An improved AODV routing security algorithm based on blockchain technology in ad hoc network

Ad hoc network is a special network with centerless and dynamic topology. Due to the free mobility of the nodes, routing security has been a bottleneck problem that plagues its development. Therefore, a multi-path QoS (quality of service) routing security algorithm based on blockchain by improving the traditional AODV (ad hoc on-demand distance vector) protocol (AODV-MQS) is proposed. Firstly, a chain of nodes is established in the network and the states of all nodes by making the intermediate nodes on the chain are saved. Secondly, the smart contract in the blockchain is set to filter out the nodes that meet the QoS constraints. Finally, two largest unrelated communication paths are found in the blockchain network through smart contract, one of which is the main path and the other is the standby path. Simulation experiments show that the performance of the proposed algorithm is better than other algorithms, especially in an unsafe environment.

For security issues, different solutions can be proposed for different environments. In multi-task, many methods, such as identifying tasks effectively, protecting access to massive data effectively and so on, are the ways to solve security problems [13,14]. At present, many scholars focus their research on the handling of attacks, but they ignore the QoS, and the actual Ad Hoc network environment often takes notice of service quality seriously. Effective evaluation and comparison are the most powerful basis for comprehensive analysis and accurate judgment of service quality. Many algorithms have introduced this idea [15,16]. Simulation experiments show that the proposed algorithm has obvious advantages over other algorithms in terms of end-to-end time delay, packet delivery rate and control overhead, and it can avoid malicious attacks and improve the routing security of Ad Hoc networks.
The rest of this paper is organized as follows. Section 2 discusses the related work of attacks in Ad Hoc network. An improved AODV Multi-path QoS routing security algorithm is designed in Sect. 3. The simulation experiment and analysis are given in Sect. 4. In Sect. 5, the summary and future research are concluded.

Related work
So far, many scholars have proposed many solutions to solve black hole attacks in Ad Hoc networks. S. Gupta et al. proposed a method to detect black hole nodes by modifying routing requests and routing reply control packets based on the AODV protocol [17]. Firstly, the count of hops, the destination node, the sequence number and other information in the routing table are counted. Secondly, the trust threshold is set. Finally, the scheme of the optimal route according to the path length in AODV protocol is chosen to be transformed into one that relies on the threshold. The strategy is carried out to ensure that the packet transmission node is the most likely legal node, and the biggest disadvantage is that it depends on the choice of trust threshold. Once the threshold is not set reasonably, it will cause great misjudgment and form a false warning; thus, the performance of the whole network is seriously affected. Deng et al. proposed a method to detect the next-hop node of the intermediate node [18]. When the source node receives the package RREP which is sent by the intermediate node, it sends a verification packet to the next-hop node to authenticate. After receiving the verification information, the next-hop node replies to the source node. And the source node will confirm whether the intermediate node is a normal node or not through the message. If it is, the source node sends data through the route. Otherwise, the intermediate node is regarded as a black hole node.
Huang et al. proposed a method to detect the loss packets based on one-way hash chain and one-time hash tag commitment [19]. The implementation of the method mainly depends on the form of forwarding redundant data packets and sharing secret keys among nodes. In addition, the source node also needs to predict the sending status of the next data packet. Therefore, the main disadvantage of the method is that the control overhead is too high, especially when the network scale becomes larger, the shared key cannot be guaranteed to transmit. Papadimitriou et al. used path redundancy and threshold secret sharing technology to achieve the secure transmission of data [20]. The scheme uses an end-to-end authentication method. The packet loss path discovery process does not require intermediate nodes to participate, but it cannot detect the nodes whose loss packages. Sankara et al. proposed a high-level mechanism against wormhole attacks in the MANET network [21]. The mechanism mainly uses the service quality of the network to detect the attacking nodes, at the same time, it could judge whether the attack is active or passive according to the round-trip time of the data packet at one node. This method can identify wormhole attacks better, but it does not consider the risk of data being intercepted. Aswale et al. introduced advanced encryption algorithms to detect nodes, and they adopted channel security detection to avoid the traditional secure communication at the cost of energy and extend the life of the network [22]. However, the complexity of the method is too high, which leads to an excessively high control overhead, so it is not suitable for high-speed mobile Ad Hoc networks with limited network bandwidth.
Dr. He et al. proposed a trust mechanism by introducing blockchain technology in distributed peer-to-peer networks [23]. The mechanism can separate the untrusted nodes and create a secure network environment. However, only the untrusted nodes are considered in this mechanism, and there is no reasonable judgment to make the performance of network degrade caused by the nodes' own problems. Therefore, it is easy to cause the problem of node misjudgment. Lazrag et al. proposed a method of data security sharing based on blockchain technology for distributed devices [24]. Although the method solves the problem of data security transmission, it does not make a reasonable evaluation of node security. Goyat et al. proposed a secure location method of wireless nodes based on blockchain technology [25]. The method only considers the security of a single node, but it does not consider the security of association between nodes. Firdaus et al. proposed a scheme to solve the trusted environment of secure data storage and sharing based on blockchain and smart contracts in wireless environment [26]. The scheme effectively uses the characteristics of blockchain technology to solve the problem of data storage and environment detection in an insecure environment, but it does not consider normal failure of nodes in a secure environment.

Methods
The accuracy of the model can be effectively controlled by the parameters, and then the expected goal can be achieved [27,28]. Therefore, the flexible parameter information may be used to achieve the path selection.

Definition of QoS related parameters
(1) Path bandwidth It refers to the minimum bandwidth of all adjacent nodes in the whole routing path, which is represented by parameter Bandwidth.
where s indicates the source node, and d indicates the destination node, and B(i, j) indicates the communication link bandwidth between the intermediate node i and node j that can communicate with each other.
(2) Time delay It refers to the time of a packet transmission from source node to destination node, which is represented by the parameter T . Assuming that all nodes in the network have the same processing capacity and channel bandwidth, and the wireless channel is symmetric. At the same time, the size of the route request probe packet, the response packets of the nodes and the data packets are equal. In the network, the data packets transmission time is divided into two parts, namely the processing time Pr o and the transmission time Tra in the communication. The processing time Pr o is divided into the waiting processing time T w in the queue and the real actual processing time T e .
where Pr o k represents the time when the node k forwards the information packets in the data transmission, and Tra m(m−1) represents the time taken by the data packet to pass between the intermediate node m and node m − 1 . Assume that the number of nodes in the network is bigger than 1, k ≥ 2 can be set. The maximum value of k is the total number of nodes in the network. Combining Eqs. (2) and (3), it can be seen that the time delay T of data transmission is, Compared with the transmission time of the data packet in the path and the actual execution time of the data packet, the waiting time of the data packet in the queue is short enough, so the waiting time of the data packet could be ignored, and Eq. (4) can be transformed into, (3) Path survival vitality The viability of the node is the continuous working time of the node under normal conditions, which is represented by E id . It is obtained by the calculation through the smallest degree of the node's connectivity ω and the remaining battery consumption θ , which can be expressed by Eq. (6), where α indicates a balance factor, it can be set freely according to the required path survival expectation, and we add 1 to the denominator to prevent the invalidity of Eq. (6) caused by ω being 0. The value of ω is the number of nodes under the energy coverage of the node. As shown in Fig. 1. It can be seen that the connectivity of node C is 2, because there are the two nodes (node A and node B) under the energy coverage of node C. θ indicates the original full energy of the node. As time goes by, the energy value of node will decrease, and the covered communication radius may be also shrinking, so the number of covered nodes will decrease, the value of θ ω+1 cannot change much. The value can reflect the sustainable working time of the node to a certain extent, and the viability of the entire path can be inferred.
The viability of the path is the reference value E for the path existing the longest time. E is the minimum node viability in the path.
(4) Comprehensive measurement of QoS parameters The survivability of the path reflects the usable performance of the path. It mainly be determined by time delay, available bandwidth and path viability. M is set to the survivability of the path, and then, it can be expressed as Eq. (8), where , χ , δ are the coordination coefficients, and ζ is the balance factor of routing survivability, it can be set according to the detection of data packets in the path. Bandwidth represents the bandwidth, T represents time delay and E represents path viability of the path, respectively, Bandwith_B indicates the estimated standard value of the path bandwidth, T _B indicates the estimated standard value of time delay, E_B indicates the estimated standard value of path viability.
When the network environment is secure except for some malicious nodes, the coefficient is set to be larger and other coefficients are set to be smaller. When the network environment is secure with no malicious nodes, the coefficient ζ is set to be larger and other coefficients are set to be smaller. When the network environment is insecure and exists malicious nodes, the three coefficients are set to be larger. The Fig. 1 Connectivity of the node C parameter M is a comprehensive parameter, and it can be adjusted according to different coefficients set by the environment.

Route establishment
The process of route establishment is a process initiated by the source node to establish a blockchain in which the available nodes in the network are continuously connected to the chain by means of request/response. The ultimate goal of the process is to find two short and most irrelevant chains ending with the destination node. When the source node needs to send data to the destination node and the source node does not have a route to the destination node, it will create a genesis block to find the lists to the destination node as shown in Fig. 2. Then, the source node sends the detection packets (EERQ) to its neighbor nodes according to its Merkle tree, the process of finding the destination node is started.
In Fig. 2, Merkle tree is composed of the neighboring nodes of the node, and Prepoint is the address of the previous node. Since the node is a creator node, there is no previous node, its value is null. ID represents the address of this node.
Step 1. The source node sends EERQ packets to its neighboring nodes, and the time timer is started and valid time domain τ is set.
Step 2. When the delay field ς in the EERQ is bigger than valid time domain τ during transmission, the EERQ packet becomes invalid because it exceeds the maximum time delay in finding a path.
Step 3. According to the storage capacity flag (isfull) in the node memory routing table, when its value is 0, go to Step10. When the value is 1, the timer for processing packets of the node is started.
Step 4. After the neighboring node receives the EERQ packet, it will be judged that it is first time or not. If so, the EERQ packet will be received. Otherwise, the EERQ packet is discarded and transferred to (5).
Step 5. If the conditions are satisfied, the node is agreed to connect to the blockchain. Otherwise, it will be rejected and detected regularly. Node 1 and node 3 are connected to the source node because they meet the requirements, as shown in Fig. 3.
Step 6. Compared with the survivability domain E of the path in the detection packet EERQ. If it is less, the domain value will be updated, otherwise the survivability domain value E of the path in EERQ will remain unchanged.
Step 7. Check whether the processing packet timer of the node is off, and if so, go to Step10. Otherwise, the RREQ forwarding data counter is started and the counter  7). The specific method to determine the node timer is as follows, 1. The counter is set to maximum value, that is, regardless of the viability of the node, the counter value cannot be set to exceed the maximum value. The maximum value is determined according to the specific communication time delay. Set the maximum value as MAX and the communication time delay as T then, 2. The corresponding counter value Dt is set according to the node's vitality E, its connectivity ω , and the number of hops H d in EERQ.
When the connectivity ω of the node's vitality E is 0, then D t is 0. Because when the connectivity ω of node vitality E is 0, the node has no forwarding ability and conditions. From Eq. (11), it can be concluded that only the greater the connectivity of the node and the smaller hop number in EERQ, the closer the counter of the node is set to the max value.
Step 8. Judge whether the node is the destination node or not. If so, go to Step10. Otherwise, go to Step 9.
Step 9. The node forwards the EERQ request packet, Step4 must be gone, and the forwarding of the request packets is repeated.

Fig. 3 Nodes connection
Step 10. If the destination node is found, the public key information of the destination node is transmitted to the source node according to the blockchain path. Otherwise, terminate this search.
The Ad Hoc network is shown in Fig. 4. In Fig. 4, node 2 and node 6 are malicious nodes, and node 4, node 8 and node 11 are the nodes that do not meet the constraints. The source node is S, and the destination node is D.
After the algorithm, the block of the source node saves all the retrieval results from the source node to the destination node, as shown in Fig. 5.
It can be seen from Fig. 5 that the path detection is no longer performed at malicious nodes and the nodes that do not meet the constraint conditions. In the figure, the connecting lines at node 2, node 4, node 6 and node 8 lose the arrow, and it indicates that the blockchain connection has been lost in this part. It can be seen that the   , the memory table as shown in Table 1.
In Table 1, the minimum sum of is taken as the first criterion, because the larger value of , the greater the correlation between the path and the previously reached path. In order to find the largest irrelevant path, it can be obtained by simple accumulation of the value . When the value of the path is the same, the length of the path is taken as the second selection criterion, because in the same correlation, the shorter the path is, the more stable the link is, and the smaller the control cost of the network is. When the length is the same, the order in which the source node receives the public key returned by the destination node according to the corresponding path is taken as the selection standard, because the faster the data packets of the first arrival path are transmitted, the less the end-to-end delay is, and the network data transmission efficiency can be greatly improved.

Route maintenance
In the Ad Hoc network, although there are multiple paths to ensure the transmission of information, it is still possible that the link connection fails due to the movement of nodes, and the occurrence of congestion leads to insufficient bandwidth, transmission timeout and other path damage. Therefore, the repair of the path cannot be ignored. Three methods are used to resolve these problems, as shown in Table 2.
Three routing maintenance strategies are listed in Table 2, and specific environment and conditions are defined for each routing maintenance strategy. Only when the environment and conditions are met and the main path fails, the corresponding routing maintenance strategy will be started.

Simulation environment and parameter setting
In this paper, NS3.29 software is used as the simulation platform [29]. Network topology is a network model with nodes randomly distributed in a plane rectangular area of 1000 m × 1000 m. The range of mobile nodes speed is from 5 to 50 m/s. IEEE 802.11 and constant bit rate (CBR) data stream are adopted in the MAC layer. The simulation time is 900 s, and the maximum residence time of nodes is set to 0 s, 5 s, 10 s, 20 s, 30 s. The abnormal nodes are added during the experiment, and they include a random number of energy-constrained nodes, black hole nodes, wormhole nodes and sybil nodes [30,31]. During the simulation, the following performance parameters are mainly considered: data packet delivery rate, data end to end delay and control overhead. The main performance parameters are shown in Table 3.  Figure 6 is comparison of end-to-end delay of four routing algorithms in a safe environment. It can be seen that the AODV-MQS algorithm proposed in this paper performs a lower time delay than the other two algorithms when the node moving speed is low. Because the method of maximum irrelevant multipath is adopted in proposed algorithm, it ensures that when one path becomes invalid, the other alternative path can be used directly without rerouting and searching. However, when the nodes move faster, the multi-path proposed in this paper may also break at the same time, which will inevitably lead to time delay similar to the other three algorithms. Therefore, when the node speed increases, the advantages of the proposed algorithm in this paper are not obvious. At the same time, due to the interrupt path repair method, the faster node movement will not lead to the continuous deterioration of the time delay. Therefore, the time delay of the other three kinds of algorithms shows a continuous increase in this respect, while the algorithm proposed in this paper shows a gentle rise. Figure 7 is comparison of end-to-end delay of four routing algorithms in an unsafe environment. It can be seen that the proposed algorithm performs obvious advantages in end-to-end delay. Although the delay deteriorates with the increase in node speed, the change is slow and tends to be peaceful, which greatly guarantees the endto-end delay time. And the other three algorithms, compared with the algorithm in this paper, are not good in the performance of end-to-end time delay, and with the growth of node speed, their time delay becomes more worse. Figure 8 is comparison of delivery radio of four routing algorithms in a safe environment. It can be seen that the algorithm proposed in this paper performs worse Fig. 7 Comparison of end-to-end delay of four routing algorithms in an unsafe environment than the algorithm proposed in reference [10] within a certain range of node moving speed. The reason may be that the two paths of AODV-MQS algorithm simultaneously broke during this interval, which caused more data packets to loss. After that, it can be recovered quickly with the acceleration of the node movement speed, because two paths to the destination node are restored in the blockchain. As a whole, the algorithm proposed in this paper can control the packet rate at about 90%, which effectively ensures the smooth operation of the network. Figure 9 is comparison of delivery radio of four routing algorithms in an unsafe environment. It can be seen that the algorithm proposed in this paper is obviously better than the other three types of algorithms. With the increase in nodes moving speed, the packet delivery rate decreases to a certain extent, but when the speed increases again, the packet delivery rate rises, and the main reason is that this paper adopts the blockchain technology to screen the nodes entering the blockchain network, which ensures the reliability of the nodes on the data transmission path. In addition, the algorithm proposed in this paper adopts alternative paths and constraints to ensure the safety of path transmission as much as possible. Figure 10 is comparison of overhead of four routing algorithms in a safe environment. It can be seen that the algorithm proposed in this paper performs better performance than the other three types of algorithms. But the blockchain technology used in this paper requires repeated inspections of nodes one by one in the construction of the blockchain network. A lot of control packages must be wasted. The experiment adjusted the QoS parameters and removed the consideration of risk factors. Therefore, the proposed algorithm can effectively adapt to changes in the communication environment by adjusting QoS parameters.   Figure 11 is comparison of overhead of four routing algorithms in an unsafe environment. It can be seen that the proposed algorithm in this paper performs the best effect, because the use of blockchain technology only needs to waste some control packets when the route is established, which ensures the safety of the data in the transmission process. The other three algorithms are more likely to be broken in the process of data transmission than the proposed algorithm in this paper, and because of the existence of abnormal nodes, the reconstruction of routing will inevitably cause a lot of control overhead. Therefore, the control overhead of the other three algorithms is larger than proposed algorithm in this paper.

Data analysis
Simulation results show the superiority of the proposed algorithm. It can be seen from the simulation experiments that the algorithm proposed in this paper performs better network performance than the other algorithms, at the same time, the increase in control overhead and end-to-end delay are controlled effectively. The conclusion also further confirms that the use of blockchain technology in dealing with packages delivery equips with obvious effect, which can greatly improve the routing security problems.

Conclusion
A multipath QoS routing security algorithm based on blockchain is proposed in this paper. AODV-MQS is an on-demand QoS routing security algorithm based on the improved AODV protocol using the technology of blockchain. Firstly, the abnormal nodes are avoided effectively by using path survivability constraints and blockchain technology. Secondly, two optimized paths are chosen. Finally, routing security of Ad Hoc network is increased greatly. The application of blockchain technology in Ad Hoc