Research of Security Routing Protocol for UAV Communication Network Based on AODV

Abstract

With the rapid development of information technology and the increasing application of UAV in various fields, the security problems of unmanned aerial vehicle (UAV) communication network have become increasingly prominent. It has become an important scientific challenge to design a routing protocol that can provide efficient and reliable node to node packet transmission. In this paper, an efficient Digital Signature algorithm based on the elliptic curve cryptosystem is applied to routing protocol, and an improved security method suitable for on-demand routing protocol is proposed. The UAV communication network was simulated through the NS2 simulation platform, and the execution efficiency and safety of the improved routing protocol were analyzed. In the simulation experiment, the routing protocols of ad-hoc on demand distance vector (AODV), security ad-hoc on demand distance vector (SAODV), and improved security ad-hoc on demand distance vector (ISAODV) are compared in terms of the performance indicators of packet delivery rate, throughput, and end-to-end delay under normal conditions and when attacked by malicious nodes. The simulation results show that the improved routing protocol can effectively improve the security of the UAV communication network.

1. Introduction

With the progress and development of science and technology, UAV is becoming more and more mature in technology and widely used in production and life. UAV has the advantages of low cost, small size, light weight, easy to operate, high flexibility, high adaptability, high stability, and easy concealment. Therefore, it plays an important role in dealing with film and television shooting, agricultural monitoring, electric cruise, meteorological monitoring, forest fire detection, and emergency rescue [1,2,3,4].

With the wide application of UAV in production and life, how to improve the communication quality of UAV communication network has become a research hotspot. The UAV communication network is an extended application of mobile ad-hoc networks (MANET) in the field of UAV [5,6,7]. Each UAV node in the UAV communication network has an equal status. It does not need to set up any node responsible for central control, and it has a strong anti-destructive ability. Network nodes not only have the functions required by ordinary mobile terminals, but also have the ability of data packet forwarding. When the source node and the destination node are not in the range of direct communication with each other, data packets can be forwarded through the intermediate node for communication. Sometimes data packets need to be forwarded by multiple nodes to reach the sink node [8,9,10]. The UAV communication network adopts the form of a dynamic network to complete the interconnection of the internal members of the cluster. The advantages of its networking are self-intelligent organization, automatic healing, and high performance, and low latency, which can meet the needs of a UAV cluster in special scenarios [11,12,13].

The UAV communication network has the characteristics of open channel, dynamic topology, no center authorization, distributed cooperation, and limited bandwidth. Therefore, the security of its routing protocol is much more complex than traditional networks, and some existing security solutions for wired networks cannot be directly applied to UAV communication networks. However, the existing routing protocols in MANET only focus on the function and efficiency of route discovery, and hardly mention the security of the protocols [14,15,16,17]. The AODV routing protocol is widely used in UAV communication networks because of its simplicity and low control overhead. However, it does not have any security mechanism, and it is easily attacked by various malicious nodes [18,19,20]. Figure 1 shows the attacked UAV communication network. When the UAV communication network is attacked by malicious nodes, the wireless signal is easily intercepted and interfered. At this time, the UAV communication network is more vulnerable to network attacks such as eavesdropping, active intrusion, and denial of service. Therefore, designing an efficient and secure routing protocol for UAV communication networks is particularly critical [21,22,23,24].

Shounak et al. [25] proposed a secure protocol based on an optimization algorithm, Monarch-Earthworm Algorithm (Monarch-EWA), which is the modification of the Monarch Butterfly algorithm using the Earthworm Optimization Algorithm (EWA) in order to render effective security to the network. Alouache et al. [26] researched, compared, and classified enhanced vehicle routing protocols with different security mechanisms, including authentication, integrity, confidentiality, non-repudiation, and availability of data and communications. Liu et al. [27] proposed a trust detection-based secured routing (TDSR) scheme to establish security routes from source nodes to the data center under malicious environment to ensure network security. Neumann et al. [28] presented the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. Kavitha et al. [29] proposed the framework that deals with the security flaws through hyper elliptic curve based public key cryptosystem, which combines Digital Signature Algorithm (DSA), ElGamal approaches that ensure the entity authentication, and secure group communication.

The UAV information transmission is a complex task. It is important to design a routing protocol that can provide efficient and reliable node to node packet transmission. In this paper, an efficient digital signature algorithm based on elliptic curve cryptosystem is applied to routing protocol, and an improved security method suitable for on-demand routing protocol is proposed. Through the simulation of three routing protocols (AODV, SAODV and ISAODV), the performance indicators such as packet delivery rate, throughput, end-to-end delay, and routing overhead are compared and studied. The simulation results show that the performance of the ISAODV and SAODV routing protocols in terms of packet delivery rate, throughput, and routing overhead is very close to the AODV routing protocol. This shows that the ISAODV and SAODV routing protocols inherit the characteristics of the AODV routing protocol and maintain the route discovery and route maintenance capabilities of the AODV routing protocol to the greatest extent. In addition, because each node on the active path of the SAODV protocol must be authenticated and signed based on the certification authority (CA) certificate, the complexity of information transmission is much higher than that of ISAODV based on the elliptic curve cryptosystem. The ISAODV routing protocol proposed in this paper effectively reduces the complexity of the algorithm on the basis of improving network security, and provides a powerful guarantee for the security of UAV communication networks.

The remaining sections of this paper are organized as follows. Section 2 describes the principle of security AODV routing protocol. Section 3 describes the principle of improved security AODV routing protocol. Section 4 describes the simulation and numerical results, and the performance indicators such as the packet delivery rate, throughput, and end-to-end delay of the UAV communication network are compared and analyzed. Finally, Section 5 summarizes the paper.

2. Security AODV Routing Protocol

The SAODV protocol divides the routing message into variable part and invariant part for processing according to the characteristics of hop by hop changes in the AODV protocol. The hop number field in the routing message is a variable part, which is authenticated by a hash chain. Other fields in the routing message are invariant parts, which are authenticated by digital signature [30,31,32,33].

2.1. Authentication of Variable Parts

The SAODV protocol uses a hash chain to protect the variable part in the route request (RREQ) and route reply (RREP) messages. Hash chain is realized by repeatedly applying one-way hash function to a random number. Each node that receives a RREQ or RREP message can verify the hops field to ensure that it is not maliciously reduced by the attacker. The process of RREQ or RREP routing messages is shown in Algorithms 1.

Algorithms 1The Process of RREQ or RREP Routing Messages

1: for each RREQ or RREP do

2:   Generate a random number (seed)

3:   Set the $Max\_Hop\_Count$ field, and fill the value of the Time field in the IP header

4:   Set the $Hash$ field, and fill the value of seed

5:   Set the $Hash\_Function$ field, which indicates the type of hash function used

6:   Set the $Top\_Hash$ field: $Top\_Hash=h^{Max\_Hop\_Count-Hop\_Count}\left(Hash\right)$

7:   Verify the hop count information: $Top\_Hash=h^{Max\_Hop\_Count-Hop\_Count}\left(Hash\right)$

8:    if the result is equal to the value in the $Top\_Hash$ field then

9:        the hop number field is correct

10:      else

11:      the hop number field is wrong

12:      end if

13:    Calculate the Hash value to record the new hop: $Hash=h\left(Hash\right)$

14: end for

The $Hash\_Function$, $Max\_Hop\_Count$, $Top\_Hash$, and Hash fields are transmitted in the AODV extended message. The format definition of the extended message is shown in Figure 2. The RREQ message format of SAODV protocol is increased by 20 bytes on the basis of AODV format. The increased part is $Type2$, $Length$, $Hash\_Function$, $Max\_Hop\_Count$, $Top\_Hash$, $Signature$, $RREP\hspace{0.17em}Signature\hspace{0.17em}(optional\hspace{0.17em}field)$, $Hash$.

2.2. Authentication of Invariant Parts

The SAODV protocol uses digital signatures to authenticate invariant parts of RREQ and RREP messages. The node that sends the routing message signs the invariant part of the routing message. Each node that receives the routing message verifies the signature in the message.

2.3. Intermediate Node Responds to the RREQ Message

In the AODV protocol, when the intermediate node has a sufficiently fresh route to the destination node, it is allowed to reply to the RREQ message. In order to keep this mechanism in the SAODV protocol, an additional RREP signature field is included in the RREQ message broadcast by the source node. The intermediate node uses the RREP signature field to sign the routing response message RREP on behalf of the destination node, thus ensuring that the RREP message generated by the intermediate node can be verified.

In addition, when the intermediate node generates RREP messages, the lifetime of the route changes from the original one. The RREP message generated by the intermediate node contains two lifetimes, the original one and the real one. The original lifetime is signed by the destination node, while the real lifetime is signed by the intermediate node.

In order to distinguish different SAODV signature extension messages, the routing control message with two signatures used by the intermediate node when replying to the RREQ message is called RREQ and RREP double signature extension message.

2.4. The Process of Route Discovery

2.4.1. Generate RREQ Message

When the route to the destination node needs to be obtained, the node broadcasts a RREQ message. The RERQ message has a signature for the invariant part and a hash chain for the variable part. If the intermediate node is allowed to reply, the RREQ message is generated in the form of a double signature extended message with additional RREP signature fields. Otherwise, the RREQ message is generated according to the RREQ signature extension message format.

2.4.2. Processing RREQ Message

After a node receives the RREQ message, it first determines whether it has received the message in the most recent time. If it has received, the message is discarded; otherwise, the signature and hops in the message are verified. Only when the verification is correct, the reverse path corresponding to the message will be stored.

If the RREQ message is in the double-signature extended format, the node stores the RREP signature field in the RREQ message while storing the reverse path; otherwise, the field is not stored.

The node then determines whether it is the destination node. If it is, a RREP message response is generated. If it is not, but the node meets the conditions for the intermediate node to respond to the RREQ message, and has the corresponding RREP signature field, the node generates a RREP double-signature extended message to respond to the RREQ message. Otherwise, the node performs a hash operation on the hop number field of the RREQ message and broadcasts it continuously.

2.4.3. Generate RREP Message

When the destination node generates the RREP message, the node fills the destination node IP address, destination node serial number, next hop node and other relevant information into the corresponding fields of the RREP message, and signs and hashes the message. The message has a signature for the invariant part and a hash chain for the variable part.

The RREP message generated by the intermediate node is in a double-signature extended format. As described in Section C, it has two more lifetimes and signature fields corresponding to the lifetimes than the RREP message in the signature extension format generated by the destination node.

2.4.4. Processing RREP Message

After a node receives the RREP message, it first verifies its signature and hop number fields. Only when the verification is correct, the node stores the forward path corresponding to the message; otherwise, the message is discarded.

Then, the node determines whether it is the destination node. If it is, the process of route discovery is finished. Otherwise, the RREP message is sent according to the reverse path in the routing table.

2.5. Protection of Route Error (RERR) Message

The SAODV protocol uses hop-by-hop signatures to protect all fields of the RERR message. The nodes that generate or transmit RERR messages sign it. The nodes that receive the RERR message verify it. This can ensure the integrity and resistance of the RERR message. However, because the serial number of the destination node is not signed by the corresponding node, in order to ensure the security of the protocol, when processing the RERR message, the node will not update its destination node serial number according to the RERR message.

3. Improved Security AODV Routing Protocol

The SAODV routing protocol is based on the RSA public key cryptosystem [34], which introduces a lot of computational overhead while enhancing security. Certificates need to be introduced to verify the public key. The verification, transmission, management, and revocation of certificates bring a lot of storage, calculation, and communication overhead. Therefore, this paper studies the improved secure AODV routing protocol, which is based on elliptic curve cryptosystem.

3.1. Elliptic Curve Cryptosystem

Elliptic curve cryptosystem (ECC) is one of the three types of public key cryptosystems that have been proved to be safe and effective so far, and is known for its high efficiency. The security of ECC is based on the intractability of elliptic curve discrete logarithm problem (ECDLP), and it has the advantages of short key, short signature, and small software implementation scale [35,36,37,38]. The elliptic curve defined on the finite field $F\left(q\right)$ is as follows:

Assuming $q>3$, and $4a^3+27b^2\ne 0\mathrm{mod}\hspace{0.17em}q$, the curve

$$y^2\equiv x^3+ax+b\left(\mathrm{mod}\right)\hspace{0.17em}\hspace{1em}a,b\in F\left(q\right)$$

(1)

is called an elliptic curve on the finite field $F\left(q\right)$, which can be represented as $E_q\left(a,b\right)$.

3.1.1. Addition Rule of Elliptic Curve

For any two points $P\left(x_1,y_1\right)$ and $Q\left(x_2,y_2\right)$ on the elliptic curve, there is a third point $R\left(x_3,y_3\right)=P+Q$ also on the elliptic curve.

When $P\left(x_1,y_1\right)\ne Q\left(x_2,y_2\right)$,

$$P\left(x_1,y_1\right)+Q\left(x_2,y_2\right)=R\left(x_3,y_3\right)$$

(2)

$$\{\begin{array}{l}{x}_3={\lambda }^2-x_1-x_2\\ y_3=\lambda \left(x_1-x_3\right)-y_1\\ \lambda =\left(y_2-y_1\right)/\left(x_2-x_1\right)\end{array}$$

(3)

When $P\left(x_1,y_1\right)=Q\left(x_2,y_2\right)$,

$$P\left(x_1,y_1\right)+Q\left(x_2,y_2\right)=2P\left(x_1,y_1\right)=R\left(x_3,y_3\right)$$

(4)

$$\{\begin{array}{l}{x}_3={\lambda }^2-2x_1\\ y_3=\lambda \left(x_1-x_3\right)-y_1\\ \lambda =\left(3x_1^2+a\right)/2y_1\end{array}$$

(5)

Among them, a is the first-order coefficient in the elliptic curve equation.

3.1.2. Scalar Multiplication of Elliptic Curves

Assuming that m is an integer and G is a point on an elliptic curve, scalar multiplication can be expressed as follows:

$$mG=m\times G=\underset{m}{\underbrace{G+G+\cdots +G}}$$

(6)

3.1.3. Elliptic Curve Discrete Logarithm Problem

The security of ECC is based on the difficulty of solving the elliptic curve discrete logarithm problem (ECDLP). The difficulty of ECDLP is that it is difficult to find the integer L for the discrete points P and Q on the curve, so that LP = Q. When applying an elliptic curve to a cryptosystem, assuming that P is the public key and Q is the private key, its security is that it knows P but cannot derive Q. For a and b on a finite group, if there is a positive integer n, making $a^n=b$, the problem of solving $n={\log }_a^b$ is called the discrete logarithm problem on a finite group. For the discrete points P and Q on the elliptic curve, solving L makes LP = Q, which is called the elliptic curve discrete logarithm problem.

The attractive point of ECC is that its key length is shorter when the security is equal. For example, RSA uses a 1024 bit module length to obtain security, and in the elliptic curve cryptosystem, a 160 bit module length can obtain the same security.

Table 1. Security analysis and comparison between elliptic curve cryptosystem (ECC) and RSA.

Deciphering Time/MIPS-a	RSA Key Length/Bit	ECC Key Length/Bit	RSA/ECC Key Length Ratio
104	512	106	5:1
108	768	132	6:1
1012	1024	160	7:1
1020	2048	210	10:1

shows the security analysis and comparison between ECC and RSA. Million instructions per second for one year (MIPS-a) in the table refers to the computer that executes 1 million instructions per second runs for one year. At present, it is considered that when the deciphering time is 1012 MIPS-a, it represents security. Compared with other public key systems such as RSA and DSA, ECC can provide better encryption strength, faster execution speed, and shorter key length.

Table 2. Comparison of signature and encryption length of several cryptosystems.

	Signature Length/Bit	Encrypted Message Length/Bit
RSA	1024	1024
DSA	320	-
ElGamal	-	2048
ECC	320	320

shows the comparison of signature length and encrypted message length when the data length to be signed and encrypted is 2000 bit and 100 bit, respectively. A short key means a reduction in computing overhead, storage space, and bandwidth requirements. Therefore, ECC is more suitable for the UAV communication network with limited resources such as bandwidth, storage capacity, and CPU computing power.

3.2. Secure Routing Scheme Based on ECC

In order to adapt to the limited resources in UAV communication network, this paper studies a secure and efficient digital signature scheme based on SAODV routing protocol. Compared with other public key systems such as RSA, DSA, elliptic curve cryptosystem (ECC) can provide better encryption strength, faster execution speed, and shorter key length.

3.2.1. Digital Signature Scheme Based on Elliptic Curve

It is assumed that network bandwidth resources in the network are limited, and nodes can move freely, and communicate with each other through wireless multi hop channels. The relationship between nodes in the network is also dynamic, and nodes can join or leave at any time. The wireless link between nodes is bidirectional, and the nodes within the range of each other’s communication are called neighbor nodes. This scheme assumes that there is a trusted system authorization center (such as distributed certification authority system) in the network, which can verify the validity of each user’s identity, and generate a self-certified public key for the user according to the user’s identity and other information.

Table 3. Symbol definition.

Symbol	Definition
$I{D}_i$	Identity information of node i
q	The size of a finite field, which is a prime or a power of two, is about 160 bits long.
$E\left(F_q\right)$	Elliptic curve based on finite field $F_q$
G	The base point on the $E\left(F_q\right)$, whose order is n, where n is a large prime (160 bits)
$X\left(G\right)$	Take the abscissa value of point G
$S_u$	Private key of node u
$P_u$	Public key of node u
M	Routing information to be signed
A	Node that signs routing information
B	Node that verifies signature
$S_{SA}$	Private key of system CA, $S_{SA}\in \left[2,n-2\right]$
$P_{SA}$	Public key of system CA, and $P_{SA}=S_{SA}G$
$h(\cdot )$	One-way hash function

shows the symbol definition of this secure routing scheme.

The process of user $U_i$ registering with system CA is shown in Algorithms 2. It can be seen from the above process that the system CA only generates the user’s public key, and the user’s private key is generated by the user itself, and the user can verify the authenticity of the public key with the private key generated by itself, so the problem of secure distribution of the user’s private key is avoided. After users obtain their own public and private key pairs, they can use the following process for signature and verification.

Algorithms 2The Process of User$U_i$Registering with System CA

1: for each $U_i$ do

2:   Select a user identity information, expressed as $I_i$

3:   Randomly select an integer $x_i\in \left[2,n-2\right]$ as the random key

4:   Calculate $V_i=h\left(x_i\left|\right|I_i\right)\cdot G$

5:   Submit $\left\{I_i,V_i\right\}$ to system CA

6:   Randomly select an integer variable $k_i\in \left[2,n-2\right]$

7:   Calculate the public key $P_i$ and public key evidence $w_i$: $P_i=V_i+\left(k_i-h\left(I_i\right)\right)\times G=\left(P_{ix}\times P_{iy}\right)$ $w_i=k_i+S_{SA}\times \left(P_{ix}+h\left(I_i\right)\right)\left(\mathrm{mod}n\right)$

8:   Return $\left\{P_i,w_i\right\}$ to user $U_i$

9:   $U_i$ generates its own private key: $s_i=w_i+h\left(x_i\left|\right|I_i\right)\left(\mathrm{mod}n\right)$

10:    Verify the authenticity of user public key: $s_i\times G=P_i+h\left(I_i\right)\times G+\left[\left(P_{ix}+h\left(I_i\right)\right)\mathrm{mod}n\right]\times P_{SA}$

11: end for

The process of signature and verification is shown in Algorithms 3. It can be seen from the above signature scheme that the public key of the system CA is used in the signature verification process, so that the signature verification process and the validity verification of the public key are completed in one step, thereby avoiding the introduction of certificates to verify the validity of the public key. There is no need to pass certificates during the routing process, which reduces communication, calculation, and storage costs.

Algorithms 3The Process of Signature and Verification

1: for each $U_i$ do

2:   A randomly selects an integer variable $k$, $k\in \left[2,n-2\right]$

3:   Calculate $R=k\times G$, $r=X\left(R\right)\left(\mathrm{mod}q\right)$, $s=k+S_a\times h\left(M\left|\right|r\right)\left(\mathrm{mod}n\right)$

4:   A transmits signature (r, s) and M to B

5:   B calculates $V_a$: $V_a=P_a+h\left(I{D}_a\right)\times G+\left[\left(X\left(P_a\right)+h\left(I{D}_a\right)\right)\mathrm{mod}n\right]\times P_{SA}$ $\begin{array}{ccc}\hfill s\times G-h\left(M\left|\right|r\right)\times V_a& =& k\times G+S_a\times h\left(M\left|\right|r\right)\times G-h\left(M\left|\right|r\right)\times \left(S_a\times G\right)\hfill \\ & =& k\times G=\left(x_1,y_1\right)\hfill \end{array}$

6:   if $x_1=r\left(\mathrm{mod}q\right)$ then

7:    the signature is valid

8:   else

9:    the signature is invalid

10:    end if

11: end for

3.2.2. The Process of Routing Discovery

The routing process of the AODV routing protocol mainly relies on RREQ, RREP, and RERR to control the transmission of messages. This is also the main attack target of malicious nodes against the routing protocol. Therefore, these messages must be protected to prevent attacks such as tampering or forgery by malicious nodes.

Figure 3 shows a simple network model for secure route discovery. In the path shown in the figure, the source node is S, the destination node is D, and A and B are intermediate nodes. When S has data to send, but it has no route to the destination node or the route has expired, S randomly selects an integer $X_s\in \left[2,n-2\right]$ and calculates $T_s=X_s\times G\left(\mathrm{mod}q\right)$ to broadcast the route request information.

$$S\to \ast :[RREQ,Hash\_NC,RREQ\_CF\_Hash,RREQ\_FF\_Si{g}_s,\left(Null\right),E_{k_d}\left(T_s\right)]$$

Among them, $Hash\_NC$ is the invariant part related to hash information in the message. $RREQ\_CF\_Hash$ is the hash value calculated by the source node S according to the hop value and serial number in the routing request information. $RREQ\_FF\_Si{g}_s$ is the signature of the source node S to the invariant part. Null is the signature of the intermediate node to the invariant part. For the source node, this field is empty. $E_{k_d}\left(T_s\right)$ is the encryption protection of the session key negotiation factor by the source node S with the public key of the destination node D.

When intermediate node A receives the routing request packet from source node S, it will perform the following processing.

Step1: According to $RREQ\_CF\_Hash$ and $Hash\_NC$, verify whether the hop value and serial number are maliciously modified.

Step2: Verify the signature $RREQ\_FF\_Si{g}_s$ of the source node with the public key of the source node S.

After the verification is successful, the reverse path to the source node is established, and the hop value is increased by 1, which means that the normal processing of RREQ is followed and the corresponding hash operation is performed. The node updates the value of $RREQ\_CF\_Hash$ field, then signs the message to be forwarded with its own private key, and fills in the Null field. The node continues to broadcast the routing request message. At this time, the format of the routing request message is as follows:

$$A\to \ast :[RREQ,Hash\_NC,RREQ\_CF\_Hash,RREQ\_FF\_Si{g}_s,RREQ\_FF\_Si{g}_A,E_{k_d}\left(T_s\right)]$$

After receiving the routing request message, intermediate node B will perform the following operations:

Step1: According to $RREQ\_CF\_Hash$ and $Hash\_NC$, verify whether the hop value and serial number are maliciously modified.

Step2: Verify the signature $RREQ\_FF\_Si{g}_A$ of the previous hop node A.

Step3: Verify the signature $RREQ\_FF\_Si{g}_s$ of the source node with the public key of the source node S.

After verification, the reverse path to the source node is also established, the hop value is increased by 1, and the corresponding hash operation is performed. The node updates the value of the $RREQ\_CF\_Hash$ field, and then resigns the packet to be forwarded with its own private key and replaces the signature $RREQ\_FF\_Si{g}_A$ of the previous hop node. The node continues to broadcast this route request message, the format is as follows:

$$B\to \ast :[RREQ,Hash\_NC,RREQ\_CF\_Hash,RREQ\_FF\_Si{g}_s,RREQ\_FF\_Si{g}_B,E_{k_d}\left(T_s\right)]$$

After receiving the routing request packet, the destination node performs the same process, decrypts $T_s$ with its own private key after successful verification, and randomly selects an integer $X_d\in \left[2,n-2\right]$ to calculate $T_d=X_d\times G\left(\mathrm{mod}q\right)$. According to the established reverse path, unicast route replies the message to the previous hop node B.

$$D\to B:[RREQ,Hash\_NC,RREQ\_CF\_Hash,RREQ\_FF\_Si{g}_d,Null,E_{k_s}\left(T_d\right)]$$

After receiving the message, the intermediate node also performs relevant verification first. The process is the same as the routing request process, which is not described here. Finally, the source node S receives the RREP message, and after all verifications are passed, it also decrypts $T_d$ with its own private key, and the process of route discovery ends.

After the source node and the destination node receive $T_d$ and $T_s$, respectively, their shared session key can be calculated. The calculation process of source node S is as follows:

$$V_d=P_d+h\left(I{D}_d\right)\times G+\left[\left(X\left(P_d\right)+h\left(I{D}_d\right)\right)\mathrm{mod}n\right]\times P_{SA}$$

(7)

$$SK=X_s\times V_d+S_s\times T_d=\left(X_s{S}_d\mathrm{mod}n\right)\times G+\left(S_s{X}_d\mathrm{mod}n\right)\times G$$

(8)

The calculation process of destination node D is as follows:

$$V_s=P_s+h\left(I{D}_s\right)\times G+\left[\left(X\left(P_s\right)+h\left(I{D}_s\right)\right)\mathrm{mod}n\right]\times P_{SA}$$

(9)

$$SK=X_d\times V_s+S_d\times T_s=\left(X_d{S}_s\mathrm{mod}n\right)\times G+\left(S_d{X}_s\mathrm{mod}n\right)\times G$$

(10)

In this way, the source node S and the destination node D have the shared session key SK. In the next stage of data transmission, the efficient symmetric cryptosystem can be used to complete the secure transmission of a large number of real-time data.

3.2.3. The Process of Routing Maintenance

When a link is interrupted due to node movement or node energy exhaustion in the routing path, the upstream node of the link will send a routing error message (RERR) to notify the upstream node containing this path to delete the corresponding routing table entry. In order to prevent malicious nodes from publishing false routing error information by forging RERR messages, it is necessary to perform identity authentication on the nodes that send RERR messages. Therefore, the intermediate node must sign the RERR message with its own private key. Assume that in Figure 3, the link between nodes A and B is interrupted, and node A will send a routing error message along the reverse path to notify source node S to delete the corresponding routing table entry.

$$A\to S:[RERR,RERR\_Si{g}_A]$$

After receiving the routing error message, the upstream node authenticates the source node of the message. Only after the source node of RERR message is authenticated can the corresponding routing table entries be deleted from the routing table. This prevents the illegal node from destroying the network operation by forging the RERR message.

4. Simulation and Numerical Results

In this paper, the network simulation software NS2 with an open source code and good scalability is used to build a network simulation platform, and the effectiveness of the proposed secure routing scheme is verified through simulation and evaluation.

Table 4. Symbol definition.

Parameter	Value
Moving range of UAV	1000 m × 1000 m
UAV mobile model	Random waypoint
Number of UAVs	50
Maximum speed of UAV	0–20 m/s
Traffic type	CBR
Packet transmission rate	4 packet/s
The size of packet	512 Byte
MAC protocol	802.11 b
Data rate	1 Mbps
Routing protocol	AODV, SAODV, ISAODV
Simulation time	300 s
Carrier sensing distance	550 m
UAV node coverage	250 m
Bandwidth	2 Mbps
Transmission power	0.28 W

shows the simulation parameters setting of the UAV communication network based on NS2. In this paper, the UAV communication network is arranged in a geographical range of 1000 m × 1000 m. The UAV uses a random waypoint model and the data rate is set to 1 Mbps. The MAC protocol adopts 802.11 b protocol. The CBR source generates four packets per second, and the size of each packet is 512 bytes. Each simulation time is 300 s.

The UAV communication network has the characteristics of open channel, dynamic topology, no center authorization, distributed cooperation, and limited bandwidth. It adopts the form of dynamic network to complete the interconnection of the internal members of the cluster. Considering the limited bandwidth and low capacity of UAV communication network, it is easy to be affected by signal collision and noise interference during communication. In this paper, the carrier sensing distance of the UAV communication network is set to 550 m, the UAV node coverage is set to 250 m, the bandwidth is set to 2 Mbps, and the transmission power is set to 0.28 W. All parameter settings support the special nature of the UAV communication network.

In this paper, packet delivery radio (PDR), average throughput, and average end-to-end delay are obtained to evaluate the performance of the proposed secure routing protocol.

$$\mathrm{PDR}=\frac{\mathrm{Number}\hspace{0.17em}\mathrm{of}\hspace{0.17em}\mathrm{packet}\hspace{0.17em}\mathrm{received}}{\mathrm{Number}\hspace{0.17em}\mathrm{of}\hspace{0.17em}\mathrm{packet}\hspace{0.17em}\mathrm{sent}}$$

(11)

PDR is the ratio of the number of packets received to the number of packets sent. From this ratio, it can be seen that the number of data was successfully transmitted in the whole network and the amount of data was lost due to link failure in the transmission process. This parameter can well reflect the efficiency of the routing protocol in data transmission.

$$\mathrm{Throughput}=\frac{\mathrm{reiceived}\hspace{0.17em}\mathrm{packets}\times \mathrm{packet}\hspace{0.17em}\mathrm{size}\times 8}{\mathrm{Total}\hspace{0.17em}\mathrm{time}\hspace{0.17em}\mathrm{of}\hspace{0.17em}\mathrm{transmission}}$$

(12)

Network throughput characterizes the network transmission rate. The larger the throughput, the higher the transmission rate.

$$\mathrm{Delay}=\frac{{\displaystyle \sum \left(\mathrm{Arrive}\hspace{0.17em}\mathrm{time}-\mathrm{Send}\hspace{0.17em}\mathrm{time}\right)}}{\mathrm{Number}\hspace{0.17em}\mathrm{of}\hspace{0.17em}\mathrm{connection}}$$

(13)

The end-to-end delay refers to the time between the source node sending data and the receiving node receiving data, including routing time and data forwarding time. It can reflect whether the network is unobstructed. The smaller the delay, the better the network.

$$\mathrm{Routing}\hspace{0.17em}\mathrm{overhead}=\frac{\mathrm{num}\_\mathrm{rte}\_\mathrm{pkt}}{\mathrm{num}\_\mathrm{data}\_\mathrm{pkt}}$$

(14)

where, num_rte_pkt represents the number of control packets used for route discovery and route maintenance. The num_data_pkt represents the number of data packets received. The routing overhead represents the number of routing control packets needed to successfully transmit a data packet. The smaller the routing overhead, the less additional control packets are required for stable transmission of messages.

The simulation experiment in this paper is divided into two situations. Firstly, the performance of ISAODV is compared with AODV and SAODV under normal conditions. Secondly, the performance of ISAODV is compared with AODV and SAODV after adding malicious nodes.

Figure 4 and Figure 5 show the PDR and throughput of UAV communication network under normal conditions, respectively. As can be seen from the figure, the performance of ISADOV and SAODV routing protocols in the packet delivery rate and throughput is very close to the AODV routing protocol. This shows that the ISAODV and SAODV routing protocols inherit the characteristics of the AODV routing protocol and maintain the route discovery and route maintenance capabilities of the AODV routing protocol to the greatest extent. With the increase of the moving speed of UAVs, the link state changes frequently, and the rate of processing packets decreases, which leads to the decrease of packet delivery rate and throughput. Therefore, the faster the UAV moves, the more unstable the communication quality is.

In this paper, the common malicious node attack model is implemented in the simulation experiment. After receiving the RREQ message that does not take itself as the destination node, the malicious node will immediately reply to RREP and set the hop number to 1. The source node chooses the path of the malicious node for data transmission, and all packets passing through the malicious node will be discarded. In the simulation experiment, five malicious nodes are set up.

Figure 6 and Figure 7 show the PDR and throughput of UAV communication network after adding malicious nodes, respectively. As can be seen from the figure, the packet delivery rate and throughput of AODV routing protocol without the security guarantee are much lower than those under normal conditions when there are malicious nodes in the network, and the performance is far lower than ISAODV and SAODV routing protocols. Due to the added security guarantee, the packet delivery rate and throughput of SAODV and ISAODV routing protocols have not decreased significantly with the addition of malicious nodes. Therefore, SAODV and ISAODV routing protocols can effectively resist malicious node attacks, and the effect of ISAODV is better than SAODV, with higher security.

Figure 8 shows the end-to-end delay of UAV communication network under normal conditions. It can be seen from the figure that the delay of AODV is the lowest no matter what mobile rate the node is. The delay of SAODV is higher than that of ISAODV. This is because the complexity of the algorithm is related to the packet delay. The AODV routing protocol does not consider the security factor, so the complexity of the algorithm is relatively low and the delay is the lowest. Since each node on the active path of the SAODV protocol must be authenticated and signed based on the CA certificate, the complexity of information transmission is much higher than that of ISAODV based on the elliptic curve cryptosystem. The end-to-end delays of the three protocols increase as the speed of the UAV moves. This is because when the link state changes frequently, the chance of signal collision and collision increases, the proportion of route failure increases sharply, and the route reconstruction process suddenly becomes frequent, thereby increasing the end-to-end delay.

Figure 9 shows the end-to-end delay of UAV communication network after adding malicious nodes. As can be seen from the figure, after adding malicious nodes to the network, the end-to-end delay of the AODV routing protocol is still the lowest. This is because the AODV routing protocol does not consider the security factor, and its algorithm complexity is low. Due to the added security guarantees, SAODV and ISAODV routing protocols have higher computational overhead and higher algorithm complexity, so the delay is also higher. Since the algorithm complexity of the SAODV routing protocol is higher than the ISAODV routing protocol based on the elliptic curve cryptosystem, the delay of SAODV is higher than that of ISAODV.

Figure 10 shows the routing overhead under normal conditions. It can be seen from the figure that when the UAV moves at a low speed, there is less route breakage, while when the speed increases, the protocol needs to maintain the route frequently, resulting in a sharp increase in routing overhead. The performance of ISAODV routing protocol is very close to AODV routing protocol in terms of routing overhead, which shows that the improved protocol inherits the characteristics of the original protocol and maintains the routing discovery and maintenance capabilities of the original protocol to the greatest extent. Figure 11 shows the routing overhead after adding malicious nodes. It can be seen from the figure that with the addition of malicious nodes, the routing overhead of AODV routing protocol increases, and the link stability becomes worse, while the routing overhead of ISAODV and SAODV does not change significantly compared with that under normal conditions, which indicates that the secure routing protocol maintains the link stability well. Moreover, the routing overhead of ISAODV is the smallest among the three protocols, and the link stability is the best.

5. Conclusions

The AODV routing protocol in the UAV communication network has good performance, but its security is poor and it is easy to be attacked. In this paper, the elliptic cryptosystem is introduced into AODV routing protocol to complete the authentication function, and an improved secure routing protocol is proposed based on the advantages of the existing SAODV routing protocol. Through the simulation of three routing protocols (AODV, SAODV, ISAODV), the performance indicators such as packet delivery rate, throughput, and end-to-end delay are compared and studied. The simulation results show that the ISAODV routing protocol not only inherits the efficient route discovery and maintenance capabilities of the AODV routing protocol, but also reduces the complexity of the algorithm and has lower delay compared with the SAODV routing protocol. When there are malicious nodes in the UAV communication network, the ISAODV routing protocol can effectively improve the security of the network.