Security Issues in Multi-hop Device-to-device Communication Networks - Secure Routing Protocols Solution

As one of the key technologies of fifth-generation mobile communication, device-to-device communication technology can not only realize direct communication between neighboring devices, but also reduce the delay of local services provided to users and increase the communication rate. Nevertheless, the special structure of the device-to-device communication network makes it more vulnerable to attacks from inside and outside the network. This paper summarizes the security issues faced by device-to-device communication networks, analysis the secure routing designed for different types of attacks, and discusses future research directions.


DoS attacks selfish nodes
The malicious nodes send out wrong routing information to attract data packets, and then discard the data packets.
black hole attacks gray hole attacks wormhole attacks The malicious nodes discard a part of the data packets.
Multiple malicious nodes maintain illegal links to transmit data packets to malicious nodes outside the normal routing.
Selfish nodes evade participating in routing services by tampering with routing protocols, or forwarding data packets, or selectively forwarding data packets for the sake of saving its own energy.
Computer network broadband attacks, connectivity attacks Malware attack is also a common type of attack in ad hoc networks. Malware may automatically deduct user charges and read the sensors installed on the smart devices to steal the user's password and other information. The formation of the malware industry was no later than 2013 [5].
In recent years, with the development of technology, more and more people use smart terminals to complete electronic funds transfer (electronic funds transfer, EFT), so the smart terminals usually contain a large number of private information like bank accounts and passwords [6]. Multi-hop D2D communications usually use the technologies such as Near Field Communication (NFC), Ultra-Wide Band (UWB), Bluetooth, ZigBee, WiFi or LTE [3]. Malware can quickly spread among smart terminals through multimedia messaging systems (MMS) such as Bluetooth or Cabir. Therefore, malware attacks will inevitably bring huge potential security risks to the D2D communications. The security requirements in D2D communication can be divided into the following categories: (i) Identity verification and authorization; (ii) Availability and reliability; (iii) Non-repudiation; (iv) Secure routing and transmission; (v) Confidentiality; (vi) Integrity. Corresponding，the existing security solutions are divided into five areas: (i) key management; (ii) identity verification; (iii) confidentiality and integrity; (iv) availability and reliability; (v) secure routing and transmission.

Security Problem Solution
Compared with traditional single-hop D2D communication networks, ad hoc networks composed of multi-hop D2D usually do not have network infrastructure (e.g. base stations) which provides encryption and other security resources, thus, we focus on the secure routings which resist attacks. To realize the safe routing of data packets, the data packet routing algorithm can be directly optimized, or other means, such as malicious node detection, can be used to ensure the safe transmission of data packets.

Secure Routing Solution in Multi-hop Device-to-device Communication Networks
In fact, the security solutions are mutually permeable, for example, the author of [7] proposed an energysaving AODV routing protocol that provides end-to-end routing authentication with digital signature authentication. Multi-hop D2D network can be regarded as an ad hoc network based on multi-hop D2D, so multi-hop D2D network routing protocol usually refers to ad hoc network routing protocol.

Multi-hop D2D Network Routing Protocol
According to the operating mechanism, ad hoc routing protocols can be divided into three categories: active routing protocols (table-driven routing protocols), passive routing protocols (reactive routing protocols) and hybrid routing protocols [8]. According to different network structures, ad hoc network routing protocols can be divided into flat routing protocols and hierarchical routing protocols.
Most of the existing ad hoc network routing protocols are improvements and enhancements to the classic ad hoc network routing protocols. The enhancement indicators include network quality of service (QoS) and survivability. For example, the literature [9] used selective routing based on the SNR threshold in the reverse routing mechanism and proposed an AODV SNR-SR selective routing protocol; the author of [10] proposed a selective ad hoc on-demand multipath distance vector algorithm based on load balancing, which is an enhanced protocol of AODV.
At present, most of the research on secure routing in multi-hop D2D communication networks is also an improvement on the classic ad hoc routing protocol, and is aimed at specific attack methods.

Secure Routing Protocols against DoS Attacks
DoS attacks often come from neighboring nodes of the node, so Hash function and other means to verify the source of data packets can resist DoS attacks in multi-hop D2D networks, as the literature [11] proposed an improved protocol of ALERT protocol using pseudonym of location of node technique to resist DoS attacks.
Scholars also use node trust to detect malicious nodes so as to resist DoS attacks. The author of [12] proposed an enhanced protocol of AODV that can resist DoS attacks. The protocol sends pseudo data packets generated by the source node to the target node to calculate the trust method of the node, and detect malicious nodes through the trust method.
Besides, for special DoS attacks, scholars have also proposed secure routing solutions. In view of the loopholes in the active routing protocol of optimized link state routing (OLSR), the author of [13] proposed an enhanced OLSR (EOLSR) protocol based on the trust mechanism to resist specific types of denial of service (DOS) attacks in the OLSR protocol --node isolation attack.

Secure Routing Protocols against Black Hole Attacks
Scholars have studied a variety of secure routes to resist black hole attacks which is one of the common types of attacks. In the widely accepted dynamic source routing (DSR) of the on-demand routing protocol for mobile ad hoc networks, the discovery process of optimized routing and RREP packets can resist black hole attacks. The author of [14] proposed adding a validity value to the RREP packet in the  [15] proposed a scheme to verify the authenticity of the route by verifying the packet in DSR protocol to resist the Black hole attack.
In the classic reactive routing protocol AODV, recognizing malicious routes and malicious nodes can also resist black hole attacks. The literature [16] proposes to identify malicious node with help of create black list and route addresses to against the black hole attacks in the AODV protocol. The literature [17] minimizes the black hole attack in the AODV protocol by checking whether the sequence number in the packet is the same as the destination sequence number. The author of [18] introduced a secure AODV routing protocol in which the destination node judges the validity of the RREQ reply path based on the threshold to resist black hole attacks.
The combination of encryption and secure routing can also be used to reduce the threat of black hole attacks. In the literature [19], the method of splitting the message first and then homomorphic encryption is used to resist the black hole attack in the AOMDV protocol.

Secure Routing Protocols against Gray Hole and Worm Hole Attacks
Currently, there are few routing protocols designed for gray hole attacks and wormhole attacks. The literature [12] found nodes with abnormal data packet transmission rates through virtual data packet calculation nodes and thresholds to select the corresponding secure routes. Because nodes with abnormal data packet transmission rates may actually intend to launch black hole attack, gray hole attack or wormhole attack, so this method can resist different types of attacks.

Secure Routing Protocols against Selfish Node Attacks
Selfish node detection is one of the ways to defend against selfish node attacks in multi-hop D2D networks. The literature [20] proposed a game theory scheme based on the AODV protocol based on packet forwarding rate (PFR) and routing density factor (RDF), which can detect selfish nodes and prevent malicious nodes in the system from transmitting data packets. And through the benefit matrix the author of [20] proved that only nodes that are cooperative in nature can benefit, thereby removing selfish nodes from the network.
Evaluating the trustworthiness or trust value of a node is another way to resist attacks from selfish nodes. Literature [21] proposed TEAB, a method for evaluating the trustworthiness of node behavior based on an adaptive time window, so that each node can choose a safe path consisting of only cooperative nodes. The literature [22] proposed a four-stage e-ARAN scheme based on OCEAN to detect and process authenticated selfish nodes. The literature [23] proposed a modular and configurable trust and reputation-based system MonConTR for secure routing to defend against selfish nodes in the network. MonConTR has 11 core components, and each of components implements different functions that can weigh security and performance.
Optimizing the path allocation of nodes in the network can also reduce selfish nodes. The literature [24] proposed a route based on simulated annealing to dynamically generate paths to optimize network load distribution to reduce selfish nodes in MANET networks.

Secure Routing Protocols against Malware Attacks
Different from other types of attacks, malware attacks will not only cause the interruption or paralysis of normal communication, but also cause the leakage of user information, thereby threatening the user's property and privacy.
In the multi-hop D2D communication network, due to the lack of security measures provided by the network infrastructure, the threats posed by the malware will be more serious. Secure routing is one of the solutions to the problem of malware attacks in multi-hop D2D communication networks. However, so far, there have been few researches on secure routing for malware attacks in wireless distributed networks.
Game theory can be used to build models of attacker and defender to quantify the benefits of different routes to optimize route selection to resist malware attacks. The literature [25] proposed the iRouting based on the Malware Detection Game (MDG) in response to the problem that the MEC server may  [26] proposed the Cluster-head Centered Fast Secure Routing (CCFSR) based on the Secure Routing Game (SRCG) to gainst the malware attackers inside the D2D network.
The literature [25] and literature [26] assume that each node in the D2D network is equipped with one or several anti-malware controls. As shown in Figure 2, the literature [25] abstracts the attacking entity that attempts to inject malware into the D2D network from the MEC server as the attacker, and abstracts the D2D network as the defender. As shown in Figure 3, the literature [26] abstracts malicious nodes with malware in the network as attackers, and abstracts the D2D network as defenders. The defender selects a secure route based on the malware detection capability and cost of each route, while the attacker selects different types of malware based on the benefits. Optional Route2 Cloud server

Conclusion
We can know from the literature [11][12][13][14][15][16][17][18][19][20][21][22][23][24] that the current research on secure routings in multi-hop D2D networks or ad hoc network is mainly based on evaluating the trustworthiness of the nodes, malicious node detection, and transmission path detection or optimization. The algorithms used in the research on secure routing include hash algorithms, game theory, simulated annealing, etc. Most research on secure routings is limited to specific types of attacks, such as black hole attacks, malware attacks, etc.
Researchers believe that the data packet forwarding rate of nodes that intend to launch DoS attacks, black hole attacks, or gray hole attacks may be quite different from normal nodes. The literature [22] proposed to send fake data packets from the source node to calculate the packet transfer rate and estimate the trust value of each node to resist DoS attacks, black hole attacks or gray hole attacks at the same