Content uploaded by Muhammad Habib
Author content
All content in this area was uploaded by Muhammad Habib on Dec 08, 2020
Content may be subject to copyright.
Content uploaded by Muhammad Habib
Author content
All content in this area was uploaded by Muhammad Habib on Dec 08, 2020
Content may be subject to copyright.
Received: 20 November 2018 Revised: 24 November 2019 Accepted: 29 November 2019
DOI: 10.1002/spe.2782
SPECIAL ISSUE ARTICLE
Secure and efficient data transfer using spreading and
assimilation in MANET
Samina Kausar1,2 Muhammad Habib2Muhammad Yasir Shabir2
Ata Ullah3Huahu Xu1Rashid Mehmood2Rongfang Bie4
Muhammad Shahid Iqbal5,6
1School of Computer Engineering and
Science, Shanghai University, Shanghai,
China
2Department of CS & IT, University of
Kotli Azad Jammu and Kashmir, Azad
Kashmir, Pakistan
3Department of Computer Science,
National University of Modern Languages
(NUML), Islamabad, Pakistan
4College of Information Sciences and
Technology, Beijing Normal University,
Beijing, China
5School of Computer Science and
Technology, Anhui University, Hefei,
China
6Department of Computer Science, Air
University, Islamabad, Pakistan
Correspondence
Muhammad Yasir Shabir and Rashid
Mehmood, Department of CS & IT,
University of Kotli Azad Jammu and
Kashmir, Kotli, Azad Kashmir 11100,
Pakistan.
Email: yasir.shabir14@gmail.com
(M. Y. S.) and gulkhan007@gmail.com
(R. M.)
Summary
Mobile ad hoc Network (MANET) is a cluster of moveable devices connected
through a wireless medium to design network with rapidly changing topolo-
gies due to mobility. MANETs are applicable in variety of innovative application
scenarios where smart devices exchange data among each other. In this case,
security of data is the major concern to provide dependable solution to users.
This article presents a secure mechanism for data transfer where sender splits
the data into fragments and receiver gets the actual data by assimilating the
data fragments. We have presented an Enhanced Secured Lempel-Ziv-Welch
(ES-LZW) algorithm that provides cryptographic operations for secure data
transfer. In proposed model, we have utilized the disjoint paths to transfer the
data fragments from sender side and assimilate these fragments at receiver to
get the original data. The messages containing data fragments are compressed
and encrypted as well. Our scheme ensures confidentiality, integrity, efficient
memory utilization, and resilience against node compromising attacks. We have
validated our work through extensive simulations in NS-2.35 using TCL and C
language. Results prove that our scheme reduces memory consumption along
with less encryption and decryption cost as compared to blowfish especially
when plaintext has more repetitive data. We have also analyzed the impact of cre-
ating data fragments, fraction of communication compromised, and probability
to compromise the data fragments by subverting intermediaries.
KEYWORDS
compression, data spreading, decryption, encryption, MANET
1INTRODUCTION
Mobile ad hoc network (MANET) is a cluster of portable, self-planned, self-configurable devices that is linked through
a wireless medium. It builds a network with swiftly altering topologies without any centralized authority.1,2 MANET
consists of multiple nodes and each node acts as a host or router. Although various studies have been conducted on secure
and efficient data transmission, security and efficiency are still an essential challenging future research topic.3MANETs
are applicable in cases where communication infrastructure does not exist or infrastructure is costly or difficult in practice.
Softw: Pract Exper. 2020;1–15. wileyonlinelibrary.com/journal/spe © 2020 John Wiley & Sons, Ltd. 1
2KAUSAR .
Ad hoc networking enables the network devices to build safeguard associations to the network. It also allows joining
and leaving of devices to and from the network without any trouble. It is capable of functional diversity where usual
networking is incapable.4,5 MANET can be utilized in diverse fields, for example, military, battlefield, sensor network,
disaster area network, and personal area network. The most important characteristics of MANET are infrastructure less,
mobility, dynamic topology, and self-configuring.6It has crucial features like distributed cooperation, multi-hop routing
support, key fragmentation and assimilation, and dynamic topology.7,8 The communication is comprised of two stages,
the route finding and the data communication. In an insensitive condition, both stages are vulnerable to different types
of attacks. First, adversaries are capable to observe the route judgment by imitating itself as the destination. Second, by
replying expired or forged routing data. Third, intruders can circulate bogus control messages. To offer absolute security,
both stages of MANET communication are required to be protected.
MANET is the growing technology based on wireless multi-hop structural design and self-motivated topology exclu-
sive of any permanent infrastructure. It does not require preconfiguration of the network devices. Nodes are self-governing
to travel liberally and randomly in the network region. This nature of the network, such as discovering dynamic topol-
ogy and sending data packets, has to be executed by the node itself, either alone or jointly.1,2 Data transmission over
error prone MANET is becoming significant as these networks grow up to be more broadly deployed. The communi-
cation in MANET comprises of two stages including route discovery and data transmission where the former is about
how sending or receiving devices can connect and find the best path from sender to destination. The latter is about
sharing information among each other in an interconnected network and transmitting data on identified path.1Rout-
ing protocols have two broad categories in MANET: proactive or reactive protocols.3,5 Table-driven protocols like to
preserve the latest routing information in its routing table so it is essential for proceeding. Destination-Sequenced Dis-
tance Vector routing is a proactive route discovery protocol. If a small variation in the network topology happens,
all nodes update their routing tables regularly. The proactive protocols are not appropriate for larger network due to
consuming more bandwidth.9If no communication occurs between nodes then there is no need to keep routing infor-
mation up to date by using reactive or on-demand protocols. For example, if one node wishes to send information
to other node in the network, it establishes a route on demand fashion and constructs a connection between those
nodes in order to send out and get the packets. Dynamic Source Routing protocol is a reactive routing protocol. Route
maintenance method is utilized to safeguard the route and consume the least amount of bandwidth. The advantage
of employing reactive protocol is that the wireless devices do not need to maintain set of paths not to be utilized
till now.
Secure environment in MANET is mandatory to ensure reliable communication within networks and across the net-
works along with edge nodes.10-12 In this line of attack, opponent is able to stop the communication of officially allowable
control traffic route. It harmfully controls the knowledge of topologies of gentle nodes. It has many advantages over wired
network such as routers are free to move, mobility, connectivity, fast installation, and cost effectiveness.13,14 In order to
ensure cyber security for MANET, it faces limitations such as energy constraint, processing capability, less memory, trans-
mission error, multi-hop communication, and security issues.15 Security becomes more challenging because MANET
allows multiple nodes to join on mutual trust bases. In this way, harmful and infected nodes join and effect the server but
security is a significant factor in MANET to ensure reliable data sharing using key fragmentation and assimilation.8,16
Security is one of the most significant problems where black hole and grey hole detection using invincible AODV is ben-
eficial in MANET.17,18 However, a lot of researches have been conducted on different applications and technologies of
MANET but security and privacy both are challenging issues.19 Ad hoc network with mobile and wireless devices provides
multiple attributes like dynamic topologies open network boundary and hop-by-hop communication where MANET faces
a lot of challenging issues as well.20 Data sharing suffers from attacks especially due to having self-organizing environ-
ment of the network infrastructure. Among these attacks, routing attacks have well-known central focus although they
might cause the most destructive damage in MANET.21,22 In Reference 23, encryption is applied on the data by using the
symmetric cryptographic technique, which uses same key for encryption and decryption. It also creates digital signature
of data by using the asymmetric cryptographic technique from the hash of data. It proves the originality of the user who
transmitted the message. The sender cannot deny in case of dispute which is called nonrepudiation of user. The encrypted
data and digital signature of data are received at destination and validated using symmetric or asymmetric cryptographic
techniques. This method provides integrity, confidentiality, authenticity, and nonrepudiation of data. In this type of net-
work, each and every mobile device works not only as a host but also as a router. These nodes cooperate energetically to
start routing where trust factor is important to rely on the intermediate nodes.
The main problem is that secure data sharing on single path is quite challenging where intermediate nodes involved
in routing path may be subverted by the intruders to grab the data in transit. MANET has also limited memory to
KAUSAR . 3
store large-sized ciphertext during transformation before transmission and in transit at intermediate nodes as well. An
intermediary cannot handle large number of messages due to memory limitations. It may result in dropping the data
packets. It becomes more challenging due to high mobility in MANET because of frequently changing network topol-
ogy. MANET has limited resources in terms of bandwidth constraint, energy constraint, memory, processing capability,
and extensive cryptographic operations. Blow Fish algorithm (BFA) is used in Enhanced Security Protocol for Reliable
Data Delivery (E-SPREAD) for encryption or decryption purpose. The space requirement of Blow Fish for ciphertext is
triple as compared with original text because of difference between key size and block size. So it requires more band-
width and memory for ciphertext. Moreover, the first four rounds of Blow Fish are susceptible by second order differential
attacks.
This article presents a solution for data security in which smart device on sender side splits the data into fragments and
each fragment is transmitted over separate path. On receiving side, all the data fragments are assimilated to get the full
data. All the data fragments are separately compressed and encrypted to share with receiver via separate paths. Intruder
can subvert any of the node in the path to extract entire data. However, our scheme guards against the node capturing
attack where the probability is quite low for identifying the disjoint paths that are used for data exchange. We present
an Enhanced Secured Lempel-Ziv-Welch (ES-LZW) algorithm, which is the combination of simple encryption algorithm
with compression. We have validated our work by using NS-2.35 on Fedora core 26 for simulations where TCL cod is used
for deployment, mobility, and message initiation. Next, C language is used to implement cryptographic functions, data
fragment creation, hashing, and compression operations. Our scheme minimizes transmission time due to compressed
data. Results prove the supremacy of our scheme as compared to preliminaries in terms of memory utilization, encryption
and decryption time, resilience, and fragment creation cost.
The rest of the article is organized as follows: Section 2 explores the literature review for data compression-based
schemes, secure data transmission schemes and reliable data delivery-based protocols. Section 3 presents the data frag-
mentation and assimilation mechanism along with ES-LZW algorithm. Section 4 explores the simulation environment
and results extraction for existing and proposed solutions. Section 6 concludes our work.
2LITERATURE REVIEW
In this section, we have discussed existing secure data transmission and data transformation techniques in MANET.
First, we present general idea of the different secure data transmission protocols in MANET and then compare security
attributes and mechanism in detail. Some of the data transmission schemes in MANET are discussed as follows.
2.1 Compression-based schemes for data transformation in MANET
Compression is the fantastic ability of representing information in a compact form rather than its original or uncom-
pressed form. There are a lot of features to boost the battery life where the data compression system is the most superb
one. This is accomplished by transferring the compressed data among the nodes and recovering the genuine data at the
destination. LZW compression algorithm is faster and straightforward to apply and works best for files containing lots
of repetitive data. It is a significant and easy method for reducing energy consumption, which consumes less power by
transmitting compressed data results in increasing battery life. Since due to data compression, it minimizes size of cipher-
text as well as furnishes data protection. It also saves transmission time and bandwidth. It works well as the file size
increases up to a certain limit. After a threshold, there is more probability to replace identified words by means of small
index number. This algorithm is not considered as the most efficient algorithm for all the cases.24,25 Spreading is the pro-
cess of dividing the secret messages into parts and transmitting the encrypted nuggets to receiver after compression. On
receiver side, the message parts are decrypted, decompressed, and finally message nuggets are assimilated to get the orig-
inal message. The main problem during data transfer occurs when the ciphertext has more bytes, they consume more
memory, more bandwidth, and transmission time between nodes. Secure LZW (SLZW) scheme is the mixture of compres-
sion with encryption. It encrypts plaintext and then compresses it as ciphertext. By using compression with encryption,
it minimizes memory requirement for ciphertext. It also enhances protection of data. In this technique, the arriving data
are broken up into shares of 128 bits block. Then packets are encrypted and compressed with SLZW. After decompres-
sion, bit stream decrypted with surreptitious key yields the original data.24 Using compression, file can be compressed to
one-third of its original size. Security can be further improved with more iterations.
4KAUSAR .
2.2 Secure message transmission (SMT) in MANET
SMT requires Security Association only between two devices for communication like sending and receiving. It is
not necessary for performing any cryptographic functions among nodes. Active Path Set (APS) in the corporation
of disjoint node is made accessible at the source. Genuine association can be characterized by actual occurrence of
sharing public key of communicating end nodes. In any time, two devices can construct set of paths as the APS
and then communicate with each other. Source initiates a request to the basic route finding protocol. It upgrades
network topology and then establishes preliminary APS to communicate with the particular receiver. The source
disperses each leaving message into multiple shares via multipath. At the sender side, sharing depends on informa-
tion dispersal algorithm that adds some redundancy and encrypts the passing message. At the destination, spreaded
message is successfully rebuilt, makes available that sufficiently well enough pieces are achieved. Message diffusion
ensures successful reception, yet a portion of the shares is misplaced or distorted. Each diffused share sends out
transversely through a dissimilar path. Target node can validate integrity and the authenticity of its source. Each
piece is transmitted over distinct route and is furnished with a cryptographic header to offer replay protection, ori-
gin authentication, and integrity. An expressive idea of a particular message communication is publicized where the
originator transforms original message into four shares and sends through different paths. Hence out of four shares,
any three are adequate in favor of rebuilding genuine message. The cruel nodes on the routes may capture residual
two shares. When destination node receives first packet, it sets up a timer to wait for other share if not lost as shown
in Figure 1.1
The recipient takes out the information after receiving certified packets until next shares are arrived while set up
a greeting clock (timer). Immediately the fourth share comes, the cryptographic rectitude test discloses the informa-
tion fraud so the share is discarded. After the timer is terminated, the intended recipient creates a response, which
informs about the two effectively successful achieved shares. Also it sends response with acknowledgement concern-
ing the two functioning paths. After receiving the acknowledgement, sender retransmits only those packets that are
considered dropped or altered data parts. It adopts different distinct paths towards destination. In cases, where one of
the paths is identified as unrusted due to misbehavior of curl node, then packet is resent. After receiving the missing
share within time expiry, the destination sends the acknowledgement of third successful reception of share and also
performs the successful rebuilding of original share. SMT scheme gives attention to the data integrity, confidentiality,
and availability in a highly hostile environment particularly MANET. SMT conveys up to 22% more data packets and
68% lower routing cost than any other protocols that do not shelter the data communication. SMT proposes 65% lower
end to end delay than other protocols, which accept 48% information and response sending operating cost. The cen-
tral objectives of SMT are to detect and tolerate compromised communication with familiar network changes. Secure
Single Path (SSP) protocol is a source to destination sheltered information communication protocol so as to use a sin-
gle route. SSP is restrictive model of SMT exclusive of the diffusion of departing messages and make exercise of only
one route for each packet communication. SSP is controlled with the same source to destination response and the error
handling systems as SMT. SSP as well resends every unsuccessful message Retrymax times, offers data rectitude, gen-
uineness, and replay security as SMT does, also prefers the minimum hops in route.1The problem with this scheme
is that if an opponent compromises the route, the whole message is compromised. Secure Databased Multi-Path rout-
ing method commonly proposes the data confidentiality in a MANET where innovative message is broken up into a
Source
Timer Ti mer
Dispersed
Message
Re-transmit Time
ACK
ACK
Destination
FIGURE 1 Secure message transmission protocol [Colour
figure can be viewed at wileyonlinelibrary.com]
KAUSAR . 5
number of pieces (n−1) and provided with a unique identifier. Message pieces are XOR-ed and all pieces are sent
out along dissimilar route. Another issue is the use of devoting signaling path leads to notable waste of network
resources and notable operating cost to find out as well as preserve an additional path. If an opponent can com-
promise signaling route, the entire system will discontinue valuable function awaiting a new signaling route can be
found.26
2.3 Reliable data delivery-based protocols
Security Protocol for Reliable Data (SPREAD) enhances the data privacy in MANET for secure communication among
smart devices. The key design is, to divide a message into several segments by using secret sharing schemes. Then seg-
ments are delivered via many self-regulating routes to the planned node. In cases where less number of devices are
being utilized to share segments, communication can be considered as doubtful even if secret message as a whole is not
compromised. Second, use of link encryption between neighboring nodes and all connections with different keys can
be broadly utilized to stop the traffic analysis. The decryption can be successful through compromising all the partici-
pants or traffic scrutiny through capturing all the data packets or through brute-force analysis. By sharing of segments
on numerous routes, it is complicated in favor of adversary to decrypt the message. SPREAD gives the better possi-
ble solution to three major security issues like security, reliability, and cost metric. In SPREAD scheme, the threshold
secret sharing Algorithm (T,N) is capable of breaking up a secret message into Nsegments (or shares). So that to give
and take segments, the opponent is required to compromise leastwise Tsegments to compromise the whole transmis-
sion. The opponent cannot gain information of something regarding the segments and does not have other substitute
to recover the surreptitious if it has less than Tshares. This recommends the powerful security controls. There are
two methods for secret share allocation: nonredundant share allocation, and redundant share allocation. The straight-
forward and sensitive share allocation method is to choose Naccessible routes and utilize (N,N) secret sharing. This
scheme assigns single segment to each pathway. This design achieves the most required highest security with the small-
est amount of handling expenditure. On the contrary, a superfluous secret segment (T,N) allocation system that will
possibly tolerate exact segment loss even though simultaneously it maintains the highest protection. Message share gen-
eration in SPREAD is the use of Shamir Lagrange interpolating polynomial technique as shown in Equation (1). This
scheme is one of the most outstanding secret sharing schemes. This scheme also captures deceptive findings and detec-
tion of dishonest nodes. The source node at first gains its pathway, that is, Pis share Si by dealing out using polynomial of
degree (T−1).26-29
f(u)=(b0u0+b1u1+b2u2+…………+bT−1uT−1)mod p,(1)
where, u=0, 1, 2, 3, …,N, randomly preferred stable values are b0,b1,b2,…,bT−1,andpis arbitrarily generated prime
number that is bigger from all previous constants. It is hypothetical to be shared mutually with dealer and combiner. The
secret message Kis denoted by the constant “b0.” On the destination, the combiner gets Tdata segments, f(u0), f(u1),…,
f(uT−1), and the original information f(u) can get back by the Shamir Lagrange interpolation as shown in Equation (2).
The surreptitious segment sharing scheme is useful as block by block. It is a central as well as primary system that is
utilized to achieve encryption to the facts and figure.
F(u)=
T
∑
j=1
𝑆𝑖𝑗.𝑙𝑖𝑗(u)mod p,where 𝑙𝑖𝑗(u)=
T
∏
k=1,u≠j
(u−𝑖𝑘)∕(𝑖𝑗 −𝑖𝑘).(2)
The MANET has major problem for maintaining the security. For security purpose in SPREAD, (T,N) secret sharing
algorithm is applied. The transmission of data packets from one hop to another hop is generally responsibility of the net-
work layer. It is also responsible to discover the disjoint nodes in the pathway mostly to shelter the information. Multipath
routing is conquering in improving stability, error permissiveness, and end-to-end delay for burst transfer. It also manages
consignment balance. The SPREAD system requires self-governing paths, particularly, node-disjoint paths, as countless
as feasible because this is related to node compromise possibility. The multipath finding technique planned for SPREAD
with the objective of node-disjoint path is the diversity coding. It acquires identical source initiated routing strategy. In
SPREAD, link cache is utilized instead of path cache. The paths are broken up into separate associations using unified
6KAUSAR .
graph data structure that proposes the equal number of path information. The route reachable in a path cache can be
produced for all time through link cache. The modified Dijkstra algorithm changes the standard Dijkstra algorithm by
permitting stable tagged vertex leaving reverse to an insecure tag if a minimum expenditure value is found. The modified
Dijkstra algorithm is implemented to discover the maximum protected route in converted graph.26-29
2.4 Enhanced SPREAD and security model
Enhanced SPREAD (E-SPREAD) handles equal level features as in SPREAD with the enhancement by utilizing BFA.
The data transfer from beginning to end via network may be confined by several intruders. In this subsection, we only
discuss about the enhancements; E-SPREAD offers the best solution in favor of three problems, which exist in MANET.
These issues are protection, consistency, and cost. All of these issues that are offered in E-SPREAD are discussed in the
subsequent sections. The Threshold Secret Sharing scheme is used as shown in Figure 2 to break up a large message into
small Nparts also named segments or shares. It offers the least processing overhead. Each share has some important
information that might be exploited to deduce the share to get the actual message. The experienced algorithm can be
used to rebuild the secret message from any Tout of Nsegments, which are received although an intruder cannot learn
anything if it has less than Tsegments.Itisprominentas(T,N) threshold secret sharing scheme. There are different
protocols or techniques utilized to transform plaintext into ciphertext.29
(a) Message Segments Generation: The message segment creation is similar as in SPREAD. The improvement in
SPREAD is the use of Shamir Lagrange interpolating polynomial technique. This scheme is one of the most excellent
secret sharing schemes. This scheme also detains deceptive finding and detection of dishonest nodes.
(b) Optimum Share Allocation: The E-SPREAD has major problem for maintaining the security. For security purpose,
(T,N) secret sharing algorithm is applied. To facilitate the security of data is our central goal. The transferring of data
packets from one hop to another hop is normally responsibility of the network layer. It is also responsible to discover
the disjoint nodes in the pathway mostly to shelter the information. All the information can be compromised if any
of disjoint nodes are compromised.
FIGURE 2 Threshold secret
sharing scheme
KAUSAR . 7
FIGURE 3 Multipath routing in E-SPREAD [Colour figure can
be viewed at wileyonlinelibrary.com]
SD
1
2
5
4
3
6
7
8
10
9
11
12
13
14
15
16
17
Failur e
FIGURE 4 System model for
spreading and assimilation-based data
sharing in MANET [Colour figure can
be viewed at wileyonlinelibrary.com]
(c) This system, multipath routing protocol likes on-demand route finding protocol, is utilized that is extremely compe-
tent as well as successful protocol in ad hoc networks as shown in Figure 4. These protocols are also utilized to deal
with the disjoint nodes within the network and protect the link cache association to bring updated path information,
gives up-to-date reply to source node.
The links cache also preserves the least amount of hop count and delay. In E-SPREAD,29 the Dijkstra shortest
path procedure is also employed to acquire the least hot count. A maximal path finding algorithm is also used to find
optimum route. At first, Modified Dijkstra algorithm is used to find the most secure path and then performs graph trans-
formation. After this, modified Dijkstra algorithm is run again to select the most secure path in transformed graph.
Transform back to original graph until no more path can be found. In the start, the source enters the destination's IP
address and sends out the data to its adjacent nodes. All the residual nodes to be part of the network nodes do this
duty and send the information to the destination node. If any node is unsuccessful to communicate using neighboring
nodes, then it will select a different path to the intended destination node Das shown in Figure 3 by using multipath
routing.
In the Enhanced SPREAD scheme, the BFA is used to transform plaintext into ciphertext and shelter the data from
the adversary. It also conceals the actual information from intruders. In the wireless network, the bandwidth is the fun-
damental restriction to be minimized. In the E-SPREAD, additional coefficients have to be assigned to the data parts
or shares to reduce the bandwidth represented as b0,b1,b2,…,bT−1. Blow Fish is a symmetric block cipher encryp-
tion and decryption algorithm. It acquires a variable length key size ranging from 32 to 48 bits and 64-bit block of data
packet with 16 rounds. Each round performs permutation depends on the key. The space requirement for ciphertext is
triple as compared with original plaintext.26-30 It also performs substitution that depends on the data using XOR opera-
tion and addition on 32-bit word. No attacks are known to be successful against it. Blow Fish is unpatented and license
free and is available free for all uses.31-33 There are several issues we have noticed about Blow Fish according to, it has
weak key (32 bits) problem. That is why, the first four rounds of Blow Fish are defenceless by second-order differential
attacks.
8KAUSAR .
3PROPOSED SOLUTION
We present the ES-LZW scheme in which modified algorithm is used for encryption along with compression algorithm.
It incorporates the same processes as in SPREAD and E-SPREAD except the use of ES-LZW encryption algorithm for
cryptographic operations. The scheme enhances data security in data transmission using simple encryption method
with compression. Efficiency of the data transmission is increased a lot with better data communication. Because of
compression, data bits are minimized that results in reduction for memory and bandwidth requirements. In the pro-
posed model shown in Figure 4, multiple mobile and laptops are connected in an ad hoc manner. These devices can
join and leave the network. In this proposed scenario, mobile device is a source device. It transmits data on two dif-
ferent paths and comprises of different mobile and laptop devices. Data are received on the destination mobile device
from two different paths. In this scenario, security is essential to ensure confidentiality of data. To avoid security threats,
encrypted data are transmitted on two different paths based on mobile and laptop devices and reached the destina-
tion device. On receiving side, data are assimilated to get the desired information. A list of notations are provided
in Table 1.
Proposed system's encryption flow chart is shown in Figure 5 where decryption involves reverse steps as in encryp-
tion process. This encryption and decryption algorithm requires 64 bits key value and 64 bits plaintext for encryption
and decryption. ES-LZW algorithm is a block cipher algorithm, so it encrypts plaintext block by block to produce
ciphertext block. Users have a choice to use either string key value or numeric key value. Users also have the choice
to encrypt text file or text directly entered into the text box. In order to safeguard the MANET, the safety model
is utilized with following incentive. The actual text may not be recognized when the encrypted data are recov-
ered in the brute-force cryptanalysis because of compression. In order to safeguard the MANET, the safety model
is utilized with following incentives: (i) cryptographic algorithm is exercised to encrypt data packets and later it is
compressed; (ii) bandwidth effectiveness is enhanced because of compression technique; (iii) compression technique
increases the battery life by consuming less power; (iv) encryption and decryption perform a significant role to shel-
ter data; (v) minimize memory requirement for ciphertext; and (vi) data can only be recovered in the brute-force
cryptanalysis.
Notation Description
TSelected data segments
NTotal data segments
CDPMCompressed data parts for each fragment
TSMTime stamp for each data fragment
H′Hash value of security credentials
INA,IN
BIntermediate node A and B on disjoint paths
CLCiphertext at sender
CL+1Ciphertext at sender INA
QNumber of intermediaries between sender and receiver
DR Data receiver
DS Data sender
MID Data fragment identity
EDS−INASecret key between DS and INA
X64-Bit packet
XL32-Bit left half with circular shift on XL
XR32-Bit right half with circular shift on XR
STR First input character
COutput code
b0-bT−1Bandwidth coefficients
TABLE 1 List of notations
KAUSAR . 9
Algorithm 1. ES-LZW Encryption Algorithm
Input: 64 bits packet in plaintext
Output: Two 32-bits ciphertext with compressed data
1. Divide 64 bit packet into 32-bit parts XLand XR
2. For n=1toQ
3. XL=Left Circular Shift on XL
4. XR=Right Circular Shift on XR
5. END For
6. X=Combine XLand XR
7. X=XXORKey
8. Divide X into 32-bits XLand XR
9. For n=1toQ
10. XL=Left Circular Shift on XL
11. XR=Right Circular Shift on XR
12. END For
13. X=Combine XLand XR
14. Set STR as first input character from String X
15. WHILE not end of input String X
16. C =next input character
17. IF (STR +C) is in the string table THEN
18. STR =STR +C
19. ELSE
20. Output the code for P
21. Add STR +C to the string table
22. Set STR as C
23. END IF
24. END WHILE
25. Output code for STR
In Algorithm 1, initially a 64-bit packet is taken as input and divided into two halves of 32 bits. Steps (2) to (5) perform
left circular shift on left half and right circular shift on right half. In Step 6, resultant of left half XLand right half XRare
combined into X. The variables used in this algorithm are n,XL,XR,STRandC.InStep(7),XORisperformedonXwith
64-bit key value and the result is stored in X. Next, two 32-bit values are obtained by slicing 64 bits X.InSteps(9)to(12),
shift operations are performed on left half XLand right half XR.Step15givesXas input to compression algorithm. Here,
we use LZW compression algorithm to compress bit stream into scramble codes. Step 16 stores first character into STR
variable and controls the operation using WHILE loop. Step 18 assigns next character into C and checks, if STR +Cisin
the dictionary then STR =STR +C otherwise output code for STR. Add STR +C into dictionary. Store next character into
STR and then ends if check. This process is repeated until end of input. Step output code for STR and the algorithm ends
up. The reason for using this algorithm is to encrypt plaintext in ciphertext using simple XOR functions and shift rota-
tion. This encryption algorithm is linked with compression algorithm. It minimizes memory requirement, bandwidth
requirement and also adds more protection to encrypted data.
The reverse procedure is used to recover the original text from ciphertext. Flow chart of proposed ES-LZW is illustrated
in Figure 5. The proposed technique gets bit stream of 64-bit packet as input, which is divided into two packets of 32 bits
each. After this, Left Circular Shift operation is performed on left 32 bits twice. Similarly, Right Circular Shift is performed
on right 32 bits twice. After this, result of both sides is combined into X and perform XOR function on Xand 64 bits secret
key K. The result of XOR function is further divided into two packets of 32 bits. And then again left and right circular
shift is applied on left and right 32 bits, respectively. After this, the results of left and right circular shifts are combined as
ciphertext and passed to LZW compression algorithm. This whole process is repeated until all the plaintext is encrypted
and compressed into secret codes. The LZW initializes dictionary and stores first byte into STR and next byte into CHAR.
10 KAUSAR .
FIGURE 5 Flow chart of proposed ES-LZW encryption
algorithm
After this STR +CHAR is checked into dictionary, if it exists in the dictionary then STR =STR +CHAR otherwise Output
CODE for STR and add entry STR +CHAR into table. Next STR is set as CHAR. After this, it keeps on checking more
bytes. In case of YES, it repeats the whole procedure and otherwise output the CODE for STR.
In our proposed scenario, data sender (DS) encrypts and compresses the data, which are divided into two or more
data fragments up to N. In this case, ciphertext is obtained for two or more data fragments. Each encrypted data packet
contains compressed data parts CDPM, time stamp TSM, data fragment identity MID, and hash H′of these values for
integrity protection of data. In this situation, data fragments are M={0,1,2,3…N}andNdenotes the total number of
fragments of data. Sender transmits ciphertext CLtoward one intermediate node INAthat received ciphertext as shown
in Equation (3). The intermediate node INAtransmits ciphertext CL+1towards another intermediate node INBas given
in Equation (4).
CL=EDS−INA{CDPM,TSM,MIDH′(DPM||TSM)},(3)
CL+1=EDS−INB{CDPM+1,TSM+1,H′(DPM||TSM)}.(4)
If only one intermediate node between DS and the data receiver (DR), then data are transmitted to the intermediate
node and it directly send to the DR. On the contrary, if the intermediate nodes between the sender and the receiver
are more than one like up to Qthen CL+0,CL+1,…,CL+Q,andQ+1 different paths are needed to further send these
fragments to the other intermediate nodes until it reaches the DR. The decryption algorithm performs working inversely
as of encryption algorithm. On receiving side, first of all DR decrypts the ciphertext by using the secret key to obtain
the security credentials and the compressed data fragment as well. Next, the DR checks the message freshness by taking
KAUSAR . 11
difference of time stamp value in message sent by DS and the timestamp at DR. In case, the difference is less than the
threshold value, the message is further processed otherwise it is discarded. In case of successful message freshness check,
DR checks for the message integrity by taking the hash value received in message and comparing with new hash value
calculated at DR. In case of valid hash value, the compressed data are extracted for first fragment. Similarly, data fragments
are extracted and then these fragments are assimilated using XOR in a sequence of data fragments identities MID to
obtain the final data. In case of mismatch for hash values, the message is considered to be altered by some adversary and
discarded. Time stamp is verified to guard against the replay attacks.
4RESULTS AND ANALYSIS
We have developed a network model for MANET that contains low power and high power nodes. We validate our work by
performing extensive simulations using NS-2.35 on Fedora Core 26 where TCL is used for deployment of nodes, mobility,
and message initiation among nodes. To handle the backend functionality of messages and new packet creation, we
have used C language. It is also used to implement code for send, receive, hash, encryption, decryption, spreading, and
assimilation functions. During simulations, a number of trace files are generated as per each plaintext file size scenario.
Next, the results are extracted using AWK scripts applied on these trace files and finally presented in a graphical format.
Results show that the proposed scheme performs better for execution time, memory utilization, fragment creation, and
resilience against security issues. Moreover, ES-LZW is designed in VB.net for Encryption and Decryption algorithm to
verify the performance. A list of simulation parameters are given in Table 2.
4.1 Encryption and decryption time
The results of both encryption and decryption processes of ES-LZW are discussed in this section. The encryption time
is computed as the sum of time necessary to transform plaintext into ciphertext. Similarly, decryption time is computed
as the sum of the time necessary to transform ciphertext into plaintext. During encryption and decryption processes,
the proposed system takes less time than existing system. Results of Figure 6A illustrates that for a plaintext of size
43.39 KB, encryption time is 602 667.4 and 620 091.88milliseconds for ES-LZW and Blow Fish, respectively. Similarly for
the plaintext 54.40 KB, encryption time is 747 811.1 and 777283.86 milliseconds for ES-LZW and Blow Fish, respectively.
As a result, the ES-LZW 12.05% is better for encryption. Figure 6B illustrates that for a ciphertext of size 41.39 KB for
ES-LZW and 43.39 KB for Blow Fish, decryption time is 96489.34 and 170 196.1 milliseconds for ES-LZW and Blow Fish,
TABLE 2 Simulation parameters Parameters Values
Simulation setup
Network field 1200 ×1200 m
Initial energy at node 1000 J
Tx power at node 0.819 J
Receiving power 0.049 J
Queue type Queue/DropTail/PriQue
Max packet in queue 50
Routing protocol DSDV
Agent trace ON
Router trace ON
Mobility trace ON
Plaintext size 1.46-54.40
Plaintext and ciphertext size 2.4-108.79
Abbreviation: DSDV, destination-sequenced distance vector.
12 KAUSAR .
FIGURE 6 Encryption time in
microseconds for different plaintext
sizes is presented in (A) whereas (B)
presents decryption time for
ciphertext [Colour figure can be
viewed at wileyonlinelibrary.com]
FIGURE 7 Execution time comparison for plaintext and
ciphertext [Colour figure can be viewed at wileyonlinelibrary.com]
respectively. Similarly for the ciphertext of size 48.05 KB for ES-LZW and 54.40 KB for Blow Fish, the decryption time is
98 382.6 and 212914.3 milliseconds for ES-LZW and Blow Fish, respectively. On a result the ES-LZW 40.82 % is better for
decryption. On average ES-LZW works better for decryption than encryption.
The execution time (𝜏) is calculated as the sum of encryption and decryption time as given in Equation (5).34 The
execution time of proposed system is better than existing system. Proposed system also reduces memory requirement,
transmission time, and bandwidth because of compression. It also provides enough security during transmission of com-
pressed data. Figure 7 elucidates that the execution time for 84.78 KB plaintext +ciphertext is 349 578.33milliseconds for
ES-LZW and for the 86.78 KB plaintext +ciphertext is 395 144 milliseconds for Blow Fish. Similarly, the execution time
for a 102.44 KB plaintext +ciphertext is 423 096.87 milliseconds for ES-LZW and for the 108.79 plaintext +ciphertext is
495 099.1 milliseconds for Blow Fish. As a result, the ES-LZW saves 11 756.79 milliseconds execution time. On average
of all the files' plaintext and ciphertext, ES-LZW saves 30004.29 milliseconds of execution time than Blow Fish during
transformation.
Execution Time (𝜏)=Encryption Time (𝜏E)+Decryption Time(𝜏D).(5)
5MEMORY CONSUMPTION
In this model, each time a data packet is transmitted to the application layer, it is transformed into ciphertext by applying
encryption first and then applying compression algorithm like LZW algorithm. The reverse procedure is applied at des-
tination. The ciphertext generated by ES-LZW required less memory compared with E-SPREAD. On average, memory
requirement of six plaintext files is 28.31 KB but the size of ciphertext generated by proposed system is 25.78 KB com-
pared with E-SPREAD. The proposed schemes save 9% memory. Transmission time will also be reduced by transmitting
less number of bits due to compression especially when the plaintext or file size increases and also repetition of data in
KAUSAR . 13
FIGURE 8 Memory requirement for proposed and existing [Colour figure
can be viewed at wileyonlinelibrary.com]
FIGURE 9 Size of each data fragment for transmitting on disjoint paths
[Colour figure can be viewed at wileyonlinelibrary.com]
plaintext increases. Figure 8 shows the memory requirement comparison for ciphertext. These results illustrate that for
a plaintext of size 43.39 KB, the ciphertext generated by ES-LZW requires 41.39 KB while ciphertext generated by Blow
Fish requires 43.40 KB of memory. Similarly, for a plaintext of size 54.40KB, the ciphertext generated by ES-LZW requires
48.05 KB while ciphertext generated by Blow Fish requires 54.40 KB of memory. On average of these two files, ES-LZW
saves 9% of memory uses for ciphertext.
5.1 Data spreading and fragment count
The data are divided into equal-sized fragments at sender side before transmission towards receiver. The data fragments
are transmitted over Qpaths as per number of fragments selected to strengthen the level of security. Figure 9 elucidates
that in case of three data fragments, the data fragment size is 2.493 KB, 11.27 KB, 28.93KB, 33.29 KB, and 36.263 KB for
the input data files of size 7.48 KB, 33.81 KB, 86.79KB, 99.87 KB, and 108.79KB, respectively.
5.2 Resilience against node compromise attacks
The data transmitted on single path can be grabbed by the intruders by compromising nodes in the path. In proposed
scenario, the data are divided or spreaded into Qdata fragments that are transmitted over Qdisjoint paths to make it
more difficult for the attackers to predict the exact Qpaths that are used for transmitting particular data fragments.
In each data transmission, different paths are selected, which increase the resilience against node capturing attacks.
Figure 10A elucidates the chances of an intermediate node being compromised when a threshold number of nodes
are already compromised. Results show that for 60 nodes in the network, the probability of intermediate node being
compromised is 0.0172, 0.0344, 0.0517, and 0.0689 when already 1, 2, 3, and 4 nodes are being compromised in the
network. Figure 10B illustrates the probability of communication compromised in cases of no fragments, two frag-
ments, and three fragments. Results show that when 30 nodes are compromised out of total 100 nodes, then the fraction
of communication compromised is 0.3061, 0.0937, and 0.0286 for no fragment, two fragments, and three fragments,
respectively.
14 KAUSAR .
FIGURE 10 Probability of
intermediate nodes being
compromised is presented in (A)
and fraction of communication
compromised for data fragments
creation and without data
fragments is presented in (B)
[Colour figure can be viewed at
wileyonlinelibrary.com]
6CONCLUSION
In this work, we present the ES-LZW algorithm for data exchange by applying cryptographic operations and compression
as well. Using combination of encryption and compression, the security scheme improves the security of the data and
minimizes the memory requirement. The proposed system creates the data fragments at sender side and transmits them
over disjoint paths to guard against node capture attacks and manage the limited memory utilization at a particular node
as well. It helps to support a large number of messages being securely exchanged through an individual node. We present
the enhanced algorithm ES-LZW for providing cryptographic operations along with data compression. In our case, we
have applied it for securely transmitting data fragments obtained after spreading at sender side. The proposed scheme
is better to reduce memory requirement during data fragment message transmission. It also solves battery life problem
especially as file or plaintext has repetitive data and also as size increases to a great extent. Our proposed system saves
9% of memory during data transmission. Resilience is also improved at great extent when data fragments are transmitted
over disjoint paths. In case of 30% compromised nodes in the network, 30% data are also exposed in case of no spreading
or fragments but only 9% data are exposed for two fragments scenario when data are communicated over two paths. It
becomes more secure in case of three fragments where only 3% communication will be exposed. It enhances the security
strength by 66.6% when switched from two data fragments to three data fragments. In future, we shall analyze to enhance
our work for Internet of Things scenario and to analyze the reduction in memory utilization and reduced execution times
to manage the sensing bottleneck caused due to massive data on smart devices.
ORCID
Ata Ullah https://orcid.org/0000-0003-3603-1709
Rashid Mehmood https://orcid.org/0000-0002-3488-9413
Muhammad Shahid Iqbal https://orcid.org/0000-0003-4766-0439
REFERENCES
1. Walikara GA, Biradar RC. A survey on hybrid routing mechanisms in mobile ad hoc networks. J Netw Comput Appl. 2017;77:48-63.
2. Wahhab Mohammed AA, Assad H, Al-Ghrairi T. Differences between ad hoc networks and mobile ad hoc networks: a survey. J Southwest
Jiaotong Univ. 2019;54(4):1-12.
3. Abdel-Fattah F, Farhan KA, Al-Tarawneh FH, AlTamimi F. Security challenges and attacks in dynamic mobile ad hoc networks MANETs.
Paper presented at: 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT);
2019; Amman, Jordan:28-33.
4. Saudi NAM, Arshad MA, Buja AG, Fadzil AFA, Saidi RM. Mobile ad-hoc network (MANET) routing protocols: a performance assessment.
In: Kor LK, Ahmad AR, Idrus Z, Mansor K, eds. Proceedings of the Third International Conference on Computing, Mathematics and Statistics
(iCMS2017). Singapore: Springer; 2019.
5. Akhtar N, Khan MA, Ullah A, Javed MY. Congestion avoidance for smart devices by caching information in MANETS and IoT. IEEE
Access. 2019;7:71459-71471.
6. Quy VK, Ban NT, Nam VH, Tuan DM, Han ND. Survey of recent routing metrics and protocols for mobile ad-hoc networks. J Commun.
2019;14(2):110-120.
7. Vadivel R, Bhaskaran VM. Adaptive reliable and congestion control routing protocol for MANET. Wirel Netw. 2017;23(3):819-829.
8. Ullah A, Sher M, Imran M, Derhab A. Secure key distribution using fragmentation and assimilation in wireless sensor and actor networks.
Int J Distrib Sens Netw. 2015;11(9):1-13.
KAUSAR . 15
9. Anbarasan M, Prakash S, Anand M, Antonidoss A. Improving performance in mobile ad hoc networks by reliable path selection routing
using RPS-LEACH. Concurr Comput Pract Exper. 2019;31(7):e4984.
10. Anuradha M, Anandha MGS. Cross-layer based congestion detection and routing protocol using fuzzy logic for MANET. Wirel Netw.
2017;23(5):1373-1385.
11. Jahir Y, Atiquzzaman M, Refai H, Paranjothi A, LoPresti PG. Routing protocols and architecture for disaster area network: a survey. Ad
Hoc Netw. 2019;82:1-14.
12. Ferrer AJ, Marquès JM, Jorba J. Towards the decentralised cloud: survey on approaches and challenges for mobile, ad hoc, and edge
computing. ACM Comput Surv. 2019;51(6):1-36.
13. Liu G, Yan Z, Pedrycz W. Data collection for attack detection and security measurement in mobile ad hoc networks: a survey. JNetw
Comput Appl. 2018;105:105-122.
14. Meitei MG, Sen B. A study on few approaches to counter security breaches in MANETs. In: Sarma H, Borah S, Dutta N, eds. Advances in
Communication, Cloud, and Big Data. Lecture Notes in Networks and Systems. Vol 31. Singapore: Springer; 2019.
15. Kusyk J, Uyar MU, Sahin CS. Survey on evolutionary computation methods for cybersecurity of mobile ad hoc networks. Evol Intell.
2018;10(3-4):95-117.
16. Fatteh FA, Frhan KA. Security challenges and attacks in dynamic mobile ad hoc networks MANETs. Paper presented at: IEEE Jordan
International Joint Conference on Electrical Engineering and Information Technology (JEEIT); 2019:28-33.
17. Soms N, Malathi P. Secured and anonymous data transmission in MANET environment using zone-based intrusion detection system.
Concurr Comput Pract Exper. 2019;31(12):e4734.
18. Venu VS, Avula D. Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks. Int J Commun Syst.
2018;31(3):e3518. https://doi.org/10.1002/dac.3518.
19. Jie L, Wei Y, Nan Z. A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE
Internet Things J. 2017;4(5):1125-1142.
20. Dorri A, Kamel RS, Kheyrkhah E. Security challenges in mobile ad hoc networks: a survey. Int J Comput Sci Eng Surv. 2015;6(1):15-29.
21. Maragatharajan M, Balasubramanian C, Balakannan SP. A secured MANET using position-based opportunistic routing and SEMI
MARKOV process. Concurr Comput Pract Exper. 2018;31(14).
22. Khan A, Sun QT, Mahmood Z, Ullah A. Energy efficient partial permutation encryption on network coded MANETs. J Electr Comput Eng.
2017;2017:1-10.
23. Vegda H, Modi N. Review paper on mobile ad-hoc networks. Int J Comput Appl. 2018;179(37).
24. Soma GS, Reddy ES. An enhanced data security with compression for MANETs. Int J Comput Netw Commun Secur. 2014;2(12):456-461.
25. Ruxanayasmin B, Krishna BA, Subhashini T. Minimization of power consumption in mobile adhoc networks. Int J Comput Netw Inform
Secur. 2014;6(2):38-44.
26. Rao AR, Reddy S, Kumari VV. Multi-path selection based on fractional cuckoo search algorithm for QoS aware routing in MANET. Sensor
Rev. 2019;39(2):218-232.
27. Lou W, Liu W, Fang Y. SPREAD: enhancing data confidentiality in mobile ad hoc networks. Paper presented at: INFOCOM 2004.
Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies; 2004:2404-2413.
28. Wenjing L, Liu W, Zhang Y, Fang Y. SPREAD: improving network security by multipath routing in mobile ad hoc networks. Wirel Netw.
2009;15(3):279-294.
29. Rao TS, Singh G. Enhanced secure protocol for reliable data delivery. Int J Comput Appl. 2015;116(8).
30. Raju LR, Reddy CRK. Node activity based trust and reputation estimation approach for secure and QoS routing in MANET. Int J Electr
Comput Eng. 2019;9(6):5340-5350.
31. More RS, Konda SS. Resilient security against hackers using enchanced encryption techniques: Blowfish and Honey encryption. Int
J Recent Innov Trends Comput Commun. 2016;4(6):98-102.
32. Jalel Ben O, Mokdad L. Enhancing data security in ad hoc networks based on multipath routing. J Parallel Distrib Comput.
2010;70(3):309-316.
33. Pavithra S. Performance evaluation of symmetric algorithms. J Glob Res Comput Sci. 2012;3(8):43-45.
34. Christina L, Joe Irudayaraj VS. Optimized blowfish encryption technique. Int J Innov Res Comput Commun Eng. 2014;2(7):5009-5015.
How to cite this article: Kausar S, Habib M, Shabir MY, et al. Secure and efficient data transfer using
spreading and assimilation in MANET. Softw: Pract Exper. 2020;1–15. https://doi.org/10.1002/spe.2782
