Journal of Network and Computer Applications 80 (2017) 189–199

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

journal homepage: www.elsevier.com/locate/jnca

HSecGR: Highly Secure Geographic Routing MARK

⁎
Mehdi Boulaiche , Louiza Bouallouche-Medjkoune
LAMOS University of Bejaia, Algeria

A R T I C L E I N F O A BS T RAC T

Keywords: An ad hoc wireless network is a set of nodes connected by wireless links in which nodes cooperate to forward
Ad hoc network packets from a source to a destination. Geographic routing (or position-based routing) has become an attractive
Secure routing solution for such networks since it reduces routing control overhead flooded in the network to construct routes
Attack (routes discovery). Many geographic routing protocols have been designed to guarantee packet delivery in such
Cryptography
networks. However, these protocols consider that all nodes in the network are trustworthy which allows
Reputation
Malicious
malicious nodes to violate network security and disrupt packet forwarding. In this paper, we propose and
evaluate a new security approach that secures geographic routing protocols against a variety of attacks. Our
approach is based on the use of MACs to allow intermediate nodes to verify the authenticity and the integrity of
forwarded packets and uses authenticated acknowledgements to prevent packet dropping attacks. To meet
node's resource constraints, we have based our solution on symmetric cryptography. Our solution is robust
against modification and dropping attacks even in the presence of compromised nodes in the network.

1. Introduction
An ad hoc wireless network is a set of nodes connected by wireless
links where all nodes in the network cooperate to forward packets from
one point to another. The protocols designed for routing in this type of
networks are different from those designed for routing in wired
networks. Routing protocols designed for wireless ad hoc networks
have to deal with the characteristics of such networks. These protocols
have to be designed so as to minimize communication overhead since
nodes have limited resources. They also need to handle mobility of
nodes within the network. And very importantly, a routing protocol
designed for such networks should mitigate the impact of attacks on
the protocol. Indeed, due to the broadcast nature of wireless channel it
is sufficient that an attacker be in the transmission range of a node to
eavesdrop on the on-going traffic, tamper, or drop packets since every
node in the network is expected to participate in packet forwarding
process.
There are three main categories of routing protocols for ad hoc
wireless networks namely: flat routing, hierarchical routing, and
geographic routing. Flat routing protocols include reactive protocols
such as DSR (Boukerche et al., 2011), AODV (Mulert et al., 2012) and
proactive protocols such as DSDV (Ade and Tijare, 2010). In hier-
archical routing, nodes are divided into clusters and a cluster head is
assigned to each cluster head. LEACH (Tyagi and Kumar, 2013) is an
example of hierarchical routing protocols. In geographic routing
protocols, the position information of nodes is used to forward packets
toward the final destination. GPSR (Karp and Kung, 2000) is an
example of geographic routing protocols.
Geographic routing has become an attractive solution (Milocco
et al., 2014; Peng and Kemp, 2011; Lee et al., 2010a; Boulaiche and
Bouallouche-Medjkoune, 2015; Tao et al., 2010; Kleerekoper and Filer,
2015; Al-shugran et al., 2013) for wireless ad hoc networks where
nodes keep only information about local one hope neighbors. In
geographic routing, a node selects a next forwarding node based only
on the location of itself, its neighbors and the destination. The location
information can be obtained with GPS or through any other localization
system. As it does not use control packets to establish a path, the
geographic routing reduces routing control overhead flooded in the
network to maintain network connectivity compared with other types
of routing protocols. Protocols called greedy (Al-shugran et al., 2013)
forward packets such that their routes be the closest to the path as the
crow flies between the source and the destination. NFP (Al-shugran
et al., 2013) protocol selects its closest neighbor among those in the
direction of the destination to forward the packet. Whereas, with MFR
(Al-shugran et al., 2013) protocol, a forwarding node selects its
neighbor that is closest to the destination as next forwarding node.
NADV (Lee et al., 2010b) selects the neighbor with the optimal trade-
off between the advance and link cost. To overcome holes (Chen and
Varshney, 2007) problem (known also as local minima) in geographic
routing protocols, solutions proposed in (Karp and Kung, 2000; Tao
et al., 2010; Won et al., 2013) use the right (or left) hand rule (Chen
and Varshney, 2007) to forward packets around the holes.

⁎
Corresponding author.
E-mail addresses: boulaiche.mehdi@yahoo.fr (M. Boulaiche), louiza_medjkoune@yahoo.fr (L. Bouallouche-Medjkoune).

http://dx.doi.org/10.1016/j.jnca.2016.12.028
Received 21 December 2015; Received in revised form 12 November 2016; Accepted 19 December 2016
Available online 25 December 2016
1084-8045/ © 2016 Elsevier Ltd. All rights reserved.
M. Boulaiche, L. Bouallouche-Medjkoune
Geographic routing protocols forward packets based on the as-
sumption that all nodes in the network are trustworthy and don’t take
into account the security problem. However, the presence of malicious
(or compromised) nodes in the network, can lead to a degradation in
the performances of geographic routing in terms of delivery ratio
(routing failures). In geographic routing, a forwarding node selects its
next hop according to the destination position contained in forwarded
messages. An attacker may alter or modify this information to disrupt
the routing scheme. An attacker may also generate falsified messages
such as beacon messages or error messages to disrupt routing scheme.
These types of attacks can be used with the blackhole attack (Sarma
et al., 2011) in which a node drops all packets going through it, or with
sybil attack (Md Zin et al., 2014) in which the attacker provides
multiple identities to other nodes in the network. Another type of
attacks that can be launched against geographic routing is wormhole
attack (Qazi et al., 2013), two malicious nodes cooperate and build a
tunnel between them and get packets from one region to another. This
type of attacks is very difficult to detect.
In this paper we will propose a Highly Secure Geographic Routing
approach. The objective of our work is to provide a mechanism that
allows both intermediate nodes and the destination node to verify the
authenticity and the integrity of forwarded packets in one hand and to
protect against dropping attacks on the other hand. Our solution is
based on the use of MACs (Message Authentication Code) with a secret
key to protect packets against modification and to prevent attackers
from tampering routing information. To protect packets against
dropping attacks, each intermediate node that receives a packet must
return back an authenticated acknowledgement to the packet's source
indicating both the previous and the next hop for this packet. For this,
we propose an extension to the packet header to provide these security
services for geographic routing protocols. Our solution is robust against
modification and dropping attacks even in the presence of compro-
mised nodes in the network. To meet node's resource constraints, we
have based our solution on symmetric cryptography.
The rest of the paper is organized as follows: Section 2 presents
related work on secure routing protocols in ad hoc networks. Our
security approach that protects against these security attacks will be
presented and detailed in Section 3. Simulation results will be
discussed in Section 4. Section 5 concludes this paper.
2. Related work
The use of wireless links significantly facilitates attacks against
routing protocols in wireless ad hoc networks. Unlike wired networks
where the attacker must have physical access to the network, in
wireless ad hoc networks, it is sufficient that the attacker be in the
transmission range of a node to eavesdrop on communications, modify,
or inject packets in the network. To address routing security problem in
ad hoc networks, several solutions have been proposed in the literature.
Generally speaking, these solutions propose extensions to already
existing protocols in order to strengthen their security efficiency
against some attacks.
Authors in (Baadache and Belmehdi, 2012, 2014) proposed an
approach that allows to secure both proactive and reactive routing
protocols against simple and cooperative black hole attack. In (Yu et al.,
2009) authors proposed SRAC a secure routing protocol to defend
Byzantine attacks as well as other internal attacks against routing
protocols for MANETs in adversarial environments by using both
message and route redundancy during route discovery. Authors in
(Zhang et al., 2014) proposed TOHIP a TOpology-HIding multipath
routing Protocol which does not allow packets to carry routing
information so that the malicious nodes cannot deduce network
topology and launch various attacks based on that. Authors in
(Djenouri and Badache, 2009) suggest a modular solution structured
around five modules to monitor, detect, and safely isolate misbehaving
nodes that drop packets in mobile ad hoc networks.
190
Journal of Network and Computer Applications 80 (2017) 189–199
Other work in secure routing (such as Ade and Tijare, 2010; Perrig
et al., 2005; Kim and Tsudik, 2009; Tygar et al., 2002; Buttyan et al.,
2006; Yi et al., 2001; Levine et al., 2002; Zapata and Asokan, 2002;
Johnson et al., 2003; Wang et al., 2010), is about protecting topology
(route) discovery. ARIADNE (Perrig et al., 2005) and SRDP (Kim and
Tsudik, 2009) are two protocols that provide an extension to secure
route discovery in DSR (Boukerche et al., 2011) protocol using
cryptographic tools. ARIADNE provides three patterns (shared secret
keys between any pair of nodes, TESLA (Tygar et al., 2002), or digital
signature) to authenticate information provided by intermediate nodes
between the source and the destination. However, analysis of
ARIADNE protocol in (Yi et al., 2001) has shown some security
vulnerabilities in the protocol. Authors in (Buttyan et al., 2006)
proposed to sign Route Reply field instead of signing Route Request
to eliminate these security vulnerabilities. Authors in SRDP (Kim and
Tsudik, 2009) Proposed the use of either aggregated message authen-
tication codes (MACs) or multi-signatures to securely discover an
authenticated route to the destination in DSR.
To secure AODV (Mulert et al., 2012) protocol, Authors in SAR (Yi
et al., 2001) ARAN (Levine et al., 2002), S-AODV (Zapata and Asokan,
2002) propose other extensions that can provide security properties for
AODV protocol. In SAR protocol, nodes in the network are divided into
confidence levels. Consequently, only nodes that belong to a higher
confidence level than the minimum required level can participate in
route search process. S-AODV protocol proposes to use a digital
signature to authenticate non-mutable fields of the message (fields
that don’t change since message creation) and use a hash chain to
protect the hop_counter field. SEAD (Johnson et al., 2003) and SDSDV
(Wang et al., 2010) are two protocols that have been proposed to
provide security services for DSDV protocol (Ade and Tijare, 2010).
SEAD protocol tries to protect DSDV sequence_number field against
modification attacks using a hash chain. Whereas, SDSDV tries to
improve DSDV security by preventing nodes from increasing or
decreasing distance_metric and sequence_number fields.
In detective solutions, CONFIDENT (Buchegger and Le Boudec,
2005) and Watchdog & Pathrater (Kevin et al., Mary.) protocols are
two protocols that have been proposed to enhance the security of DSR
protocol. By monitoring nodes behavior in the network, malicious
nodes are isolated in black lists and thus will be avoided during packet
routing. TAODV (Lyu et al., 2004) is another solution that has been
proposed to improve AODV security based on node behaviors in the
network.
To secure geographic routing protocols, Chen L. et al. proposed in
(Lyu et al., 2013) the use of geographic leashes and the TESLA scheme
to provide resistance against the Sybil attack and wormhole attack and
the use of a distributed trust model and the packets opportunistic
forwarding to prevent black hole and gray hole attacks. In (Marin-Perez
and Ruiz, 2011) Rafael M. et al. proposed a Self-Protected Beaconless
Geographic Routing protocol (SBGR) in which nodes overhear the
forwarding of their neighbors to detect malicious behaviors. Authors in
(Pathak et al., 2008) proposed GSPR an infrastructure free geographic
routing protocol that is resilient to disruptions caused by malicious or
faulty nodes. Authors in (Song et al., 2007) proposed secure geographic
forwarding (SGF) that incorporates both the Hashed MAC and the
TESLA to provide security mechanisms for both data and control
messages in geographic routing protocols.
Most of the earlier works deal with only one type of attacks but not
with a variety of attacks that can be launched against a routing
protocol. For example, solutions proposed in (Perrig et al., 2005;
Kim and Tsudik, 2009; Tygar et al., 2002; Buttyan et al., 2006; Yi et al.,
2001; Levine et al., 2002; Zapata and Asokan, 2002; Johnson et al.,
2003; Wang et al., 2010) protect route discovery packets against
modification attacks. However, these solutions don’t protect against
packet dropping attacks. Contrary, solutions proposed in (Buchegger
and Le Boudec, 2005; Kevin et al., 2000; Lyu et al., 2004) protect
against packet dropping attacks but don’t protect against modification
M. Boulaiche, L. Bouallouche-Medjkoune
attacks. Although solutions proposed in (Lyu et al., 2013; Marin-Perez
and Ruiz, 2011; Pathak et al., 2008; Song et al., 2007) provide
resistance against modification and dropping attacks, they still focus
on a simple attack launched by an individual attacker, but not on a
cooperative attack launched by a set of cooperated attackers. On the
other hand, previous isolation (reputation) systems are based on
vulnerable techniques in which the system can be circumvented by
dropping packets at a lower rate or after a collision the retransmission
can be skipped. In addition, these techniques allow isolating dropping
attackers but not modification attackers.
The major value added by the approach proposed in this paper is
that it protects geographic routing against a variety of attacks
altogether, i.e.; dropping, modification, and injection attacks launched
by both individual attackers and cooperative attackers along the end-
to-end path. Another value added by our approach is that the proposed
isolation (reputation) system is based on authenticated acknowledg-
ments rather than on previous vulnerable techniques. And very
importantly, the proposed isolation system allows detecting and
isolating both dropping and modification attackers. One another
feather added by our approach is that it allows detecting and isolating
attackers in the whole network and not just attackers in the neighbor-
hood.
3. Highly Secure Geographic Routing
3.1. Assumptions and notations
We consider a wireless ad hoc network in which all nodes cooperate
to forward packets from the source node to the destination. It is
assumed that each node is aware of its own position, neighbor's
position, and the position of the destination. The location information
can be obtained by equipping nodes with GPS or through any other
localization system. Neighbor's position can be obtained by periodic
beacon messages. We also assume that wireless connections between
nodes are bidirectional because our solution requires a bi-directional
exchange of packets. We also assume that a source node S truste the
destination node D (i.e: the source node S doesn’t disclose its secret key
shared with D for any node in the network in any case and so the node
D). We also assume that there is a shared secret key between each pair
of nodes in the network i.e. n (n-1)/2 keys distributed in the network
using, for example, a Key Distribution Center (KDC) where n is the
number of nodes in the network. The following notations are used in
this paper:
• A, B, C …: are nodes.
• KAB: is the secret key shared between the two nodes A and B.
• MACKAB{X}: is X's Message Authentication Code calculated with
the KAB key shared between nodes A and B using hush function like
HMAC or MD5.
3.2. HSecGR overview
Our approach is based on the use of two MACs to prevent packet
tampering attacks throughout the path toward the destination. The first
MAC is computed over the header of the message with the pair-wise
shared secret key between the sender and its next forwarding node
toward the destination in order to provide per-hop authentication. The
second MAC is computed over the payload with the pair-wise shared
secret key between the source and the destination in order to protect
the message against modification along the path. To prevent packet
dropping attacks, we propose to use authenticated acknowledgements.
In our approach, we also propose the use of a reputation system to
detect and isolate packet tampering and dropping attackers.
Our proposed approach works as follows. When a source node S
sends a message to a destination D, it encapsulates the message in a
new packet where the header is illustrated in Fig. 1. Then, it keeps a
191
Journal of Network and Computer Applications 80 (2017) 189–199
Fig. 1. Our protocol's header.
copy of the packet sent in order to compare it with the received
acknowledgements sent by the intermediate nodes along the path
toward the destination. Afterwards, the source node alarms a timer. If
the destination acknowledgement is not received within a timeout,
then, the source considers that the packet was dropped by an
intermediate node (this includes both malicious and non-malicious
causes) and the link between the last node in the downstream where its
acknowledgement was well received and its next forwarding node is
considered as a suspected link.
Each intermediate node “I” verifies the authenticity of the packet by
comparing the received MAC1 field to the MAC value computed over
the received packet header with the secret key it shares with its
previous forwarding node “I-1”. If the checking succeeds, the inter-
mediate node modifies the MAC1 field by a new one computed over the
header with the secret key it shares with its next forwarding node and
forwards the packet. Then, the intermediate node sends back an
acknowledgement packet toward the source node S. Since the inter-
mediate nodes don’t have the secret key shared between the source and
the destination, they can’t verify whether the payload of the packet was
tampered or not. This allows a compromised node to tamper packet's
payload, however, this information is transmitted to the source node in
the acknowledgement packet since the MAC2 field of the acknowl-
edgement packet is computed over the following received fields:
HKIS{Type, Ident, Length, Source_Address, Destination_Address,
Prevoius_hop, Next_hop, MAC2, msg} with the secret key shared with
the source node S. The acknowledgement packet contains the previous
and the next forwarding nodes as well, which allows the source node to
construct the path traversed by the packet toward the destination.
Finally, when the destination receives the packet, it firstly verifies
its authenticity using MAC1 field, and then it verifies the payload of the
packet (the message) by comparing the received MAC2 field to the MAC
value computed over the received payload with the secret key it shares
with the source node S. if the checking succeeds the destination sends
back to the source an acknowledgement packet where the MAC2 field is
computed with the secret key shared with the source node S over the
following received fields: HKIS {Type, Ident, Length, Source_Address,
Destination_Address, Prevoius_hop, Next_hop, MAC2, msg}.
Otherwise, the destination sends an error message to the source node.
When the source node receives an acknowledgement packet, it first
verifies its authenticity using its MAC1 field, then, it checks whether the
message received by the originator of the acknowledgement was
modified or not by comparing the received MAC2 field to the MAC
value computed over the packet fields it has sent before (i.e., the
following fields: Type, Ident, Length, Source_Address,
Destination_Address, Prevoius_hop, Next_hop, MAC2, msg that the
source node has sent before). If the message was modified then the link
between the acknowledgement originator and its previous forwarding
node is considered as a suspected link.
Note here that acknowledgement packets sent back to the source
node traverse the reverse path traversed by the corresponding data
packet in order to prevent attacks on acknowledgements packets
because an attacker can’t modify or drop the acknowledgements of
its upstream nodes. The reception of an acknowledgement acknowl-
M. Boulaiche, L. Bouallouche-Medjkoune Journal of Network and Computer Applications 80 (2017) 189–199

edges all upstream nodes in the path. Non authenticated packets or 18) If (H2== p.MAC2) Then
acknowledgements are dropped and don’t acted upon and this is to 19) Message was received correctly;
prevent malicious nodes from forging packets. 20) Send back an acknowledgement to the source node;
21) If (p.type== report) Then
• Type: this field allows to define the packet's type ( data, acknowl- 22) Broadcast the report to all neighbors;
edgement, error, or report packet). 23) EndIf
• Ident: packet identifier. 24) Else
• Length: header length. 25) Send back an error packet to the source node;
• Source_Address: packet's source address. 26) EndIf
• Destination_Address: packet's destination address. 27) EndIf
• Prevoius_hop: this field is used in acknowledgement packets to 28) Else
indicate the previous forwarding node of the acknowledgement 29) Replace p.MAC1 field by HKii+1{p.Type, p.Ident, p.Length,
originator (a node the packet was received from). p.Source_Address, p.Destination_Address, p.Prevoius_hop,
In report packets, this field contains the source of the suspect p.Next_hop, P.MAC2};
link. 30) If (p.type == Ack) Then
• Next_hop: used in acknowledgement packets to indicate the next 31) Send the packet to the previous node in the upstream of this
forwarding node of the acknowledgement originator (a node the packet;
packet was sent to). 32) Else
In report packets, this field contains the destination of the 33) Forward the packet to next node towards the destination;
suspect link. 34) Send back an acknowledgement to source node S;
• MAC1: Message Authentication Code used to protect packet's 35) EndIf
header against modification and to authenticate packet's originator 36) Else
(hop by hop authentication). 37) Packet header was modified;
• This MAC is calculated over the following fields: HKii+1{Type, 38) Ignore this packet;
Ident, Length, Source_Address, Destination_Address, 39) EndIf
Prevoius_hop, Next_hop, MAC2} with the secret key shared be-
tween the current node and its next forwarding node.
Note that this MAC is recomputed by each intermediate node to
3.3. Example for 3 nodes
authenticate the packet hop by hop.
• MAC2: Message Authentication Code used to protect non mutable
In this section we illustrate the functioning of our security approach
fields of the packet against modification and to authenticate message
with an example of three nodes S, I1, and D (Fig. 2), where S sends a
originator.
• This MAC is calculated over the following fields: HKSD{Type, Ident,
message msg to D through the intermediate node I1. And the
destination D sends back an acknowledgement through I1.
Length, Source_Address, Destination_Address, Prevoius_hop,
Next_hop, msg} with the secret key shared between the source S: S→I1: Msg1= < Type=Data, Ident, Length, S, D, Null, Null,
node and the destination node. MAC1, MAC2, msg > ;
• Payload (or msg): the message to send in the packet. MAC2 =HKSD{Type, Ident, Length, S, D, Null, Null, msg}
MAC1=HKSI1{Type, Ident, Length, S, D, Null, Null, MAC2}
Lets msg be the message to send from a source node S to a I1: If (MAC1= HKSI1{Type, Ident, Length, S, D, Null, Null,
destination node D and lets I be an intermediate node between S and MAC2}) Than
D. I1→D: Msg2 = < Type, Ident, Length, S, D, Null, Null, MAC1,
Algorithm 01. Receiving a packet “p”. MAC2, msg > ;
MAC1=HKI1D{Type, Ident, Length, S, D, Null, Null, MAC2}
I1→S: Ack1 = < Type=ACK, Ident+1, Length, S, D, S, D, MAC1,
01) H1← HKi−1i{p.Type, p.Ident, p.Length, p.Source_Address, MAC2 >
p.Destination_Address, p.MAC2} MAC2 =HKI1S{Type, Ident+1, Length, S, D, Null, Null,
02) If (H1 == p.MAC1) Then MAC’2,msg}; MAC’2: is the field MAC2 received in the packet
03) Packet's header wasn’t modified; header
04) If (p.Destination_Address == my addr) Then MAC1 =HKI1S{Type, Ident+1, Length, S, D, S, D, MAC2}
05) If (p.type == Ack) Then EndIf
06) H2← HKi−1i{Type, Ident, Length, Source_Address, D: If (MAC1= HKDI1{Type, Ident, Length, S, D, Null, Null,
Destination_Address, Prevoius_hop, Next_hop, MAC2, msg} MAC2}) Than
07) If (H2== p.MAC2) Then
08) Message well received by the intermediate node;
09) Acknowledge all previous forwarding nodes of this node(up-
stream);
10) Else
11) The message received by this node was modified;
12) Insert this link into global black list;
13) Send a report to this node;
14) EndIf
15) EndIf
16) If (p.type == dataOrp.type == report) Then
17) H2← HKi−1i{p.Type, p.Ident, p.Length, p.Source_Address,
p.Destination_Address, p.Prevoius_hop, p.Next_hop, p.msg}
Fig. 2. Example for 3 nodes.

192
M. Boulaiche, L. Bouallouche-Medjkoune
If (MAC2= HKDS{Type, Ident, Length, S, D, Null, Null, msg})
Than
D→I1: Ack2 = < Type=ACK, Ident+1, Length, D, S, I1, Null,
MAC1, MAC2 >
MAC2 =HKDS{Type, Ident+1, Length, S, D, Null, Null,
MAC’2,msg}; MAC’2: is the field MAC2 received in the packet
header
MAC1 =HKDI2{Type, Ident+1, Length, S, D, I1, Null, MAC2}
Else
D→S: Err = {Type=Err, Ident+1, Length, D, S, I1, Null, MAC1,
MAC2}
MAC2 =HKDS{Type, Ident+1, Length, S, D, Null, Null,
MAC’2,msg}; MAC’2: is the field MAC2 received in the packet
header
MAC1 =HKDS{Type, Ident+1, Length, D, S, I1, Null, MAC2}
EndIf
EndIf
3.4. Isolating suspected nodes
In this section, we present our solution to detect and isolate
malicious nodes. In geographic routing, the forwarding node selection
relies only on one-hope neighboring nodes. Therefore, each node
maintains two black lists; a global and a local one. The global black
list allows nodes to construct a list of suspected links in the whole
network. This list is constructed from acknowledgements and error
messages received from the destination and the intermediate nodes
because the acknowledgements are interpreted and acted upon only by
the source of the data packet. Whereas, the local black list allows to
blacklist malicious neighbors and avoid them when selecting the
forwarding node. This list is updated from reports received from
source nodes and neighbor's broadcast reports.
When a source node S detects a suspicious link (for example the red
link I3I4 in Fig. 3), it generates a report and sends it to the source of
the suspicious link (node I3 in the figure). Upon receiving a report, the
source of the suspicious link (node I3) acknowledges the report, inserts
the destination of the suspicious link (node I4 in the figure) into its
local blacklist, and broadcasts the report to all its neighbors. All
neighbors that receive a broadcast report insert the destination of the
suspicious link (node I4) in their local blacklist. In the figure, only blue
nodes that insert node I4 in their local blacklists because I4 is not a
neighbor for grey and white nodes.
If the same suspicious link (The red link I3I4 in the figure) detected
another time by the source node S, then, node S resends this time the
report to the node precedes the source of the suspicious node (node I2
in the figure). This node acknowledges the report, inserts the source of
the suspicious link (node I3) in its blacklist, and broadcasts the report
to all its neighbors. In the figure, only grey nodes that insert node I3 in
their local blacklists because I3 is not a neighbor for the other white
nodes.
Fig. 3. Isolating malicious nodes.
193
Journal of Network and Computer Applications 80 (2017) 189–199
Upon receiving a report broadcast by a neighbor, the suspected
node in the report is inserted in the local blacklist. This report needs to
be authenticated to prevent any byzantine reports coming from
malicious behaviors which try to blacklist a legitimate node.
Therefore, we propose to use the TESLA (Tygar et al., 2002) broadcast
authentication method to authenticate broadcast suspected neighbor's
reports.
3.5. Protocol proof
In this section we will present a formal proof for cryptographic
properties of our approach. For this, we will use a formal method called
BAN (Burrows et al., 1990) logic. BAN logic, named according to the
names of its inventors Michael Burrows, Martin Abadi and Roger
Needham who introduced it in 1990, is the first and the most famous
logic dedicated to the analysis of cryptographic protocols. It is a belief
logic that models principal's beliefs involved in a protocol and the
evolution of these beliefs after exchanging messages during the
execution of the protocol.
3.5.1. Protocol formulation
In standard notation, a step of a protocol is presented as follows:
P→Q: message. Our approach can be seen as the exchange of two types
of messages (data/report messages and acknowledgement/error mes-
sages).
Message1: Type=Data, Ident, Length, S, D, Null, Null, MAC1,
S→D: MAC2, msg;
MAC2 =HKSD{Type, Ident, Length, S, D, msg}
MAC1=HKSD{Type, Ident, Length, S, D, MAC2}
Message2: Type=ACK, Ident+1, Length, D, S, S, Null, MAC1,
D→S: MAC2
MAC2 =HKDS{Type, Ident+1, Length, S, D,
MAC’2,msg}; MAC’2: is the field MAC2 received in
the packet header
MAC1 =HKDS{Type, Ident+1, Length, D, S, S, Null,
MAC2}
The first step of BAN logic is protocol idealization. In our approach,
the Ident is considered as a nonce. Unencrypted messages will be
removed during the idealization step. We also remove all components
of the encrypted message that do not contribute to the development of
agent's knowledge. In our approach, we remove the hash function H (as
the hash function H is known by all nodes in the network and therefore
can be used by all nodes and do not contribute to the development of
agent's knowledge.
Message1: S→D: {Type, Ident, Length, S, D, MAC2}KSD, {Type,
Ident, Length, S, D, msg}KSD
Message2: D→S: {Type, Ident+1, Length, D, S, S, Null, MAC2}KSD,
{Type, Ident+1, Length, S, D, MAC2,msg}KDS
M. Boulaiche, L. Bouallouche-Medjkoune
The second step of the BAN logic is writing the initial assumptions.
To analyze our approach we give the following assumptions:
D | ≡ D ←→
⎯ S, S | ≡ S ←→
⎯ D
KDS KSD
D | ≡ #(Ident ), S | ≡ #(Ident )
These assumptions are: shared keys between each pair of nodes and
the freshness of the identifier Ident. Indeed, each node I believes that it
shares a secret key with another node J in the network. In addition,
each node that receives a message believes that the identifier Ident
received in the message has not been used in any other previous
message.
The third step is the use of the postulates of BAN logic to deduce
other beliefs. In our approach, we need to deduce the following beliefs:
1. D |≡ S |≡ Type, Ident, Length, S, D, MAC2
2. D |≡ S |≡ Type, Ident, Length, S, D, msg
3. S |≡ D |≡ Type, Ident+1, Length, S, D, MAC2,msg
4. S |≡ D |≡ Type, Ident+1, Length, D, S, S, Null, MAC2
The first belief means that the principal D believes that the principal
S believes Type, Ident, Length, S, D, MAC2. The second belief means
that “the principal D believes that the principal S believes Type, Ident,
Length, S, D, msg”. The third belief means that the principal S believes
that the principal D believes Type, Ident+1, Length, S, D, MAC2, msg.
The fourth belief means that the principal S believes that the principal
D believes Type, Ident+1, Length, D, S, S, Null, and MAC2.
According to the notation proposed by BAN receiving the message 1
by D is modeled by the following formula:
D⊲{Type , Ident , Length, S, D, MAC 2}K SD ,
{Type, Ident, Length, S, D, msg}K SD (1)
By applying the rule R3 we get the following formula which means
that D sees {Type, Ident, Length, S, D, MAC2}KSD:
D⊲{Type , Ident , Length, S, D, MAC2}K SD (2)
By applying the rule R1 on formula (2) and the assumption
⎯ S , we get the following formula which means that D believes
D |≡D ←→
KSD
that S said type, Ident, Length, S, D, MAC2. Here, D doesn’t know
whether S said Type, Ident, Length, S, D, MAC2 in the current
execution of the protocol or in a previous one:
D | ≡ S |~Type , Ident , Length , S , D , MAC2 (3)
A formula X is said to be fresh if it wasn’t sent in any previous
message. The rule R4 says that if one part of a formula is fresh, then the
entire formula must also be fresh. Based on this rule and the
assumption D |≡# (Ident ) we get:
D | ≡ #(Type , Ident, Length, S, D, MAC2) (4)
By applying the rule R2 on (3) and (4) we obtain the following belief
which means that D believes that S believes Type, Ident, Length, S, D,
MAC2:
D | ≡ S | ≡ Type , Ident , Length , S , D , MAC2 (5)
Finally, we get the following belief: the destination D believes that
the message type, Ident, Length, S, D, MAC2 was sent by the source S.
(i.e: the principal D acts as the message received Type, Ident, Length,
S, D, MAC2 is right).
Note. : the deduction of second, third, and fourth belief is done in the
same way as the first belief.
Theorem 01. (Authentication) a node that participates in routing
process is the one it claims to be.
Proof. The purpose of our protocol is to authenticate each forwarded
packet to detect any packet with malicious intents. Each node S that
194
Journal of Network and Computer Applications 80 (2017) 189–199
sends a message encapsulates this message into a packet where the
header contains a field called MAC1. This field allows intermediate
nodes to authenticate forwarded packets hop by hop. Whenever an
intermediate node I receives a packet, it calculates HKI-1I{Type, Ident,
length, S, D, MAC2} using the shared key with the node it received the
packet from, then it compares the result with MAC1 field. In our
protocol, the packet is authenticated if HKI-1I = MAC1. According to
the formal demonstration of our protocol presented above, to calculate
the right MAC1 field, an attacker should have the secret keys shared
between the two nodes. Thus, an attacker can’t calculate the right
MAC1 field unless it has the shared keys. Let's consider the worst case
where the attacker compromises all intermediate nodes between S and
D (i.e: the attacker has all the keys shared between intermediate
nodes). When the destination D receives a packet, it calculates
HKDS{Type, Ident, Length, S, D, msg} using the secret key KDS it
shares with the source node S and compares the result with MAC2 field
of the packet header. In our approach, a destination node D confirms
the reception of a packet if and only if HKDS= MAC2. A malicious node
can claim to be S if and only if it has the secret key shared between S
and D which is impossible because by assumption the destination D
trusts the source S.
Theorem 02. A malicious node can’t modify a message without being
detected.
Proof. Let msg be the message to send from a source S to a destination
D and let ni( i≥1) be the set of intermediate nodes between S and D. In
our approach, each intermediate node ni sends back an
acknowledgement to the source node S and includes in the header a
field called MAC2=HKIS {Type, Ident+1, Length, S, D, MAC’2,msg}
where Type, Ident+1, Length, S, D, MAC’2,msg are the fields received
in the packet. Whenever the source node S receives an
acknowledgement from an intermediate node I, it calculates
HKSI{Type, Ident+1, Length, S, D, MACKSD,msg} where Type,
Ident+1, Length, S, D, MACKSD,msg are the fields that node S has
sent before and compares HKSI with the field MAC2 received in the
acknowledgement header. The message msg received by node ni has
not modified if HKSI= MAC2. Supposing node ni has modified the
message, than this modification will be discovered when S receives the
acknowledgement of ni's next hop. Let's consider the worst case where
all intermediate nodes between S and D are compromised nodes. When
the destination D receives a packet, it calculates HKDS{Type, Ident,
Length, S, D, msg} using the secret key KDS it shares with the source
node S and compares the result with MAC2 field of the packet header.
The destination node D acknowledges the reception of the packet if and
only if HKDS= MAC2. A malicious node can modify a message without
being detected if it can recalculate MAC2 field in the packet header
which is impossible because this field is calculated using the secret key
shared between S and D and by assumption S and D trust each other.
Theorem 03. A malicious node can’t drop a packet without being
detected.
Proof. A malicious node can drop a packet without being detected if it
can fabricate the acknowledgements of all intermediate nodes between
the source and the destination D. But in our approach, the source node
doesn’t confirm the reception of the packet until it receives the
acknowledgement of the destination node D. to fabricate the
acknowledgement of the destination D, a malicious node should have
the secret key KSD shared between S and D in order to calculate MAC1
and MAC2 fields which is impossible because by assumption S and D
trust each other.
3.6. HSecGR overhead
Like any other security approach, our approach adds additional
overhead in the network due to acknowledgements sent by each
intermediate node, the header added by our protocol, and report
M. Boulaiche, L. Bouallouche-Medjkoune Journal of Network and Computer Applications 80 (2017) 189–199

Table 1 between the maximum number when using NFP and the minimum
Simulation parameters. number when using MFR. NADV (Lee et al., 2010b) is a good example
for protocols combining multiple metrics to select next hop towards the
Parameter Value
destination. With NADV, the selection of next hop is a trade-off
Number of nodes from 15 to 55 nodes between the advance towards the destination and the transmission
Simulation area 1000 m×300 m cost. For this, we have simulated our approach with NADV to evaluate
Transmission range of nodes 150 m
the additional overhead generated by our approach when using
Source data pattern (each) 8 packets/second
Packet size 1024 bytes/packet protocols combining multiple metrics to select next hop. We have
HSecGR header size 50 bytes measured 3 performance metrics:
Hash length 128 bits (16 bytes)
Hash function MD5 1. Average latency: Latency is the time required for a packet to be
transmitted from a source node to a destination node. Therefore, the
average latency is the sum of latencies of all packets divided by the
packets sent to isolate malicious nodes in the network. However, this total number of received packets.
overhead does not consume a lot of bandwidth because acknowl-
edgements and report packets used in our approach consist of a header Average _latency = (∑ n
i =1
(reception _time − )
sending _time) / n
and don’t carry a payload (data). In addition, the intermediate nodes
where: n is the number of received packets.
ignore unauthenticated packets and don’t acknowledge an unauthenti-
2. Packet overhead: The number of packet transmissions; for
cated packet to minimize the additional traffic in the network. Hash
example, a packet forwarded through 4 hops is considered as 4
functions used in our approach generate codes with very low size and
packets in this metric.
the header added to the packet doesn’t add a large overhead to the
3. Byte overhead: The number of bytes transmissions; for example, a
packet according to the real size of the data packet.
packet with 1024 bytes forwarded through 4 hops is considered as
1024*4=4096 bytes overhead in this metric.
4. Simulation and analysis
All results shown in the following are the average of 30 independent
We have used J-Sim as a simulation environment to evaluate the scenarios.
performances of our security approach. Nodes used in our simulations
are considered homogeneous: having the same calculation and memory
4.1.1. End to end delivery delay
capacity, the same transmission range and equipped with the same
Fig. 4 shows the end to end transmission delay of the three
IEEE 802.11 communication interfaces. These nodes are deployed
protocols NFP, MFR, and NADV using and without using our security
inside a square size of 1000 by 300 creating topologies containing from
approach. From the figure, it can be noted that the end to end
15 to 55 nodes. Node's positions are generated randomly. Each node
transmission delay obtained with NFP routing protocol is very high
generates random packets of 1024 bytes toward random destinations.
and this can be justified by the number of intermediate nodes selected
The table below summarizes parameters used: (Table 1).
by NFP protocol to forward packets from the source node to the
destination. Effectively, with NFP protocol, a node selects its nearest
4.1. Performance evaluation neighbor toward the destination as next hop to forward packets. This
selection strategy increases the number of hops along the path between
To evaluate the performances of our security approach, we have the source and the destination. As each intermediate node takes time
simulated our security approach with NFP (Al-shugran et al., 2013) for processing a packet (encapsulation, next hop selection, queuing,
and MFR (Al-shugran et al., 2013) geographic routing protocols. The etc.), the end to end transmission delay increases with NFP protocol. In
functioning of our approach is mainly based on the acknowledgments contrary, with MFR routing protocol, a node selects the closest
sent by each intermediate node along the end-to-end path. Basically, neighbor toward the destination as next hop to forward packets which
the additional traffic generated by the approach depends on the allows reducing the number of intermediate nodes that constitutes the
number of intermediate nodes along the end-to-end path; more nodes path between the source and the destination and so reducing end to
in the path implies more overhead generated in the network. Moreover, end transmission delay. We can also note that the end to end delay
the end-to-end transmission delay (latency) is affected by the number obtained when applying our security approach is higher. And this can
of hops along the path since our approach applies more processing in be justified by the additional processing performed at each intermedi-
each hop. To gauge these two metrics, we have chosen MFR and NFP ate node. Indeed, with our security approach, each intermediate node
geographic routing protocols. According to the study performed in performs additional processing such as: computing MAC1 to authenti-
(Al-shugran et al., 2013), MFR and NFP are two protocols representing cate the forwarded packet, replacing MAC1 field with a new one, and
the basic functioning of geographic routing where the distance is the
only metric used to select the next forwarding node. Based only on the
distance, with NFP each node selects its closest neighbor to forward a
packet. Consequently, the number of intermediate nodes along the end-
to-end path will be the maximum. With MFR, each node selects its
furthest neighbor towards the destination to forward a packet which
minimizes the number of intermediate nodes along the end-to-end
path. Since NFP maximizes the number of intermediate nodes and
MFR minimizes the number of intermediate nodes along the end-to-
end path, using our approach with NFP allows us to study the
maximum additional traffic and the maximum end-to-end transmis-
sion delay. On the other hand, using our approach with MFR allows us
to study the minimum additional traffic and the minimum end-to-end Fig. 4. End to end delivery delay.
transmission delay. The number of intermediate nodes selected along
the end-to-end path when using other metrics will be comprised

195
M. Boulaiche, L. Bouallouche-Medjkoune
Fig. 5. Packet Overhead.
sending an acknowledgment to the source node which increases the
end to end transmission delay. However, this augmentation is related
proportionally to the number of intermediate nodes along the path; the
more nodes in the path taken by the packet the more additional
processing on the packet and so the more end to end transmission
delay. This is what the figure shows, when applying our approach with
NFP routing protocol, the end to end transmission delay increases in a
very high way. And when applying our approach with MFR and NADV
protocols, the end to end delay obtained is relatively less high. We can
also note that the network density greatly influences the end to end
transmission delay when applying our approach with NFP routing
protocol. In conclusion, the end to end transmission delay is related
proportionally to the way a routing protocol uses for selecting next
forwarding node.
4.1.2. Packet overhead
Fig. 5 depicts the number of packets generated in the network by
the three protocols NFP, MFR, and NADV using and without using our
security approach. The figure shows that the number of packets
generated in the network when applying our security approach is
greater than that generated without using our security approach. This
can be justified by the number of acknowledgement packets sent by
each intermediate node toward the source node in one hand and report
packets sent to isolate malicious nodes on the other hand. Indeed, in
our approach, each intermediate node along the path (source-destina-
tion) should send back an acknowledgment packet toward the source
node which increases the number of packets generated in the network
when applying our security approach. The figure also shows that the
number of generated packets in the network depends on the routing
protocol used. When using our approach with MFR and NADV routing
protocols, the number of packets generated in the network is relatively
less high. Whereas, when using our approach with NFP protocol, the
number of packets generated in the network is relatively high.
Effectively, the number of intermediate nodes in the path between
the source and the destination with NFP routing protocol is greater
than that with MFR and NADV routing protocols. And since each
intermediate node sends back an acknowledgment when applying our
approach, the number of packet generated when applying our approach
with NFP is relatively high. The more intermediate nodes in the path
between the source and the destination the more acknowledgements
generated in the network and so the more packets overhead in the
network. In conclusion, the packet overhead is related proportionally to
the way a routing protocol uses for selecting next forwarding node.
4.1.3. Byte overhead
Fig. 6 illustrates the byte overhead generated in the network by
NFP, MFR, and NADV protocols using and without using our security
approach. The figure shows that the NFP routing protocol generates
more byte overhead in the network compared to MFR and NADV
routing protocols. This is due to the strategy used by NFP protocol
when selecting next forwarding node which increases the number of
intermediate nodes in the path between the source and destination. We
196
Journal of Network and Computer Applications 80 (2017) 189–199
Fig. 6. Byte overhead.
also note that the usage of our security approach increases the byte
overhead generated in the network. This is due to the header added by
our approach in one hand and the acknowledgments sent back to the
source node on the other hand. However, the additional byte overhead
generated by our approach is relatively small compared with that
generated without using our approach. The header size added by our
approach is quite small compared with the complete size of the data
packet (the header size represents only a small percentage of the whole
packet size). The acknowledgment used in our approach consists of a
header without any payload which means that the acknowledgments
sent back to the source node don’t generate so much overhead in the
network. We can also remark that the overhead generated when
applying our security approach with MFR and NADV routing protocols
is relatively small. Whereas, when applying our approach with NFP
routing protocol the overhead generated is relatively high. This can be
justified by the number of intermediate nodes selected by each protocol
to forward packets towards the destination. Effectively, contrary to
NFP, the strategy used by MFR and NADV routing protocols to select
the next forwarding node allows reducing the number of intermediate
nodes along the path between the source and the destination. This
allows reducing the number of acknowledgement packets sent back to
the source node and so reducing the additional overhead generated in
the network. In conclusion, our security approach performs well with
protocols that minimize the number of hops between the source and
the destination.
4.2. Attacks detection efficiency
In this section, we will evaluate the detection efficiency of our
approach against black hole attack. In this type of attacks, a malicious
node drops all packets or some packets that go through it. To evaluate
the efficiency of our approach against this attack, we have chosen
watchdog as a comparison approach. To compare our approach with
watchdog, we have measured the following metrics:
1. Delivery ratio: the delivery ratio represents the fraction of packets
sent that are actually received by the respective destination node
among all packets sent ((the number of received packets / the
number of all packets sent)*100).
2. Detection ratio: the detection ratio represents the percentage of
true attackers isolated among all nodes isolated ((the number of
isolated attackers / the total number of isolated nodes)*100).
As our approach is a generic security mechanism that can be used
with any geographic routing protocol in ad hoc networks, we have
chosen NFP and MFR protocols to evaluate the detection efficiency of
our security approach.
Fig. 7 shows the delivery ratio marked with our security approach,
watchdog approach, and without any security mechanism measured on
the two geographic routing protocols NFP (Fig. 7a) and MFR (Fig. 7b).
According to the results shown in the Figure, we can see that
geographic routing is greatly affected by black hole attack which
M. Boulaiche, L. Bouallouche-Medjkoune
Fig. 7. Impact of black hole attack on geographic routing.
requires the adaptation of a security mechanism to protect it against
this attack. Indeed, the delivery ratio decreases to 10% with NFP
protocol when the number of attackers represents 32% of the nodes in
the network and decreases to 18% with MFR protocol when the
number of attackers represents 32% of the nodes in the network. In
contrast, when applying our security approach, delivery ratio continues
in a steady way with the increasing number of attackers in the network
in both NFP and MFR-based networks. And this proves the efficiency of
our isolating system that allows nodes to isolate attackers in the
network and avoid them when forwarding packets towards the
destination which improves the delivery ratio. We can see as well, that
the delivery ratio of our security approach is better than that of
Fig. 8. Delivery ratio in the presence of 4% of attackers.
197
Journal of Network and Computer Applications 80 (2017) 189–199
Fig. 9. Detection ratio.
watchdog. The reason is that with watchdog, an attacker can circum-
vent the watchdog by dropping packets at a lower rate than the
watchdog's configured minimum misbehavior threshold or after a
collision an attacker could skip retransmitting the packet without being
detected.
Fig. 8 illustrates the delivery ratio of our approach, watchdog, and
without any security mechanism measured with the time. From the
figure we can see that delivery ratio converges to the normal case
without attack, i.e., at the beginning of simulation, the delivery ratio is
significantly affected by blackhole attack when applying our security
approach or watchdog. Subsequently, delivery ratio increases to
become closer to that measured in the normal case (case without
attack). The reason for this is that with our security approach or
watchdog, nodes require some time at the beginning of the simulation
in order to detect and isolate attackers in the network. In contrast,
without applying any security approach, attackers continue to drop
packets in the network without being detected or isolated and so the
delivery ratio measured with NFP or MFR without applying any
security mechanism continue to give low values for all the duration
of the simulation.
Fig. 9 shows the detection ratio of our approach versus watchdog
on both NFP and MFR-based network. As depicted in the figure, the
detection ratio of our approach outperforms that of watchdog which
has multiple drawbacks such as false misbehavior reports in which a
node falsely report innocent nodes as malicious nodes, or insufficient
transmission power in one hand and because of selective forwarding in
which the attacker sometimes forwards the packets and sometimes it
drops them on the other hand. Note here that with our security
approach, non malicious droppers (such as local minima or insufficient
transmission power) are considered as malicious droppers, which
slightly degrades the detection ratio.
5. Conclusion and future work
The functioning of a wireless ad hoc network mainly relies on multi-
hop communication of nodes that cooperate with each other to connect
the remote nodes. Many geographic routing protocols for wireless ad
hoc networks have been proposed. However, these protocols have been
proposed for trusted environments. Due to the broadcast nature of
wireless channel, an attacker can disrupt the routing process by
launching several attacks on routing protocols. In this paper, we
proposed and evaluated a new security approach that allows securing
geographic routing protocols. We based the design of our approach on
efficient one-way hash functions to meet networks resources con-
straints. Simulation results show that our security approach gives
better results in terms of end to end delay and packets/bytes overhead
with an MFR based network than with an NFP based network. The
comparison of our approach with watchdog approach has shown the
efficiency of our approach in terms of isolating malicious nodes and so
increasing delivery ratio. However, considering non malicious droppers
as malicious slightly degrades the detection ratio. A potential solution
to this problem may be to send an error packet whenever a node
M. Boulaiche, L. Bouallouche-Medjkoune Journal of Network and Computer Applications 80 (2017) 189–199

encounters a local minima or insufficient transmission power. minimizing the number of intermediate hops along the path between
Simulation results show that our approach performs well, in terms of the source and the destination.
additional overhead and end to end transmission delay, with protocols

Appendix

The BAN's notations and rules used in our protocol proof (Section 3.5) are presented here as they are explained in Burrows et al. (1990), where:
the symbols P and Q are principals; X and Y are statements; and K is encryption key.

Basic notations

• P |≡ X: P believes X, or P would be entitled to believe X. In particular, the principal P may act as though X is true. This construct is central to the
logic.
• P ⊲X : P sees X. Someone has sent a message containing X to P.
• P |~X : P once said X. The principal P at some time sent a message including the statement X. It is not known whether the message was sent long
ago or during the current run of the protocol, but it is known that P believed X then.
• #(X): The formula X is fresh; that is, X has not been sent in a message at any time before the current run of the protocol.
• P |≡Q↔ : P and Q may use the shared key K to communicate. The key K is good, in that it will never be discovered by any principal except P or Q,
K
or a principal trusted by either P or Q.
• {X}K: This represents the formula X encrypted under the key K.

Logic postulates

Rule 1: If P believes that the key K is shared with Q and sees X encrypted under K, then P believes that Q once said X.
K
P |≡ Q ↔ P, P◁{X}K
P |≡ Q |~ X (R1)
Rule 2 (Nonce verification): if P believes that X could have been uttered only recently (in the present) and that Q once said X (either in the
past or in the present), then P believes that Q believes X.
P |≡ #(X ), P |≡Q |∼X
P |≡ Q |≡X (R2)
Rule 3: If a principal sees a formula, then he also sees its components, provided he knows the necessary keys:
P⊲(X, Y)
P⊲X (R3)
Rule 4: If one part of a formula is fresh, then the entire formula must also be fresh:
P |≡#(X)
P |≡#(X, Y ) (R4)

References modular solution. Ad Hoc Netw. 7, 1243–1258.

Ade, S.A., Tijare, P.A., 2010. Performance comparison of aodv, dsdv, olsr and dsr routing
protocols in mobile ad hoc networks. Int. J. Inf. Technol. Knowl. Manag. 2 (2),
545–548.
Al-shugran, M., Ghazali, O., Hassan, S., Nisar, K., Suki, A., Arif, M., 2013. A qualitative
comparison evaluation of the greedy forwarding strategies in mobile Ad Hoc
network. J. Netw. Comput. Appl. 36, 887–897.
Baadache, A., Belmehdi, A., 2012. Fighting against packet dropping misbehavior in
multi-hop wireless ad hoc networks. J. Netw. Comput. Appl. 35, 1130–1139.
Baadache, A., Belmehdi, A., 2014. Struggling against simple and cooperative black hole
attacks in multi-hop wireless ad hoc networks. Comput. Netw. 73, 173–184.
Boukerche, A., Turgut, B., Aydin, N., Ahmad, M.Z., Boloni, L., Turgut, D., 2011. Routing
protocols in ad hoc networks: a survey. Comput. Netw. 55, 3032–3080.
Boulaiche, M., Bouallouche-Medjkoune, L., 2015. EGGR: Energy-aware and delivery
Guarantee Geographic Routing protocol. Wirel. Netw. 21 (6), 1765–1774.
Buchegger, S., Le Boudec, J.Y., 2005. Self-policing mobile ad hoc networks by reputation
systems. IEEE Commun. Mag. 43 (7), 101–107.
Burrows, M., Abadi, M., Needham, R., 1990. A logic of authentication. ACM Trans.
Comput. Syst. 8 (1), 18–36.
Buttyan, L., Acs, G., Vajda, I., 2006. Provably secure on-demand source routing in mobile
ad hoc networks. IEEE Trans. Mob. Comput. 11 (5), 1533–1546.
Chen, D., Varshney, P.K., 2007. A survey of void handling techniques for Geographic
routing in wireless networks. IEEE Commun. Surv. Tutor. 9 (1), 50–67.
Djenouri, Djamel, Badache, Nadjib, 2009. On eliminating packet droppers in MANET: a
Johnson, D.B., Hu, Y.-C., Perrig, A., 2003. SEAD: secure efficient distance vector routing
for mobile wireless ad hoc networks. Ad Hoc Netw. 1 (1), 175–192.
Karp, B., Kung, H., 2000. GPSR: Greedy perimeter stateless routing for wireless
networks. In: Proceedings of the 6th Annual International Conference on Mobile
Computing and Networking. ACM Press, pp. 243–254.
Kevin, L.Marti, S., Giuli, T.J., Mary, B., 2000. Mitigating routing misbehavior in mobile
ad hoc networks. In: Proceedings of the 6th annual international conference on
Mobile computing and networking (MobiCom’00), pp. 255–265.
Kim, J., Tsudik, G., 2009. SRDP: secure route discovery for dynamic source routing in
MANETs. Ad Hoc Netw. 7, 1097–1109.
Kleerekoper, A., Filer, N.P., 2015. Perfect link routing for energy efficient forwarding in
geographic routing. Ad Hoc Netw. 30, 46–62.
Lee, S., Bhattacharjee, B., Banerjee, S., Han, B., 2010a. A general framework for efficient
geographic routing in wireless networks. Comput. Netw. 54 (5), 844–861.
Lee, S., Bhattacharjee, B., Banerjee, S., Han, B., 2010b. A general framework for efficient
geographic routing in wireless networks. Comput. Netw. 54 (5), 844–861.
Levine, B.N., Shields, C., Sanzgiri, K., Dahill, B., Belding-Royer, E.M., 2002. A secure
routing protocol for ad hoc networks. In: Proceedings of the10th IEEE International
Conference on Network Protocols (ICNP),pp. 78–87.
Lyu, Chen, Gu, Dawu, Zhang, Yuanyuan, Lin, Tingting, Zhang, Xiaomei, 2013. Towards
efficient and secure Geographic routing protocol for hostile wireless sensor networks.
Int. J. Distrib. Sens. Netw. Vol., 11.
M.R., Lyu X., Li, J., Liu. 2004. A trust model based routing protocol for secure ad-hoc
networks. In: Proceedings of Aerospace Conference (AC’04), pp. 1286–1295.
Marin-Perez, R., Ruiz, P.M., October 2011. SBGR: a simple self-protected beaconless

198
M. Boulaiche, L. Bouallouche-Medjkoune
geographic routing for wireless sensor networks. In: Proceedings of the IEEE 8th
International Conference on Mobile Ad hoc and Sensor Systems (MASS), pp. 610–
619, .
Md Zin, S., Anuar, N.B., Kiah, M.L.M., Pathan, A.K., 2014. Routing protocol design for
secure WSN: review and open research issues. J. Netw. Comput. Appl. 41, 517–530.
Milocco, R.H., Costantini, H., Boumerdassi, S., 2014. Improved geographic routing in
sensor networks subjected to localization errors. Ad Hoc Netw. 13, 476–486.
Mulert, J., Welch, I., Seah, W.K.G., 2012. Security threats and solutions in manets: a case
study using aodv and saodv. J. Netw. Comput. Appl. 35 (4), 1249–1259.
Pathak, V., Yao, D., Iftode, L., 2008. Securing geographical routing in mobile ad-hoc
networks. Department of Computer Science, Rutgers University, Tech. Rep, vol. 638.
Peng, B., Kemp, A.H., 2011. Energy-efficient geographic routing in the presence of
localization errors. Comput. Netw. 55 (3), 856–872.
Perrig, A., Hu, Y.C., Johnson, D., 2005. Ariadne: a secure on-demand routing protocol for
ad hoc networks. Wirel. Netw. 11 (1–2), 21–38.
Qazi, S., Raad, R., Mu, Y., Susilo, W., Securing, D.S.R., 2013. against wormhole attacks in
multirate ad hoc networks. J. Netw. Comput. Appl. 36 (2), 582–592.
A.H.K.D., Sarma, B.A., Kar, C.R., Mall, 2011. Secure routing protocol for mobile wireless
sensor network. In: Proceedings of the IEEE Sensors Applications Symposium.
Song, Joo-Han, Wong, Vincent W.S., Victor, C.M. Leung, 2007. Secure position-based
routing protocol for mobile ad hoc networks. Ad Hoc Netw. 5, 76–86.
Tao, S., Ananda, A.L., Chan, Mun Choon, 2010. Greedy face routing with face
199
Journal of Network and Computer Applications 80 (2017) 189–199
identification support in wireless networks. Comput. Netw. 54, 3431–3448, (2010).
Tyagi, S., Kumar, N., 2013. A systematic review on clustering and routing techniques
based upon LEACH protocol for wireless sensor networks. J. Netw. Comput. Appl. 36
(2), 623–645.
D., Tygar, A., Perrig, R., Canetti, D., Song, 2002. The TESLA broadcast authentication
protocol. RSA Cryptobytes (RSA Laboratories). vol. 5(2), pp. 2–13.
Wang, J., Chen, H., Lin, Y., 2010. A secure destination-sequenced distance-vector
routing protocol for ad hoc networks. J. Netw. 5 (8), 942–948.
Won, M., Zhang, W., Stoleru, R., 2013. GOAL: a parsimonious geographic routing
protocol for large scale sensor networks. Ad Hoc Netw. 11 (1), 453–472.
Yi, S., Kravets, R., Naldurg P., 2001. A security-aware routing protocol for wireless ad hoc
networks. In: Proceedings of the ACM Symposium on Mobile Ad Hoc Networking
and Computing
Yu, Ming, Zhou, Mengchu, Su, Wei, 2009. A secure routing protocol Against Byzantine
attacks for MANETs in adversarial environments. IEEE Trans. Veh. Technol. 58 (1),
449–460.
M.G., Zapata, N., Asokan, 2002. Securing ad hoc routing protocols. In: Proceeding of
ACM Workshop on Wireless Security (WiSe), ACM Press, pages 1–10.
Zhang, Yujun, Yan, Tan, Tian, Jie, Hu, Qi, Wang, Guiling, Li, Zhongcheng, 2014. TOHIP:
a topology-hiding multipath routing protocol in mobile ad hoc networks. Ad Hoc
Netw. 21, 109–122.