A Study on High Secure and Efficient MANET Routing Scheme

Inmobile ad hoc networks (MANETs), the more applications we use, the more security is required. In this paper, we propose a high secure and efficient routing scheme that not only satisfies the properties of anonymity, security, authentication, nonrepudiation, and unforgeability that the previous paper achieved for ad hoc networks, but also satisfies other necessary properties such as confidentiality, traceability, and flexibility for multipaths in order to make the ad hoc environment more secure and practicable.


Introduction
In the near future, wireless networks will play an impartment role in information communication and transmission.Compared to wired network environments, wireless networks are more convenient for users in that users can connect to the Internet with mobility.Once the foundation equipment has been established, the user can use the mobile devices such as PDAs or notebooks to access resources on the Internet anywhere.Many practical daily problems can be solved in the mobile environment-for example, finding locations, booking seats on a plane, or finding the shortest path to a destination.Users can obtain answers to questions quickly in the mobile environment through the use of mobile devices and wireless networks [1].The more applications are found for wireless networks, the more security issues are being discussed for wireless networks.In 2013, this paper proposed an anonymous authentication scheme which ensures user unlinkability.It is impossible for attackers to know that particular sessions, which have already occurred several times, are originated from one same user [2].The findings in this paper are useful for identifying the factors that must be managed for NFC-based mobile payment services [3,4].In 2013, the paper proposed an energy efficient method for clustering the nodes in the network [5].The paper proposed an ETSI complaint geonetworking protocol layer and discussed the architecture of our implementation [6].
This paper proposed a network-based handover scheme for Host Identity Protocol in the mobile networks, in which the access routers of the mobile node will establish a handover tunnel and will perform the route optimization for data transmission [7].Recently, this paper proposed the security based algorithmic approach in the mobile ad hoc networks [8,9].
Routing is an important networking function in mobile ad hoc networks [10,11].Therefore, an enemy can collapse a network operation easily by attacking the routing protocol.Many researchers have proposed secure routing protocols for ad hoc networks [12][13][14][15].The security of those protocols has been analyzed by informal means or formal methods that have never been intended for the analysis of this kind of protocol [16].Other attacks can be found in [12].There are two functions for routing: route discovery and packet forwarding.Route discovery is concerned with discovering routes between nodes, and packet forwarding is concerned with sending data packets through the previously discovered routes.There are different types of ad hoc routing protocols.One can distinguish proactive (e.g., OLSR [13]) and reactive (e.g., AODV [17] and DSR [18]) protocols.
In previous studies, wireless security studies [11,[19][20][21][22], researchers have mainly proposed that security issues be considered in the wireless network.These researchers have suggested that there are two kinds of attack behavior: (1) passive attack behavior [23] and (2) active attack behavior 2 Journal of Sensors [24].Passive attacks involve attackers who do not transmit packets to attack the victim's computer but rather eavesdrop on messages sent to/from the victim's computer to affect the privacy and the anonymity between the sender and the receiver.Active attacks involve transmitting packets to attack and affect the operation of the victim's computer.From the viewpoint of the user, there are two kinds of denial-ofservice (DoS): (1) routing-disruption attacks, in which the attacker attempts to forge the legal packet that is transmitted, and (2) resource-consumption attacks, in which the attacker transmits mass meaningless packets to occupy the user's bandwidth, waste memory and computing resources, and paralyze the service and operation ability of the computer.

Literature Review
Compared to wired networks, the wireless network is easy to attack because of its openness, its dynamic network topology, and its lack of the central monitoring and management.Security issues are becoming more and more important in wireless networks.Several wireless security studies [25][26][27] have discussed the properties of security, such as confidentiality, integrity, authentication, availability, fairness, anonymity, non-source-based routing, resilience against path hijacking, lack of source control over route length, and privacy.There are several properties of ad hoc routing security: reliability, confidentiality, integrity, and verification [28,29].
Reliability.The attacker interferes with the physical layer and makes the data cannot be delivered.Or the attacker breaks down the network routing function and creates topology splits.Alternatively, the network could incur a DoS attack.
Confidentiality.Because the MANET was originally applied in military environments, not only the general information, but also the routing information must be kept confidential.If this is done, the enemy will be unable to find the target position through the routing information.
Integrity.To ensure that delivered data will not be forged or modified by the attacker, some secure methods can be applied to retain information integrity [30].
Verification.In MANETs, each node plays the role of routing the path or verifying the data.Because the data must be delivered by trusted nodes, it is very important to verify whether the nodes are trusted.In Boukerche's scheme [31], an anonymous wireless protocol was proposed.The source generated a path discovery phase.The source sent a request packet with some information including a trust requirement, a one-time public/private key pair, and a destination identity.Each middle node had a mapping table to map the session and the session key that the node should use.If the middle node had received the request packet previously, it would ignore the packet.The node would decrypt the packet using the session key and forward the packet in the direction of the destination.Each middle node that received the packet would try to decrypt it using its own private key.Then it will forward the encrypted packets to its next hop.
Then the destination will collect all the identities and session keys, encrypt the information using each middle node's session key, and forward the message back to the source.In the path reverse phase, the middle nodes in the reverse path will receive the packets.After that, each middle node will decrypt the packet using its privacy key and then will obtain the temporal privacy key.The middle node will decrypt and obtain the identities session key and random numbers of all the middle nodes.Then the receiver will compose the messages from the destination to the source; this includes all the random numbers and session keys.All the information will be encrypted by each node's session key and operated using the next node's random number sequentially.Thus, each node on the reverser path will execute an exclusive-OR (XOR) operation with its random number and obtain the session key.After the source obtains all the messages from the middle nodes, it will generate a mapping table through the middle node identity and the random number of each middle node identity and then will transmit the mapping table to its next node in the reserve path.Then, in the data transfer phase, it will use a secure forwarding protocol such as Onion [22].After the source obtains the reserve path message and verifies that the message is correct, it will encrypt the message using the middle nodes' session key sequentially.Each middle node simply needs to decrypt the message by its own session key and forward the message to its next node to the destination.
In this scheme, the packets are anonymous, secure, and private in the transmitting phase.The scheme can prevent the attacker from analyzing the network flow and provide the privacy of the sender and receiver.All the nodes can establish the location information and the anonymous routing paths by exchanging routing information.In the ad hoc environment, because of node mobility, it is difficult to establish all of the location information for all the nodes.Thus, the scheme proposes a distributed routing scheme to establish an anonymous routing path and achieve the security properties of nonsource-based routing and resilience against path hijacking.But Boukerche's scheme still has some aspects that could be improved, such as efficiency.Boukerche's scheme uses lots of public key system operations, and this could lead to increased power consumption, wasted memory space, and increased operating time for each node.Wu et al. 's scheme [32] proposes a zone-based anonymous positioning routing protocol (ZAP) and includes three wireless transmitting systems with different degrees of anonymity.In this scheme, the client generates an anonymous zone (AZ) and sends a data request to the server.After the server receives the data request, it follows the three different anonymous systems to execute the wireless transmission.The following are the three anonymous wireless transmitting systems.

ZAP with Pseudo Destination (PD-ZAP).
The destination will generate a pseudo destination (PD) randomly, not far from the destination.The PD location will be marked in the packet and sent to the server.The server then sends the data packets in the direction of the pseudo destination.Finally, the data packets are sent to a node that is the closest node to the pseudo destination.Then the node is set as a proxy.The proxy broadcasts the data packets to its neighbors by its maximum transmission range.Because the real destination is not far from the pseudo destination, the real destination can receive the data packets.

Geocasting Anonymous Approach (G-ZAP).
The distance between the destination and the pseudo destination will not be too far.The node chooses a circle area as the destinationanonymous zone (D-AZ).The server sends the data to the center of the D-AZ, and the first node to receive the data in the circle will be the proxy.The proxy will flood the data to each node in the D-AZ.

ZAP with Route Redundancy (RR-ZAP).
As in the PD-ZAP, in the RR-ZAP, the destination generates a pseudo destination (PD) randomly, not far from the destination.But the distance between the destination and the pseudo destination, in this case, is kept for several hops, and the location of the destination is closer than that of the pseudo destination.Because Wu et al. 's scheme uses a DSR-like protocol [29], the server's data has to pass the real destination to the pseudo destination, and the real destination can thus obtain the data.
Wu et al. 's scheme can only achieve anonymity for a destination; the server cannot be anonymous.Additionally, the degree of anonymity in Wu et al. 's system depends on the node numbers in the anonymity zone (AZ).We can estimate the approximate location of the destination because the scheme uses the greedy geoforwarding protocol.Every forwarder can know the approximate location of the client.Lastly, Wu et al. 's scheme has only one single path; if the path is jammed, it will cause a transmission delay, which is not flexible.
Furthermore, there are some aspects of Boukerche's scheme that could be improved, such as efficiency.Boukerche's scheme expends a large amount of computing resources to the nodes for public key system processing, and this also costs memory and consumes power.In the next section, we will introduce a new wireless ad hoc scheme with both security and efficiency properties.This scheme is adaptive to the real wireless environment.

A High Secure and Efficient MANET Routing Scheme
In this section, a new wireless ad hoc scheme with both security and efficiency properties will be proposed.This scheme is adaptive to the real wireless environment.Our scheme not only satisfies the requirements of previous schemes, such as security, authentication, unforgeability, and nonrepudiation, but also includes source anonymity, destination anonymity, middle node anonymity, confidentiality, traceability, and flexibility for multipaths.It also offers improved efficiency in order to make the wireless environment more practical.There are four phases in the proposed secure routing scheme: (1) the transmitting request phase, (2) the request reply phase, (3) the data transmitting phase, and (4) the data transmitted phase.The details of this proposed secure routing scheme follow.
Then, the sender  signs the sender's identity   , the receiver's identity   , the transmit requesting time   , the data size   , and the sender's random number   by the sender's private key   and executes a XOR operation ⊕ with the session key   and the shared secret key   .All the messages above would be encrypted by the receiver's public key   .Then the data is added by transmitting the serial number   and the shared public key   .All the messages are broadcasted throughout the wireless ad hoc networks.We would replace ], Initial,   ,   .By broadcasting, a node  1 at one hub distance from the sender  uses the shared public key   to encrypt the identity number  1  of the  1 , the time the  1 receives the message  1 ,  1 's random number  1 , and the total forwarding time  1 .The ciphertext above would add the original information: the data transmitting serial number   and the shared public key   .It then broadcasts the message continually to the node  2 at two-hub distance from the sender .We would replace the ciphertext Then, the node  2 would encrypt the identity number  2  of the  2 , the data received time  2 of  2 , the random number  2 chosen by  2 , and the total forwarding time  2 .The messages above add the data transmitting serial number   , the shared public key   , and all the information about node1  1  .Then the message would be broadcasted continually to the node  3 at three hubs away from the sender .We would replace the ciphertext Finally, the receiver  obtains the broadcasted message and decrypts the message Initial using the receiver's secret key   to obtain the transmitting request message from the sender .The receiver  then verifies whether the message    [  ,   ,   ,   ,   ] was sent from the sender  using the sender's public key   and obtains the sender's identity   , the receiver's identity   , the transmit requesting time   , the data size   , and the sender's random number   .Receiver  would establish the different path in routing table from the sender  to the receiver .The receiver  would decrypt    in order to obtain the identity of each node    and the total forwarding time   to know the paths from the sender  to the receiver .Because the total forwarding time for each path would be different, the receiver  would choose the paths ℎ  that have the different nodes for each path (without the same node in two paths).

Request Reply
Then the total forwarding time   would be ordered from few to many and the sender  could consider some issues in order to decide to receive the data.Considering the specific number of hub-count, wanting to finish the transmitting as soon as possible, wanting to save power, or wanting to avoid the malicious middle node, the receiver  could choose a multipath.Considering reducing the traffic jam for a specific area/time slot in the ad hoc networks, the receiver  could choose a multipath.
Figure 1 shows the environment of the ad hoc networks.For the secure reason, they are assumed to choose the multipath because there are two paths for the fewest number, the fewest number is 3, of the total forwarding time   : There is one path for the total forwarding time   : In order to avoid a malicious middle node to guess the hub-count range by the amounts of the value in the information path from the sender  to the receiver , the pseudo values   11 to   3 would be added to confuse the malicious middle node.The pseudo value could be added arbitrarily.In  → All, for avoiding the collusion of the middle nodes, the identity of each node would be replaced as follows: Therefore, as even the middle nodes collude, it is impossible to map out the same identity for the middle node in order to protect the receiver .In each path, the receiver  would, respectively, choose a random number   for his one-hubcount distance neighbor and a random number  −1  for his two-hub neighbor and then execute a XOR operation ⊕, for example,  3 ⊕  2  .Therefore, when the message from the receiver  is sent back to the sender , because the middle nodes know their chosen random number   , when the node executes a XOR ⊕ operation with the message and his random number   , the node can know what the identity is of the next node and forwards the message to the next node.For example, The receiver  would encrypt the sender's identity   , the receiver's identity   , the sender's random number   , the receiver's random number   , the data size   , transmit requesting time time S , data received time   , and the routing table of receiver   by the session key   and would then execute a XOR operation ⊕ with the sender's random number   .In ℎ 1 , the middle nodes would execute a XOR operation ⊕ with each node's data transmitted time   , the data transmitting serial number   , and the ℎ 1 .Therefore, only the node could know these messages by its random number   and computes the next node in order to forward the message.ℎ 1 shows that the receiver  transmits the message to the  3 and the  3 could compute to obtain the message [ 3 ,   , ℎ 1 ] by its random number  3 .After the  3 confirms the data transmitted time  3 and the data transmitting serial number   , it could execute a XOR operation ⊕ with the identity  2  of  2 by  3 's random number  3 : Then  3 would forward the message to  2 .The pseudo values   41 , . . .,   4 could be increased or decreased dynamically.The forwarding method for ℎ 2 and ℎ 3 is similar to that for ℎ 1 .We would replace the message    [  ,   ,   ,   ,  1 , . . .,  10 ,   ,   ,   ,  ] ⊕   with Back: After  2 receives the message from  3 ,  2 would do the same thing to confirm the data transmitted time  2 and the data transmitting serial number   and would then obtain the message identity  1  of  1 in ℎ 1 by executing a XOR operation with its random number  2 and sending the message to  1 .The method for ℎ 2 and ℎ 3 is similar to that for ℎ 1 : After  1 receives the message from  2 ,  1 would do the same thing to confirm the data transmitted time  1 and the data transmitting serial number   and then obtains the message identity  1  of  1 in ℎ 1 by executing a XOR operation with its random number  1 and sending the message to the sender .The method for ℎ 2 and ℎ 3 is similar to that for ℎ 1 : (i) : To Obtain the Information for Each Node, S Executes a XOR Operation with  1 to  10 .The sender  would, respectively, execute the XOR operation ⊕ with the random number  1 , . .., to  10 , for  1 and the message  1 ⊕  1  on the routing table of the receiver's  , for  2 and the message  2 ⊕ 2  , . .., to node 10 and the message  10 ⊕  9  , in order to obtain the identity of each middle node.For example,  1 ⊕  1  ⊕  1 =  1  ,  2 ⊕  1  ⊕  2 =  1  .

Data Transmitting Phase.
could establish the different routing paths for different requirements.The sender  would execute the one-way hash function for the  1  = ℎ(  ),  2  = ℎ(2  ), and  3  = ℎ(3  ).The same method that the receiver  uses in the request reply phase in order to avoid the guessing from the malicious middle node to know the possible range of the receiver  and the sender  and the pseudo values   11 to   3 would be added to expand the guessing range.The pseudo value   could be added dynamically.For avoiding the collusion of the middle nodes, the sender  would execute the one-way hash function for the  1  = ℎ(  ),  2  = ℎ(2  ), and  3  = ℎ(3  ).
Even though the middle nodes collude to guess for the sender , they could not find the same identity for the sender .In each path, the sender  would, respectively, choose a random number   for his one-hub-count distance When the sender  starts to transmit the data by ℎ 1 , it would encrypt  1  , the transmit requesting time   , the data transmitted time   , the sender's random number   , the receiver's random number   , and the data transmitting serial number   by the session key   .The ciphertext above would execute a XOR operation ⊕ with the receiver's random number   and then the ciphertext would execute a XOR operation ⊕ with each node's random number   , respectively.Finally, all the messages would be transmitted to  1 . 2 and  3 on ℎ 1 would do the same thing to execute the similar operation and forward the message to the receiver .The nodes in ℎ 2 and ℎ 3 would do the same thing to execute the similar operation and forward the message to the receiver .
(i)  → :    [  ,   ,   ,   ,   ,   ,   ] ⊕  .If the receiver  does not obtain all the data from the sender , the receiver  would encrypt the sender's identity   , the receiver's identity   , the sender's random number   , the receiver's random number   , the data transmitting serial number   , the data transmitted time   , and the resend request   by the session key   to request that the sender  resend the lacking data.

Transmitted Finish Phase
(i)  → :    [  ,   ,   ,   ,   , ] ⊕   , ℎ  .Finally, after all of the data has been transmitted to the receiver , the receiver  would encrypt the   , the transmit requesting time   , the data transmitted time   , the sender's random number   , the receiver's random number   , and the acknowledgment information ACK by the session key   .Then, the ciphertext above would execute a XOR operation with the receiver's random number   , added the path information ℎ  , and transmitted it to the sender  to inform that the data transmitting is finished.

Security and Property Analysis
In this section, we analyze the property of security and the function for the proposed scheme.

Anonymity
4.1.1.Source Anonymity.In Boukerche's path discovery phase, the source ID had been encrypted by its session key and the source's session key had been encrypted by the destination's public key; only the destination can be decrypted and obtains the source's session key by its secret key and the destination can be decrypted and obtain the source ID by the source's session key.In the scheme of PD-ZAP, G-ZAP, and RR-ZAP, because the packets do not add the destination ID information and the node mobility property in a mobile ad hoc environment, even the proxy has changed, the broadcasting or flooding area has changed, and the destination area still can be found and the data can be obtained.
In the transmitting request phase of our scheme, because the sender's identity   is encrypted by the receiver's public key, only the receiver in   →   can decrypt the message by using the receiver's secret key.Therefore, the sender's identity   is anonymous.In the request reply phase, because the sender's identity   is encrypted by the session key   , in  →  3 ,  →  6 , and  →  10 , and executed a XOR operation with the receiver's random number   , the sender's identity   is therefore anonymous.

Destination Anonymity.
In the path discovery phase of Boukerche's scheme, the destination ID would be encrypted by the destination public key and the destination can decrypt and obtain the destination ID by using its secret key.
In the scheme of PD-ZAP, the closest node to the destination will be chosen as a proxy and it will broadcast the data to its neighbors.Because the destination is not far from the pseudo destination, the destination still can receive the data.But the malicious node can realize that the destination is near the proxy if it detects that a proxy broadcasts data.
For the G-ZAP scheme, the first node that receives the data will be the proxy in the destination-anonymous zone.The proxy will flood the data to every node in the anonymous zone.Because the destination is not far from the pseudo destination, the malicious node will in the distance of Proxy's maximum transmitting range.
For the RR-ZAP scheme, the destination will generate a pseudo destination (PD) randomly and place itself in the middle between the source and the pseudo destination.The destination will keep several hops of distance from the pseudo destination.Wu et al. 's scheme uses the GPRS-likescheme as its routing protocol; therefore, when the source sends the data to the pseudo destination, the data must pass the real destination.So the malicious node can still know that the destination is in the path from the source to the pseudo destination.
In the transmitting request phase of our scheme, because the receiver's identity   is encrypted by the receiver's public key   , only the receiver  in   →   can decrypt the message by using the receiver's secret key.Therefore, the receiver's identity   is anonymous.In the request reply phase, because the receiver's identity   is encrypted by the session key   , in  →  3 ,  →  6 , and  →  10 , and has been executed by a XOR operation with the receiver's random number   , the receiver's identity   is therefore anonymous.

Middle Node Anonymity.
In the path discovery phase of Boukerche's scheme, whatever node obtained the temporal secret key can decrypt the data forwarded from the other node.And the node will know that the data is coming from the destination and which nodes are the forwarding nodes.
In the PD-ZAP scheme, the middle node will choose a next forwarding node by exchanging the location information.And each node has the neighbors list so a node can obtain some information about other middle nodes.
The G-ZAP and RR-ZAP scheme are just like PD-ZAP and the middle node will obtain a neighbors list by exchanging the location information.So it can obtain some information of other middle nodes.
In  1 →  2 and  2 →  3 , the middle nodes  1  to  10  use the common secret key to encrypt the data and only the source and the receiver in   →   have the common secret key   , so the middle nodes  1  to  10  are anonymous.For the identity    of any middle node, besides the source and receiver, only the middle node has its own random number    , so the middle node can decrypt the 4.2.Security.In Boukerche's scheme, PD-ZAP, G-ZAP, and RR-ZAP schemes all use both the symmetrical encryption system and asymmetrical encryption system.So they all are satisfied with the security property.

Confidentiality.
In the path discovery phase of Boukerche's scheme, the message is encrypted by the symmetric cryptosystem and asymmetric cryptosystem.In the path reverse phase and data transfer phase of Boukerche's scheme, the message is encrypted by the symmetric cryptosystem.
In the PD-ZAP, G-ZAP, and RR-ZAP schemes, the destination will generate a symmetric key first and encrypt the request message and the symmetric key with the server's public key.Then, the destination will send the encrypted message to the server.After the server obtains the symmetric key, all the messages will be encrypted with the symmetric key.
In our scheme, the equations  → All,  1 →  2 ,  2 →  3 , and   →   are encrypted/decrypted by the symmetric cryptosystem, to ensure data confidentiality.The  →  3 ,  →  6 ,  →  10 ,  3 →  2 ,  6 →  5 ,  10 →  9 ,  2 →  1 ,  5 →  4 ,  9 →  8 ,  1 → ,  4 → , and  7 →  are encrypted/decrypted by the session key cryptosystem, to ensure data confidentiality, and only node  and receiver  know the node's random number   , so only the previous node will know the identity    for its next node on the forwarding path.Other nodes on the path cannot know the identity    .In  → All, the other nodes only know that there are some messages that need to be forwarded.By the receiver's routing table  , there are some extra pseudo values   , so the middle nodes do not know exactly how many middle nodes exist on the forwarding path, not to mention the identity of the sender and receiver.

Authentication.
In the path discovery phase, the sender will encrypt the symmetric key with the receiver's public key and sends it to the receiver.After the receiver obtains the symmetric key, it can obtain and verify the identity of the sender.The message is signed by the sender's secret key, so the receiver can verify the message.
In the schemes of PD-ZAP, G-ZAP, and RR-ZAP, there is the HMAC from destination, and the server can verify all the data by the HMAC.Only the destination and server have the symmetric key, so if some packets can be decrypted by the symmetric key, each of them can confirm that the packets do come from the other.
In  → All, the message [  ,   ,   ,   ,   ] would be signed by the sender's private key   ; in the request reply phase, the receiver  could authenticate whether these messages are from the sender  by the sender's public key   .The sender  could not deny the messages.Therefore, the property of nonrepudiation could be satisfied.In the request reply phase, because the receiver  has the receiver's routing table  , there are the random numbers  1 , . . .,  10 for each node in the message Back.Each node  1 − 10 could not deny the messages for the sender  and the receiver , and only the sender  and the receiver  have the session key   , the sender's identity   , the receiver's identity   , the sender's identity   , the receiver's identity   , the transmit requesting time   , and the data received time   .Therefore, both the sender  and the receiver  could not deny the messages.4.5.Traceability.In the path discovery phase of Boukerche's scheme, each middle node will transmit its own identity to receiver, so the receiver will know who the exact forwarding nodes between source and receiver are.In the path reverse phase and data transfer phase, the replied messages from the receiver do not include the identity of the middle nodes, but rather the session keys of the middle nodes, so the resource cannot know who the middle nodes are.
In the schemes of PD-ZAP, G-ZAP, and RR-ZAP, although the middle node has exchanged information with its neighbors and has a neighbors list, it does not transmit its own identity information when forwarding the data, so the server and destination cannot know who the middle nodes are.
In  → All, the sender's identity   , the receiver's identity   , the data request time   , the data size   , and the sender random number   will be signed by the sender's secret key   and encrypted by the receiver's public key   , so the receiver in the request reply phase can verify if the forwarding data in multipath from  1 →  2 ,  2 →  3 , and   →   is correct or not.4.6.Nonrepudiation.In Boukerche's phase of Boukerche's scheme, because the source has signed with the sender's secret key, the source cannot deny it does not send the data.The middle node also signs the data it has received before and forwards the data, so the middle node cannot deny that it does not receive the data.In the path reverse phase, because the source can obtain the encrypted session key and it sends the source session key to the receiver in the path discovery phase, the receiver cannot deny that it does not transmit the data, similarly to the middle nodes.
In the schemes of PD-ZAP, G-ZAP, and RR-ZAP, the destination has encrypted and sent the data to the server, but there is no identity of destination, destination signature, or identity-verified information, so the destination can deny that it does not receive the forwarding message.The middle node is only in charge of forwarding the data encrypted by the symmetric key, so the middle node can deny that it does not receive the forwarding data.The server encrypted by with the symmetric key and sent the data to the destination, so the server cannot deny that it does not receive the destination's request message and has forwarded the data to the destination.
In  → All, the message [  ,   ,   ,   ,   ] has been signed with the source's secret key.In the request reply phase, the receiver can verify if the data came from the sender with the sender's public key   , and the sender cannot deny that it does not transmit the data.In the request reply phase, because the receiver has the receiver routing table and the back has a lot of middle nodes' random numbers  1 to  10 , each middle node  1 - 10 cannot deny that it does not forward the data for the source and receiver.Because of the session key   , sender's identity   , receiver's identity   , and the sender's random number   which only the sender and receiver can own, the sender and receiver cannot deny that they have not sent the messages.

Unforgeability.
In the path discovery phase of Boukerche's scheme, because the message has been signed by the sender's secret key and the message has been encrypted by the receiver's public key, the malicious node, the middle nodes, and the receiver cannot forge the message.The malicious node and the middle node obtain the temporal public key, encrypt the message with it, and attach the hash-verified data to the message, so the malicious node and other middle nodes cannot forge the message, for example, the identity ID and the key .Because the middle node has attached the hash-verified data to the message in the path reverse phase, the malicious node and other middle nodes cannot forge the message, for example, the identity ID and the key .
In the schemes of PD-ZAP, G-ZAP, and RR-ZAP, the destination does not attach any identity information, for example, the signature or identity.
The server sends the data to the destination encrypted with the symmetric key, so the server cannot deny that it does not receive the destination's request message and has sent to the destination.
In  → All, the messages   ⊕   ,   ⊕   and the sender's random numbers   have been signed by the sender's secret key   , so the request reply phase cannot be forged; the nodes will generate a random number r X depending on different source and destination, so each node's transmitting message cannot be forged.In the equations  → All,  1 →  2 ,  2 →  3 , and   →   , only the sender and receiver have the session key   , so, in the request reply phase, the encrypted value Back cannot be forged.If someone wants to replace or forge the value Back, the sender can send the sender's random number   and the session key   to know that the value Back has been replaced or forged.
4.8.Uncounterfeit.In the path discovery phase of Boukerche's scheme, because the sender's messages have been signed with its secret key and encrypted with the receiver's public key, the malicious node cannot counterfeit the sender.
The middle node has signed the hash value with its secret key before it forwards the packets, so the malicious node cannot counterfeit the middle node.In the path discovery phase, because the receiver's and middle node's messages have a hash value and the middle node has signed the hash value before forwarding the message, the malicious node cannot counterfeit the middle nodes or the receiver.
In the schemes of PD-ZAP, G-ZAP, and RR-ZAP, the destination has encrypted the message with the server's public key and sent the message to the server, but there is no information about the destination-verifying message, signature, or identity.The malicious node can counterfeit the destination and request the server to broadcast messages into any area the malicious node wants.4.9.Flexibility for Multipaths.In Boukerche's scheme, there is only one forwarding path, and it does not consider electricity consumption or the traffic-load balance by multipath.The schemes of PD-ZAP, G-ZAP, and RR-ZAP do not consider electricity consumption or the traffic-load balance by multipath but just forward the message with the GPRS [33].In our scheme, after the receiver  decrypts the value    , the receiver  could know the identity number of the node   between the sender  and the receiver  and the total forwarding time   from different paths.Because the different path has the different total forwarding time   , the receiver  would choose the path ℎ  with unique identity number of node    and sort the order for each path ℎ  by the total forwarding time   .Then, the sender  would decide to forward the data with single path or multipath with the consideration of the sender .For example, if the sender  wants to finish the transition faster, saving each node's power, or to avoid a malicious node between the sender  and the receiver , it would choose the multipath; if the sender  wants to reduce the traffic flow for the area/duration, the sender  would choose lesser paths or even single path.The comparison of secure functions is in Table 3.

Efficiency Analysis
Table 4 is the efficiency comparison table for each scheme.Boukerche's scheme and Wu et al. 's scheme do not consider the confirming process after the data transmission is finished.But, in our scheme, we have considered that.In Table 4, the efficiency in our scheme is better than that of Boukerche's.Although it is worse than Wu et al. 's scheme, but the efficiency and security could be tradeoff, and we think that security is more important.In the near future, with the improvement of CPU operation speed and the memory space, the operation speed for asymmetric encryption system could be decreased soon.

Conclusions
The proposed scheme is real and practical for the ad hoc environment.Its routing rule and transmission scheme are not only satisfied with the security properties of previous schemes, but also satisfied with the efficiency property.The proposed scheme is satisfied with the security properties of source anonymity, destination anonymity, middle node anonymity, security, confidentiality, authentication, traceability, nonrepudiation, unforgeability, uncounterfeit, and flexibility for multipaths.

Figure 1 :
Figure 1: The environment of the ad hoc network.
3.1.Transmitting Request Phase.(i)  → All:    [   [  ,   ,   ,   ,   ],   ⊕   ,   ⊕   ],   ,   .Firstly, the sender  broadcasts the packets to others in the ad hoc networks to announce that he wants to transmit the data.The sender  then generates a shared session key   for the receiver , a shared pair public key   for the receiver , a shared pair private key   for the receiver , a random number   chosen by the sender , the data transmitting serial number   =   ⊕ ℎ(  ,   ,   ,   ), and the identities of forwarding nodes on the sender's routing table  1  = ℎ(  ),  2  = ℎ(2  ), and

Table 1 :
The receiver's routing table.
Phase.After the receiver  obtains the sender's random number   , the receiver  would execute a XOR operation ⊕, respectively, with the messages   ⊕   ⊕   =   and   ⊕   ⊕   =   to get the shared secret key   and the session key   .The receiver  would decrypt the ciphertext including the information about the  1  ,  2  , . . .,    by the shared secret key   in order to obtain the identity of each node    , the data transmitted time of each node , the random number chosen by each node   , and the total forwarding time   .

Table 3 :
The comparison table of secure function.

Table 4 :
The efficiency comparison for each scheme.: one-time asymmetric encrypting/decrypting operation.  : one-time symmetric encrypting/decrypting operation. ℎ : one-time one-way hash function operation. ⊕ : one-time exclusive-OR operation.