A Secure Communication Method Based on Message Hash Chain

: Traditional network communication methods lack endogenous security mechanisms, which is the root cause of network security problems, e.g., spooﬁng identity and address forgery. This paper proposes a secure communication method based on the message hash chain, referred to as the chain communication method or MHC method. We use the message hash chain to ensure that the transmission process is immutable, non-repudiation, reliability, and the integrity and synchronization of the message. At the same time, we can sign and authenticate data streams in batches through chain signature and authentication technology, which can signiﬁcantly reduce the overhead of signature and authentication, thereby improving the efﬁciency of secure message transmission. This paper formally proves the security of the message hash chain, conducts an in-depth analysis of the reliability of the MHC method, and conducts relevant experimental tests. The results show that the average transmission efﬁciency of the MHC method applied at the network layer is about 70% lower than that of the IP protocol communication method without a security mechanism. However, it is about 5% higher than the average transmission efﬁciency of the non-repudiation IPSec protocol communication method. The average transmission efﬁciency of the MHC method is about 23.5 times higher than that of the IP protocol communication method with the packet-by-packet signature. It is easier to ensure the non-repudiation of the data stream.


Introduction
Nowadays, network communication applications are ubiquitous, causing various security problems. The data receiver wants to get all the data content sent by the sender and wants the data to be complete, authentic, and non-repudiation. At the beginning of the design of the existing network communication methods, the focus is only on data transmission connectivity, while data transmission security is ignored. This design fundamentally lacks endogenous security mechanisms and is also the root cause of security problems such as identity spoofing, address forgery, route hijacking, and denial of service in cyberspace. Moreover, the weak association between each message in the data stream leads to low reliability of the transmission process.
Traditional network communication methods do not have endogenous security mechanisms such as data integrity verification, making the transmitted content easy to be tampered with and forged, making it difficult to trace the source of the attack and the attacker's identity. To solve such security problems, the IPSec [1] (IP Security) security suite of the network layer is mainly used to perform integrity verification, data encryption, and data source authentication on the transmitted IP datagrams. Nevertheless, IPSec can usually only solve local problems on a regional scale. In particular, implementing IPSec technology is relatively complex, requiring two stages of negotiation before data transmission. The time and computing resources consumed by each step of the negotiation process are rather significant [2], necessarily leading to the problem of poor deployability.

1.
The MHC method adopts a new chain transmission method to ensure the nontampering, non-repudiation, and higher reliability requirements of multiple messages. The main idea is to iteratively hash the digest of the transmitted message to form a hash chain about the message sequence. The two communicating parties can ensure the integrity, immutability, and synchronization of the message sequence through the hash chain, thereby effectively guaranteeing the security of message transmission.

2.
When performing data signature and authentication, both parties only need to perform signature authentication on messages at certain intervals and do not need to complete it on each message. In this way, the authenticity and non-repudiation of all previously transmitted messages can be ensured, the overhead of signature authentication is reduced, and the efficiency of secure message transmission is greatly improved. 3.
Using the sequence number and node value of the message hash chain of the MHC method can provide anti-protection against replays and ensure reliability.

Related Works
The method proposed by Lamport is to encrypt the password through the hash function many times iteratively, and the verifier can verify the entire ciphertext sequence through the result of the latest encryption.
Based on Lamport, Chung et al. [11] proposed the star chaining technique and tree chaining technique. The star chaining technique can verify each packet individually and can tolerate any degree of packet loss. The tree chaining technique can be regarded as a multilayer star chaining technique. Although this scheme can achieve a smaller communication load than a star hash chain, it disadvantages sender delay, buffering of packets before sending, and less payload.
Golle [12] proposes a hash chain with high performance and a high proportion of payload, but its biggest flaw is that it cannot avoid the risk of chain disconnection caused by too many packets contained in the chain.
Liu [13] proposed a hash pre-streaming data signature scheme. The basic idea is to divide a long sequence into m subsequences and use the hash pre-streaming data signature scheme to sign the first packet of the m subsequences. At the same time, a buffer dedicated to storing the hash values and signatures of the n packets in the subsequence is added to the server.
Zhang et al. [14] proposed a butterfly-graph-based stream authentication scheme with advantages in payload, packet authentication probability, and packet loss tolerance. However, compared with other structures of hash chains, this method needs to run the hash function many times, making it less efficient.
Miller et al. [15] improved the scheme proposed by Zhang. Although the security of the hash chain and the probability of data packet authentication were strengthened on the original basis, the complex structure led to a further decrease in its operating efficiency.
The authentication protocol based on hash chain proposed by Liu [16] can calculate a continuous hash chain by performing multiple hash function calculations on the hash value of the data payload. Although the biggest feature of this authentication protocol is that it can resist replay attacks, it still cannot guarantee the non-repudiation of each packet.
Huang et al. [17] used different hash functions to iterate keys multiple times and finally got a hash chain authentication scheme for message integrity verification. Still, this scheme's order of hash functions needs to be kept secret.
References [18,19] propose self-updating hash chains and optimized tree hashing, respectively. These two hash chain structures optimize the security and packet loss tolerance on the original basis. Still, the overall operating efficiency is not much different or even slightly insufficient from the original structure.
The concept of "hash chain" is currently widely studied in application fields such as the Internet of Things, autonomous driving protocols, data security, and lightweight transmission protocols. Hakeem et al. proposed a hash chain-based V2X security protocol and a key generation and management protocol at [20,21]. The primary method uses the hash function to iterate the generated key many times, which realizes the highly secure message authentication in the V2X device at a low cost. At the same time, it can solve the key update problem of remote WAN and can resist key leakage attacks and replay attacks. Huang et al. [22] proposed a hash chain-based data availability monitoring method, which applies the hash chain to the distributed system to solve the data consistency problem in the system. Kim et al. [23] proposed a lightweight authentication scheme applied to military networks. This scheme combines the hash chain with the one-time password, which ensures the integrity of the transmission content and reduces the network transactions of transmission. Luo et al. [24] improved the blockchain consensus algorithm by using the hash chain to realize the recording and verification of blocks.

Notation and Meaning
The notation involved in this paper and their corresponding meanings are shown in Table 1.

Message Hash Chain Communication Model
The MHC method is not only for a specific layer in the TCP/IP network model but also for each message in the data flow, which can be applied to any logical layer. The structure diagram of the chain communication model is shown in Figure 1. The MHC method adds the message sequence number (Sequence) and the node value of the message hash chain fields. The sequence is used to provide the reliability of the transmission process, and the node value of the message hash chain is used to verify the message. Its construction process is described in detail in Section 4. Table 1. Notation and meaning.

Notation
Meaning The ith message of message transmission sequence.

HC i
The ith node value of the message hash chain constructed by the sender is sent to the communication peer together with the payload and needs to be verified.

HC i
The ith node value of the message hash chain constructed by the receiver is used to compare with the received message hash chain. m i The content of the ith message sent by the sender.
Key pair in the asymmetric digital signature.
Sig(ek, HC i ) Based on its ek, the sender uses an asymmetric encryption algorithm to calculate the signature s i of HC i .

Ver(dk, s i )
The receiver verifies the signature s i against the sender's publickey.  The chain communication model mainly includes the sender constructing the message hash chain and the receiver verifying the message hash chain during the interaction between the two communicating parties. The specific processing procedures of the sender and receiver are as follows.

1.
The sender first determines the src(source address), dst(destination address), and other(other fields of the header) of the sent message, and then the header information hdr i = (src, dst, other) can be obtained. The expression of the message m i that the sender needs to send in the MHC method is where payload i is the payload of m i . The sender needs to obtain the message hash chain from src to dst locally and record the message hash chain as HC(src, dst). According to the m i and the tail node HC(src, dst) i−1 of the message hash chain, the latest node HC(src, dst) i−1 of the message hash chain is constructed, i.e., the node value HC(src, dst) i = h(h(m i )||HC(src, dst) i − 1) of message hash chain corresponding to the message m i . At the same time, HC i−1 is updated to the intermediate node of this message hash chain, and HC i is updated to the tail node of the chain of this message hash chain. The sender sends the message p i = (m i , seq i , HC i ) to the receiver according to dst, where seq i is the sequence.

2.
After receiving the p i , the receiver verifies the node value of the message hash chain. Record the receiver's message hash chain as HC (src, dst). The receiver calculates a node value HC (src, dst) i = h(h(m i )||HC (src, dst) i−1 ) to be verified in the message hash chain between src and dst through the construction method of the message hash chain, where HC (src, dst) i−1 is the tail node of the message hash chain constructed by the receiver. Next, the receiver verifies whether HC(src, dst) i = HC (src, dst) i holds. If so, the The receiver's verification of p i ends successfully and updates HC (src, dst) i−1 to the intermediate node of the message hash chain and HC (src, dst) i to the tail node of the message hash chain. Otherwise, the receiver's verification of p i is unsuccessful and must to discard the p i and report an error.

Message Structure
The MHC method forms a message hash chain from unrelated data packets. The receiver can use the node value of the message hash chain to verify the integrity of the current message content and ensure the immutability of the data stream. When the receiver is affirming the packet, the verification succeeds only if the value calculated by using the digest of the previous message and the node value of the message hash chain is equal to the node value of the chain carried in the message. The node value of the chain corresponding to each message in the data flow constitutes a message hash chain, as shown in Figure 2. Through this message structure, the integrity of the message can be verified, but the reliability of the transmission process can be improved.

Construction Method of Message Hash Chain
Two communicating parties, A and B, communicate, and sender A transmits the message stream P = p 1 , p 2 , · · ·, p n , n ∈ N * to receiver B. The structure of each message is p i = (m i , seq i , HC i ). Where m i is the content of the message sent by sender A in sequence, seq i is the sequence number of the message, and HC i is the result calculated by sender A according to m i and the tail node HC i−1 of the message hash chain by the constructing method of the chain. When receiver B receives p i , it also needs to use m i and the local tail node HC i−1 of the message hash chain to calculate the HC i for verification.
The construction method of the message hash chain is shown in Figure 3. The communication node needs to calculate the first node value HC 1 of the message hash chain according to the first message m 1 , obtained by performing two hash function calculations on m 1 . After that, each message needs to calculate a digest using a hash function and then splice this digest with the tail node of the message hash chain to calculate the corresponding node value of the chain.
The last node of each message hash chain is called the tail node, and the other nodes are called the intermediate nodes. The sender updates the node of the message hash chain corresponding to the latest sequentially sent message to a tail node and updates the original tail node to an intermediate node. The receiver verifies the messages in sequence and uses the successfully verified messages to construct a node of the message hash chain. Update this newly constructed node to the tail and the previous tail node to the intermediate nodes. The iterative process of the message hash chain node is shown in Algorithm 1. The parameters used in Algorithm 1 are described below: • Get_address: The role of the Get_address function is to obtain the source and destination addresses from the message header. • Match_HC_lnode: Match the message hash chain between two addresses.

Algorithm 1 HC_Iteration
Input: Header content, payload, node value of the message hash chain. Output: A new node value of the chain. The message hash chain construction algorithm is shown in Algorithm 2.

Algorithm 2
The construction process of the message hash chain 1: HC_lnode = "" 2: for MQueue is not empty do 3: payload ← MQueue.poll

4:
HC_lnode ← HC_Iteration(hdr, payload, HC_lnode) 5: end for The two communicating parties update the message hash chain every time they construct a message hash chain node. At a specific time t, a message hash chain node of m i is constructed, then the complete message hash chain expression at time t is as following: (2)

Sequence Number
The MHC method needs to add a sequence field to ensure the reliability of the transmission process. According to the position of the sequence number, when the node value of the message hash chain is calculated, there are two ways to calculate the chain. The first way is that the sequence number seq i can be included in the message header hdr i , and the node value HC i of message hash chain is obtained by MHC calculation. In this way, the non-repudiation of the sequence field can be guaranteed, but it will cause difficulties when tracing the message's contents. The message hash chain expression constructed in this way is the following: The second way is to concatenate the digest of the sequence number and the message's digest to construct the message's node value of the message hash chain. This way ensures that the message and sequence cannot be tampered with, and makes it easier to trace the message's content. Therefore, it is recommended to use the second way when constructing the node value of the message hash chain. The expression of the node value of the message hash chain constructed in this way is the following:

General Chain Synchronization Mechanism
In order to solve the problem of locating the error and re-request and verifying the message when the message hash chain verification or signature verification fails in the MHC method, we propose a communication synchronization mechanism, referred to as the chain synchronization mechanism. The MHC method uses this mechanism to maintain the consistency of the message hash chain of both parties. Two communicating nodes are communicating via the MHC method, A sending data stream P = p 1 , p 2 , . . . , p n to B. Note that the message hash chain constructed by the sender is HC, and the chain constructed by the receiver is HC . Whenever a message p δ = (m δ , seq δ , HC δ ) satisfy HC δ = h(h(m δ )||HC (δ − 1)) during verification, its content is wrong, and the receiver needs to re-request this message from the sender. On the contrary, the receiver can successfully verify the p δ and continue to verify p δ+1 .

Chain Synchronization Mechanism Based on Signature Confirmation
Assuming that the interval between the chain signatures of two communication nodes is d, the sequence numbers seq α and seq β corresponding to the two chain signatures s α and s β should satisfy β = α + d. If ∃δ, α < δ < β, starting from p δ , the attacker can use the algorithm Attack to tamper with the content of the message and make it successfully pass the receiver's message hash chain verification (it is challenging for the attacker to do this). Subsequently, the message tampered with by algorithm Attack is recorded as p * δ = (m * δ , HC * δ ), and the message hash chain constructed by the receiver according to HC * δ , HC * δ+1 , . . . , HC * β−1 is recorded as HC (Attack). When the sender reaches the signature interval (or actively signs the chain as needed), the receiver must verify p β = (m β , HC β , s β ), satisfying as the following: Then the receiver needs to re-request p α+1 , p α+2 , . . . , p β−1 , and the receiver's message hash chain needs to be reconstructed from HC α .

Chain Signature
We improved the chain signature scheme previously proposed in [25] to achieve higher security and efficiency. By Section 7, the (Gen, Sig, Ver) scheme is an additional option of the (MHC, Gen, Sig, Ver) scheme, enabling the MHC method to guarantee the authenticity and non-repudiation of data. In this way, the (MHC, Gen, Sig, Ver) scheme can verify all previous messages with only one signature, dramatically improving signature and authentication efficiency. Suppose there is a message m δ = (hdr δ , payload δ ), and its corresponding message hash chain node at the sender is HC δ . If the sender reaches the signature interval or chain-signatures the message as required, the signature s δ = Sig(ek, HC δ ) must be calculated first, and then the encapsulated message p δ = (m δ , HC δ , s δ ) is sent to the receiver. Suppose the receiver can successfully verify the node value and signature of the message hash chain in the p δ in turn, i.e., in that case, the receiver can satisfy the equations HC δ = HC δ and Ver(dk, s δ ) when verifying the p δ , and it can guarantee the non-repudiation of all previously transmitted messages.

Chain Signature Process
Algorithm 3 shows the process of chain signature for both parties in communication. The messages transmitted by the two communicating parties include messages with a signature and those without a signature, and the chain signature interval is d. In the process, the communication node constructs the message hash chain and transmits the messages synchronously, e.g., the node encapsulates the m δ and HC δ constructed according to the m δ into a message p δ and sends it to the destination. For the security of the message hash chain, the sender will chain-sign the message when the signature counter reaches d or when necessary, e.g., after the sender signs HC δ , it only needs to sign HC δ+d next time. The structure of a message with a signature is p i = (m i , seq i , HC i , s i ), and a message without a signature is p j = (m j , seq j , HC j ). The process of the sender encapsulating the messages shown in Algorithm 3. The parameters used in Algorithm 3 are described below: 1: According to the content of the message, the payload and the tail node of the message hash chain, a node value HC_node ← HC_Iteration(hdr, payload, HC_lnode) of the chain is generated. 2: The sender inserts HC_node at the end of the message hash chain. 3: The sender updates message hash chain tail node HC_lnode = HC_node. 4: if cur_interval < Sig_interval then 5: The sender encapsulates the header p ← EnPkt(hdr, payload, HC_node). 6: else 7: The sender computes the signature s ← Sig(ek src , HC_node). 8: p ← EnPkt(hdr, payload, HC_node, s) 9: end if 10: return p

Chain Authentication Process
Algorithm 4 shows the process of chain authentication of the message by the receiver. For messages without a signature, the receiver needs first to determine whether the sequence number of the messages is legal and then authenticate the node value of the message hash chain of the messages. For messages with a signature, the receiver needs to authenticate the signature and verify the sequence number of the messages and the node value of the message hash chain. The parameters used in Algorithm 4 are described below: if Ver(dk src , s) = TRUE then 8: return -2. # A value of "-2" indicates an error in signature verification. 9: end if 10: else 11: HC_ver_node ← HC_Iteration(hdr, payload, HC_lnode).

12:
if HC_ver_node == HC_pkt_node then 13: The sender inserts HC_ver_node at the end of the message hash chain and updates message hash chain tail node HC_lnode = HC_ver_node. 14: return 0.# A value of "0" indicates that the authentication of the message is successful. 15: else 16: return -3.# A value of "-3" indicates an error in message hash chain verification. 17: end if 18: end if

Safety Analysis
The necessary definitions for proving the security of the message hash chain are given below.

Definition 1.
If there is always a µ 0 for all e such that ε(µ) < 1 µ e when µ > µ 0 , then ε(µ) is said to be a negligible value with µ as the parameter.

Definition 2.
Note that H is the set of all hash functions, and h is a hash function. If h can find a, b, a = b, h(a) = h(b) in polynomial time, then it is considered that h will have a hash collision. For ∀h ∈ H, if the probability of hash collision in h is equal to ε(µ), i.e., the probability of hash collision in h is negligible, then H is a non-collision hash function set.  After receiving the sequence p i , p i+1 , . . . , p i+q and the HC i , HC i+1 , . . . , HC i+q encapsulated in it, the receiver also constructs a message hash chain node MHC(m i , m i+1 , . . . , m i+q ) = HC i , HC i+1 , . . . , HC i+q for the received sequence through MHC, and there is ∀δ, Theorem 1. The messages between two messages authenticated by chain signature also have authenticity and non-repudiation.
(Gen, Sig, Ver) is a secure digital signature scheme, h is a known hash function, and the probability of hash collision at h is less than ε(µ), i.e., h is a non-collision hash function. In this case, if the digital signatures of p α and p β can be verified successfully and satisfy α < α + 1 < β, then ∀δ, α < δ < β, p δ can verify their authenticity and non-repudiation through massage hash chain verification.
Proof of Theorem 1. It is assumed that the message hash chain verification scheme (MHC, Gen, Sig, Ver) is insecure. This means that under the condition that (Gen, Sig, Ver) is a secure digital signature scheme and h is a non-collision hash function, the message hash chain verification cannot guarantee the authenticity and non-repudiation of the message sequence, which message sequence between the message p α and the message p β that can be successfully verified by (Gen, Sig, Ver). Then there is an attacker who uses algorithm ATTCK to forge the (MHC, Gen, Sig, Ver) scheme, and obtains the signature sequence S (1) , S (2) , . . . , S (k) transmitted by the victim and the message hash chain node value sequence HC (1) , HC (2) , . . . , HC (k) according to the victim's dk, where S (t) = s Specifically, algorithm ATTCK uses Gen to generate a pair of (ek ATTCK , dk ATTCK ), and then uses MHC to construct the message hash chain nodes HC * 1 , HC * 2 , . . . , HC * l of all message sequences m 1 , m 2 , . . . , m l . Finally, encapsulate them into the message sequence p 1 , p 2 , . . . , p l of the message hash chain, and sign p 1 , p 2 , . . . , p l with ek ATTCK . The final output of algorithm ATTCK is S * / ∈ S (x) and HC * / ∈ HC (y) . According to the assumptions, the signed and verified messages satisfy Sig(ek, p ζ , p η ) = s ζ , s η and Ver(dk, s ζ , s η ) = 1, 1 < ζ < η < r. For ∀δ, ζ < δ < η, p δ only uses the message hash chain verification instead of the digital signature verification. Although the attacker cannot forge ek in s ζ = Sig(ek, p ζ ), it can forge its p ζ as p * ζ = (m ζ , HC * ζ ). From p ζ = (m ζ , HC ζ ) = (m ζ , h(h(m ζ )||HC ζ−1 )), the following two situations will inevitably occur.
In summary, the null hypothesis does not hold. It means that under the condition that (Gen, Sig, Ver) is a secure digital signature scheme and h is a non-collision hash function, the message hash chain verification scheme (MHC, Gen, Sig, Ver) is secure. Therefore, the authenticity and non-repudiation of the data flow between two digital signature intervals can be ensured by using the message hash chain verification.

Theorem 2. Through the chain signature and authentication of a message, all messages in the previous sequence of this message can be verified
Under the same conditions as Theorem 1, the receiver verifies the digital signature of a message p α in the data stream. If ∀δ, 0 < δ < α, then p δ can judge its own authenticity and non-repudiation according to the correctness of p α 's digital signature.

Proof of Theorem 2.
There is a sequence p 1 , p 2 , . . . , p k , the sender will sign the p k , and the receiver will verify the signature. Suppose there is an attacker who can use algorithm ATTCK to forge the node value of the message hash chain. This means that for the message hash chain sequences HC = HC 1 , HC 2 , . . . , HC k and HC = HC 1 , HC 2 , . . . , HC k constructed by m 1 , m 2 , . . . , m k , the algorithm ATTCK can output the forged message hash chain node sequence HC * = HC * 1 , HC * 2 , . . . , HC * k according to m 1 , m 2 , . . . , m k , and make HC * = HC. In the absence of an attacker, when the receiver receives the p k = (m k , HC k , s k ), the verification of the signature must satisfy Ver(dk, s k ) = 1. If algorithm ATTCK can output s * k = Sig(ek ATTCK , HC * k ) to satisfy Ver(dk, s * k ) = 1, then it means that algorithm ATTCK can forge scheme (Gen, Sig, Ver), but this obviously contradicts the assumption. This shows that if p k can be verified by digital signature, then p 1 , p 2 , . . . , p k−1 also has authenticity and non-repudiation; otherwise, p 1 , p 2 , . . . , p k−1 do not have authenticity and non-repudiation.

Reliability Analysis
It is necessary to set the sequence number in the MHC method because the node values of the message hash chain should be calculated in strict order when constructing the chain. The difference between the sequence number contained in the message hash chain and that contained in IPSec is that the sequence number field is an optional field in IPSec, which is mainly used to provide anti replay services, while the sequence number field of MHC method is a necessary field, and each node of the message hash chain needs to be constructed according to the sequence number. After IPSec establishes a SA for the first time or the SA reaches its life cycle to renegotiate parameters, it will clear the sequence number stored in the SA, and then incrementally count each message. The sequence number of the message hash chain inherits the previous changes and is not cleared, and the verification of each message must verify whether the sequence number changes incrementally in sequence. The reliability of message hash chain is mainly reflected in that the communication receiver should not only compare the sequence number to judge whether it is increased in order, but also verify the integrity, authenticity and nonrepudiation of the whole message through the (MHC, Gen, Sig, Ver) scheme, and complete packet loss retransmission, chain synchronization and timely error detection through the sequence number.

Packet Loss Retransmission
If there is a data stream communication between the two communicating parties through the MHC method, the data stream P = p 1 , p 2 , . . . , p n sent by A to B, each packet is The message hash chain constructed by the sender is HC, and the chain constructed by the receiver is HC . Under the condition that the network has the possibility of packet loss, the following two situations must occur:

1.
At least, there is a possibility that it is greater than ε/2, and the P received by B arrives in order, then the message hash chain HC i = h(h(m i ||HC i−1 )) constructed by B through P satisfies HC = HC .

2.
At least, there is a possibility that it is greater than ε/2, and the data stream received by B may arrive out of sequence or lose packets. Assume that at a certain time t 0 , the sequence number corresponding to the sender's tail node is seq j , and the sequence number corresponding to the tail node used by the receiver for verification is seq k , k < j. At this time, if the sender sends a new message p δ to reach B, and its corresponding sequence number seq δ > seq k + 1, then set the message retention time t s for p δ . Subsequently, at time t 1 , where t 0 < t 1 < t 0 + t s , if the message hash chain of the p δ has not been successfully verified, the p δ will be discarded, and the sender will request the following message corresponding to the sequence number of the current tail node of the chain. In contrast, if the chain of the p δ can be successfully verified and the corresponding message hash chain is constructed at the receiver, the verification of the message corresponding to the last sequence number is continued.

Error Detection and Correction
The error detection function of the MHC method mainly uses the chain signature and chain synchronization mechanism to verify the message's integrity, authenticity, and non-repudiation in real-time by comparing the node values of the message hash chain in real-time and signing and authenticating the chain at intervals. If the attacker tampers or forges any message content, the verification of the node value and signature of the message chain will fail. Both communicating parties should re-request the message with verification error within a limited time to ensure that the data flow can achieve higher reliability or disable the illegal message sender to reduce network security risk.

Experimental Environment
The experiment uses C language to realize the MHC method of the network layer, and the experimental code runs on multiple PCs. The experiment uses the MHC method to set up the sender and receiver of network-layer data transmission. The PC configuration is Intel ® Core™ i7-10875H CPU @ 2.30 GHz and 16 GB RAM. The TCP protocol of the transport layer does not contain additional settings, and its protocol header length is 20 B. The experiment compared the network layer's MHC method with the network layer's communication method using the traditional IP protocol, the AH protocol, and the ESP protocol of IPSec. The MHC method uses the SHA256 algorithm as the primary hash function, while the IPSec uses the HMAC-SHA1-96 algorithm as the hash function used to calculate the HMAC. The asymmetric encryption algorithm in the (MHC, Gen, Sig, Ver) scheme is the RSA-2048 algorithm.

Efficiency Comparison of Several Communication Methods
In order to test the transmission efficiency of the MHC method, the experiment compared the efficiency of the network layer using the traditional IP protocol, the AH protocol, and the ESP protocol of IPSec with the method. At the same time, the communication method of IP protocol, which is signed and authenticated packet by packet to ensure data non-repudiation, is compared with the transmission efficiency of several other communication methods. The experiment set up five groups of test subjects. The transport layer of each group of experiments uses the TCP protocol. The network layer uses the IP protocol, the IP protocol with packet-by-packet signature and authentication, the AH protocol, the ESP protocol of IPSec, and the MHC method. We recorded the average number of messages transmitted by five groups of subjects in 2 min, 5 min, 10 min, 30 min, and 60 min, and the number of those in each group was the average of ten tests. The throughout capacity is then calculated based on the average amount of data transferred per group. Finally, the estimated throughout capacity is used as the standard to measure the transmission efficiency, and the efficiency of several groups of experimental objects is compared. The relevant information of the experiment is shown in Table 2.
Throughout capacity = Average data transmission Transmission time . Among them, the AH protocol test group uses the transmission mode, and the identity authentication method uses certificate authentication. The life cycle of the first stage negotiation is 86,400 s, and the life cycle of the second stage negotiation is 120 s. AHH represents the AH protocol header, with a length of about 24 B; The ESP protocol test group also uses the transmission mode, and the identity authentication method uses certificate authentication. The life cycles of the first and second stages of negotiation are 86,400 s and 120 s, respectively. It is set to only verify the integrity of the message. ESP represents the ESP protocol header, with a length of about 24 B; The MHC method test group set its signature interval to 1000, and the other experimental settings are consistent with those in 6.2. The experimental test results are shown in Table 3.
The AH protocol experimental group uses the transmission mode, and the identity authentication method uses certificate authentication. The life cycle of the first-phase negotiation is 86,400 s, and the life cycle of the second-phase negotiation is 120 s. The ESP protocol experimental group maintains the same settings as the AH protocol experimental group, and at the same time, it only performs integrity verification on messages. The MHC method experimental group set the signature interval to 1000. MTU in Table 2 is the maximum transmission unit, and its length is 1500 B. TCPH is the TCP header, whose length is 20 B, while IPH is the IP header, the length is 20 B. MHCH is the MHC header, including the sequence number length of 4 B, the remaining fields of about 4 B, and the node value of the message hash chain length of 32 B, with a total length of 40 B. Finally, AHH is the AH protocol header with about 24 B, and ESPH is the ESP protocol header with about 24 B. The experimental results are shown in Table 3.  Figure 4 shows the comparison of the experimental results of the five groups of experiments. The results show that the transmission method whose network layer is IP protocol has the highest average transmission efficiency, and the average throughout capacity can reach more than about 400 Mbps. However, it has no additional security means and is prone to network attacks. Under the condition that only the transmission integrity is guaranteed, the average throughout capacity of the communication methods of the AH protocol and the ESP protocol is the same. The average throughout capacity of the MHC method is about 5% higher than that of the communication methods of the AH and the ESP protocols. The reason is that the MHC method directly uses the message hash chain for data authentication, and reduces the overhead of signature and verification through chain signature and authentication technology. However, the AH and ESP protocols require a two-stage key negotiation process before transmission. These two protocols renegotiate new parameters before the end of the life cycle of the second stage. At the same time, the negotiation process is expensive, and the processing speed of the messages is not significantly improved compared with the MHC method. After the negotiation is completed, these two communication methods have a slightly lower average throughout capacity than the MHC method. In unit time, the average throughout capacity of the MHC method is 4.96% higher than that of the AH protocol communication method and 5.70% higher than that of the ESP protocol communication method. Finally, under the condition that the transport layer is the TCP protocol, the average throughout capacity of the MHC method is about 23.5 times higher than that of the IP protocol and the packet-by-packet signature authentication method.
We also compared the transmission efficiency of the AH protocol communication method and the MHC method by recording the time it takes for both parties to transmit fixed-length data. We did not use the ESP protocol as a comparison object because the AH protocol has no encryption function and fewer irrelevant fields, making it easier to compare the transmission efficiency with the MHC method. Therefore, it is better to use the AH protocol as a comparison object instead of the ESP protocol. The experimental conditions were kept consistent with the above experimental conditions. In particular, the life cycle of the SA in the AH protocol's first stage is 86,400 s, and that of the SA in the second stage is set, respectively, at 2 min, 5 min, 10 min, and 60 min. In the experiment, the lengths of the data transmitted by the two communicating parties, respectively, were 1 G, 5 G, 10 G, and 50 G. The average value of five experiments is used to record the experimental results of each group. The experimental results are shown in Table 4. The SA established by the AH protocol needs to set the life cycle and renegotiate and update the SA policy parameters before the end of the cycle. The shorter the life cycle, the higher the security of the parameters, but the negotiation process will affect the transmission efficiency. It can be seen from the test results shown in Table 4 that, under the above experimental conditions, the time used to transmit data of the same length in the MHC mode is shorter than that in the AH protocol communication mode. By calculating the average throughput of each test group, we found that the MHC method was more efficient than the AH protocol in each comparison group, and the larger the transmitted data, the more pronounced the gap. Specifically, taking the AH protocol communication method with a life cycle of 2 min as an example, when transmitting data with a length of 1G, the average throughput of the MHC method is 2.79% higher than the average throughput of the AH protocol, but when transmitting data with a length of 50G, this ratio increases to 5.77%.

Comparison and Analysis of Security Properties of Several Existing Schemes
In order to illustrate the security properties and efficiency of this scheme, this paper compares the chain network transmission mode using the MHC protocol at the network layer with the transmission mode using the IP protocol, IPSec protocol, and other existing schemes at the network layer. The differences in several security properties are shown in Table 5. Medium [12] Higher [13] Medium [15] Lower [16] Higher Low MHC High Higher 1 Sign and authenticate IP datagram packet by packet.
The IP protocol without a security mechanism has the highest transmission efficiency, but it does not have any security properties, which is easy to cause network attacks. After the IP protocol is signed and authenticated packet by packet, although the security of its transmission is improved, it also dramatically reduces the transmission efficiency. Both the AH protocol and ESP protocol of IPSec can ensure the integrity, non-tampering, and certain reliability of the messages, and the ESP protocol can also ensure the confidentiality of the messages. However, these two protocols cannot guarantee the non-repudiation of messages during the transmission process and are vulnerable to denial attacks by both parties. The rest of the schemes improve application-layer communication methods or use different hash chain structures and signature methods to improve security. Although the star-shaped and tree-shaped hash chain structure in the [11] can ensure that a signature can verify the child nodes under each tree, it cannot process packet loss data. The hash chain structure in the [12] improves the transmission efficiency, but it still cannot adapt to the network with the possibility of packet loss. The method in [13] caches the data, calculates its hash value, and then places the hash value in the message to be sent before verifying the later content with the previous content. This method needs to know the content of the entire transmission before transmission, which reduces the transmission efficiency and does not have security mechanisms such as reliability and confidentiality. The improved butterfly hash chain proposed in [15] has a complex structure, resulting in low transmission efficiency. The method in [16] is improved for the Modbus/TCP protocol at the application layer. It guarantees the confidentiality of the protocol through symmetric encryption and digital signature and can resist replay attacks by using a synchronization mechanism and a one-way guarantee scheme of a hash function. However, it still signs and authenticates each packet, resulting in low transmission efficiency. The MHC method ensures the integrity and immutability of the transmitted message through the hash chain. It uses the chain signature technology to realize the batch signature and authentication of the message stream, significantly reducing the overhead of signature and authentication. According to the characteristics that the message hash chain needs to be calculated, we designs the packet loss retransmission and chain synchronization mechanism to ensure the protocol's reliability and synchronization. It has the security properties of traceability and confidentiality.

Conclusions
The MHC method improves the traditional IP protocol. Using the improved MHC method to replace the traditional IP protocol can ensure that the network layer transmission has a security and reliability mechanism and the traceability of the message. The message hash chain can ensure the integrity, immutability, and synchronization of the transmitted data. At the same time, the use of chain signature and authentication technology can significantly reduce the overhead of signature authentication and improve the efficiency of secure transmission of message sequences. The MHC method has higher requirements on the reliability of the transmission process, so we design packet loss retransmission, error detection and correction, and chain synchronization for the communication process. Finally, the experimental results show that the MHC method adds an endogenous authentication mechanism and a reliable mechanism compared with the traditional transmission model without an authentication mechanism in the general software implementation. The MHC method can guarantee the non-repudiation of all previous messages through one signature. The transmission efficiency of the method is higher than that of the AH protocol and the ESP protocol of IPSec. Under the condition of ensuring the confidentiality of the transmitted message, the method has higher transmission efficiency than the ESP protocol. The method can make the transmission process more reliable and provide chain synchronization services for the transmission process.
In the future, we will further explore the impact of different hash functions and cryptographic algorithms on the efficiency and security of MHC methods. At the same time, we will also improve the network protocol stack based on the MHC method and try to implement the chip-level MHC method. Applying the MHC method to broadcast, Internet of Vehicles, aerospace, and other application scenarios is also the focus of our subsequent work.