has sent messages to Bob.So, there is no way for Bob to prove that this message has in fact received by the Alice.
In the above both situations, it could be said that there is no complete trust between two communicating parties.Due to this reason, something more than authentication is required.
The best way to avoid the above problem could be the use of the digital signature.The analogous to digital signature is the handwritten signature.The digital signature must meet specific attributes:  Able to verify the sender identification along with the time and date of signature.
 Able to authenticate the content of the information at the time of signature.
 If any disagreement exists than any other third party must be able to verify it.

Digital Signature Techniques:
Any digital signature technique includes two different components: one is the signing algorithm (SIGNK) and the second one is the signature verification algorithm (SIGN_VERk), both should be the polynomial-time functions of any key that is from keyspace.The first one will be kept secret and the second one will be publicly available.The formal definition or steps of the creation of the digital signature and its verification schemes is presented out in Table 3.Consider any two communicating parties say the sender is Alice and the receiver is Bob.Now, Alice may create the message (X) and encrypt this message or sign the message using SIGNK that depends on his own private key (dA).After receiving the signed message, Bob will verify or decrypt this signed or an encrypted message: Y=SIGNK(X) using SIGN_VERk with the help of Alice public key (eA) that is available in the Public Key Directory (PKD).For a pair of the message and signature/signed message (X, Y), the verification algorithm reverts either true or false that depends on whether signature Y is valid or not for created message X.The hash function or hash code and possibilities of digital signature creation techniques are shown in Figure 6.A hash function (H) could be implemented in any size of the block of data that is variable length and generates a fixed message length as shown in Figure 6(A).A hash function is required because the implementation of the digital signature scheme on the large size of massage, especially in the public key setup is very costly.Figure 6(B) and 6(C) shows the creation of the digital signature and its verification in symmetric and public key setup, respectively.In symmetric key setup, Bob can play the role of the adversary by modifying the original content of a message.Alice does not have any way to prove his actual message.So, overall, these issues can be avoided by the public key setup.
However, in both public and symmetric key setup, the only authentication can be made still confidentiality of information is not preserved.Authentication of the users as well as the confidentiality of information both could be maintained from digital creation schemes of Figure 6(D) and 6(E) because here the message is not directly sent.In both schemes, the signing process is done with Alice's private  Generally, it is a five-tuple scheme: could be represented by five different variables (M, S, K, SA, and VA). It must fulfill the following prerequisites:  M: Finite set of all possible messages. S: Finite set of all possible signatures. K: Finite possible key space, i.e. list of possible keys. SA: Signature algorithm space set of all possible signature algorithms. VA: Signature verification algorithm space set of all possible signature verification algorithms. Where, for each key (k) that belongs to keyspace (K) (i.e.k ∈ K), there exist a signing algorithm SIGNk ∈ SA and their corresponding signature verification algorithm SIGN_VERk ∈ VA.  For, each SIGNk: M -> S and SIGN_VERk: (M X S) -> {True, false} are functions that the following below given conditions must be fulfilled for every message X ∈ M and for every signature Y ∈ S: Where, (X, Y) is the pair of message and signature with X ∈ M and Y ∈ S.
key.Finally, it is sent out in the channel using a symmetric shared key and Bob public key, respectively.In the state-of-the-art, there is a few digital signature schemes such as RSA, El-Gamal, Rabin algorithm, etc.Here, the RSA digital signature algorithm has been used.

Hash Function (H):
Symmetric Key Setup: Public Key Setup: Where, same key shared between Alice and Bob, by key sharing method.
X is a message that will be sent after the signing process.Y is the encrypted message or Alice signature.X║Y = message along with encrypted message is sent out to Bob.
EK is encryption/signature algorithm depends on shared key K. DK is decryption/signature verification algorithm depends on shared key K.The hash function converts a message from arbitrary length to the fixed length of a message.
Where, eA and dA are the public and private key pairs, respectively.EdA is encryption/signature algorithm depends on private key dA.DeA is decryption/signature verification algorithm depends on public key eA.

4.2.1: RSA Digital Signature Scheme
The Rivest, Shamir, and Adelman (RSA) cryptosystem can be used to provide a digital signature, and it is known as the RSA digital signature scheme.The required setup to create the RSA signature is demonstrated in Table 4.Moreover, Figure 7 illustrates the explicit demonstration of the creation and verification of the RSA digital signature scheme.RSA algorithm [44] is helpful to provide secure data transmission in a public-key cryptosystem that basically deals with digital signature including the message recovery scheme.The key generation in RSA digital signature is similar to the key generation in RSA.

Problem Definition
The approach proposed is designed to solve three shortcomings of the Watchdog system, namely: receiver collision, limited transmission power, and false identity problem.In the case of receiver collisions (Figure 8), after I transmit Packet 1 to J, it will try to overhear whether J will forward this packet to K; meanwhile, X is forwarding Packet 2 to K. In such case, I overhear that J has successfully forwarded Packet 1 to K but failed to detect that K did not receive this packet due to a collision between Packet 1 and Packet 2 at K. Now, Alice creates digital signature or encrypt this message "x" by using his own secret key (dA): EdA(X) = X d mod n Then, digital signature along with message will be pumped into the network towards Bob.Now, Bob verify this digital/signed signature or decrypt the message by using Alice public key (eA) that is publically available in PKD: DeA(Y= EdA(X)) =Y e mod n = X ed mod n Where, ⊥= relatively co-prime to each other.If, send message X and decrypted message X both are same then verification is done.
According to Table (4), RSA signature is also five-tuple scheme that could be represented by five different variable as mention in Table .Therefore, RSA digital signature and its verification could also be presented as per following equations: SIGNK In the case of limited transmission power (Figure 9), J purposely decreases its transmission capacity to maintain its own battery life, so it is loud enough to be grasped by I, but still not strong enough to be heard by K.
In the case of false misbehavior acknowledge (Figure 10), while I secretly recorded successfully that J forwarded Packet 1 to K, I also inform J as behaving badly.Due to the versatile platform and remote distribution of MANETs, attackers can easily catch and hack nodes to execute this attack to report misbehavior.After that, we tried to solve the false misbehavior activity by securing acknowledgment, node authentication, and packet authentication.We safeguard two-layered defense for security.Additional bits allocated in the first layer are used to carry sequence numbers, keeping transmission time fixed to define the packets sequence in the proper interval for that time.This is done for the transmission of both packet and acknowledgment.The next layer is defined by twofold safeguarding the forwarded packets, by putting digital signature.According to the draft of DSR [45,46], seven bits are reserved in the DSR header.These seven bits have been used to maintain sequence numbers.We assume bidirectional communication links with source and destination not being malicious.Both data packets and packets of acknowledgments must be digitally signed by the source and authenticated by the destination.In our proposed scheme, RSA is used to encrypt the packet.

Performance Evaluation
This section discusses the simulation method, setting up of simulations and review of comparative results with existing ones such as DSR, Watchdog, and 2-Ack.

Simulation Approach
To examine the performance of DSSAM with several kinds of attacks, we have planned two case scenarios to simulate diverse kinds of attacks by seeding proportionate misbehavior nodes in our simulation terrain setup: CASE 1: Firstly, we conducted a packet-dropping and delay attack [47].The malicious nodes lose all the packets got, meaning that all the packets are lost.This scenario's concept is to measure the efficiency of intrusion detection against both the two limitations of the Watchdog; restricted transmission power and collision with the receiver as when there is a fixed range specified transmission power.CASE 2: It is considered to examine intrusion detection systems performances against fake acknowledgment.Here, malicious nodes more cleverly behave with often falling the packets and return a fake acknowledgment whenever possible.

Simulation Setup
We have taken into consideration both the physical layer and MAC layer 802.11b for simulation.The QualNet Simulator-7.0 on a desktop with i7 CPU and 4-GB RAM taken as a simulation resource.For each scheme, each simulation ran 10 Telnet sessions and calculated the average.The 2-ACK scheme observational time was fixed at Tobs = 0.9 seconds.Unless otherwise stated the Rack = 0.25 recognition ratio being used by the 2-ACK scheme, acknowledgment miss ratio Rmis = 0.80 and a timeout value of T = 0.12 second.Along with the above also listed parameters in Table 6 are used for the analysis of the simulation.RO: RO defines as the routing data of the network obtained by an application using a proportion of the required bandwidth.This additional data is called as routing overhead.
During the simulation, the origin node sends an RREQ packet to all other neighbors that broadcast will be within its range of communication.Neighbors received this RREQ message, so each neighbor adds their addresses consequently to the message and then sends an attached message to their neighbors.There is one important scenario that whenever any node receives more than one same RREQ, it completely denies it.In case any failed node is noticed, a message RERR is sent to the origin node, which usually implies a split link in flat routing protocols like DSR.When the RREQ destination node identified as the end destination node, this node activates an RREP message and transfers back from the original RREQ message to the source node using the reverse route request process.
With reference to the digital signature system, we took up an open-source library called Botan [48].For RSA schemes, we have considered a 512-b RSA key for each node in this network.For each node, we presumed that a private key and a public key were created and circulated in advance.The key file sizes of 512-b are 256 and 512 B, respectively.The signature file size for RSA is 120 B.

Results and Discussion
Case 1: Here, malicious nodes lose the packets all over.Figure 11 and Table 6 shows the results, based on packet delivery fraction.The obtained routing overhead in case 1 is shown in Figure 12 and Table 6.It is observed that dynamic source routing and Watchdog scheme attains better result because they do not require acknowledgment method to detect mischief-nodes.2-ACK and DSSAM have effective overhead.Even though DSSAM requires a digital signature in all packet and acknowledgment packets are also considered, hence overhead is increased.But DSSAM still performs well compared to other techniques.This is because of the hybrid scheme used here.
Case 2: Here, we seeded malicious nodes that send the fake acknowledgment to the source node.This case is designed to check the intrusion detection system's performance under fake acknowledgment.Figure 13 and Table 6 show the results for packet delivery fraction.If the percentage of malicious nodes is 10%, DSSAM's output is around 3% higher than 2-ACK.DSSAM scheme beats all other schemes when the malicious nodes reach at 20% and 30%.

Conclusion and Future Scope
There are many possible reasons for packet drop in MANETs that fall broadly under two types namely, intentional and unintentional mischief.The unintentional misbehavior could be caused by overloaded node (due to extreme dearth of CPU cycles and restricted buffer space), collision and traffic delays.
The packet drop can happen due to connection errors because of intrusion or evaporation by the mischievous intruders.The packet-dropping attack represents a massive risk to secure the MANETs.
This paper explains that we have described and simulated the method DSSAM in a standard environment and compared it with existing methods under different scenarios.The obtained simulation outcome provides enhanced performance against Watchdog and 2-ACK in the points of false misbehavior acknowledgment, collision with the receiver and the limited transmission capacity.We incorporated the digital signature in the method.While in a few circumstances, it creates more routing overhead, but increases the network's efficiency in terms of the fraction of packet transmission.It would be an interesting topic for a future research study to understand and estimate the performance when partially misbehaving nodes intentionally degrade performance owing to their greediness for saving their own battery power.And to estimate the battery consumption with varying percentage of greedy nodes in the same environment.

b.
The MANET application layer has attracted vast research as well as the scientific community during the last few decades.As a result, many user authentication techniques for MANET and WSN have been proposed and published in the literature.Among them, a few most closely relevant to our proposed method are explored.c.Article also discusses the possible security attacks on different security goals along with its target and prevention schemes.d.Due to open and decentralized characteristics of MANET, misbehaving, or the suspicious nodes may be involved in the process of route discovery.Further, they may refuse to provide the information/services in the network, i.e. deny forwarding the data packets.Therefore, this article tries to identify the existing intrusion detection systems that can identify and prevent disruptive network operations.e. Existing intrusion detection techniques such as Watchdog and 2-ACK are explored in terms of their strength and weakness.

:
Figure 1 also shows different security threats as follows: a. SA1.Snooping: This is a passive type of attack relating to unauthorized access or interception of communications content.SA1 may be prevented by using encipherment methods to make the content of communications non-intelligible.b.SA2.Traffic Analysis: Such groups of attackers basically consider one communication pattern within the MANET environment. Network traffic monitoring: e.g.log files, Web pages, etc. Seek to obtain valuable statistical analytical information: e.g. who interacts with whom, where, for how long, where?And who cares about what content, etc.? c.SA3.Modification: This is something of a deliberate kind of attack.Attackers attempt to change the information in order to make their own benefit after accessing the document.In this scenario, attackers also often seek to delete or interrupt the post, to harm or benefit the machine.d.SA4.Masquerading: Masquerading or spoofing form of attack may be deployed on the ad-hoc mobile network while someone else is being impersonated by the attacker.Firstly, an intruder intercepts one or more legitimate authentication queries.Later, modify this request to allow it to pass MANET's authentication test and get authorization to access services inside the network.e. SA5.Replaying: Anyway, in this SA model, the intruder receives a copy of a message received by the legitimate user to either access the MANET or trick the lawful user by claiming himself to be a genuine service provider.If an intruder fails, then it could be considered the assault as a replay defense threat.

Figure 2 .
Itdetects the misbehaving nodes[11].Suppose a path runs from node S to D through A, B, and C. Still, A is not capable of transmitting to C but it can respond to B. So, A can tell if B broadcast the packet.If encryption is not conducted on each connection (which itself is an expensive and complex affair), then A can also say whether B has tampered with either payload or header.The DSR routing protocol can identify misconduct at the forwarding point.The weakness of Watchdog lies in the fact that it may not be capable of detecting a node mistreating in the context of following collisions: Ambiguous collisions,  Collisions with receiver,  Limited transmission power,  False misbehavior,  Collision and partial dropping.

Figure 6 .
Figure 6.6(A) Hash function and Digital Signature: 6(B) Symmetric Key Setup, 6(C) Public Key Setup, 6(D) both Public and Symmetric Key Setup, 6(E) Only by Public Key Setup

Fig. 11 .
Fig. 11.Case 1 -Packet Delivery FractionOur proposed method DSSAM outperforms Watchdog's performance by an average of 20% as 20% malicious nodes availability into the network.We observe that 2-ACK and DSSAM acknowledgment-based schemes are capable of detecting malfeasance with a receiver collision and limited transmission capacity.Nevertheless, if the percentage of malicious nodes exceeds 40%, the efficiency of our suggested DSSAM framework is good than others.

Table 1 .
Comparative Study of Various Security Attacks: Target and Prevention 3.1.3UsabilityAttributes(UA):Theproposed authentication MANET scheme also supports various usability attributes along with resistance capacity against different attacks.The several usability attributes are listed out in Table2with its descriptions.

Table 2 .
Important Usability Attributes of Authentication Mechanism with its Description intermediate nodes provides services/information. Therefore, mutual authentication between end-users and intermediate node becomes essential.

Table 3 .
Formal Way to Create and Verify Digital Signature Technique

Table 4 .
In RSA Setup Key Generation Phase

Table 5 .
Parameters for Simulation

Table 6 .
Average Results Outline