Modified device key generation algorithm and A* algorithm to optimize the security measures based on trust value in device-to-device communications

Security plays a vital role in communication networks. Since the nodes are mobile in mobile ad hoc networks (MANET), they are vulnerable to different types of attacks. Because of its mobility nature, any node can enter the network at any time based on the coverage of the network. No centralized mechanism is found to verify or authenticate the nodes that are arriving/leaving the network. An algorithm is proposed for secure communication between source and destination based on the QoS parameters is called modified device key generation algorithm (MDKGA). This algorithm elects an agent node based on the QoS parameters. Agent node is responsible for secure key generation and distribution of keys among the nodes. The neighboring node selection is based on trust value which acts as a heuristic function to select the node using A* algorithm. Various performance metrics are also analyzed. Comparison study has been carried out between the protocols of MANET.

the node, intruder nodes are identified. Trust value is calculated based on node's behavior over n number of simulations. Rajkumar and Narsimha (2016) A detailed study on various routing methods of MANET, various trust models, trust dynamics, various algorithms for predictions, the effects of trust dynamics and impact of trust model developed were discussed in detail. (Cho et al. 2016) A survey about the mobility models was described. Initially, the authors discussed about synthetic mobility model, explained about mobile traces which were collected and analyzed, explained about performance degradation because of mobility issues and then finally explained about the open challenges and research area for the researchers to process. Conti et al. (2015) A scheme against chosen Cipher Text Attack (CCA) was proposed to enhance the security with less communication overhead to apply to massive scale MANETs and to increase performance metric with less cost overhead. Govindan and Mohapatra (2011) A method which used Markov-chain model for analysis, evaluation of the OCSPbased model for certificates within the hybrid MANETs and the outcomes of absorbing Markov fashions are verified via the widespread simulations of the ADOPT and PS-ADOPT protocols in the OMNET ? ? simulator. (Batabyal and Bhaumik 2015) proposed Flooding Factor Framework for Trust Management (F3TM) in MANETs to be aware of attacker nodes based on the trust values calculated. Route discovery algorithm is to identify the efficient route from source to destination node. Experimental Grey Wolf algorithm is used for validation and authentication of network nodes. Four research areas of the ad hoc networks such as mobile ad hoc networks, mesh networks, vehicular networks and (YangYang et al 2014) sensor networks were discussed in detail and people centric direction toward the research in communications and computing is explained. MohammadMasdari et al. (2017) proposed a protocol for both static and mobile network nodes which do the data delivery in an efficient manner with respect to the scalability of the nodes in the networks. That is, when the number of nodes in the networks increases, the data delivery should not deviate from where it stands (Ahmed, et al. 2017) proposed a novel technique, before initiating the data transfer between the nodes from source to destination the nodes which enters the network are validated and only if it is authenticated it can join in the network communication. This procedure carried out during route discovery phase. Liu et al. (2016) A protocol was proposed to identify the nodes which are unstable due to the signal fading interference from other alerts, or the intervention of intruder node. In MANET, the nodes are mobile, and it can communicate with other nodes in the network Wi-Fi gadgets. For nodes that are not in the communication range transfer the packets through the router node. A MANET is characterized by way of its dynamic topological adjustments, confined conversation bandwidth and restricted battery power of its nodes.

Background work
A unique certificate authorization distribution method to transfer data packets between source node and destination node based on the calculated trust value was proposed (Taheri et al. 2015). Initially, the trust value is computed by the adjacent node and if the trust value is below the threshold_value, the respective node's details will be distributed among other nodes in the network. The misbehaving nodes were removed from the network. A method was proposed where the keys of all the local nodes will be cached to reduce the communication overhead for the future communication (Aluvala et al 2016).
Kaur and Rao 2017) proposed a trust-based public key encryption technique for secure communication. A Composite Trust-based Public Key Management (CTPKM) method was proposed to maximize performance parameters of the network without compromising to give the protection to the network. Each and every node in the network calculates the trust value of its neighbor nodes whether to trust the nodes to transfer the data packets. The CTPKM minimizes the risk, increased reliability and less communication overhead. (Vinayagam and Balaswamy 2019;Moudnia et al. 2019;Rajendran et al. 2019) proposed approaches to detect black hole nodes in the network. (Elmahdi 2020) proposed modified AODV (AOMDV) protocol which uses homomorphic encryption scheme to identify and eradicate the black hole nodes so that it ensures to provide the reliable and secure data transmission in MANETs. Balaji et al. 2019) designed an infinitely repeated game and cooperation to detect malicious node without compromising the network performances. (Singh and Sharma 2020) proposed an approach to detect different types of security attacks and various optimization algorithms are discussed to optimize the routing process. (Yang and Jiang 2019) discussed about the effect of network parameters on Packet Delivery Ratio and Energy Consumption. (GaneshBabu et al. 2020) Image security for vehicle-based information in VANET.
Alappatt and Prathap 2020) proposed a Hybrid Key Management Scheme for securing Multipath routing method for data transmission using Diffie-Hellman method and Elliptic Curve Cryptography. (AliSyed 2021) discussed about various kinds of MANET attacks and compared the effects of attacks based on the evaluation parameters. In addition to this, the authors also giving an insight of the characteristics of MANET and performance evaluation with the help of performance metrics.
Gautam 2020) proposed a novel approach for detecting DDOS attack based on bit rate, PDR and delay and also to classify the attacks either Benign and Malicious traffic using support vector machine (SVM). NS2 simulator is used for collecting the dataset, and LIBSVM is used for analysis. (SuneelMiriyala 2020) Simple dual-key encryption method based on fully homomorphic encryption and double decryption method on SDN controlled MANET. (Satish Kumar and Rama Devi xxxx) A novel proactive routing strategy is proposed to secure the networks to avoid isolation attack by verifying the nodes in handshake method before the node starts with Multi-Point Relay. (Maruthupandi et al. 2021) SDN controlled MANET using DISNEY Routing protocol for better performance of networks based on various performance metrics such as Packet Delivery Ratio, transmission delay, throughput and data transmission rate.
A learning method is applied to identify the nodes which enters the network. This learning method is based on the individual nodes' performance in the network for n number of simulations. A secure transmission involves the concepts of symmetric key, public key and certificate-based scheme. To communicate via symmetric key, same key for both encryption and decryption is needed. Processing cost will be low, but security level is also low. In case of public key cryptography, it needs two kinds of keys, namely public key and private key. Figure 1 shows the general certificatebased communication. Certificate Issue Authority (CIA) is a Certificate issue authority/Agency/node to issue keys to source S and destination D. Other nodes are intermediate nodes. In certificate-based scheme, a CIA will generate keys for encryption and decryption between source and destination. A CIA should be trusted resource or agency mainly used for key generation.
This work uses modified device key generation algorithm (MDKGA) for efficient communication with reduced time cost. A certificate-Based Scheme where a central trusted agency provides key for source and destination is applied. Two separate keys are generated for source and destination nodes for encryption and decryption and also another set of keys will be generated for router and intermediate nodes. The vulnerable node is being identified by n number of trails runs over a particular time period t. A network is formed according to the RSSI distance. A vulnerable node is placed in the network, and communication is recorded. Analysis is done on the communication report. Based on the analysis, the vulnerable node is identified. The analysis is done for each and every node in the network.

Protocols
AODV and DSR protocols are used for implementation. Both the protocols are on-demand routing protocols. It means that only on demand the request from the source node will be sent from the source node to destination node. No pre-defined data about the neighboring nodes will be maintained in the routing table. Only on request the node sends the request message to the neighboring nodes. There are two phases which are common for all the on-demand protocols. They are route discovery phase and route maintenance phase. The route discovery phase is common for both the protocols. They differ in route maintenance phase.
In Fig. 1, the route discovery phase of the protocols is illustrated. Blue node is a source node, yellow node is a destination node and orange nodes are intermediate nodes.
In figure, the source node sends the Route_Request packet to its neighboring nodes to find the destination node with minimum hop distance. The neighboring nodes send the Route_Reqest packet received from the source node to their neighboring nodes. This process continues till the Route_Request message reaches the destination. The destination node will get more than one Route_Request message from its neighboring nodes. But the destination node selects the node with minimum hop distance. In figure, the destination node sends the Route_Reply message to the source node through the selected minimum hop path. This is called handshake process. Once the handshake process gets completed, the source node starts sending the data packet to the destination node. The above entire process is called route discovery phase. Modified device key generation algorithm and A* algorithm to optimize the security measures… 13083 As stated earlier, the route discovery phase of AODV differs from DSR. In Fig. 2, illustration of route maintenance phase is given. If the link failure between the nodes in the selected path occurs, then the intermediate node immediately sends Route_Err message to its predecessor neighbor node in the selected node. Once the error message reaches the source node, the source node again starts its route discovery phase to find the alternate path to the destination node with minimum hop distance.
In route maintenance phase of DSR, after route discovery phase the routes to the destination node will be cached. Once the Route_Err message received by the source node through intermediate nodes, it checks for alternate path to reach the destination with minimum hop distance without start over again from route discovery phase or construction phase. The illustration of route maintenance phase of DSR is given in Fig. 3.

MDKGA
In this algorithm, the trust value of each node in the network is calculated. Once the trust value is calculated, the node with a highest trust value will be elected as Certificate Issuing Authority (CIA)/ node. The selected node acts as a router as well as a CIA according to request. The selection procedure of CIA node varies from one network to another. Initially, the CIA node will not be selected for the first round of simulation. Then, after tenth round of simulation, CIA node is chosen based on the calculated Average Trust Value of the nodes. The initial round of simulations for selecting the CIA node is also not a constant value. It takes some random value from 5-20 rounds. Trust node will be any intermediate node in the network. The information of trust node will be sent to all the nodes in the network. The details about the trust node will be added to the routing table. If the source node wants to send a data packet to its destination node it starts initiating to send the broadcast message to selected CIA node, Src_Key_Req message to the trust node. The trust node checks the type of message and sends Src_Key_Rep message.
Figure 4 a and b shows the functionalities of MDKGM algorithm. In Fig. 4a, blue node represents a CIA node. Before source node sends the broadcast message to its neighbors, it asks for key to encrypt the data packets from the CIA node which is used for transferring the packets securely. In Fig. 4b, the destination node asks for key to decrypt the data packets.
A Src_Key_Req message contains source_id, destina-tion_id, #old_value #new_value and #trust_value. #new_value is a unique number or a text which is sent by the source node to the CIA node for identification. The #old_value is also a unique number which represents the previous key identification. For the initial request, always the value of #old_value will be null. The identification value of a node keeps changing for each and every communication. The updated trust value will be sent to the CIA node for each Src_Key_Req. The destination_ID will be saved in the trust node table for future confirmation. That is, when destination sends request for a key, it cross-checks with the saved ID in the agent node. If it matches, then only the agent node generates the key and sends it to the destination node; else it simply ignores the message. If the CIA node receives a Src_Key_Req, then it verifies the node based on the #trust_value. If the trust_value is above the threshold, then the CIA node sends Src_Key_Rep message with source_id, destination_id, #new_value and ack = 'Verified'. If the trust_value is below the threshold, then the CIA node reply with Req_Rej message with source_id, destination_id, #new_value and ack = 'rejected'.
The trust node acts as both router node and CIA node. Suppose if the trust node receives a Route_request message from its neighbor nodes, it just broadcast the message to its neighbors by updating its routing table. Or else, if it receives Src_Key_Req or Dest_Key_Req it acts as a CIA node. Based on the request, the CIA node changes its characteristics and done accordingly. When destination node receives the route_request message from the source node, it sends Dest_Key_Req message to the CIA node. The Dest_Key_Req message contains source_id, Fig. 2 Route maintenance phase of AODV destination_id, #old_value, #new_vaue and #trust_value. The #trust_value is required to identify whether the node which is requesting for key (encryption or decryption) is liable or not. If the trust_value is above the threshold, then the CIA node sends Dest_Key_Rep message with sour-ce_id, destination_id, #new_value and ack = 'Verified'. If the trust_value is below the threshold, then the CIA node reply with Req_Rej message with source_id, destina-tion_id, #new_value and ack = 'rejected'. Once the handshake messages are over, the source node sends Src_Key_Req_enc message to the CIA node where the message contains source_id, destination_id, #new_value and #trust_value.
CIA node sends Src_Key_Rep_enc which contains the same content of Src_Key_Req_enc in addition to that it also contains the key for encryption and #random_new_value. This #random_new_value will be copied to #new_value field. If the same node seeking request from the CIA node, it uses the random value generated by CIA for communication. The key is generated using RSA algorithm. Then, the source node starts to send the data packets to the destination node through the selected path. Here, public key cryptography method is used. That is, source and destination nodes will encrypt and decrypt using their own private keys, respectively. The generated key varies for every new simulation. Node ID is used as a public key to access a particular node. If the request is for the first time to the CIA node, that is, before the handshake message, then Key_Reply message will not contain the key. It will have source_id/destination_id, #old_value and #new_value. This message is like an acknowledgment. For the next transmission onwards, it will send keys along with reply messages for encryption and decryption.
If the destination node receives data packet form the source node, it immediately sends Dest_Key_Request_dec message to CIA node. CIA node sends back Dest_Key_Reply_dec message which contains private key generated using RSA algorithm for decryption. This message also contains #random_new_value to copy into #new_value field of destination node router table for future identification.
If the source node completes handshake message with the destination node along the selected path identified after the discovery phase, it sends Src_Key_Req_enc message to the trust node. This key_reply message contains the #ran-dom_new_value similar to the old one along with the new value for the next request if it occurs. If the value matches, then it generates the key and sends it. Once source receives the key, it starts encrypting the data packets and sends to the neighboring nodes to reach the destination node. The same procedure is followed till all the packets reach the destination side.
Trust value for each node is calculated based on the average reliability and average energy efficiency from active participation of a node in the network and active participation of a node in a particular channel. They are defined as Average Residual Energy of the node in the network Trust value of the node in the network TV Ni In the above (1), N represents the current network, and i is the corresponding node for which the trust value is calculated. RE is the reliability value of that particular node. (2) is used to calculate the average residual energy of the node in the network over 'r' number of rounds. ResEne is the residual energy of the node over 'r' number of rounds. (3) is used to calculate the trust value (TV Ni ) of the node in the network.

Reliability of the node in the channel
Residual Energy in the channel Trust value of the node in the channel TV Nc In the above (4), calculates the reliability of the node in the channel. It is defined as the ratio of number of packets received (PR i ) to the number of packets sent (PS i ) over the network. (5) is used to calculate the residual energy of the node in the channel over 'r' number of rounds. TE i is the total energy available at the initial stage. In (6), the trust value of a node is calculated by taking the ratio of its summation of reliability value and residual energy value over r number of rounds.
In (7), the effective trust value (ETV) of a node 'i' in the network is calculated by taking the summation of trust value of the node in the network to the trust value of the node in the channel. Agent node is elected based on the criteria satisfied by a node as specified in Table 1. The criteria that are given in the table is a dynamic one and the threshold value for fixing the criteria is calculated based on the history of the nodes' trust value. There are only previous k effective trust value of the node is maintained. If two or more nodes fall in the same category, then based upon the highest sequence value and number of times, a node is selected as agent node in the previous network communication, the node will be elected as CIA node. Based on the trust value, the neighbor node will be selected for the current node. The trust value acts as heuristic function to select the neighbor node and the optimized path from source to destination node using A* algorithm and the heuristic is based on trust value.
In Table 1, the decision about the node is clearly tabulated. It is clearly seen that the threshold for taking the decision changes from time to time. At time t 0, if the effective trust value of a node is greater than 80, then the node which is having highest effective trust value can be elected as CIA/ Agent node. At time t 1, if the effective trust value of a node is greater than 95, then only the node will be elected as CIA/Agent node.
Average Effective Trust Value of a node In (8), the Average Effective Trust Value (AETV) of a node i is calculated based on the previous n trust values of a node. Average highest ETV of the network AHETV N ¼ P n i¼1 HETV i n ð9Þ In (9), the Average Highest ETV (AHETV) of the network (N) is calculated based on Highest ETV of n rounds of simulation. HETV holds the previous 1n highest ETV of the network. AHETV is taken as the threshold value for accepting the node as CIA node. If the ETV of the node is greater than the AHETV will be considered as most promising node. Only after finding two effective trust values of each and every node, CIA node will be elected. Only after finding the 2 nd ETV, the CIA node will be elected based on ETV. The intermediate values that are shown in Table 1 have considered as the relative value form the highest threshold value.
Pseudocode for calculating the highest threshold value: Modified device key generation algorithm and A* algorithm to optimize the security measures… 13087

MDKGA process flow
The process flow of MDKGA is illustrated in the figure.
The process starts with initiating the network topology and the communication between the nodes. Then, the trust values of the node in the network and in the channel are calculated based on reliability and residual energy. The summation of the above two factor is taken as effective trust value. The highest trust value of previous rounds of simulation to be identified and to be fixed with the threshold_value for the current round. The algorithm for MDKGA is given in Fig. 5. The request and reply messages from source and destination nodes to the CIA node for encryption and decryption will be verified initially through the handshake message and dynamic unique ID will be generated for each request from the same node for different simulation instances.

Performance measures
Performances of the network are calculated based on the following factors such as scalability, reliability, energy utilization and mobility. The output from the simulations will be analyzed and necessary changes are made if there are any drastic variations in the performances of the networking environment. The Average Reliability (AR N Þ is defined as.
where AR is average reliability, i is a node, and k is number of simulations. The scalability factor (SC N Þ is defined as Modified device key generation algorithm and A* algorithm to optimize the security measures… 13089 where SC is scalability, i is a node, k is number of simulations, and n is number of nodes in each simulation.
where EU is energy utilization, i is a node, k is number of simulations, and n is number of nodes in each simulation. The Average Trust Value (AT N Þ is defined as where AT is Average Trust Value, ETV is effective trust value of a network, and K is number of simulations. Equations (10) to (13) are used to calculate the performance factors of the network based on k number of simulations. In (10), average reliability of a network is calculated. The reliability values of all nodes in a network are added for n number of simulations. The average value is the ratio of total reliability of a network to the number of simulations. In (11), average scalability of a network is calculated. The scalability value of a node is calculated based on packet delivery ratio and by varying number of nodes in the network for each simulation. The scalability values of all nodes in a network are added for n number of simulations. The average value is the ratio of total scalability of a network to the number of simulations. In (12), average energy utilization of a network is calculated. For n number of nodes over k number of simulations, the energy utilization value is calculated. In (13), average effective trust value of a network is calculated. The effective trust values of all nodes in a network are added for n number of simulations. The average value is the ratio of total effective trust value of a network to the number of simulations. The values obtained from the calculations are compared with/ without using DKGM.

Results
NS2 simulator is used for the implementation of MDKGA. The simulator instance of the environment that is being created is shown in Table 2. The protocol used for the   implementation is AODV and DSR. The maximum simulation time is 600 s. From the results, the reliability, scalability, energy utilization and effective trust value are calculated and then compared with the corresponding improvised algorithm implemented using the protocols AODV and DSR. Comparison between the protocols is also done based on these performance parameters.   Table 3 shows the reliability value (Packet Delivery Ratio) using AODV and DSR for 5 rounds. Here, the PDR is taken for 9 nodes. From the reliability value measured in the table, the average reliability value of the node in the network is calculated in Table 4. Table 5 shows the energy utilization value of 9 nodes for 5 rounds. From the energy utilization value, the residual energy is calculated in Table 6. Initially, the maximum energy for each node is kept as 100 J. Using the calculated residual energy, the average residual energy of the node in the network is calculated in Table 7. In Table 8, the trust value of the node to the network is calculated. Though it shows very less difference between trust values of AODV and DSR but it is not a constant one it may vary based on number of rounds and number of nodes in the network. For different combinations of nodes and rounds, these values may vary. Table 9 shows the average PDR value of 9 nodes for 5 rounds. In Table 10, average energy utilization values of 9 nodes in 5 rounds are calculated. From the above two values, trust value of the nodes in the channel is calculated and shown in Table 11. Table 12 and Fig. 6 represent the effective trust values of the nodes using the protocols AODV and DSR. From Table 12, it is clearly understood that effective trust values of the nodes using DSR are having higher values than AODV.
From Table 13 and Fig. 7, it is inferred that without using MDGKA, the performance parameters such as PDR and energy utilization are showing poor values. The performance metrics of DSR show better values than AODV.  When using MDKGA, both AODV and DSR work better. There is an increasing value for both the performance metrics PDR and energy utilization. From Table 14 and Fig. 8, it is inferred that without using MDGKA, when the number of nodes in the network increases, there is a drastic decrease in the % PDR value and energy utilization. Only 10 random simulation environments by varying the number of nodes in the network are considered. Including MDGKA, the performance gives good percentage of PDR and energy utilization.

Conclusion and future work
The main application of MANET is vehicular ad hoc network (VANET). Though it is a rapidly growing field of research, still it lags in major issues such as scalability, reliability, mobility and security. In this work, a key generation algorithm called MDKGA is proposed which selects the CIA node from the network based on the highest ETV. Source and destination nodes communicate with the CIA node before the source node starts transmitting the data packets. The public key cryptography method is used for encryption method. RSA key generation algorithm for generating private key is used. This method has invoked end-to-end encryption since it is not advisable to share keys via intermediate nodes because of node's mobility. Performance evaluations were done and compared with various simulation experiments. AODV and DSR protocols are used for implementation. Comparisons between both the protocols have been done after incorporating the proposed algorithm on them. The comparisons have done based on PDR, scalability, energy utilization and trust value. In future work, in addition to the above performance factors, we can include delay time based on synchronization between the nodes during the communication and mobility. For the analysis part, we can train and test the dataset obtained from the simulation using machine learning techniques.

Declaration
Conflicts of interest The authors declare that they have no conflict of interest.