An Intelligent Hybrid Mutual Authentication Scheme for Industrial Internet of Thing Networks

: Internet of Things (IoT) network used for industrial management is vulnerable to different security threats due to its unstructured deployment, and dynamiccommunication behavior. In literature various mechanisms addressed the security issue of Industrial IoT networks, but proper maintenance of the performance reliability is among the common challenges. In this paper, we proposed an intelligent mutual authentication scheme leveraging authentication aware node (AAN) and base station (BS) to identify routing attacks in Industrial IoT networks. The AAN and BS uses the communication parameter such as a route request (RREQ), node-ID, received signal strength (RSS), and round-trip time (RTT) information to identify malicious devices and routes in the deployed network. The feasibility of the proposed model is validated in the simulation environment, where OMNeT ++ was used as a simulation tool. We compare the results of the proposed model with existing field-proven schemes in terms of routing attacks detection, communication cost, latency, computational cost, and throughput. The results show that our proposed scheme surpasses the previous schemes regarding these performance parameters with the attack detection rate of 97.7 %.


Introduction
The utilization of Internet of Things (IoT) in industry is a revolutionary technology for data acquisition and processing, which bring many benefits to the lives of human beings utilizing different applications. Sensor devices collect data from human inaccessible areas by interconnecting hundreds and thousands of wireless nodes to form a heterogeneous network over the Internet [1]. Internet of Things had a wide range of applications, which includes industrial automation, The rest of the paper is organized as Section 2 of the paper contains the related work followed by Section 3, which contain the contribution of this research work. Section 4 of the paper comprehensively overviews the proposed methodology, followed by Section 5, which represents the formal security analysis of proposed model with rival schemes. The implementation and result statistics in terms of comparative analysis are further discussed in Section 6. Section 7 summarizes and concludes the paper with future work.

Related Works
Industrial Internet of Things (IoT) is an effective tool to gather information from inaccessible areas, where human access is not possible. Security of these networks is a challenging issue for the research community to devise new methodologies and techniques, which should be prone to security threats. The literature given below contains some latest techniques adopted to counter routing attacks in Industrial IoT.
Parmar et al. [15] proposed the Ad hoc on-demand Multipath Distance Vector (AOMDV) routing protocol with the incorporation of RTT time to combat routing attacks in IoT networks. Del et al. [16] proposed the Connected and Extended Mechanism-based technique to counter link attacks in IoT networks. The proposed model uses performance reliability parameters of communication in the designated network infrastructure to identify transmission attacks. The intrusion detection system (IDS) framework was proposed by Granjal et al. [17]. This model was specifically against one system, which minimizes its use in the real deployment.
Khan et al. [18] suggest the signature-based security technique to identify malicious nodes in the deployed network. In this technique, the authors used special nodes to detect assailant nodes in the deployed WSNs based on signature matching. However, the signature-based security identification mechanism in the Industrial IoT network increases the communication costs and network overhead in the heterogeneous environment. The Markle tree-based hash algorithm scheme was proposed by Idris et al. [19]. They used the hash function to verify the legitimacy of participating sensor nodes. The limitation of the proposed model was complex implementation, high cost, end to end delay (E-2-E) and network overhead. The multi-level authentication scheme was proposed by Vo et al. [20]. In this model, the authors used a three-phase hop authentication technique, where the adjacent node uses the control information to authenticate legitimate packets and segregate abnormal packets from legitimate traffic in the network. The limitation of the proposed scheme was its complex implementation and extra energy consumption during the authentication process.
Yifeng et al. [21] proposed the received signal strength (RSS) based technique for the detection of wormhole attacks in WSNs. In the proposed model, the authors used RSS information for paired nodes to verify the legitimacy of participating nodes. However, the implementation and authentication mechanism of the proposed model was very simple, which allow the attacker to adjust intruder nodes in the network with the same RSS. Therefore, this model was not reliable as far as security concerns of WSNs. Rezaei et al. [22] proposed the different route discovery scheme to identify wormhole and sinkhole attacks in IoT. The author's used hop count information of adjacent nodes to verify the authenticity of participating nodes in the proposed model. To address, the authentication problem in IoT networks, a time interval-based technique was proposed by Kaur et al. [23]. In the proposed technique, the author's used E-2-E delay information between paired nodes to identify malicious routes in the network. However, the proposed model was effective for the closed and small WSNs, where the external interferences such as fidelity and attenuation do not affect the transmission medium. Mukherjee et al. [24] used the round-trip time (RTT) information in their model to verify the authenticity of the participating nodes and network traffic. Besides that, they used the RTT comparison for the paired nodes authentication.
Adil et al. [25] proposed the MAC-AODV mutual authentication scheme for constraintoriented networks. The proposed model was very effective for small WSNs, due to its high throughput, low latency and least packet lost ratio. The limitation of the proposed model was deployment in a specific area such as a homogeneous environment. Obaidat et al. [26] proposed the Software-defined networking (SDN) infrastructure for wireless networks to avoid man-in-themiddle attacks. They used a central program hub named 'SDN Controller which controls the communication and authentication process in the network. Shigeyasu et al. [27] was proposed the novel distributed algorithm, which is derived from the Collusive Interest Flooding Attack (CIFA) to address the security problem in IoT networks. The Theil index-based security scheme was suggested for vampire attacks countermeasure by Cong et al. [28]. A comprehensive review of security issues associated with IoT networks was presented by Georgios et al. [29]. Ali et al. [30] proposed the decentralized approach for a peer-to-peer authentication scheme for WSNs. Adil et al. [31] proposed an anonymous channel categorization scheme for constraint-oriented networks to resolve the security issue.

Contribution of the Proposed Approach
The contribution of the proposed model is the development of a lightweight hybrid mutual authentication scheme to identify routing attacks in deployed Industrial IoT networks. Moreover, the proposed scheme uses the communication parameters to identify routing attacks in the deployed Industrial IoT networks, which not only minimizes network overhead, but also improve the overall lifetime of wireless nodes. Therefore, the proposed scheme is very effective for resources limited network, because it not only focuses on the security aspect of Industrial IoT networks, but it also considers the communication aspects of deployed Industrial IoT networks to achieve better results for end-to-end delay, throughput, packet lost ratio with minimum energy consumption and network overhead. Steps to be followed in the proposed model: a. To interconnect all legitimate nodes in the network topological order b. To develop a secure routing infrastructure, where legitimate nodes share information with c. Development of two functions authentication scheme to verify the confidentiality and integrity of data d. To identify routing attacks and malicious nodes in an operational network e. Authentication of legitimate nodes in an operational network in terms of back-up scenario f. The feasibility of the proposed model is checked in the simulation environment to verify the performance reliability in terms of comparative results with rival schemes.

Proposed Methodology: Mutual Authentication Scheme
In this paper a hybrid mutual authentication scheme for Industrial IoT networks is proposed combat routing attacks. The proposed model uses two functions, which back up each other during assessment of network traffic to identify malicious activities in the network. The function 1 of the proposed scheme is known as AAN, which initiates a RREQ message in the network, the ordinary nodes in the vicinity responds with a RREP message. The AAN node uses communication parameters such as node-ID, RSS and RTT to verify the legitimacy of incoming RREP packet. Likewise, if any node in the network is missed by an AAN node during the assessment process and this node make direct communication request with the BS. Then in the backup BS will assess its traffic as function 2 by comparing the aforementioned communication parameters to verify the legitimacy of incoming RREQ/RREP. If the incoming RREQ/RREP satisfies the defined communication parameters, then the BS allows it for communication in the network. If the defined communication parameters of requesting or responding node do not match in the BS, then the BS denied it's RREQ/RREP for further processing in the network. Once the incoming RREQ/RREO packet is denied by BS or AAN node, then an alarm message is generated to acknowledge the existence of malicious activity in the network. Moreover, in the proposed model, both the functions worked independently of each other, but they ensure the security of the network in composition. This is the advantage of our proposed model, where both the functions are working in backup order to minimize the chance of an attacker node to participate in the operational Industrial IoT network.
Herein, we explain the concept of our proposed model with an example to clarify the working steps. Let assume, an AAN (Ai) generates an RREQ packet in the network, a sensor node (Si) ∈ (Sn − 1) in the vicinity respond with an RREP message. The Ai node checks the incoming RREP of Si ∈ (Sn − 1) for its defined security parameters, if Si RREP verifies the defined security parameters, then Ai will allow it for communication in the network. In case, if Si RREP does not verify the defined security parameters of Ai, then Ai broadcast an alarm message in the network to acknowledge the existence of a malicious node in the network. Moreover, if Ai node fails to detect the fake RREP/RREQ in their proximity, and the same attacker node directly approaches to the BS for communication. In this case, the BS in the backup scenario checks the RREQ with the defined security parameters as mentioned for the Ai node to verify the legitimacy of the requesting node. After security assessment, the incoming packet is allowed or denied for communication in the network.
The basic diagram of our proposed scheme is shown in Fig. 1. The legitimate nodes in the network are shown with green color, AAN nodes with blue color and directly connected nodes with BS are shown with pink color. AAN verifies the legitimacy of participating nodes by generating an RREQ message in the network, which is shown with yellow color in the diagram. Similarly, the AAN nodes receive RREPs against generated RREQ in the close vicinity as shown with yellow arrows in Fig. 1. Moreover, the Pink nodes shown in the diagram are directly connected with BS, where the BS checks their legitimacy by comparing its RREQ or RREP information with defined security parameters. The legitimacy verification process of BS and directly connected nodes are shown with the Blue line in the diagram. Similarly, the network topological connectivity of the proposed model is shown with dark green lines in Fig. 1, where the legitimate nodes send their collected data from source to destination node via hop count selection in the network. Fig. 1 of the paper verifies that AAN and BS work independently to identify malicious activity in the network. The back-up support of the two functions maintains a high standard of security in deployed WSNs. The stepwise authentication mechanism of the proposed model is elaborated as follows: The AAN nodes are used with ordinary nodes during the deployment of network architecture. The AAN are special nodes, which have high storage, computation, and transmission capabilities. Moreover, these nodes use their built-in configuration to verify the legitimacy of network traffic and participating nodes. The behaviors of these special nodes are different from other legitimate nodes in the network because the functionality and tasked assigned to these nodes are completely different. The AAN assesses the network traffic in their nearest proximity in terms of communication parameters, such as node-ID, RTT and RSS to identify malicious activity in the deployed WSN. The parameters used by AAN node in the following manner to verify the legitimacy of network traffic and participating nodes.

Authentication of Legitimate Nodes through Device-ID, RTT and RSS: AAN Nodes
The AAN nodes assessment phases: The AAN nodes use communication parameters such as nod-ID, RTT and RSS to verify the security of the deployed network. In the first phase, an AAN node matches the responding node-ID with its routing table to verify the legitimacy of the network traffic. The AAN node Ai generates an RREQ message, all the Si ∈ Sn-1 in proximity respond with a RREP packet. After reception of Si ∈ Sn-1 nodes RREPs messages, the AAN node compares the responding nodes node-ID(s) with its routing table. If the Si node − ID ∈ Ai routing table, then Si fulfills the defined criteria, and the packet is forwarded for the next assessment parameter to ensure the legitimacy. Likewise, the process is continuous to verify the legitimacy of the participating nodes and network traffic throughout the life of deployed WSN.

Round Trip Time (RTT) Model: AAN Nodes
The RTT of a message is very sensitive, because its value is affected by communication metrics such as medium, congestion and contention in the network. Therefore, in the proposed model sufficient attention has be given to this issue to utilize the RRR of a message in an operational environment effectively. Moreover, in simulation environment links parameters was kept constant for ordinary communication. However, the value of RTT was considered infinity or higher than its estimated value if there is a fault communication in the communication medium. Likewise, these nodes are identified by comparing their RTT values with their estimated values to identify them accurately.
The RTT time mostly depends upon the numbers of wireless nodes they are present in the source and destination node. The efficiency of RTT can be improved by minimizing the distance between communicating nodes. Therefore, in this work, we used the AAN nodes to verify 96% to 98 % RTT of participating nodes with one-hop communication, because RTT calculation was the responsibility of AAN. RTT = queuing time source + propagation delay + buffer time at destination node (1) In the proposed model, let assume that the minimum RTT is λRTT with one sensor node is given by: In Eq. (2), λ1 and λ2 represents the delay time for AAN node and responding legitimate node. The network topology for proposed consideration is shown in Fig. 1, where the paired node is at a distance of one hop or λ from AAN. Therefore, the defined threshold value for all participating nodes should be the same in terms of RTT time.
Hence, λ be the uniform delay time or RTT for allpaired nodes, then λ = λ1 = λ2 = λ3 . . . = λn − 1 for N number of nodes. Then, This is the minimum RTT time a node takes to send a message from source to destination with the help of hop count. So we can define their RTT through Eq. (4):

Received Signal Strength (RSS) Assessment Model: AAN Nodes
The RSS of signal/received packet plays a vital role in the authentication process of our proposed scheme because the RSS confirms the distance range parameters defined for legitimate nodes by AAN. AAN nodes in the network continuously measure the values of RSS parameters for all incoming RREP to identify routing attacks, such as wormhole and sinkhole attack. The calculation of RSS is made based on the following formula: The value of transmission power and antenna gain is kept constant for fixed transmitter (Tx) and receiver (Rx). The AAN Ai broadcast an RREQ message packet in the network, the ordinary nodes Si ∈ Sn − 1 in the proximity respond with a RREP message, which contains node-ID, RTT and RSS information. After the reception of Si RREP, the assessment of the incoming packet is started for node-ID, RTT and RSS. In the case of RSS, the packet threshold value for RSS is set about 80 m. Likewise, all incoming RREPs go-through this process to verify the legitimacy of network traffic, before initialization of the communication process in the network. If any packet, who's RSS, is (>) 80 m, then the requesting node traffic is denied for communication in the network and an alarm is generated to acknowledge the existence of malicious packet in the network. Moreover, during the operational network, the verification process is continuous throughout the entire lifetime of the network. The AAN nodes Ai broadcasts RREQ packets in the network after a defined interval of time and receive RREP from close vicinity Si nodes ∈ Sn−1 to verify the legitimacy of network traffic and maintain high-quality security in the network.
In Fig. 2, the legitimate node is denoted by Si, where Tx is used for transmission and Rx for reception of a packet. Fig. 2 of the paper briefly overviews the authentication process of an AAN node to verify the legitimacy of network traffic. AAN node (Ai) initiates RREQ message and broadcast it in the network. All participating node Si ∈ Sn − 1 in close vicinity receives Ai RREQ and responds with RREP packet, which contains information of Si node such as source node-ID, RTT, RSS and Destination node-ID. The Ai node checks the received RREP packet of responding node to measure the value of RSS. If the RSS value of responding nodes is ≤80 m, then AAN verifies its legitimacy in the network. Hence, the authentication and verification process of an AAN complete successfully.
Proof of Theorem 1: Let us suppose that, the AAN (Ai) generates RREQ with Si ∈ Sn − 1. The Ai RREQ message is received by proximity Si ∈ Sn − 1 nodes. The Si node responds with a RREP messages to Ai RREQ, which contain node-ID, RTT and RSS. By, following the authentication process, Ai checks node-ID, RTT and RSS of responding RREP, the RSS of Si ∈ Sn − 1 > 80 m. Hence, Ai denied the RREP of Si because it did not satisfy the define security parameters. Conversely, if an authentication aware node (Ai) of the network generates a RREQ request with Si ∈ Sn − 1. Likewise, the Si ∈ Sn − 1 responds with an RREP packet. Ai verifies the security parameters of Si by comparing node-ID, RTT and RSS of RREP. The RSS of responding node Si ∈ Sn − 1 node RREP is < 80 m as check by AAN. Hence, the RREP information of Si will be authenticated successfully by AAN. Hence, the aforesaid theorem verifies that only legitimate node Si ∈ Sn − 1 having RSS ≤ to 80 m can be authenticated in the network.
However, the role of Si ∈ Sn − 1 is to collect information according to their deployment requirement and process them for further analysis in the network, after the security check of AAN. The communication of legitimate nodes in the proposed scheme is based on point to point and point to multi-point with respect to AAN and BS.

Base Station (BS): Authentication Mechanism
Base Station (BS) plays the role of a junction for all traffic in the network because all traffic passes through the BS in the homogeneous and heterogeneous network infrastructure. Fig. 1 of the paper shows the importance of BS that how the legitimate nodes send their collected data to destination location via BS. Moreover, in our proposed model the connectivity of BS is point-topoint and point to multi-points in the deployed network. Similarly, the legitimacy of incoming packets is confirmed by matching its nodes ID, RTT and RSS in the AAN nodes and BS. Ai ← broadcast an alarm message (in case of reject) 16: (End If) 17: Si ∈ Sn − 1 ← Accept acknowledge and update 18: (End For) 19: Return Updated legitimated node information

BS Authentication Process: Round Trip Time (RTT) Verification Mechanism
Base station authenticates the directly connected nodes through incoming traffic such as RREQ/RREP packets. The legitimate nodes of the network Si ∈ Sn − 1, which are not in the vicinity of AAN, they directly communicate with BS. Likewise, the directly connected nodes share their collected information through concerned BS. However, once the legitimate nodes Si-∈ Si − 1 generate a RREQ with BS. The BS verifies its security in terms of comparing or measuring its node-ID, RTT and RSS of the incoming packet. The BS match node-ID RSS and RTT of requesting node, if all security parameters are satisfied, then the BS allows the requesting node for communication in the network. Else BS denied the incoming RREQ/RREP packet for communication in the network. According to Eq. (1) RTT is the time that a message needs to reach from source to destination. Similarly, the minimum RTT set for BS is equal to λRTT in our case and the distance parameters are set for BS according to Eq. (2), where In Eq. (6) λ1 and λ2 is the delay time between BS and requesting node for one-hop distance in the proposed model to maintain accurate RTT between paired nodes. The parameters of Eq. (3) are considered for one-hop distance communication between BS and requesting node. Likewise, the BS checks the value of RTT time to verify the legitimacy of the requesting node in the network.

Base Station (BS): Received Signal Strength (RSS) Model
Let assume that a legitimate node of the network Si ∈ Sn − 1 generates a RREQ message with concerned BS. The Si RREQ packet contains information such as (src-ID ⊕ des-ID ⊕ RTT ⊕ RSS). After the reception of Si node RREQ, the BS checks the security parameters such as node-ID, RTT and RSS. The RSS value of incoming RREQ is compared with the defined threshold value of RSS in BS, which is <80 m. Moreover, the BS uses Eq. (5) to calculate the RSS value of incoming RREQ message, where the values of transmission power and antenna gain are kept constant for fixed transmitter (Tx) and receiver (Rx). After the calculation of RSS value, the verification process is started, where the value of RSS is matched in the BS. If the value of RSS is < 80 m, then the incoming RREQ message RSS is matched in BS. Similarly, the BS after this verification check allows the requesting node for communication in the network. In case, if the value of RSS does not match in the BS, then the BS denied the RREQ message and broadcast an alarm message in the network to acknowledge the existence of malicious activity in the network.
The paper illustrates the authentication process of legitimate nodes Si ∈ Sn − 1 RREQ with concerned BS in Fig. 3. The legitimate node Si-generates a RREQ with concerned BS, which contains information such as (src-ID ⊕ RTT ⊕ RSS ⊕ des-ID). After reception of Si RREQ, the BS checks the node-ID, RTT and RSS. Likewise, in the verification process, the BS calculates the values of the incoming RREQ packet for RSS. After that the BS matches the values of RSS with the defined threshold value, which is ≤ 80 Meters, if the RSS belongs to this defined category, then the BS station allows the same node or route for communication in the network. If the value of incoming RREQ does not satisfy the security parameters condition of BS, then the BS denied the incoming RREQ packet for communication and generates an alarm message in the network to acknowledge the existence of malicious activity in the network. The steps adopted during the authentication phase for a legitimate node Si-∈ Si − 1 with BS are shown in Algorithm 2. Hence, Bi RREQ will be denied by concerned BS.
Conversely, if a legitimate node Si generates a RREQ request with concerning base station (BS). The BS checks Si RREQ request with define security parameters. The Si node packet satisfies the security parameter of BS. Thus, the RREQ request information of Si will be matched successfully, because Si ∈ membersBS. Therefore, the aforesaid theorem verifies that only legitimate node Si ∈ member (BS) generates RREQ in the network to process data.

Authentication of Fake Route RREQ: Routing Attacks
The functions of the proposed model back up each other to identify routing attacks and malicious nodes in the network. However, both the function works independently, which minimizes the chance of attacks in designated WSNs. Once, one function fails to identify fake RREQ, then function two in the backup carried out the same security check to verify the legitimacy of the network traffic by applying security parameters. The AAN node and BS use the node-ID, RTT and RSS information to verify the authenticity and integrity of data in the network.
The AAN node continuously generates RREQ messages in the network to verify the legitimacy of participating nodes and network traffic in their vicinity. However, in the case, when an ordinary node, which is not in the vicinity of AAN node and it launches a direct communication request with the concerned base station. Then the BS checks the security parameters of incoming RREQ with its defined security parameters to verify the legitimacy of requesting node.
Likewise, an attacker node Bi generates an authentication request with Ai or BS. The Bi RREQ contains (src-ID ⊕ RTT ⊕ RSS ⊕ des-ID) information. The Ai or BS matches Bi RREQ information with their defined security parameters. The Bi node-ID, RTT and RSS ∈ Ai or BS security defined parameters. Therefore, Ai or BS denies Bi RREQ and broadcasts an alarm message in the network to acknowledge the existence of an attacker node. The detailed overview of attacker node detection is shown in Fig. 4.
The malicious RREQ authentication mechanism is shown in Fig. 4, of the paper. The malicious node Bi generates RREQ with BS or Ai nodes by advertising fake RREQ in the network. After reception of Bi RREQ BS or Ai applies the security check parameters such as node-ID, RTT and RSS. The BS or Ai matches the above-mentioned parameters of the requesting Bi node. The Bi node-ID ∈BS or Ai registered list. Likewise, the RTT and RSS of Bi(>) the defined values of security parameters in BS or Ai. Therefore, the BS or Ai node denies Bi RREQ and broadcast an alarm message in the network.
The attacker node Bi is identified in the above-mentioned scenario of Fig. 4 successfully by comparing conditional security parameters. Our proposed scheme plays exceptionally well to combat routing attacks in industrial IoT networks. Moreover, the effectiveness of our scheme was seen for different types of attacks, such as Eavesdropping, Man-in-Middle attack, Server-side attack, Client-Side attacks, Insider, and Anonymity based attacks on deployed IoT networks.

Formal Security Analysis of Our Mutual Authentication Scheme
In this section, the proposed model was evaluated for well-known security threats to WSNs, which can be launched on an operational network. The comprehensive overview and adopted measures are discussed as follows.

Client Impersonate Attacks
Let us assume that an attacker node (Bi) generates RREQ with neighbor's nodes. For this, Bi broadcast its RREQ packet in the network, which should be received by concerned BS or AAN node. After, the reception of attacker node B i RREQ packet, the BS and AAN nodes checks the security parameter such as node-ID, RTT and RSS. The BS and AAN (Ai) node calculate and verifies the defined security parameters for the incoming packet of Bi. The Bi RREQ packet does not verify the BS and Ai security parameters. Therefore, the BS or AAN node broadcast an alarm message in the network to acknowledge the presence of a malicious node in the network.

Eavesdropping Attacks
In this type of attacks, the attacker hijacks the transmission channel and attracts the network traffic in term of an insecure communication channel. In our proposed model, an attacker node Bi generates a fake route RREQ in the network, which aims to advertise the shortest path to the destination node. The broadcasted RREQ message of Bi is received by AAN and BS. The BS and AAN nodes apply the security check parameters to verify the legitimacy of the incoming RREQ packet. Once, the security check is carried out, then, the Bi RREQ does not fulfill the security parameters of our proposed model. Therefore, malicious RREQ is easily identified by our parametric hybrid scheme and acknowledges the existence of malicious activity in the network by broadcasting an acknowledgment message. Hence, our proposed model is very effective against eavesdropping attacks in WSNs environment.

Server-Side Attacks
Let suppose that an adversary node Bi generates an authentication RREQ with BS. Once the BS receives Bi RREQ, it checks the security parameters like node-ID, RTT and RSS. In the parameter matching process, Bi RREQ does not verify the defined parameters of BS. Therefore, Bi fake authentication RREQ is successfully identified and denied by concerned BS in our proposed model.

Off-Line Phase Guessing Password Attacks
Let assume that an adversary Bi guesses the authentication scheme and authenticate in polynomial time to communicate as a legitimate node Si in the network. In this case, the adversary Bi needs to fulfill all the security parameters like node-ID, RTT and RSS. Once the calculation has been carried out the RTT and RSS of requesting Bi node does not match in AAN or BS. Therefore, the off-line guessing password attack fails against our scheme, due to RTT and RSS value calculation.

Sensing Node Capture Attacks
Let assume that an adversary Bi hijack one legitimate node of the network and attract it is all security parameters and traffic information. In this case, the adversary node did not know about the AAN and BS, where the communication parameters of broadcasted RREQ/RREP messages are continuously checking. Let assume that node-ID of adversary Bi matches in BS or Ai, but their RTT and RSS information does not match. Hence, our scheme is also effective against sensing node capture attacks, because of communication parameters checking. The formal security analyses are shown in Tab. 1 of the paper.

Experiment Results Analysis
The Proposed hybrid mutual authentication scheme was implemented in the simulation environment, where OMNeT++ was used as a simulation tool. OMNeT++ simulation tool has the 462 CMC, 2021, vol.68, no.1 capability to develop real-time IoT, WSNs and ad hoc networks in the simulation environment. The proposed model was implemented by specifying network area with distribution of AAN nodes, ordinary nodes and BS(s) in the network topological order. The authentication parameters were set in the AAN and BS with communication connectivity with ordinary nodes. Moreover, the role assigned to BS and AAN node to identify malicious activity in the network such as victim nodes and routing attacks by the assessment of communication parameters such as RSS, RTT and node-ID. The parameters set-up used in the proposed model are briefly shown in Tab. 2. The parameters shown in Tab. 2 were used in the topology and infrastructure development of our proposed scheme. Moreover, the simulation environment was developed through the composition of theses parameters to capture results for our scheme. In addition, the extracted results of our proposed scheme were compared with its rival schemes based on routing attack detection rate, average throughput, latency and communication cost. Moreover, energy consumption and performance reliability were also seen to evaluate the overall structure of the proposed scheme.

Communication Cost
The communication cost of our proposed scheme was compared with existing schemes to address the issue of routing attacks in WSNs such as wormhole and sinkhole attack. Furthermore, the communication cost was observed for the proposed scheme during a simulation environment, which has better results statistics than its rival schemes, except Vo et al. [20] scheme. The communications session was established between legitimate nodes of the network with proper monitoring to verify the legitimacy of network traffic. The results extracted during simulation are shown in Tab. 3 with a comparison ratio to its competitor schemes.

Results Analysis of AAN Based on RTT Assessment
The results of our proposed model were seen for routing attacks during the simulation environment. The simulation statistics for both functions AAN and BS were individually observed to verify the performance reliability of the proposed model in terms of routing attacks detection. The results statistic seen for routing attack detection and adversary node identification through BS and AAN node was found quite consistent and remarkable. In the phase, the AAN was considered for evaluation, where an adversary node advertises fake RREQ in the network. The adversary node advertised fake shortest path information to the destination node by a broadcast packet in the network. Similarly, this RREQ was also received by AAN node. The AAN node carried out the necessary security verification process to match the RREQ RRT time with its defined values. The adversary node was observed that it does not verify the security condition of RRT by matching its value. Similarly, after the assessment, the AAN node generates an alarm message to acknowledge the existence of an adversary node in the network.
The simulation result verifies that AAN node successfully identified an adversary node in the network. This verifies that the AAN node detection rate of routing attacks based on RTT assessment was quite accurate in the operational network against fake RREQ packet. Subsequently, the number of adversary nodes was increased in the deployed WSN infrastructure to verify performance reliability with a high number of fake RREQ, which was also found quite exceptional for AAN node. The AAN aware node detects the maximum number of fake RREQ in their vicinity, whose statistics are shown in Fig. 5.

Results Analysis of AAN Based on RSS Assessment
The results of our proposed model have also seen for RSS based assessment of AAN, where adversary nodes were used in the operational network to advertise fake RREQ and hijack network security. The node-ID and RTT time in fake RREQ was kept similar to legitimate nodes RTT and node-ID, where the RSS was different for all introduced adversary nodes. During the simulation, the AAN nodes were closely observed for assessment of RSS of fake RREQ of an adversary node, which was found quite remarkable by assessing maximum RREQ in the close vicinity. Moreover, the statistical analysis observed during the simulation for an AAN node based on RSS is shown in Fig. 6, where the adversary node RREP(s) assessment and detection % are shown in graphical form as captured during the simulation.

Results Analysis of AAN Based on RSS and RTT Assessment
AAN node's results were also seen for fake RREQ(s), where both the values of RTT and RSS were different from other legitimate nodes of the network. The legitimate nodes and adversary node in the operational were closely seen in term of authentication of RTT and RSS for incoming RREQ/RREP to ANN. The ANN nodes were found quite consistent in identifying adversary nodes; they have fake RREQ(s) in the network. Moreover, the performance reliability of the network was also seen during the existence of adversary nodes with legitimate nodes in the network. The statistical analysis observed during the simulation assessment of AAN node to detect fake RREQ with the help of RSS and RTT are shown in Fig. 7.

BS Fake RREQ Results Analysis Based on RTT and RSS
The BS results were also seen for the detection of fake RREQ(s) during the operational network, where the legitimate nodes were communicating with BS. The statistical analysis extracted from the simulation tool is shown in Fig. 8, where both adversary and legitimate nodes broadcast RREQ/RREP packets in the network. However, those fake RREQ, which were received by BS directly from adversary nodes are assessed for security check. The statistical results analysis for fake RREQ/RREP of adversary nodes, which were captured during simulation, is shown in Fig. 8.

BS and ANN Node Combined Statistical Analysis for Fake RREQ/RREP(s)
The simulation of the proposed model was continued to see the overall detection rate of our hybrid scheme for AAN node and BS. Moreover, the fake RREQ/RREP(s) was sent to AAN node and BS. Similarly, the malicious nodes they were not in the vicinity of AAN node was successfully detected by concerned BS. The combine results observed for BS and AAN node in terms of fake RREQ and RREP(s) packet was about 97.7%, which is far better than its rival schemes. Although, the detection rate of our proposed scheme was 97.7%, but it is better than the existing by means of energy consumption, communication cost, computation costs and communication metrics, because all the authentication process is performed by AAN and BS, which improves the overall network communication infrastructure. The results statistic captured during the simulation for our hybrid mutual authentication scheme is shown in Fig. 9, where 95.7% fake RREQ was identified successfully.

Routing Attacks Results Analysis of Our Proposed Model with Rival Schemes
The proposed model was evaluated for each function, where different parameters of adversary nodes were disturbed to identify routing attacks or fake RREQ/RREP(s) packets in the network based on parameter assessments. The detection rate of fake RREQ/RREP(s) of the proposed model was quite excellent individually. Similarly, the fake RREQ/RREP(s) assessment of adversary nodes was also carried out in a combination of BS and AAN, which shows a high detection ratio, and the statistics are shown in Fig. 9. Moreover, after individual and combine results statistic the proposed scheme was compared with its competitor's scheme based on accurate routing attacks detection, which was found promising in the presence of field-proven schemes. The malicious activities in the network were successfully identified with the help proposed model. Moreover, the proposed model is not only effective against routing, but also helpful to identify some network attacks, which is shown in the formal security analysis. The results statistics for proposed model with its rival schemes are shown in Fig. 10.

Statistical Analysis of Our Proposed Scheme with Rival Scheme for Latency
The proposed model was also observed for latency during the communication process to verify the performance reliability of packet exchange based on the delay time. During the experiment analysis, the latency observed for the proposed model was exceptional, due to several BS(s) in the deployed area of Industrial IoT networks. The latency of the proposed model was compared with the field-proven scheme, which was found remarkable well in their presence. The statistical analysis of the latency for our proposed model and its competitor's schemes are shown in Fig. 11. Figure 11: Latency statistical analysis of our proposed model with its competitor schemes

Throughput Statistical Analysis of Our Proposed Scheme with Competitor's Scheme
The results statistic of our parametric hybrid mutual authentication scheme was also checked for network throughput, which was found convincing during the simulation. The network traffic was observed in terms of throughput to check the reliability of proposed scheme. The accurate detection of routing attacks in an operational network minimizes congestion, contention and network overhead, which improves the overall communication environment of the network. Therefore, the result observed for throughput in our scheme during simulation environment was significant, which shows the reliability of our hybrid scheme. Moreover, the utilization of several BS(s) in the deployed Industrial IoT minimizes the network overhead up-to a great extent, which maximizes network throughput. The results statistic captured for our scheme during simulation is shown in Fig. 12 in comparison with its competitor's schemes. In this paper, we proposed a hybrid mutual authentication scheme for Industrial IoT networks to combat routing attacks. The proposed model uses two functions in the back-up scenario to ensure the legitimacy of network traffic in Industrial IoT networks. In addition, both the functions work independently, but the authentication mechanism back-up each other to identify routing attacks with significant results. In the initial phase, the AAN node initiates RREQ with the nearest proximity nodes in the network. The nodes nearby AAN respond with a RREP packet. Once, the AAN node receives RREP from nearby nodes, they match security parameters such as node-ID, RTT, and RSS to ensure the legitimacy of the incoming packet. Likewise, if the incoming RREP fulfills the defined security parameters, then the authentication mechanism completes successfully. Likewise, the BS works as function 2 in the proposed model, if any RREQ/RREP misses by an AAN, and the same RREQ/RREP approach directly to the BS. Then, the BS carries out the same security check mechanism of AAN to verify the legitimacy of requesting packet. The performance reliability of the proposed model was checked based on attack detection, communication cost, computational cost, latency, and throughput in the presence of its competitor's schemes, which showed an overall improvement. Besides that, the attacks detection percentage observed for the proposed model was 97.7%, which surpasses the existing schemes by an average 13% improvement.