Secure Vertical Handover to NEMO Using Hybrid Cryptosystem

Department of Computer Science and Engineering, NMAM Institute of Technology, NITTE, Deralakatte 574110, India Department of CSE, Manipal University Jaipur, Jaipur 303007, India Department of Information Technology, Dean Technology and Innovation Cell, Gokaraju Rangaraju Institute of Engineering and Technology, Hyderabad, India Department of Computer Science College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia


Introduction
Many network technologies (WiMax, WiFi, 3G, 4G, 5G, and Femtocell) exist in recent years because Internet usage has grown in an exponential series. Mobility management is a primary concern in wireless networks and each technology has its mobility management architecture [1][2][3] for providing network services to mobile users without any delay. To give better Quality of Service (QoS) to end-users, a universal mobility management architecture is required across heterogeneous networks [4,5]. A seamless handover execution should be without degrading QoS and QoE with the help of location-based information. e handoff execution occurs in layer 2 and layer 3, and handoff techniques are differing from layer to layer [6].
In a network field, an IP address is required in the Internet for maintaining a point of attachment and for making packets deliverable to the assigned node. Every time the device changes the address, the IP address is suitable. While maintaining a point of attachment, this IP is not suitable because this address is the same everywhere. Mobile IP [7][8][9] is present in the network and helps in allowing transparency of the IP on the Internet to the nodes to avoid this problem.
e Home Address (HoA) identifies the MN (MN) on the Internet and is well known as an address that is permanent and will never change using out the lifetime of the node. An address is obtained using the foreign link if MN travels from one network to another network, called the Care-of Address (CoA). When two or more nodes move simultaneously, each MN is required to keep a specific attachment over the communication channel and to maintain session continuity using out the handoff.
NEMO is the mobility of a network where a set of nodes such as laptops, i-pad, mobiles, and PCs, move as a network. Here, a gateway referred to as MR handles the point of attachment in favor of all n numbers of MNs on the Internet. Under a single MR, there can only be n MNs and n MRs referred to as NEMO. Nested NEMO contains various hierarchic levels. When a patient has PAN connected using their smartphone, the PAN could have Body Area Networks (BAN) to send health-related information to its doctor. Here, a smartphone serves as top-level MRs, PANs, and BANs MR as nested NEMO. e health parameters are given by PAN and BAN to the top-level MR (mobile phone) and the data are sent using the Internet to the health center by this MR. is information needs to send an insecure way and an efficient security algorithm is required for the same.
1.1. Motivation. Although many researchers have contributed several approaches to NEMO and RO [5], still it is an open area of research. Many issues are still present where there is a need to concentrate more. ese are mentioned as follows: (i) Access network selection: new technologies are coming up these days with substantial bandwidth to satisfy the end-user by giving uninterrupted Internet connectivity. Many parameters need to be considered for selecting a suitable network. (ii) Handoff: many of the researchers have contributed to an efficient handover in both nested and nonnested NEMO, regardless of horizontal handover or vertical handover. However, a better vertical handoff procedure could not be given using lightweight cryptography. (iii) Security: security is the major worry in all domains related to networking [10][11][12][13][14][15][16][17][18] not only limited to NEMO. Good security architecture protects data and control frames over the networking layer in NEMO. e majority of the research works could provide security to handoff in NEMO. Security issues [19,20] are explained in two cases clearly with NEMO basic operation. (iv) Quality of Service (QoS): once taking care of end-toend delay and handover delay in a reasonable way is done, better QoS can be maintained automatically in NEMO. e rest of this paper is organized as follows. Sections 2 and 3 represent the existing literature. Section 4 illustrates the basic operations of NEMO and about Route Optimization (RO). Section 5 explains the problem statement. e proposed method is discussed in Section 6. Section 7 explains the analysis and simulation results by comparing them with the existing Return Routability Procedure, and Section 8 concludes the research article.

Background
In recent years, many technologies came into the real world to give high-speed Internet. Parameters for vertical handoff decision layerwise [21] are mentioned in Table 1.
Depending on the requirement that the end-user selects the suitable network to maintain session continuity for uninterrupted Internet usage, the handoff technique is classified into two types based on execution, that is, soft handoff and hard handoff. In the soft handoff, handoff initiates with the new base station before breaking the session continuity with the old base station based on the existing RSS value. In hard handoff, handoff gets initiated after breaking the connection with the old base station. Handoff techniques are divided into two types based on the type of network during handover; these are horizontal handoff and vertical handoff.
If session transfer occurs between the same types of network technology, this handoff is called a horizontal handoff. Horizontal handoff execution occurs in 802.16 base stations as shown in Figure 1. If session transfer occurs between different network technologies, this handoff is called a vertical handoff. is handoff execution is between the 802.11 access point and the 3G base station as shown in Figure 1. Parameters like Received Signal Strength (RSS), bandwidth, necessary power, cost, safety, user preferences, and security are considered as decision parameters for selecting the best network in heterogeneous networks. Many research works have been done for better network selection in a heterogeneous network. e authors have taken network selection decisions based on RSS; user preference is the primary parameter to take a decision.
Consider n mobile nodes are progressing as a unit via different channels and using out this process, n amounts of handoffs are needed and all nodes must invest their resources (battery power and processing power) individually for executing a handoff. In IETF, NEMO [22,23] is introduced to prevent these shortcomings of Mobile IP.

Literature Review
Many of the research works have been done to select the better network for host mobility and network mobility. In host mobility, deciding to select the best network is very smooth in the case of NEMO or group mobility; several users are using different applications, and choosing the right network is very difficult. Walid et al. [24] proposed to select a better network selection mechanism called group vertical handover to group mobility-based architecture by considering user preferences and congestion parameters. ey used two algorithms to calculate congestion, i.e., dubbed Sastry and O-Learning algorithms. ey simulated the whole scenario and shown better results by avoiding congestion with vertical hand selection and execution. User preference only considered choosing the best network and security was not provided.
Munasinghe and Jamalipour [25] proposed an architecture for NEMO which supports heterogeneous networks to select the better network with less handoff delay. ey have simulated and shown results in terms of handoff latency and packet drop. ey have not focused on security.
Ahmed and Gati [26] proposed an intelligent technique for service or session continuity in a heterogeneous network environment. As a result, the performance of the network and QoS did not degrade. In this work, the authors incorporate mobile agents in mobile nodes to collect the necessary information to select the best network and for smooth vertical handoff execution. Frequent handoff is a critical issue in high-way due to high speed.
Ali Hassoun et al. [27] proposed a VHDA algorithm by keeping the location of the vehicle, speed of the vehicle, and jitter as parameters. Simulated results have shown that VHDA algorithm outperforms the competitve approaches. Vertical handoff decision is a critical issue in heterogeneous networks. In [28], an artificial neural network-based handover decision algorithm was utilized. Data speed and RSS value were the inputs to take VHDAs. An algorithm is proposed in [29] for taking a vertical handover decision. For performance evaluation, the attribute matrix is prepared. To take a handover decision, multiattribute QoS is considered. PROMISE algorithm is used for taking the final VHDA depending on the attribute matrix and weight vector.
In [30], a client-based vertical handover mechanism was proposed for providing efficient connectivity to endusers without any delay in a heterogeneous wireless network. ere is no need to modify the existing Mobile IP stack and core network. In [31], a VHDA based on user preference (changing dynamically) was proposed. e user preferences have been assigned as simple additive weighting and multiplicative exponential weighting. In [32], a VHDA was proposed based on battery resource as a parameter to decide on vertical handover for selecting a better network. is parameter is divided into two categories such as poor and strong resource mobile nodes. Based on these parameters, the network is selected, and handover execution occurs.
In [33], a fuzzy logic theory-based model was proposed for VHDAs to select the network based on three parameters, i.e, Quality of Service, RSS value, and bandwidth. Media independent handover is a standardized protocol such as IEEE 802.21 for vertical handover purposes in heterogeneous networks. In [34], an improved IEEE 802.11 version architecture for VHDA was proposed. Dhar Roy and Vamshidhar Reddy [35] proposed a vertical handover decision based on signal strength. In [36], security for Route Optimization is provided with authentication features. In this process, HA generates a secret group mobile key to authenticate the BU.
is work mainly focused on the security between CN and MR. ey did not support security among HA, MR, and MN.

Security and Communication Networks
In [37], a secure optimization of the route for NEMO was designed using an identity-based cryptosystem known as MPB-AKA-MR2 protocol. e security is provided for MR and MN in home networks and in between CR and CN in a foreign network. Secure communication is enabled between MN and CN. Calderon et al. [38] designed two approaches: one is being the combination of the PKI certificates and the other being an infrastructureless method, which uses Cryptographically Generated Address (CGA) to flexibility. e solution will be provided with BA and BU only between CN and MN. Jo and Inamura [39] proposed a solution between pairs of communication (MR and HA and CN and MN) using the Multikey Cryptographically Generated Address (MCGA). e length of the propagation path is saved between MR and MN. However, it does not secure between the MR and MN. Chen et al. [40] proposed a bilinear pairing based dynamic key management and authentication mechanism for wireless sensor networks. e cluster nodes and the sensor nodes exchange the key using bilinear pairing in this cluster node and base station. Yeh

NEMO Basic Operation
Under a MR, there could be n number of MNs in NEMO. After successful registration, when the NEMO is under the home network, the existing MNs will get a permanent address or an HoA [46][47][48]. HA is an address registry or location and maintains the address of the MRs and all its MNs. NEMO's basic operation is explained as shown in Figure 2.
ere are two mobile nodes, i.e., MN1, MN2 under MR and its CN. e nodes MN1 and MN2 have been communicated using wireless technology with the MR. Both will get the addresses from their respective Access Router (AR). Its basic operation is demonstrated in the following cases, i.e., NEMO under the parent network and when NEMO changes to a foreign network.

Scenario 1.
Whenever the NEMO is in the parent network and gets an HoA, it must inform HA about its location or address because HA must record the movement data of the nodes in NEMO. e obtained address details require a particular layout referred to as Binding Update (BU). MR or MN transmits a BU to HA, and it obtains a Binding Acknowledgement (BA) as a confirmation from HA after receiving. A bidirectional tunnel establishes further data communications between HA and MN. Figure 1 shows that whenever the NEMO goes to a different network, MR recognizes the nearby Access Router (AR2) by transmitting router solicitation and advertisement frames. MN or MR gets a new address (Careof Address) from a foreign network. HA should be informed about Care-of Address. It happens using BU and BA frames.

Route Optimization (RO).
If MN aims to connect with CN, then MN must inform CN about its present address or location.
rough BA and BU exchange, this intimation occurs. In both case 1 and case 2, the entire data has gone over HA. On account of this, data congestion occurs, and it may also lead to a bottleneck at HA. Route Optimization is a concept that is newly introduced in NEMO to prevent data congestion at HA. It is detouring HA while exchanging BA, BU between CN and MN during their communication.

Problem Statement
e best access point selection mechanism and security architecture for giving confidentiality Authentication & verification to RO utilizing tripartite Diffie Hellman using ECC is presented and the secure communication among MN, MR preventing handoff delay is delivered.
For providing secure NEMO, MIPV6 is derived in IETF, and Return Routability (RR) [49] is used. By executing the RR procedure, a binding key (Keybm) should be exchanged for providing authentication to the communication between MN and CN.
e RRP works as shown in Figure 2. Whenever MN will want to communicate with the CN, it sends a Home test-Init test (HoTi) frame to the CN using HA. Replying to that, CN sends a HoT frame to the MN and it will prepare a key (KH). MN will send Care of Test-Init test (CoTi) frame immediately to CN and it will give CoT as acknowledgment and will prepare the key (KC). Both CN and MN will calculate the binding key (Keybm) as Here, MN and CN share BU and BA securely using the above key. is RRP is having the following deficiencies or issues: prepare the binding key. ere is not any direct procedure for the preparation of the key to giving security to CA and BU. A compressed solution is mandatory bypassing the HA to prepare the key. Issue 4. A proper verification mechanism is not available in RRP to authenticate both parties (MN or MR, CN).

Proposed Solution
e whole proposed model is discussed in detail in two separate sections. Firstly, the access point selection mechanism is discussed in a heterogeneous network (802.11, 802.16, and 3G) based on RSS (Received Signal Strength) value and user preference. In the second section, the security algorithm is discussed using ECC and stream cipher cryptography (Salsa20) while executing the vertical handoff.

Network Selection Procedure.
Transferring the session from a base station to another base station is called a handoff. Whenever a handoff occurs between the same technologies (between 802.11 Access Point and another 802.11 Access Point), it is called horizontal handoff. If handoff executes between different technologies (between 802.11 Access Point and 802.16 Base Station), it will be called vertical handoff. In this document, we use vertical handoff instead of handoff because in our research work three networks (802.11, 802.16, and 3G) are used. It is very easy to implement the vertical handoff for individual devices (in host mobility) because only application is running in the respective device. When NEMO comes into the picture, multiple MNs are in the network under MR and different applications are used depending on their requirements. In this situation, selecting a network for vertical handoff execution is very difficult. In this work, we are selecting a suitable network based on RSS (Received Signal Strength) and user preference. In this context, we are categorizing the applications which we got information from the online article, in which MNs are used in NEMO. e RSS value always should be − 30 dBm < RSS < − 70 dBm for using any application in any MN. Tables 2 and 3 show the applications with respect to the range and priority range, respectively.
e priority is an added extra option in DHAAD (Dynamic Home Agent Discovery Address Request) frame at the initial state itself. Nevertheless, HA contains all data about its NEMO nodes including MR and all MNs. In DHAAD frame, P indicates priority; if P is enabled, the hearer containing priority data is replaced with a priority of all MN. If P is disabled, it indicates its normal packet (see Figure 3).
Network selection is based on RSS value and user priority; here, priority refers to importance to the respective application whatever they are using in their MN. If the priority is very high, we should concentrate to give the best QoS to the respective MN.
Priority nodes � high (MN 1 , MN 2 ,. . .,MN n ). Once deciding the priority, applications, select a suitable network technology based on the signal strength and distance between the base station and access point.
Secure architecture for vertical handoff. Once a suitable network technology is selected by NEMO based on the above technique, vertical handoff initiation is started. In this solution, tripartite Diffie-Hellman [50] and the session key concept have been used for security between MN and CN.
In three phases, the proposed model is executed: (a) Setting parameters (b) Common and Router Optimization Key Preparation (c) Generation of session keys 6.2. Setting Parameters. In this step, parameters that are used to prepare a common key are set by the home network's nodes and the foreign nodes. For the home networks and the foreign network separately, the parameter setting is explained below, and Figure 4 shows the algorithm for network selection.  Figure 5: (2)

Foreign Network.
In this home network, HA fora, CR, and CN are three participants. Depending upon the elliptic curve cryptography equation, the exchanging of two points X, Y is done. HA fora, CN, and CR generate a random number (x CN ), (y CR ), and (z HAfor ), respectively. And, HA for CN and CR will broadcast (X CN , Y CN ), (X CR , Y CR ), and (X HAfor , Y HAfor ) accordingly explained as shown in Figure 6.
Here, Security and Communication Networks

Common and RO Key Preparation.
e parent network and foreign network nodes will calculate the common keys after the parameters are set as shown in equations (1)-(3) using "Weil and Tate Pairing" on the elliptical curves [50] method for the parent network and the common keys are prepared for the foreign networks as shown in equations (4)- (6). Each of the nodes uses the bilinear pairing theorem to calculate this common key explained as shown in Figure 7. e parent network common key, i.e., Key MN− MR− HA hom , is prepared as follows: Foreign network common key, i.e., Key CN− HA− MR for , is prepared as follows: e RO key is prepared by MN and CN later, i.e., Key RO . To make this RO key by using all nodes (CR and MR, CN, and MN), a key agreement protocol must be executed. e RO key calculation is as follows:   To secure the BU and BA exchanges, MN and CN use symmetric cryptography used for avoiding the standard malicious threats or any attacks as shown in Figure 8.
To verify as part of authentication, we have used one method using chain hashing. For this, we have modified BU and BA format to send the necessary information to do the verification.
In the above BU header format, we have added an extra bit called A. A refers to authentication. If A is enabled, we need to check for Authentication Data while sending the secure BU encrypted RO key. If A value is disabled, no need to check Authentication Data. Here, Authentication Data contains a randomly generated number which is always a maximum of three bits which represents a single digit and the many times the key is doing hashing. For example, if the digit is 6, MN will do chain hashing (6 times) and keep the result of Authentication Data along with the digit. Once CN receives the BU, it decrypts BU using the RO key and checks for A bit. If A bit is enabled and it checks for Authentication Data, based on the numerical digit, it will do chain hashing many times and verify with the received one. If both are the same, the verification is a success; otherwise, discard the BU and asks for fresh BU explained as shown in Figure 8.
In the above BA header format, we have added an extra bit called A. If A is enabled which is received by MN from CN, it will think the verification is a success explained, as shown in Figure 9.

Session Key Preparation.
e algorithm Salsa20 is used in stream cipher cryptography to provide confidentiality to Router Optimization. is utilizes the XOR operation and is lightweight cryptography, especially for low power/small mobiles, and this is the benefit of using salsa20. To give it, another level of security between CN and MN, session key concept is used.

(11)
We use the word "session," which is the time network mobility spends over a single network or other network and is called a session. e time threshold value is used if NEMO spends additional time not including moving and it is also considered a session if the NEMO stays below the threshold value of time.

Results and Analysis
While comparing with other protocols, we have been considering some of the assumptions while comparing other protocols. To execute the remaining proposed model at home network and foreign network for concerned nodes, all these nodes MR, MN, and HA need to have some basic information. While maintaining communication with CN, we have been considering sessions when the NEMO moves to various networks. To enhance our proposed model for calculating the handoff delay and end-to-end delay, NS2 (ns2.29) [51][52][53][54][55] is used. Although it would not support the NEMO, Mobiwan ( ierry Ernst, 2002) patch is in use to give support to the NEMO, that is, an enhancement of MobileIP version 6 (it will support ns2.28 and ns2.29) [56,57]. With regard to security, the comparison is done with our results with the standard RRP explained as shown in Table 4. e summation of the time for registering and the time for obtaining the latest address from another network by interchanging BA and BU is called handoff delay explained as shown in Figure 10. Using the NS2 simulator, this kind of delay is obtained. is delay is denoted in the form of mill seconds as shown in Table 1. We can achieve a small difference in the handover delay compared to the existing RRP. For security, our proposed model is to avoid using standard attacks.   Here, in our solution, we are able to provide security inside the parent network using sharing a common key (KeyCN-CR-HAhom) among CN, MR, and MN using the triplicate ECC method. Using a single-pass communication, MR, MN, and HA can have the same key because of the triplicate ECC algorithm.

Solution of Issue 3.
In RRP, to authenticate CN, MN must send the required parameters via HA. is is the solution we need not go using HA repeatedly, so the bottleneck is avoided.
Here, we are enabling the security between CN and MN based on the Route Optimization key. We have introduced the concept of the session key and we have maintained a unique key for every session using the concept of chain hashing. Because we use different keys, an intruder cannot guess the key.

Solution for Issue 4.
e same number of operations occurs at CN for verification purposes if n number of hashing operations occurs at MN. If the verification is a success between MN and CN, both think that BU, BA frames are valid.
Using BAN logic, the authentication proof is given between MN and CN.

Security and Communication Networks
Here, S is the source node and D is the destination node, respectively.

BAN Logic
It states that M considers that a key is communicated among S and D, S perceives X encrypted with key, and S considers sometimes D may utilize the value of X. 7.5.4. R2: Nonce-Verification Rule.
It states that S considers the inventiveness of X and S considers that D said on X, S considers D considers X. 7.5.5. R3: Jurisdiction Rule.
is rule says that S believes that D controls X, S believes D believes X, and S believes the same information nothing but X. 7.6. Objectives for Authentication. In the proposed model, four objectives have been selected to prove the authentication between MR and MNN. e primary concern is to assure trust worthies should communicate data by preventing intruder nodes to retrieve secure transmission. e defined objectives are as follows: By applying Nonce rule (R2), rule with CN| ≡ #(Nonce2).
Once frame 3 is obtained from MN to CN, implement R3 with assumption (d):

Conclusion
In this paper, RSS and user preference were used to obtain the safest available access network within the range in a heterogeneous network environment. Once network selection was done, handoff execution starts, and session transfer occurs to the newly selected network. e proposed method gave a solution that provides security in the NEMO for every pair of communications among HAhom, MR, and MN at all home networks and for CR and CN at the foreign networks during handoff execution. At firstlevel security, secure Route Optimization was provided, so that the frames are exchanged in a secure way between MN and CN. We were able to provide second-level security between MN and CN using the chain hashing technique. e various keys were utilized in every session by considering the chain hashing algorithm. Security was provided to RO using RRP. e proposed model provided better security as compared to the solutions with RRP. Guessing attacks, DoS, and replay attacks were avoided using the secure method. It provided significant performance in the form of vertical handoff delay. e total scenario was simulated using NS2 to find the handoff delay and packet loss values. Experimental results revealed that the proposed model is better than the existing models. Using BAN logic, the authentication has been provided to RO.
In near future, we will utilize other optimization approaches to improve the results. Additionally, the proposed model will be tested on real-time applications. Also, we will extend the proposed work by using the deep learning models.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that they have no conflict of interest regarding the publication of this paper.