Materials Today: Proceedings xxx (xxxx) xxx

Contents lists available at ScienceDirect

Materials Today: Proceedings

journal homepage: www.elsevier.com/locate/matpr

‘‘A novel approach using elliptic curve cryptography to mitigate

Two-Dimensional attacks in mobile Ad hoc networks”
Mukul Shukla a, Brijendra Kumar Joshi b
a
Shri Govindram Seksaria Institute of Technology and Science, Indore 452003, India
b
Military College of Telecommunication Engineering, Mhow 454431, India

a r t i c l e i n f o a b s t r a c t

Article history: The ‘‘Mobile Ad Hoc Network” (MANET) can change locations configure itself in hover, as this technology
Received 4 December 2020 uses the wireless connections to connect the numerous networks over glide. However, MANET is prone to
Accepted 20 December 2020 security attacks such as Blackhole, Wormhole, Jellyfish, and Denial-of-Service Attack (DoS) attacks. In
Available online xxxx
these attacks, the malicious nodes guarantee that they have the briefest way to the destination. At the
destination, in the wake of getting the information bundles, possibly, they drop the packet or send an
Keywords: inappropriate message to the source called wormhole and Blackhole attacks. This paper proposes a pro-
Mobile Ad-Hoc network
tocol to mitigate the wormhole attack and black hole attack. The proposed protocol is a combination of
Wormhole attack
Blackhole attack
scalable-dynamic elliptic curve cryptosystem and AODV protocol, termed as ECCAODV. We have consid-
AODV ered two-dimensional vector function F [A, B] where A is Wormhole Attack, and B is a Blackhole attack.
ECC For verifying our proposed protocol, we have considered two scenarios first without attack, and the other
ECCAODV is with the attack. When there is no attack, we have represented that as AODV in graphs, and with the
attack, we have described it as MAODV. We have applied our proposed method, i.e., ECCAODV on attack
scenario, and we got improved results in terms of throughput, packet delivery ratio, end to end delay,
shows the improvement and found to be 1226.19 kbps, i.e., enhancement of 130.95% and delay decrease
of 40% from MAODV. Besides, two more critical parameters are investigated in detail, such as energy con-
sumption and routing overhead. It has been observed that ECCAODV, in-turn resulting in better results
with minimum energy consumption saving of 75.97% as compared to the attacked scenario and 64.01%
difference of routing overhead over the MAODV. Therefore, the proposed protocol paves the way and pos-
sesses the potential to safeguard the MANET.
Ó 2021 Elsevier Ltd. Selection and peer-review under responsibility of the scientific committee of the
International Conference on Advances in Materials, Ceramics & Engineering Sciences.

1. Introduction The above Fig. 1 shows the underlying architecture of MANET.

Due to the high movement of nodes, routing is one of the chal-
MANET fall in that category of networks that can operate with- lenges in the MANET.
out the help of any infrastructure. MANETs are helpful in that place The routing protocol in MANET should be adaptive; it means
where we require fast deployment, and there is no wired link avail- that they should have the capability to fight with the worst condi-
able. It requires an expensive investment because it is having a tion of path and link break between source and destination node
base station and mobile nodes. Many tasks are taken care like net- during communication [3].
work monitoring, discovering routes, sending packets, and making In MANETS, there are mainly two types of attacks, i.e., active
communication secure. The most important one is to prevent the and passive attacks. Here, in this research work, we emphasize
network from attacks, and for that purpose, we have designed an active attacks. They are Blackhole and Wormhole attacks.
algorithm that takes care of it robustly [1]. Intermediate nodes in (a) Blackhole Attack:
MANET are responsible for routing in a multi-hop fashion. In the MANET’s blackhole attack is when the malicious node sends the
case of a wired network, we face route failure; the same problem wrong information to the source node about the shortest path in
exists in the wireless network. The leading cause of route failure between source and destination. It sends the RREP packet. Fig. 2
in MANET is the limited battery power and mobility of nodes [2]. shows the attack between node 21 and 22, and between node 32

https://doi.org/10.1016/j.matpr.2020.12.886
2214-7853/Ó 2021 Elsevier Ltd. Selection and peer-review under responsibility of the scientific committee of the International Conference on Advances in Materials, Ceramics
& Engineering Sciences.

Please cite this article as: M. Shukla and Brijendra Kumar Joshi, ‘‘A novel approach using elliptic curve cryptography to mitigate Two-Dimensional attacks
in mobile Ad hoc networks”, Materials Today: Proceedings, https://doi.org/10.1016/j.matpr.2020.12.886
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

The results obtained from that proposed work is that the ECC is
reliable for resource-oriented devices.

We have also discussed the base point selection, represented as
G=(x, y), is essential for constructing the cryptosystem that is
more reliable and is based on the ECDLP. From the perspective
of security, the large number order should be contained by G.

As the proposed crypto system’s security depends not only on
the ECDLP hardness but also on the curve synchronization that
is selected, without the synchronization between both parties
may result in errors.

The security of the proposed approach Scom is the combination
Fig. 1. General architecture of MANET.
of the original ECC security and bonus obtained by randomly
and 33 is a blackhole attack. This type of attack is most prominent selecting a prime number.
in the ad hoc network and needs attention. To avoid the black hole
attack, our algorithm detects the malicious nodes and prevents this The rest of the paper is organized as follows; Section 2 contains
type of attack in the system [4,5]. Literature Review; section 3 includes a proposed methodology and
(b) Wormhole Attack: analysis performance; section 4 contains simulation and results;
For a wormhole attack, the minimum number of malicious and finally, the paper is concluded in section 5.
nodes required is two. Two malicious nodes locate themselves in
the network, and they keep on listening to all the network activi- 2. Literature review
ties; after that, they make a strategy and create a tunnel and attack
on the network. This type of attack is very difficult to detect in the 2.1. Literature review papers of attacks in MANET
network and is a more severe attack. The proposed method detects
this attack and prevents the network from being hacked. In Fig. 2, T. Li et al. [8] presents Dlog, which was used for the detection of
the attack between nodes 11 and D is done by two malicious nodes glitches. It has two main stages: the first is to train, and the second
by creating a tunnel between them [6,7]. is glitch detection, which can detect abnormal events and provide
There are various algorithms available that detect the attack. the network operators with specific attack modes. Authors have
None of them takes care of all types of attacks. So, our proposed achieved a 96% precision rate in anomaly detection and give the
algorithm takes care of two types of attacks wormhole and black users the attack modes in seven clusters.
hole attack. This is the specialty of our algorithm. V. Keerthika et al. [9] have focussed on preventing a MANET
In the above Fig. 2, three types of attack are shown between from a black hole attack. They have proposed a trust-based secure
Node 11 and 12. There are two malicious nodes represented B Ad hoc On-Demand Vector Routing, which protects a MANET from
and W exists, so the attacks caused by them are called Cooperative a black hole attack. They have applied a hybrid Weighted Trust
Black Hole Attack. In between nodes 21 and 22, between 32 and 33, based Artificial Bee Colony 2-Opt algorithm. The hybridization of
a malicious node exists responsible for Blackhole attacks. Similarly, the algorithm has performed using the 2-opt as a local search.
the attack between nodes 11 to D is made by the malicious node by The proposed method enhances the performance parameters such
creating a tunnel. Such type of attack is called the Wormhole as packet delivery ratio, hops to sink, and end delay.
attack. T. Kavitha et al. [10] have applied Particle Swarm Optimization
The main contributions of this paper are summarized as (PSO) algorithm as a feature optimization technique and classified
follows: using Neural Networks, which detects the intruder node. Authors
have worked upon the parameters like packet delivery, delay in

We have proposed a dynamic and scalable cryptosystem, which communication, and the amount of energy consumption for iden-
uses the elliptic curves along with the decreased key size. tifying and isolating the intruder.

Fig. 2. Network diagram representing various attacks.

2
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

S. Gurung et al. [11] presented the blackhole attack problem Table 1

and the different possible nature of the node in the mobile ad- Secure montgomery curves.

hoc network and various techniques for dealing with the blackhole q  sec a b c
attacks. These techniques have been classified into multiple Curves 110 117050 221 3
schemes according to their essential operation. 486662 255 19
R. Tourani et al. [12] have proposed that Information-Centric 61370 256 189
Networking (ICN) surveyed the existing literature in security and 240222 256 765
55790 254 127  2240  1
privacy in ICN and presented open questions. More specifically,
192 2065150 383 187
they have explored three broad areas: security threats, privacy 256 530438 511 187
risks, and access control enforcement mechanisms.
E. O. Ochola et al. [13] have discussed the black hole attack on
MANET. They have simulated their proposed algorithm with AODV
and DSR protocol on simulators NS2 and NS3. They have got results the same time again, the range of the appropriate curve makes it
based on parameters, throughput, and packet delivery ratio are more complicated, and the lack of understanding of the user of
decreased on the black hole scenario because the malicious node these curves makes it lack inefficiency and the security terms.
absorbs or discards some of the packets. End-to-end delay is also Moreover, the suspects regarding the security issues in the stan-
reduced in the presence of a black hole attack because a malicious dard curve have not yet stopped. In 2007, Berstein et al. [23] dis-
node pretends to have a valid route to a destination without check- covered the insecurity of NIST’s standard curves, which increases
ing the routing table. Therefore, it shortens the route discovery the security issues for the elliptic curves.
process.
S. Sankara Narayanan et al. [14] have discussed that the 2.3. Analysis dimensions
Wormhole attack is one of MANET’s severe attacks. Wormhole
attack has the property to create a tunnel between two nodes in In this section, we are discussing the ways for implementing
a given scenario. Their proposed method detects active and passive routing attacks done by malicious nodes. We have divided the
attacks and got better results based on network parameters com- actions that are done by the malicious attackers in the discovery
pared to actual work. process of the route into the following points:
Q. M. Yaseen et al. [15] have proposed an algorithm that selects
Drop (DR): The attackers drop the messages
the best route in the scenario when more than one path exists
Modify and Forward (MF): With the help of unicast or broad-
between source and destination. They had got better results in cast feature the malicious attacker modified the fields of routing
terms of delay and routing over the head when they simulated message and forward to neighbor nodes
their algorithm.
Forge Reply (FR): The malicious attacker reply an RREP packet
R. J. Cai et al. [16] have proposed an evolutionary self- in response to the RREQ packet
cooperative trust (ESCT) algorithm for detecting and preventing
Active Forge (AF): The malicious nodes send a fake RREP
attackers on MANET. ESCT will exchange trust information packet without receiving the RREQ packet, and it can discover a
between nodes and analyze received trust information based on fake RREQ packet.
their cognitive judgment. Their proposed algorithm works best in One more dimension for the analysis is to check for the goals set
terms of Mobile Ad hoc network parameters. by the attackers. There are so many attacks are classified as:

Route Disruption (RD) is stopping an existing route and pre-
2.2. Prior art of elliptic curve cryptography and their limitations venting the new way.

Route Invasion (RI) is the process that attempts to add
For various MANET platforms, the Elliptic curve cryptography attacks in the path between two nodes. Once it has been done,
(ECC) is a cryptosystem for the lightweight public key is better the packets have dropped without any acknowledgment.
than the Diffie-Hellman (DH) and the Rivest-Shamir-Adleman
Node Isolation (NI) breaks all routes from a node.
(RSA) because of the security features [17].
Resource consumption (RC) is the process used to consume
For providing the level of security as per the RSA and DH, the bandwidth, space, and battery for the nodes.
key size required by ECC is minimal, which decreases power con-
sumption. This method has been implemented for various 3. Proposed scheme
resource-oriented applications [18–21]. In [18], Gura et al. The
authors used the 8-bit Atmel processor for executing the ECC. In Here in our proposed approach, we have tried to eliminate the
[19], Wang et al.’s authors proposed enhanced ECC, which controls issues with the contrast of the ECC development for resource-
access over the sensor network. After that, the microcontroller oriented platforms. We have presented a cryptosystem that is
(MSP430-16bit) was used to implement ECC on the prime field. dynamic and scalable, which uses the elliptic curves along with
The results obtained from that stated that the ECC is reliable for the decreased key size. Flexibility seen in the proposed design
the resource-oriented devices also said the possible improvements allows a facility to select more curves that can be created with a
in ECC in terms of efficiency when using on the microcontrollers of great security level [24,25]. [24] in this paper, the authors pro-
low power. By making the use of the domain parameters and the posed a method for selecting the curves for providing security
curve model, the traditional ECC experiments. This makes it chal- and efficiency purposes. The curves presented by them can work
lenging to create a platform for diverting devices with the 8-bit for the security level for 128, 192, 256 bit. For improving the base
to 256-bit ranging processors is given in Table 1. field, arithmetic Montgomery-friendly and the pseudo-Mersenne
A single curve has been used in ECC; the security parameters were used. In [25], Aranha et al. stated the higher efficiency for
are then challenging, so the ECC needs larger key sizes. But the general use that joins the security constraints provided by the p-
increase in the key length is not considered beneficial for regular 224, p-384, p-521 curves indicated by the NIST. Further, the
computers and resource-oriented platforms. In another way to authors have given some techniques for verifying the safe and
select the proper secure curve by the user itself deals with the unsafe elliptic curves at the security level and finding the existing
problems. In[22] (NIST), they have given a standard curve set; this other curves. Aranha et al. showed two different curves which pro-
was done to select proper curves regarding security issues. Still, at vide security and efficiency, based on their scenarios of testing:
3
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

Montgomery curve (25519) and Edward curve (1174) both can be we say that the d is stated as the point order for P if we get the
shown in the form of the equation y2 ¼ x3 þ ax2 þ x and situation as dP = 0. [28] Lagrange’s Theorem stated that #E always
x2 þ y2 ¼ 1 þ ax2 y2 with prime 2b  c, gets divided by the integer d. The cofactor is denoted as h, and the
Here the integers are b and c; Table 1 shows the parameters a, b, h is obtained from the h=#E/d; the h is supposed to have lesser
and c, representing the curves that as secure. So it results in curve value [28]. To obtain an advantage in the discrete logarithm for
list generation, which keeps the record of the curve parameters for avoiding the un-necessaries, the algorithm by Pohlig-Hellman
various security levels. Here we pre-generate the initial point, and [29] is used, which states that the d should have larger value. This
this point is kept for every curve used for the base point genera- scalar multiplication turns to be the core for constructing the E|Fq
tion. For the enhancement of the security levels, the rules to update (discrete log problem), which is stated as the Elliptic Curve Dis-
the initial points have been designed. A number of the curve crete Logarithm Problem (ECDLP).
needed to be synchronized for both the parties to state the curve ECDLP: Here, we have points P&Q that belongs to E|Fq, find an
that is to be used for the communication. The selection of the curve integer l where l 2[2, d 1] and Q = lP, provided that such an inte-
parameters in a random manner may handle the security loss that ger exists.
occurred due to selecting the smaller key size. From a practical per- When deals with the lack of the algorithm for sub-exponential-
spective, the curves that are stated for the lesser finite field are time [26], The cryptosystems based on this problem are considered
considered more beneficial to implement in simpler processors. as harder to crack, and the security provided by it is higher in com-
parison with the RSA.
3.1. Overview of ECC ECC is set up when every party must have to be agreed for the
same domain use in advance. Finite field Fq is also included within
Let q is a prime number and the finite field of q elements it, a&b are coefficients of the curve, P 2 E | Fq where P is the prim-
denoted by Fq for more than three characteristics. EjFq represents itive element selected randomly, it has order d, and h is the cofac-
the elliptic curve on Fq and is stated as the solution set or the P = tor. The same as the generation of the DH key exchange protocol,
(x, y) (x, y 2 Fq) points of the equation given by Weierstrass the joint secret key can also be generated, as stated below.
y2 = x3 + ax + b, where a, b 2 Fq and 4a3 + 27b2 – 0, also the point 1) A chooses random ka2 [2, d-1], calculates Qa = kaP, and sends
at infinity is expressed as O. The inverse of P for the symmetric it to Party B Qa.
point on the x-axis that is –P=(x,-y). An abelian group is created 2) Same, B generates kb2 [2, d 1], calculates Qb = kbP, and
by these points with O, Which serves as the element for identifying sends it A Qb.
operations like point doubling and addition. Hence, as we con- 3) Shared key computed by A as Qs = kaQb.
struct the logarithm problem internally [26]. Hasse’s Theorem re- 4) Shared key computed by B as Qs = kbQa.
stricts the no. of points over E| Fq, which is expressed as #E A and B can obtain a safe communication based on the shared
pffiffiffi pffiffiffi key generation in various ways that is session key is considered
qþ12 q6E6qþ1þ2 q ð1Þ
as Qs. A protocol is used as the instance is stated as
Operations over the E|Fq because of the closure property mostly 1) Let M 2 Fq is the message that A needs to send to B, M
yields the points over E|Fq. For geometrically speaking, two points encrypted will be obtained by A by computing C = M + Qs.
addition, i.e., P&Q on the curve E by taking R real numbers, E|R gets 2) The decryption of M from C can be done by, computation of
the intersection point negative on the curve, and the line is stated M = C – Qs by B.
as P, Q. When it reaches the values P = Q, then the line is tangent
with the curve E at both points. Also, when the p is added to itself,
then it is stated as the point doubling. Various operations from var- 3.2. Presented dynamic scalable ECC scheme
ious fields follow the same rules on E. The analytical expressions
can get from the rewriting of these rules in the form of coordinates. A. Dynamically assigning parameters: Various curves for var-
Point Addition suppose P = (x1, y1), Q = (x2, y2) 2 E | Fq, if P, ious security levels can be validated and designed as stated in
Q – 0, P – Q and Q – - P, the coordinates of R = (x3, y3) where Table 1. Using some parameters that are determined secretly as
the addition of R = P + Q can obtained as equation (2),3 and 4. a,b,c set, we can create a list of the curve to create an ECC for scal-
able structure. The process of assigning the parameters dynami-
x3 ¼ k2  2k ð2Þ cally is done to select a preset group with the parameters that
create a secure curve. Table 2 shows that the number of the
y3 ¼ kðx1  x3 Þ  y1 ð3Þ
designed elliptic curves are L, and every curve is attached with
an integer that is generated in a random manner rli ðli –lj 8i–jÞas
k ¼ ðy2  y1 Þ=ðx2  x1 Þ ð4Þ
the number of curve hethe re i varies in the range of 0 to L-1. For
Point Doubling suppose P = (x1, y1) 2 E | Fq and R =(x3, y3) = P the curve li, Pi is the initial point also di, is the order of Pi. A curve
+ P, then equation (4),6 and 7. selection will be done where the communication between the par-
ties is made for confidence trial conversation.
x3 ¼ k2  2x1 ð5Þ
For denoting the ECC security here, we have adopted the signs
designed in the [25] that are for the length of the bit we use q-
y3 ¼ kðx1  x3 Þ  y1 ð6Þ
sec. 256 should be the size of the ECC key for achieving 128 value
  of q-sec [25]. As we see the limitations in power of the processing
k ¼ 3x31 þ a =ð2y1 Þ ð7Þ
in the devices of MANET, for strong curves we use q-sec values
Multiplication of scalar can be stated based on the introduction very higher so, here we try to use the low values of q-sec, i.e the
of the operations above. q-sec curves with the values like 128 can be exchanged with the
Scalar Multiplication supposes P = (x1, y1) 2 E | Fq, and the inte- q-sec curves with 110 bits or more low values of bits. In such cases,
ger is k. k multiplies with P as elliptic scalar multiplication is rep- power consumption would be lower, and i, n terms of efficiency wi,
resented as kP, the results of the addition of P with itself for k times ll be more efficient. So is it termed for the manet as more benefi-
[27], i.e.; cial. The random selection of new curves for communication pro-
vides more security can cothat mpensate the before curity loss
kP ¼ ðP þ P þ . . . . . . þ PÞ=k ð8Þ by making the smaller size key use, which is seen in Section 3.3.
4
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

Table 2 The desynchronization of the parameters can cause various

Curve list. damage, so concerning this, the protocol, along with the protocol
No. Parameter Point that resets the parameter, is developed and is stated in Fig. 4 and
l0 a0 ; b0 ; c0 ; d0 ; q0 P0 Fig. 5.
l1 a1 ; b1 ; c1 ; d1 ; q1 P1 The main reason to design this protocol is for the list mainte-
l2 a2 ; b2 ; c2 ; d2 ; q2 P2 nance of the current parameters and the values that can occur from
... ... . . ... some future steps. So the synchronization can be maintained by
lL1 aL1 ; bL1 ; cL1 ; dL1 ; qL1 P L1
checking + 1 and 1 step parameters when there is any desynchro-
nization. Here we need to mention that in the perspective of IoV
the party A works as Sensor(S), and party B acts as Gateway(G)
The working of the minimal list approach by using the pseudo- for identification of this by each other the ID and ID’ are used,
nym throttling for Radio frequency identification (RFID) tag respectively. This S&G both stores three curves: Cf, Cc, and Cn.
authentication, So for authentication, the RFID tags store a list of The last curves in the conversation are stored in the Cf. The syn-
the random [30]. This method is described as the Polonius Authen- chronization information for the current conversation is stored in
tication in paper [31,32]. Every time the request is made for the the Cc Cn states the next conversation curve parameters informa-
tag, the next pseudonym from the list is given out, and if the list tion. The equations to obtain these three parameters are as follows
is visited, it will start from the initial tag again. So as same in our for the ith curve in equations 9, 10, and 11.
method, multiple sets of the parameters are used for the curves.
Every parameter set will be sent in a sequence when we make a C f ¼ ai1 kbi1 kci1 kdi1 kqi1 kPxi1 kPyi1 ; ð9Þ
request. Fig. 3 states that the cycle will be performed when the list
is visited once. C c ¼ ai kbi kci kdi kqi kPi xkPyi ; ð10Þ
B. Arbitrary base point choice
In section II, as we stated, the base point selection, represented
C c ¼ aiþ1 kbiþ1 kciþ1 kdiþ1 kqiþ1 kPxiþ1 kPyiþ1 ; ð11Þ
as G=(x, y), is very important for constructing the cryptosystem
that is more reliable and is based on the ECDLP. From the perspec- Here the operation of the bit splicing is represented by||, the coor-
tive of the security, the large number order should be contained by dinates of x & y of points P are stated by Pxi and Pyi respectively.
G. Here is the EC of order #E = hd, the traditional [28] to get the
Fig. 4 shows the stored curves in G & S; for this, suppose let GGj
base point of d order follows the steps in the 1st algorithm. P 2 E
| Fq, where P is the point on the curve that is selected randomly. and GGj (j = f, c, n), the protocol flow states that for parameter veri-
Scalar multiplication in hP gives the G. If neither G and nor the fication and session parameter synchronization, we can use this
dG is at the point at infinity, then the generated base point is G. information.
In the proposed approach, the various curves are already stored 1) G generates a nonce R and calculates the verification infor-
for both the party then we need to synchronize the G for getting mation G1 = hash(C Gc ||ID||R).
the correct values. In this scenario, the suggestion from us is to 2) Query request is sent by G and {R, G1} to S.
store a Pi initial point, for every curve li, to both the parties, which 3) Communication request is received by S, and the information
ensures the G value correction. In Montgomery Curves, the algo- verification {R, G1}.
rithm for selecting the initial points is stated in the second algo- 4) S calculates S1 = hash(C sc ||ID||R).
rithm. xo is a random element that is selected from Fq, 5) S checks if G1 = S1. If G1 is equal to S1, it states that the
calculation ofy0 ¼ x30 þ ax20 þ x0 modð2b  cÞ if y0 a residue quadratic request is made by G and the correct synchronization of curve
of modð2b  cÞand (x0, y0) is not the point at infinity, then output parameters, i.e., C sc is the same as C Gc , then S jumps to Step 12. If
Pl(x0, y0) as the initial point. G1 is not equal to S1, S goes to Step 6.
For enhancing the security, the P is calculated when the curve 6) S calculates S2 = hash(C Sf ||ID||R).
list is initialized and written as G after the curve is done. 7) S checks if G1 = S2. If G1 is equal to S2, it states that the G and
C. Synchronization of session parameter desynchronization make the request happens by the issues in the
As the proposed crypto system’s security depends not only on
updates, i.e., C Gc is the same as C Sf , then S goes to Step 8. If there is
the ECDLP hardness but also on the curve synchronization that is
no equality, jump to Step 9.
selected, without the synchronization between both parties may
8) Updating the curve parameters by S is as follow:
result in errors. As if we fail in the synchronization task, the
decryption task can not be performed to an extent, and the encryp- a) write back C Sn as C Sc ;
tion task may be performed by using different curve parameters b) write back C Sc as C Sf ;
set. A system that keeps track of the synchronization of the param- c) Generate again the C Sf by making use of the parameters of the
eters should be used before the system’s failure is happened.
curve that are ahead of C Sf ;
jump to Step 12.
9) S calculates S3 = hash(C Sn ||ID||R) and goes to Step 10.
10) S checks if G1 = S3. If G1 is equal to S3, it states that the
request is made by G and desynchronization, happens by the issues
in the updates, i.e., C Gc is the same as C Sn , then S goes to Step 11. If
there is no equality, jump to step 13.
11) Updating the curve parameters by S is as follow:
a) Writeback C Sf as C Sc ;
b) Writeback C Sc as C Sn ;
c) Generate again C Sn by making use of the parameters of the
curve that are next to C Sn ;
Fig. 3. Parameter synchronization protocol flow. Jump to Step 12.
5
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

Fig. 4. Movement of limitation synchronization procedure.

12) S calculates and sends G S4 3) G checks if G2 = S4. If G2 equals S4, it states that S makes the
where S4 = hash(C Sc ||ID’). request and the synchronization of the curve parameters are cor-
13) Reject information is then sent by S. rect, so by making use of this synchronized curve, the conversation
If S approves the request for communication, a process for ver- can be started;
ification will be carried out by G’: Else illustrates that malicious attack or desynchronization
1) Information approval is received by G and information veri- occurred, and a reset request is to be made by G to S.
fication {S4} from S. Fig. 5 shows how the processing of a reset request is done,
2) Calculation of G2 = hash(C Gc ||ID’) by G. and the steps followed by it are:

6
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

Fig. 5. Movement of the limitation reset protocol.

1) A nonce M is generated by G and calculation of G3 = hash(C Gd || Random nonce R is picked by user G in our proposed protocol,
ID||M) is done. and the calculation of the information verification G1 as the hash
2) G sends reset request, also the information verification {M, value of C Gc ||ID||R. Let an adversary try the alteration of mesthe sage
G3} to S. (R, G1); by protocol implementation, rejection of request is done
3) Reset request is received by S and information verification by the user S, and using default curve, it tries conversation initial-
{M, G3}. ization. As the list of curthe ve is kept secretly, there is no learning
4) Calculation of S5 = hash(C Sd ||ID||M) is done by S. from G1, d the conversation can’t be built with S by making use of
5) S verifies if G3 = S5. If G3 is equaled to S5, it states that G sends the forged information.
the request, and the curve stores by G is as same as the curve of S,
and then S jumps to step 6; else, S goes to Step 7. 3.3. The analysis of performance
6) Calculation and sending of G S6 = hash(C Sd ||ID’) is done by S.
7) Reject S sends information. A. Security Level of the Proposed System: As stated in [33], the
In case the reset request is approved, G, who initiates the reset level of security (So) that is measured in bits of an EC can be eval-
request, will verify in the following steps: uated by the notation q-sec using
qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
pffiffiffiffiffiffiffi
1) Calculation of G4 = hash(C Gd ||ID’) is done by G.
So ¼ log 2 p=4  #E ð12Þ
2) G verifies whether S6 equals G4. In case S6 equals G4, it
approves that the information of the handshake is from S and the
It can be written after combining it with the Eq. 12:
stored curve in S is the same as its own, so to start the conversa-  ffi
pffiffiffiffiffiffiffiffiffi qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
tion, the default curve is chosen; else, it gives wrong info, and it pffiffiffi
So P log2 p=4  q þ 1  2 q ; ð13Þ
shuts the conversation.

7
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi 
pffiffiffi pffiffiffiffiffiffiffiffiffi ment values more where the resource-oriented systems are used
ðj qj1Þ þ lpg 2 p=4 ;
2
P log2 ð14Þ
[39].
C. Memory
The So is roughly equal to B2, where B = C log 2 qis the bit length of
The proposed approach requires large storage as we store the
integer q. curve lists compared to the traditional ECC, which uses the NIST
Earlier, the selection of prime numbers in a random manner can curve. As stated in Table 2, a curve list is designed and stored ear-
lead to dropping in the security because of the key’s small size, so a lier to get the parameter dynamically assigned and the base point
higher level of protection if provided. As stated in [34], and also generation. a, b, c, d, li, q, and point P are the points that need to be
indicated in Fig. 6, the complexity Ser for estimation of the B bit there for one curve. Let we need to store L curves that can be
prime that is chosen randomly, grouped as k1 to kt. So the key size for the curve on an average
pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi can be calculated as:
Ser ¼ p=2  B ð15Þ
Here the doubling of the complexity is done, i.e., Pt
i¼1 nn ki
pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi K¼ ð18Þ
See ¼ 2Ser ¼ 2 p=2  B ð16Þ n
For curve E, the storage required for the k bits size can be com-
In conclusion, the level of security of the proposed approach
puted as (7 ⁄ k/8 + 2) bytes. As well as the total memory required
Scom is the combination of the original ECC security and bonus
for the storage for L number of the curve. Let the key’s size is
obtained by randomly selecting a prime number, i.e.,
160 bits, so for the L = 80, the total memory required for this is just
Scom ¼ S0 þ See 1 KB. So we know the current scenario the memory is available at
pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi ð17Þ cheaper rates, so the memory is not a concern for our approach.
¼ 2B þ 2 p=2  B
D. Comparison
The relation of See and So is shown in Fig. 7a, which shows that Liu et al. [20] designed TinyECC that is the library for ECC that is
an approx increment of 30% can be obtained compared to the ECC configurable, supporting standard EC on the bits 192,160,128; also,
as well by using the same key size. For measure, the q-sec is taken. it gives instructions on the configuration of the elliptical curve for
The extra level of security for the parameters set is shown in the applications such as sensor network. Liu et al. [37] used MoTE
Fig. 7b. As an example, 256-bit size is required by ECC for achieving curves that are low weight EC [38] for implementing the library
the q-sec of 128 bits. Table 1 states, 192-bit curve consideration, that is much flexible and is called the MoTEECC. It also provides
the additional security level provided by a random prime selection, help for different sizes of the curves and the fields, for example,
can be evaluated as q-sec of 34. So, with u\the use of curve for a 256 bit, 224 bit, 192 bit, 160bit. Also, it permits the trade-off for
key size of 192-bit, a combined level of security can be obtained efficiency and security by implementing two different versions.
as q-sec (96 + 34) = 130- bit, which is as high as the 256 bit ECC The methods used in the paper focus on optimizing the arith-
security level. metic for the prime field; also, it worked for the improvement of
B. Efficiency analysis the consumption of power and in terms of efficiency. Apart from
For the embedded systems, the ECC is designed to reduce the the fact that they work for different configurations of the resources,
execution time [18–21]. Our approach helps to improve the perfor- the proposed method works as same as the traditional working of
mance if any ECC uses our proposed method. the ECC. As the fact that the parameters of the domain and the
Micro ECC library is adopted by the cryptosystem [36], and for curve is used according to the requirements of the security of the
various sizes of keys, curve efficiency is measured in the form of system, and as per its consumption of resources that is for the par-
256, 224, 192, 160, 128 bit. The improvement in the efficiencies ticular system, the parameters of the domain and the curve are
of the verification, signature, and generation of the key can be public, and also they are fixed. So from the above methods, not a
obtained by using shorter sizes of keys and is shown in Fig. 8. single process notices the intensive analysis problem as the
For example, there is a reduction in the time required for the single-use curve.
generation of the key, verification, and signature while making Here, k ⁄ P is the execution time (in clock cycles) for fixed-based
192 bits in place of the 224 bit, and this reduction is 4.6 ms to4md, point scalar multiplication, Tmote Sky* denotes the high-speed
4 to 6, and 8 to 5 ms. So the approx rate of improvement is 33%, version while Tmote Sky** the memory-efficiency version. 256-
31%, and 35%, without decreasing the level of security. bitr and 256-bitk respectively represent the curve secp256r1 and
It is to be noted that the hash function for synchronization must curve secp256k1 as used before.
be executed 1 to 4 times. Also, as compared to the traditional ECC, In the presented approach, the pre-storage is the list of curves.
the calculation required for hash functions is very fast. So we must The proposed protocol of synchronization for selecting curves,
neglect the consumption of the additional time. It is also noted that dynamic use of the domain’s parameters, and the curve are
in the absolute resources scenario, the dynamic, scalable ECC observed. As stated in Table 3, the presented method decreases
approach also works well. In manet, the 30% efficiency improve- the time for the execution also provides more optimization and

Fig. 6. Random prime number selection, the additional security level. (a) enhancement of the safety level. (b) composite security level.

8
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

Fig. 7. Nearby security for suggested approach.

Fig. 8. For various key sizes, the curve efficiencies. The key notations bit [35].

the consumption of the source, which tends to be beneficial in the 4.1. NS2 simulation study
applications where there are resource constraints as the pre-
storage of the list of the curve is done so the external attacks will This subsection discusses the proposed algorithm’s comparative
be avoided as there is no information present. performance results, which are based on NS2 simulation.

4.1.1. NS2 Simulation setup

In order to do design NS2 simulation, System Manufacturer: HP
4. Implementation AND result , System Model: HP Notebook, BIOS: InsydeH2O Version
05.05.39F.40 (type: BIOS), Processor: Intel(R) Core(TM) i3-6006U
In this section, a set of experiments are conducted to verify the CPU @ 2.00 GHz (4 CPUs), 2.0 GHz, Memory: 4096 MB RAM,
effectiveness of the proposed protocols named as Ad hoc On- Available OS Memory: 3988 MB RAM, Page File: 5392 MB used,
Demand Distance Vector (AODV), Malicious Ad hoc On-Demand 1154 MB available, L2CacheSize 512 MB, L3CacheSize 3072 MB,
Distance Vector (MAODV) and Elliptic curve cryptography Ad hoc Intel (R) HD Graphics 520 , Monitor: Generic PnP Monitor, Current
On-Demand Distance Vector (ECCAODV). To verify the proposed Display Mode: 1366 * 768 (32 bit) (60 Hz) Shared Memory
secure message communication protocol’s performance, a simula- 1993 MB are used. The NS2 simulation was run on Ubuntu 19.10
tion is developed in NS2. The algorithm’s performance is compared platform.
with AODV, MAODV, and ECCAODV protocols in terms of five per- We have added the concept of the proposed algorithm on NS2,
formance matrices: throughput, end to end delay, packet delivery and we change the directory NS2.35 on files like Makefile, pri-
ratio, energy, and routing overhead. queue.cc, packet.h. Cmu-trace.h. Cmu-trace.cc, ns-packet.TCL, ns-
9
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

Table 3 Table 4
Comparing the performance of Mote-Ecc on Micaz Nodes. Simulation parameters.

Security level (q  sec) Platform GF(p) field k*P Parameters Specification Parameters Specification
80-bit MICAz 159-bit 2, 083, 000 Network Simulator NS-2, Version 2.35 PHY/MAC IEEE 802.11
Tmote Sky* 159-bit 1, 638, 000 Protocol
Tmote Sky** 159-bit 1, 928, 000 Network Size 1200m x 1200m Propagation Two-ray ground
This Work 128-bit 1, 590, 000 Model
Connection Protocol UDP/CBR Mobility Random Way
96-bit MICAz 191-bit 3, 338, 000
Model Point
Tmote Sky* 191-bit 2, 433, 000
Data Type Constant Bit Rate Channel Wireless
Tmote Sky** 191-bit 2, 910, 000
(CBR) Type Channel
This Work 160-bit 2, 180, 000
Source/Destination Random Antenna Omnidirectional
112-bit MICAz 223-bit 5, 010, 000 Model
Tmote Sky* 223-bit 3,489,000 Data packet size 256 bytes, 512 Simulation 1500 Second
Tmote Sky** 223-bit 4, 221, 000 bytes, and 1024 time
This Work 192-bit 2, 910, 000 bytes
128-bit MICAz 255-bit 7, 159, 000 Simulation Protocol AODV, MAODV, Language Tcl, oTcl, C++,
Tmote Sky* 255-bit 4, 798, 000 and ECCAODV AWK Scripting
Tmote Sky** 255-bit 5, 864, 000 Similution Scinero 15, 35, 45, 60, 75 No of 3,7,9,12,15
This Work 254-bit 4, 320, 000 (No. of Mobile Malicious
Nodes) Nodes
144-bit MICAz N/A N/A
Tmote Sky* N/A N/A
Tmote Sky** N/A N/A
This Work 256-bitr 7, 373, 000 1226.19 kbps compared to wormhole attacked AODV and almost
This Work 256-bitk 6, 294, 000 approaching to AODV.
We can observe from the above graph that when we have intro-
duced attacks in the network, the throughput is reduced. But with
lib.TCL, ns-agent.tcl and ns-mobile node.tcl. After adding the con- the application of our proposed method, ECCAODV, the throughput
cept of both proposed algorithms on the above file, then we exe- increased.
cute command step by step. /configure, ./make clean, . /make
and. /install.
4.2.2. End to end delay
4.1.2. NS2 simulation results and discussions The time utilized by a packet to reach source to destination is
This subsection presents a comparative study of the proposed called the end to end delay. Fig. 10 shows that with the increase
algorithm and AODV, MAODV, and ECCAODV protocols for in the number of nodes, the value ECCAODV also increases means.
throughput, End to End Delay, packet delivery ratio, energy, and Even though in this case, ECCAODV shows better performance
routing overhead performance metrics. compare to MAODV but less from AODV.
Table 4 shows the simulation parameters. The network simula- From the above graph, it can be easily observed that the appli-
tor is version 2.35, 1500 Seconds is simulation time, Network size cation of the proposed method ECCAODV reduced the overall delay
is 1200 m * 1200 m, 5 m/s to 15/s m is maximum node speed, the from source to destination when compared with the attacked
data rate is CBR, source and destination are random, Data packet scenario.
size is 256 bytes to 1024 bytes, Protocols are AODV, MAODV, and
ECCAODV, Phy/MAC Protocol in IEEE 802.11, Propagation Model
4.2.3. Packet delivery ratio
is Two-ray ground, mobility model is a random waypoint, channel
The ratio between packets received by destination and packets
type is a wireless channel, antenna model is Omnidirectional, and
transmits by the source is known as PDR. Fig. 11 shows that the
languages are Tcl, oTcl, C++, AWK Scripting. For simulation, we
ECCAODV shows an improvement of 63.79% compared to the
have considered the group of 15, 35, 45, 60, and 75 mobile nodes,
attacked network with minimum alteration of actual AODV of net-
and we have assumed that approximately 20% of the mobile nodes,
work based on PDR.
i.e., 3, 7, 9, 12 and 15 respectively, enter into the network as mali-
Generally, the network’s PDR should be high, but with the
cious nodes which are responsible for three types of attacks
application of malicious nodes, it is reduced. By applying the pro-
namely Blackhole and wormhole attacks. The mobile nodes in
posed method, we can see that the PDR is increased.
our network scenario and malicious nodes in brackets are repre-
sented in all the corresponding graphs.

4.2. Result

This section includes results that are obtained by the proposed

approach. For evaluating the results, evaluation parameters are
used; these considerations are throughput, end to end delay,
packet delivery ratio (PDR), energy, and routing overhead. This
result section shows the overall result of the considered scenarios
include a varying number of nodes as 15, 35, 45, 60, and 75 in-
network.

4.2.1. Throughput
Throughput is the parameter that keeps track of several packets
delivered successfully per unit of time. Fig. 9 shows that encrypted
AODV (ECCAODV) returns better results with the enhancement of Fig. 9. Throughput w.r.t increase in No. of nodes.

10
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

Fig. 10. End to end delay w.r.t increase in No. of nodes. Fig. 13. Routing overhead percentage w.r.t increase in No. of nodes.

Fig. 13 shows that the value of the routing head decreases in

applying the encryption approach (ECCAODV) by 64.01% compared
to MAODV. In the case of a simple AODV value of RO is very low,
which nine on average.

5. Conclusion

To develop a system for devices like micro-controllers and sen-

sors for the efficient cryptographic platform where there is a con-
straint of resources from the perspective of the MANET is always a
challenge for the researchers. ECC is stated as a promising algo-
rithm for the upcoming communications strategies. This technique
can give the same security level as that of the RSA method using a
relatively less size of keys. But the traditional ECC makes use of the
single curve that is fixed that makes the external analysis very
Fig. 11. PDR percentage w.r.t increase in No. of nodes.
easy. To overcome the given problem, the presented work suggests
the dynamic and scalable ECC. For the synchronization of the
4.2.4. Energy curves, a list is generated and is stored at both the parties. This list
Fig. 12 shows that with an increase in the number of nodes, is for different security levels. As the party chooses the number and
ECCAODV returns better results than the attacked network with the curve on its own, it requires an extra level for the security, for
a minimum energy consumption difference of 75.97%. Also, energy keeping the same level of protection even if the size of the keys is
consumption increases when the node number raises in all used much smaller, as well the calculation is made faster. The con-
scenarios. sumption of power is reduced at an extreme. As a result, evaluation
It can be noticed from the above graph that energy utilization is parameters, namely, throughput, packet delivery ratio, end to end
reduced in attack scenarios with the application of the proposed delay, show improvement, were 1226.19 kbps, i.e., enhancement of
method ECCAODV. 130.95% and delay decrease of 40% from MAODV. Besides, two
more critical parameters are investigated in detail, such as energy
consumption and routing overhead. It has been observed that
4.2.5. Routing overhead ECCAODV, in-turn resulting in better results with minimum energy
The total number of routing packets transmitted to the total consumption saving of 75.97% as compared to the attacked sce-
number of packets received, its ratio known as routing overhead. nario and 64.01% difference of routing overhead over the MAODV.
Therefore, the proposed protocol paves the way and possesses the
potential to safeguard the MANET.

Declaration of Competing Interest

The authors declare that they have no known competing finan-

cial interests or personal relationships that could have appeared
to influence the work reported in this paper.

References

[1] E. Elmahdi, S.-M. Yoo, K. Sharshembiev, Secure and reliable data forwarding
using homomorphic encryption against blackhole attacks in mobile ad hoc
networks, J. Inf. Secure. Appl. 51 (2020) 102425, https://doi.org/10.1016/j.
jisa:2019.102425.
[2] H. Moudni, M. Er-Rouidi, H. Mouncif, B. El Hadadi, Black hole attack detection
using fuzzy based intrusion detection systems in MANET, Procedia Comput.
Fig. 12. Energy utilization percentage w.r.t increase in No. of nodes. Sci. 151 (2019) 1176–1181, https://doi.org/10.1016/j.procs.2019.04.168.

11
M. Shukla and Brijendra Kumar Joshi Materials Today: Proceedings xxx (xxxx) xxx

[3] H. Kalkha, H. Satori, K. Satori, Preventing black hole attack in wireless sensor on Information Processing in Sensor Networks, IPSN 2008, 2008, pp. 245–256,
network using HMM, Procedia Comput. Sci. 148 (2019) 552–561, https://doi. DOI: 10.1109/IPSN.2008.47.
org/10.1016/j.procs.2019.01.028. [21] E. Wenger, ‘‘Hardware architectures for MSP430-based wireless sensor nodes
[4] J. Vinayagam, C. Balaswamy, K. Soundararajan, Certain investigation on MANET performing elliptic curve cryptography,” in Lecture Notes in Computer Science
security with routing and blackhole attacks detection, Procedia Comput. Sci. (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes
165 (Jan. 2019) 196–208, https://doi.org/10.1016/j.procs.2020.01.091. in Bioinformatics), 2013, vol. 7954 LNCS, pp. 290–306, DOI: 10.1007/978-3-
[5] A. Tsiota, D. Xenakis, N. Passas, L. Merakos, On jamming and black hole attacks 642-38980-1_18.
in heterogeneous wireless networks, IEEE Trans. Veh. Technol. 68 (11) (2019) [22] G. Locke, P. Gallagher, ‘‘FIPS pub 186-3: Digital signature standard (DSS),”
10761–10774, https://doi.org/10.1109/TVT.2510.1109/TVT.2019.2938405. Federal Information Processing Standards Publication, 2009.
[6] G. Farjamnia, Y. Gasimov, C. Kazimov, Review of the techniques against the [23] D.J. Bernstein, T. Lange, Security dangers of the NIST curves, Lect. Notes
wormhole attacks on wireless sensor networks, Wirel. Pers. Commun. 105 (4) Comput. Sci. 4833 (2007) 29–50.
(2019) 1561–1584, https://doi.org/10.1007/s11277-019-06160-0. [24] J.W. Bos, C. Costello, P. Longa, M. Naehrig, Selecting elliptic curves for
[7] M. Patel, A. Aggarwal, N. Chaubey, Analysis of Wormhole Detection Features in cryptography: An efficiency and security analysis, J. Cryptogr. Eng. (2014) 1–
Wireless Sensor Networks, Springer, Cham, 2020, pp. 22–29. 28.
[8] T. Li, J. Ma, Q. Pei, H. Song, Y. Shen, C. Sun, DAPV: Diagnosing anomalies in [25] D.F. Aranha, D.F. Aranha, P.S.L.M. Barreto, R.C.C.F. Pereira, J.E. Ricardini, ‘‘A note
MANETs routing with provenance and verification, IEEE Access 7 (2019) on high-security general-purpose elliptic curves.”, IACR Cryptology ePrint
35302–35316, https://doi.org/10.1109/Access.628763910.1109/ Archive, pp. 1-14, 2013.
ACCESS.2019.2903150. [26] J.H. Silverman, The Arithmetic of Elliptic Curves (Second Edition), vol. 106,
[9] V. Keerthika, N. Malarvizhi, Mitigate black hole attack using hybrid bee Springer-Verlag, New York, 2009.
optimized weighted trust with 2-Opt AODV in MANET, Wirel. Pers. Commun. [27] D. Hankerson, A.J. Menezes, S. Vanstone, ‘‘Elliptic Curve Arithmetic,” in Guide
106 (2) (2019) 621–632, https://doi.org/10.1007/s11277-019-06182-8. to Elliptic Curve Cryptography, Springer-Verlag, 2006, pp. 75–152.
[10] T. Kavitha, K. Geetha, R. Muthaiah, ‘‘India: Intruder node detection and [28] C. Paar, J. Pelzl, ‘‘Understanding Cryptography - A Textbook for Students and |
isolation action in mobile Ad Hoc networks using feature optimization and Christof Paar | Springer,” Underst. Cryptogr., 2010, DOI: 10.1007/978-3-642-
classification approach,” J. Med. Syst., vol. 43, no. 6, Jun. 2019, DOI: 10.1007/ 04101-3.
s10916-019-1309-2. [29] S.C. Pohlig, M.E. Hellman, An improved algorithm for computing logarithms
[11] S. Gurung, S. Chauhan, ‘‘A survey of blackhole attack mitigation techniques in over GF(p) and its cryptographic significance, IEEE Trans. Inf. Theory 24 (1)
MANET: merits, drawbacks, and suitability,” Wirel. Netw., pp. 1–31, Feb. 2019, (1978) 106–110, https://doi.org/10.1109/TIT.1978.1055817.
DOI: 10.1007/s11276-019-01966-z. [30] A. Juels, Minimalist cryptography for low-cost RFID tags (extended abstract),
[12] R. Tourani, S. Misra, T. Mick, G. Panwar, ‘‘Security, Privacy, and Access Control Lect. Notes Comput. Sci. 3352 (2005) 149–164, https://doi.org/10.1007/978-3-
in Information-Centric Networking: A Survey,” IEEE Communications Surveys 540-30598-9_11.
and Tutorials, vol. 20, no. 1. Institute of Electrical and Electronics Engineers [31] R.M. Wong, T.A. Berson, R.J. Feiertag, ‘‘Polonium: An Identity Authentication
Inc., pp. 556–600, 01-Jan-2018, DOI: 10.1109/COMST.2017.2749508. System,” in Proceedings - IEEE Symposium on Security and Privacy, 2012, vol.
[13] E.O. Ochola, L.F. Mejaele, M.M. Eloff, J.A. Van Der Poll, Manet reactive routing 2012-July, no. July, pp. 101–107, DOI: 10.1109/SP.1985.10001.
protocols node mobility variation effect in analyzing the impact of black hole [32] T. Lynch, ‘‘Symbiotic Host Authentication and Identification,” Mar. 13 2007, US
attack, SAIEE Africa Res. J. 108 (2) (Jun. 2017) 80–91, https://doi.org/ Patent App. 11/685,671.
10.23919/saiee.2017.8531629. [33] J.W. Bos, C. Costello, P. Longa, M. Naehrig, Selecting elliptic curves for
[14] S. Sankara Narayanan, G. Murugaboopathi, Modified secure AODV protocol to cryptography: an efficiency and security analysis, J. Cryptogr. Eng. 6 (4) (2016)
prevent wormhole attack in MANET, Concurrency Comput. 32 (4) (2020), 259–286, https://doi.org/10.1007/s13389-015-0097-y.
https://doi.org/10.1002/cpe.v32.410.1002/cpe.5017. [34] NIST, Implementation Guidance for FIPS 140-2 and the Cryptographic Module
[15] Q.M. Yaseen, M. Aldwairi, An enhanced AODV protocol for avoiding black holes Validation Program. National Institute of Standards and Technology, 2017.
in MANET, Procedia Comput. Sci. 134 (2018) 371–376, https://doi.org/ [35] S. Blake-Wilson, M. Qu, ‘‘Standards for efficient cryptography (SEC) 2:
10.1016/j.procs.2018.07.196. Recommended elliptic curve domain parameters,” Certicom Res., Oct 1999.
[16] R.J. Cai, X.J. Li, P.H.J. Chong, An evolutionary self-cooperative trust scheme [36] K. Mackay, ‘‘Micro ECC,” kmackay.ca/micro-ecc/. [access on 04.11.2017].
against routing disruptions in MANETs, IEEE Trans. Mob. Comput. 18 (1) [37] Z. Liu, X. Huang, Z. Hu, M.K. Khan, H. Seo, L. Zhou, On an emerging family of
(2019) 42–55, https://doi.org/10.1109/TMC.2018.2828814. elliptic curves to secure internet of things: ECC comes of age, IEEE Trans.
[17] N.S. Agency, ‘‘The Case for Elliptic Curve Cryptography,” http://www.nsa.gov/ Dependable Secure. Comput. 14 (3) (2017) 237–248, https://doi.org/10.1109/
ia/industry/crypto elliptic curve.cfm. TDSC.2016.2577022.
[18] N. Gura, A. Patel, A. Wander, H. Eberle, S.C. Shantz, Comparing elliptic curve [38] Z. Liu, E. Wenger, J. Großschädl, ‘‘MoTE-ECC: Energy-scalable elliptic curve
cryptography and RSA on 8-Bit CPUs, Lect Notes Comput. Sci. (including cryptography for wireless sensor networks,” in Lecture Notes in Computer
Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) 3156 (2004) 119– Science (including subseries Lecture Notes in Artificial Intelligence and Lecture
132, https://doi.org/10.1007/978-3-540-28632-5_9. Notes in Bioinformatics), 2014, vol. 8479 LNCS, pp. 361–379, DOI: 10.1007/
[19] H. Wang, Q. Li, ‘‘Efficient implementation of public-key cryptosystems on mote 978-3-319-07536-5_22.
sensors,” in Lecture Notes in Computer Science (including subseries Lecture [39] J. Wang, J. Li, H. Wang, L.Y. Zhang, L.-M. Cheng, Q. Lin, Dynamic scalable elliptic
Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2006, vol. curve cryptographic scheme and its application to in-vehicle security, IEEE
4307 LNCS, pp. 519–528, DOI: 10.1007/11935308_37. Internet Things J. 6 (4) (2019) 5892–5901, https://doi.org/10.1109/
[20] A. Liu, P. Ning, ‘‘TinyECC: A configurable library for elliptic curve cryptography JIoT.648890710.1109/JIOT.2018.2869872.
in wireless sensor networks,” in Proceedings - 2008 International Conference

12