Research of Security Routing Protocol for UAV Communication Network Based on AODV

: With the rapid development of information technology and the increasing application of UAV in various ﬁelds, the security problems of unmanned aerial vehicle (UAV) communication network have become increasingly prominent. It has become an important scientiﬁc challenge to design a routing protocol that can provide e ﬃ cient and reliable node to node packet transmission. In this paper, an e ﬃ cient Digital Signature algorithm based on the elliptic curve cryptosystem is applied to routing protocol, and an improved security method suitable for on-demand routing protocol is proposed. The UAV communication network was simulated through the NS2 simulation platform, and the execution e ﬃ ciency and safety of the improved routing protocol were analyzed. In the simulation experiment, the routing protocols of ad-hoc on demand distance vector (AODV), security ad-hoc on demand distance vector (SAODV), and improved security ad-hoc on demand distance vector (ISAODV) are compared in terms of the performance indicators of packet delivery rate, throughput, and end-to-end delay under normal conditions and when attacked by malicious nodes. The simulation results show that the improved routing protocol can e ﬀ ectively improve the security of the UAV communication network.

Shounak et al. [25] proposed a secure protocol based on an optimization algorithm, Monarch-Earthworm Algorithm (Monarch-EWA), which is the modification of the Monarch Butterfly algorithm using the Earthworm Optimization Algorithm (EWA) in order to render effective security to the network. Alouache et al. [26] researched, compared, and classified enhanced vehicle routing protocols with different security mechanisms, including authentication, integrity, confidentiality, non-repudiation, and availability of data and communications. Liu et al. [27] proposed a trust detection-based secured routing (TDSR) scheme to establish security routes from source nodes to the data center under malicious environment to ensure network security. Neumann et al. [28] presented the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. Kavitha et al. [29] proposed the framework that deals with the security flaws through hyper elliptic curve based public key cryptosystem, which combines Digital Signature Algorithm (DSA), ElGamal approaches that ensure the entity authentication, and secure group communication.
The UAV information transmission is a complex task. It is important to design a routing protocol that can provide efficient and reliable node to node packet transmission. In this paper, an efficient digital signature algorithm based on elliptic curve cryptosystem is applied to routing protocol, and an improved security method suitable for on-demand routing protocol is proposed. Shounak et al. [25] proposed a secure protocol based on an optimization algorithm, Monarch-Earthworm Algorithm (Monarch-EWA), which is the modification of the Monarch Butterfly algorithm using the Earthworm Optimization Algorithm (EWA) in order to render effective security to the network. Alouache et al. [26] researched, compared, and classified enhanced vehicle routing protocols with different security mechanisms, including authentication, integrity, confidentiality, non-repudiation, and availability of data and communications. Liu et al. [27] proposed a trust detection-based secured routing (TDSR) scheme to establish security routes from source nodes to the data center under malicious environment to ensure network security. Neumann et al. [28] presented the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. Kavitha et al. [29] proposed the framework that deals with the security flaws through hyper elliptic curve based public key cryptosystem, which combines Digital Signature Algorithm (DSA), ElGamal approaches that ensure the entity authentication, and secure group communication.
The UAV information transmission is a complex task. It is important to design a routing protocol that can provide efficient and reliable node to node packet transmission. In this paper, an efficient digital signature algorithm based on elliptic curve cryptosystem is applied to routing protocol, Electronics 2020, 9,1185 3 of 17 and an improved security method suitable for on-demand routing protocol is proposed. Through the simulation of three routing protocols (AODV, SAODV and ISAODV), the performance indicators such as packet delivery rate, throughput, end-to-end delay, and routing overhead are compared and studied. The simulation results show that the performance of the ISAODV and SAODV routing protocols in terms of packet delivery rate, throughput, and routing overhead is very close to the AODV routing protocol. This shows that the ISAODV and SAODV routing protocols inherit the characteristics of the AODV routing protocol and maintain the route discovery and route maintenance capabilities of the AODV routing protocol to the greatest extent. In addition, because each node on the active path of the SAODV protocol must be authenticated and signed based on the certification authority (CA) certificate, the complexity of information transmission is much higher than that of ISAODV based on the elliptic curve cryptosystem. The ISAODV routing protocol proposed in this paper effectively reduces the complexity of the algorithm on the basis of improving network security, and provides a powerful guarantee for the security of UAV communication networks.
The remaining sections of this paper are organized as follows. Section 2 describes the principle of security AODV routing protocol. Section 3 describes the principle of improved security AODV routing protocol. Section 4 describes the simulation and numerical results, and the performance indicators such as the packet delivery rate, throughput, and end-to-end delay of the UAV communication network are compared and analyzed. Finally, Section 5 summarizes the paper.

Security AODV Routing Protocol
The SAODV protocol divides the routing message into variable part and invariant part for processing according to the characteristics of hop by hop changes in the AODV protocol. The hop number field in the routing message is a variable part, which is authenticated by a hash chain. Other fields in the routing message are invariant parts, which are authenticated by digital signature [30][31][32][33].

Authentication of Variable Parts
The SAODV protocol uses a hash chain to protect the variable part in the route request (RREQ) and route reply (RREP) messages. Hash chain is realized by repeatedly applying one-way hash function to a random number. Each node that receives a RREQ or RREP message can verify the hops field to ensure that it is not maliciously reduced by the attacker. The process of RREQ or RREP routing messages is shown in Algorithms 1. The Hash_Function, Max_Hop_Count, Top_Hash, and Hash fields are transmitted in the AODV extended message. The format definition of the extended message is shown in Figure 2. The RREQ message format of SAODV protocol is increased by 20 bytes on the basis of AODV The Hash_Function , Max_Hop_Count , Top_Hash , and Hash fields are transmitted in the AODV extended message. The format definition of the extended message is shown in Figure 2. The RREQ message format of SAODV protocol is increased by 20 bytes on the basis of AODV format.

Authentication of Invariant Parts
The SAODV protocol uses digital signatures to authenticate invariant parts of RREQ and RREP messages. The node that sends the routing message signs the invariant part of the routing message. Each node that receives the routing message verifies the signature in the message.

Intermediate Node Responds to the RREQ Message
In the AODV protocol, when the intermediate node has a sufficiently fresh route to the destination node, it is allowed to reply to the RREQ message. In order to keep this mechanism in the SAODV protocol, an additional RREP signature field is included in the RREQ message broadcast by the source node. The intermediate node uses the RREP signature field to sign the routing response message RREP on behalf of the destination node, thus ensuring that the RREP message generated by the intermediate node can be verified.
In addition, when the intermediate node generates RREP messages, the lifetime of the route changes from the original one. The RREP message generated by the intermediate node contains two lifetimes, the original one and the real one. The original lifetime is signed by the destination node, while the real lifetime is signed by the intermediate node.
In order to distinguish different SAODV signature extension messages, the routing control message with two signatures used by the intermediate node when replying to the RREQ message is called RREQ and RREP double signature extension message.

Generate RREQ Message
When the route to the destination node needs to be obtained, the node broadcasts a RREQ message. The RERQ message has a signature for the invariant part and a hash chain for the variable part. If the intermediate node is allowed to reply, the RREQ message is generated in the form of a double signature extended message with additional RREP signature fields. Otherwise, the RREQ message is generated according to the RREQ signature extension message format.

Authentication of Invariant Parts
The SAODV protocol uses digital signatures to authenticate invariant parts of RREQ and RREP messages. The node that sends the routing message signs the invariant part of the routing message. Each node that receives the routing message verifies the signature in the message.

Intermediate Node Responds to the RREQ Message
In the AODV protocol, when the intermediate node has a sufficiently fresh route to the destination node, it is allowed to reply to the RREQ message. In order to keep this mechanism in the SAODV protocol, an additional RREP signature field is included in the RREQ message broadcast by the source node. The intermediate node uses the RREP signature field to sign the routing response message RREP on behalf of the destination node, thus ensuring that the RREP message generated by the intermediate node can be verified.
In addition, when the intermediate node generates RREP messages, the lifetime of the route changes from the original one. The RREP message generated by the intermediate node contains two lifetimes, the original one and the real one. The original lifetime is signed by the destination node, while the real lifetime is signed by the intermediate node.
In order to distinguish different SAODV signature extension messages, the routing control message with two signatures used by the intermediate node when replying to the RREQ message is called RREQ and RREP double signature extension message.

Generate RREQ Message
When the route to the destination node needs to be obtained, the node broadcasts a RREQ message. The RERQ message has a signature for the invariant part and a hash chain for the variable part. If the intermediate node is allowed to reply, the RREQ message is generated in the form of a double signature extended message with additional RREP signature fields. Otherwise, the RREQ message is generated according to the RREQ signature extension message format.

Processing RREQ Message
After a node receives the RREQ message, it first determines whether it has received the message in the most recent time. If it has received, the message is discarded; otherwise, the signature and hops in the message are verified. Only when the verification is correct, the reverse path corresponding to the message will be stored.
If the RREQ message is in the double-signature extended format, the node stores the RREP signature field in the RREQ message while storing the reverse path; otherwise, the field is not stored.
The node then determines whether it is the destination node. If it is, a RREP message response is generated. If it is not, but the node meets the conditions for the intermediate node to respond to the RREQ message, and has the corresponding RREP signature field, the node generates a RREP double-signature extended message to respond to the RREQ message. Otherwise, the node performs a hash operation on the hop number field of the RREQ message and broadcasts it continuously.

Generate RREP Message
When the destination node generates the RREP message, the node fills the destination node IP address, destination node serial number, next hop node and other relevant information into the corresponding fields of the RREP message, and signs and hashes the message. The message has a signature for the invariant part and a hash chain for the variable part.
The RREP message generated by the intermediate node is in a double-signature extended format. As described in Section C, it has two more lifetimes and signature fields corresponding to the lifetimes than the RREP message in the signature extension format generated by the destination node.

Processing RREP Message
After a node receives the RREP message, it first verifies its signature and hop number fields. Only when the verification is correct, the node stores the forward path corresponding to the message; otherwise, the message is discarded.
Then, the node determines whether it is the destination node. If it is, the process of route discovery is finished. Otherwise, the RREP message is sent according to the reverse path in the routing table.

Protection of Route Error (RERR) Message
The SAODV protocol uses hop-by-hop signatures to protect all fields of the RERR message. The nodes that generate or transmit RERR messages sign it. The nodes that receive the RERR message verify it. This can ensure the integrity and resistance of the RERR message. However, because the serial number of the destination node is not signed by the corresponding node, in order to ensure the security of the protocol, when processing the RERR message, the node will not update its destination node serial number according to the RERR message.

Improved Security AODV Routing Protocol
The SAODV routing protocol is based on the RSA public key cryptosystem [34], which introduces a lot of computational overhead while enhancing security. Certificates need to be introduced to verify the public key. The verification, transmission, management, and revocation of certificates bring a lot of storage, calculation, and communication overhead. Therefore, this paper studies the improved secure AODV routing protocol, which is based on elliptic curve cryptosystem.

Elliptic Curve Cryptosystem
Elliptic curve cryptosystem (ECC) is one of the three types of public key cryptosystems that have been proved to be safe and effective so far, and is known for its high efficiency. The security of ECC is based on the intractability of elliptic curve discrete logarithm problem (ECDLP), and it has the advantages of short key, short signature, and small software implementation scale [35][36][37][38]. The elliptic curve defined on the finite field F(q) is as follows: Assuming q > 3, and 4a 3 + 27b 2 0mod q, the curve is called an elliptic curve on the finite field F(q), which can be represented as E q (a, b).

Addition Rule of Elliptic Curve
For any two points P(x 1 , y 1 ) and Q(x 2 , y 2 ) on the elliptic curve, there is a third point R(x 3 , y 3 ) = P + Q also on the elliptic curve.
When P(x 1 , y 1 ) Q(x 2 , y 2 ), Among them, a is the first-order coefficient in the elliptic curve equation.

Scalar Multiplication of Elliptic Curves
Assuming that m is an integer and G is a point on an elliptic curve, scalar multiplication can be expressed as follows:

Elliptic Curve Discrete Logarithm Problem
The security of ECC is based on the difficulty of solving the elliptic curve discrete logarithm problem (ECDLP). The difficulty of ECDLP is that it is difficult to find the integer L for the discrete points P and Q on the curve, so that LP = Q. When applying an elliptic curve to a cryptosystem, assuming that P is the public key and Q is the private key, its security is that it knows P but cannot derive Q. For a and b on a finite group, if there is a positive integer n, making a n = b, the problem of solving n = log b a is called the discrete logarithm problem on a finite group. For the discrete points P and Q on the elliptic curve, solving L makes LP = Q, which is called the elliptic curve discrete logarithm problem.
The attractive point of ECC is that its key length is shorter when the security is equal. For example, RSA uses a 1024 bit module length to obtain security, and in the elliptic curve cryptosystem, a 160 bit module length can obtain the same security. Table 1 shows the security analysis and comparison between ECC and RSA. Million instructions per second for one year (MIPS-a) in the table refers to the computer that executes 1 million instructions per second runs for one year. At present, it is considered that when the deciphering time is 1012 MIPS-a, it represents security. Compared with other public key systems such as RSA and DSA, ECC can provide better encryption strength, faster execution speed, Electronics 2020, 9, 1185 7 of 17 and shorter key length. Table 2 shows the comparison of signature length and encrypted message length when the data length to be signed and encrypted is 2000 bit and 100 bit, respectively. A short key means a reduction in computing overhead, storage space, and bandwidth requirements. Therefore, ECC is more suitable for the UAV communication network with limited resources such as bandwidth, storage capacity, and CPU computing power.

Secure Routing Scheme Based on ECC
In order to adapt to the limited resources in UAV communication network, this paper studies a secure and efficient digital signature scheme based on SAODV routing protocol. Compared with other public key systems such as RSA, DSA, elliptic curve cryptosystem (ECC) can provide better encryption strength, faster execution speed, and shorter key length.

Digital Signature Scheme Based on Elliptic Curve
It is assumed that network bandwidth resources in the network are limited, and nodes can move freely, and communicate with each other through wireless multi hop channels. The relationship between nodes in the network is also dynamic, and nodes can join or leave at any time. The wireless link between nodes is bidirectional, and the nodes within the range of each other's communication are called neighbor nodes. This scheme assumes that there is a trusted system authorization center (such as distributed certification authority system) in the network, which can verify the validity of each user's identity, and generate a self-certified public key for the user according to the user's identity and other information. Table 3 shows the symbol definition of this secure routing scheme. Table 3. Symbol definition.

Symbol Definition
The size of a finite field, which is a prime or a power of two, is about 160 bits long. E F q Elliptic curve based on finite field F q G The base point on the E F q , whose order is n, where n is a large prime (160 bits) X(G) Take the abscissa value of point G S u Private key of node u P u Public key of node u M Routing information to be signed A Node that signs routing information B Node that verifies signature S SA Private key of system CA, S SA ∈ [2, n − 2] P SA Public key of system CA, and P SA = S SA G h(·) One-way hash function The process of user U i registering with system CA is shown in Algorithms 2. It can be seen from the above process that the system CA only generates the user's public key, and the user's private key is generated by the user itself, and the user can verify the authenticity of the public key with the private key generated by itself, so the problem of secure distribution of the user's private key is avoided. After users obtain their own public and private key pairs, they can use the following process for signature and verification.

Algorithms 2 The Process of User
Select a user identity information, expressed as I i 3: Randomly select an integer x i ∈ [2, n − 2] as the random key 4: Calculate Randomly select an integer variable k i ∈ [2, n − 2] 7: Calculate the public key P i and public key evidence w i : Return {P i , w i } to user U i 9: U i generates its own private key: s i = w i + h(x i ||I i )(modn) 10: Verify the authenticity of user public key: The process of signature and verification is shown in Algorithms 3. It can be seen from the above signature scheme that the public key of the system CA is used in the signature verification process, so that the signature verification process and the validity verification of the public key are completed in one step, thereby avoiding the introduction of certificates to verify the validity of the public key. There is no need to pass certificates during the routing process, which reduces communication, calculation, and storage costs.

Algorithms 3 The Process of Signature and Verification
1: for each U i do 2: A randomly selects an integer variable k, k ∈ [2, n − 2] 3: Calculate R = k × G, r = X(R)(modq), s = k + S a × h(M||r)(modn) 4: A transmits signature (r, s) and M to B 5: the signature is valid 8: else 9: the signature is invalid 10: end if 11: end for

The Process of Routing Discovery
The routing process of the AODV routing protocol mainly relies on RREQ, RREP, and RERR to control the transmission of messages. This is also the main attack target of malicious nodes against the routing protocol. Therefore, these messages must be protected to prevent attacks such as tampering or forgery by malicious nodes. Figure 3 shows a simple network model for secure route discovery. In the path shown in the figure, the source node is S, the destination node is D, and A and B are intermediate nodes. When S has Electronics 2020, 9, 1185 9 of 17 data to send, but it has no route to the destination node or the route has expired, S randomly selects an integer X s ∈ [2, n − 2] and calculates T s = X s × G(modq) to broadcast the route request information.
control the transmission of messages. This is also the main attack target of malicious nodes against the routing protocol. Therefore, these messages must be protected to prevent attacks such as tampering or forgery by malicious nodes. Figure 3 shows a simple network model for secure route discovery. In the path shown in the figure, the source node is S, the destination node is D, and A and B are intermediate nodes. When S has data to send, but it has no route to the destination node or the route has expired, S randomly selects an integer ET is the encryption protection of the session key negotiation factor by the source node S with the public key of the destination node D.
When intermediate node A receives the routing request packet from source node S, it will perform the following processing. Among them, Hash_NC is the invariant part related to hash information in the message. RREQ_CF_Hash is the hash value calculated by the source node S according to the hop value and serial number in the routing request information. RREQ_FF_Sig s is the signature of the source node S to the invariant part. Null is the signature of the intermediate node to the invariant part. For the source node, this field is empty. E k d (T s ) is the encryption protection of the session key negotiation factor by the source node S with the public key of the destination node D.
When intermediate node A receives the routing request packet from source node S, it will perform the following processing.
Step1: According to RREQ_CF_Hash and Hash_NC, verify whether the hop value and serial number are maliciously modified.
Step2: Verify the signature RREQ_FF_Sig s of the source node with the public key of the source node S.
After the verification is successful, the reverse path to the source node is established, and the hop value is increased by 1, which means that the normal processing of RREQ is followed and the corresponding hash operation is performed. The node updates the value of RREQ_CF_Hash field, then signs the message to be forwarded with its own private key, and fills in the Null field. The node continues to broadcast the routing request message. At this time, the format of the routing request message is as follows: After receiving the routing request message, intermediate node B will perform the following operations: Step1: According to RREQ_CF_Hash and Hash_NC, verify whether the hop value and serial number are maliciously modified.
Step2: Verify the signature RREQ_FF_Sig A of the previous hop node A.
Step3: Verify the signature RREQ_FF_Sig s of the source node with the public key of the source node S.
After verification, the reverse path to the source node is also established, the hop value is increased by 1, and the corresponding hash operation is performed. The node updates the value of the RREQ_CF_Hash field, and then resigns the packet to be forwarded with its own private key and replaces the signature RREQ_FF_Sig A of the previous hop node. The node continues to broadcast this route request message, the format is as follows: After receiving the routing request packet, the destination node performs the same process, decrypts T s with its own private key after successful verification, and randomly selects an integer X d ∈ [2, n − 2] to calculate T d = X d × G(modq). According to the established reverse path, unicast route replies the message to the previous hop node B.
After receiving the message, the intermediate node also performs relevant verification first. The process is the same as the routing request process, which is not described here. Finally, the source node S receives the RREP message, and after all verifications are passed, it also decrypts T d with its own private key, and the process of route discovery ends.
After the source node and the destination node receive T d and T s , respectively, their shared session key can be calculated. The calculation process of source node S is as follows: The calculation process of destination node D is as follows: In this way, the source node S and the destination node D have the shared session key SK. In the next stage of data transmission, the efficient symmetric cryptosystem can be used to complete the secure transmission of a large number of real-time data.

The Process of Routing Maintenance
When a link is interrupted due to node movement or node energy exhaustion in the routing path, the upstream node of the link will send a routing error message (RERR) to notify the upstream node containing this path to delete the corresponding routing table entry. In order to prevent malicious nodes from publishing false routing error information by forging RERR messages, it is necessary to perform identity authentication on the nodes that send RERR messages. Therefore, the intermediate node must sign the RERR message with its own private key. Assume that in Figure 3, the link between nodes A and B is interrupted, and node A will send a routing error message along the reverse path to notify source node S to delete the corresponding routing table entry.
After receiving the routing error message, the upstream node authenticates the source node of the message. Only after the source node of RERR message is authenticated can the corresponding routing table entries be deleted from the routing table. This prevents the illegal node from destroying the network operation by forging the RERR message.

Simulation and Numerical Results
In this paper, the network simulation software NS2 with an open source code and good scalability is used to build a network simulation platform, and the effectiveness of the proposed secure routing scheme is verified through simulation and evaluation. Table 4 shows the simulation parameters setting of the UAV communication network based on NS2. In this paper, the UAV communication network is arranged in a geographical range of 1000 m × 1000 m. The UAV uses a random waypoint model and the data rate is set to 1 Mbps. The MAC protocol adopts 802.11 b protocol. The CBR source generates four packets per second, and the size of each packet is 512 bytes. Each simulation time is 300 s. The UAV communication network has the characteristics of open channel, dynamic topology, no center authorization, distributed cooperation, and limited bandwidth. It adopts the form of dynamic network to complete the interconnection of the internal members of the cluster. Considering the limited bandwidth and low capacity of UAV communication network, it is easy to be affected by signal collision and noise interference during communication. In this paper, the carrier sensing distance of the UAV communication network is set to 550 m, the UAV node coverage is set to 250 m, the bandwidth is set to 2 Mbps, and the transmission power is set to 0.28 W. All parameter settings support the special nature of the UAV communication network.
In this paper, packet delivery radio (PDR), average throughput, and average end-to-end delay are obtained to evaluate the performance of the proposed secure routing protocol.

PDR =
Number of packet received Number of packet sent (11) PDR is the ratio of the number of packets received to the number of packets sent. From this ratio, it can be seen that the number of data was successfully transmitted in the whole network and the amount of data was lost due to link failure in the transmission process. This parameter can well reflect the efficiency of the routing protocol in data transmission. Throughput = reiceived packets × packet size × 8 Total time of transmission (12) Network throughput characterizes the network transmission rate. The larger the throughput, the higher the transmission rate. The end-to-end delay refers to the time between the source node sending data and the receiving node receiving data, including routing time and data forwarding time. It can reflect whether the network is unobstructed. The smaller the delay, the better the network.
Routing overhead = num_rte _pkt num_data _pkt (14) where, num_rte_pkt represents the number of control packets used for route discovery and route maintenance. The num_data_pkt represents the number of data packets received. The routing overhead represents the number of routing control packets needed to successfully transmit a data packet. The smaller the routing overhead, the less additional control packets are required for stable transmission of messages. The simulation experiment in this paper is divided into two situations. Firstly, the performance of ISAODV is compared with AODV and SAODV under normal conditions. Secondly, the performance of ISAODV is compared with AODV and SAODV after adding malicious nodes. Figures 4 and 5 show the PDR and throughput of UAV communication network under normal conditions, respectively. As can be seen from the figure, the performance of ISADOV and SAODV routing protocols in the packet delivery rate and throughput is very close to the AODV routing protocol. This shows that the ISAODV and SAODV routing protocols inherit the characteristics of the AODV routing protocol and maintain the route discovery and route maintenance capabilities of the AODV routing protocol to the greatest extent. With the increase of the moving speed of UAVs, the link state changes frequently, and the rate of processing packets decreases, which leads to the decrease of packet delivery rate and throughput. Therefore, the faster the UAV moves, the more unstable the communication quality is.   In this paper, the common malicious node attack model is implemented in the simulation experiment. After receiving the RREQ message that does not take itself as the destination node, the malicious node will immediately reply to RREP and set the hop number to 1. The source node chooses the path of the malicious node for data transmission, and all packets passing through the malicious node will be discarded. In the simulation experiment, five malicious nodes are set up. Figures 6 and 7 show the PDR and throughput of UAV communication network after adding malicious nodes, respectively. As can be seen from the figure, the packet delivery rate and throughput of AODV routing protocol without the security guarantee are much lower than those under normal conditions when there are malicious nodes in the network, and the performance is far lower than ISAODV and SAODV routing protocols. Due to the added security guarantee, the packet delivery rate and throughput of SAODV and ISAODV routing protocols have not decreased significantly with the addition of malicious nodes. Therefore, SAODV and ISAODV routing protocols can effectively resist malicious node attacks, and the effect of ISAODV is better than SAODV, with higher security. In this paper, the common malicious node attack model is implemented in the simulation experiment. After receiving the RREQ message that does not take itself as the destination node, the malicious node will immediately reply to RREP and set the hop number to 1. The source node chooses the path of the malicious node for data transmission, and all packets passing through the malicious node will be discarded. In the simulation experiment, five malicious nodes are set up. Figures 6 and 7 show the PDR and throughput of UAV communication network after adding malicious nodes, respectively. As can be seen from the figure, the packet delivery rate and throughput of AODV routing protocol without the security guarantee are much lower than those under normal conditions when there are malicious nodes in the network, and the performance is far lower than ISAODV and SAODV routing protocols. Due to the added security guarantee, the packet delivery rate and throughput of SAODV and ISAODV routing protocols have not decreased significantly with the addition of malicious nodes. Therefore, SAODV and ISAODV routing protocols can effectively resist malicious node attacks, and the effect of ISAODV is better than SAODV, with higher security.  Figure 8 shows the end-to-end delay of UAV communication network under normal conditions. It can be seen from the figure that the delay of AODV is the lowest no matter what mobile rate the node is. The delay of SAODV is higher than that of ISAODV. This is because the complexity of the algorithm is related to the packet delay. The AODV routing protocol does not consider the security factor, so the complexity of the algorithm is relatively low and the delay is the lowest. Since each  Figure 8 shows the end-to-end delay of UAV communication network under normal conditions. It can be seen from the figure that the delay of AODV is the lowest no matter what mobile rate the node is. The delay of SAODV is higher than that of ISAODV. This is because the complexity of the algorithm is related to the packet delay. The AODV routing protocol does not consider the security factor, so the complexity of the algorithm is relatively low and the delay is the lowest. Since each node on the active path of the SAODV protocol must be authenticated and signed based on the CA Figure 7. The throughput after adding malicious nodes. Figure 8 shows the end-to-end delay of UAV communication network under normal conditions. It can be seen from the figure that the delay of AODV is the lowest no matter what mobile rate the node is. The delay of SAODV is higher than that of ISAODV. This is because the complexity of the algorithm is related to the packet delay. The AODV routing protocol does not consider the security factor, so the complexity of the algorithm is relatively low and the delay is the lowest. Since each node on the active path of the SAODV protocol must be authenticated and signed based on the CA certificate, the complexity of information transmission is much higher than that of ISAODV based on the elliptic curve cryptosystem. The end-to-end delays of the three protocols increase as the speed of the UAV moves. This is because when the link state changes frequently, the chance of signal collision and collision increases, the proportion of route failure increases sharply, and the route reconstruction process suddenly becomes frequent, thereby increasing the end-to-end delay.  Figure 9 shows the end-to-end delay of UAV communication network after adding malicious nodes. As can be seen from the figure, after adding malicious nodes to the network, the end-to-end delay of the AODV routing protocol is still the lowest. This is because the AODV routing protocol does not consider the security factor, and its algorithm complexity is low. Due to the added security guarantees, SAODV and ISAODV routing protocols have higher computational overhead and higher algorithm complexity, so the delay is also higher. Since the algorithm complexity of the SAODV routing protocol is higher than the ISAODV routing protocol based on the elliptic curve cryptosystem, the delay of SAODV is higher than that of ISAODV.  Figure 10 shows the routing overhead under normal conditions. It can be seen from the figure that when the UAV moves at a low speed, there is less route breakage, while when the speed increases, the protocol needs to maintain the route frequently, resulting in a sharp increase in routing overhead. The performance of ISAODV routing protocol is very close to AODV routing protocol in terms of routing overhead, which shows that the improved protocol inherits the characteristics of the original protocol and maintains the routing discovery and maintenance  Figure 9 shows the end-to-end delay of UAV communication network after adding malicious nodes. As can be seen from the figure, after adding malicious nodes to the network, the end-to-end delay of the AODV routing protocol is still the lowest. This is because the AODV routing protocol does not consider the security factor, and its algorithm complexity is low. Due to the added security guarantees, SAODV and ISAODV routing protocols have higher computational overhead and higher algorithm complexity, so the delay is also higher. Since the algorithm complexity of the SAODV routing protocol is higher than the ISAODV routing protocol based on the elliptic curve cryptosystem, the delay of SAODV is higher than that of ISAODV.  Figure 9 shows the end-to-end delay of UAV communication network after adding malicious nodes. As can be seen from the figure, after adding malicious nodes to the network, the end-to-end delay of the AODV routing protocol is still the lowest. This is because the AODV routing protocol does not consider the security factor, and its algorithm complexity is low. Due to the added security guarantees, SAODV and ISAODV routing protocols have higher computational overhead and higher algorithm complexity, so the delay is also higher. Since the algorithm complexity of the SAODV routing protocol is higher than the ISAODV routing protocol based on the elliptic curve cryptosystem, the delay of SAODV is higher than that of ISAODV.  Figure 10 shows the routing overhead under normal conditions. It can be seen from the figure that when the UAV moves at a low speed, there is less route breakage, while when the speed increases, the protocol needs to maintain the route frequently, resulting in a sharp increase in routing overhead. The performance of ISAODV routing protocol is very close to AODV routing protocol in terms of routing overhead, which shows that the improved protocol inherits the characteristics of the original protocol and maintains the routing discovery and maintenance capabilities of the original protocol to the greatest extent. Figure 11 shows the routing overhead after  Figure 10 shows the routing overhead under normal conditions. It can be seen from the figure that when the UAV moves at a low speed, there is less route breakage, while when the speed increases, the protocol needs to maintain the route frequently, resulting in a sharp increase in routing overhead. The performance of ISAODV routing protocol is very close to AODV routing protocol in terms of routing overhead, which shows that the improved protocol inherits the characteristics of the original protocol and maintains the routing discovery and maintenance capabilities of the original protocol to the greatest extent. Figure 11 shows the routing overhead after adding malicious nodes. It can be seen from the figure that with the addition of malicious nodes, the routing overhead of AODV routing protocol increases, and the link stability becomes worse, while the routing overhead of ISAODV and SAODV does not change significantly compared with that under normal conditions, which indicates that the secure routing protocol maintains the link stability well. Moreover, the routing overhead of ISAODV is the smallest among the three protocols, and the link stability is the best.
Electronics 2020, 9, x FOR PEER REVIEW 16 of 18 under normal conditions, which indicates that the secure routing protocol maintains the link stability well. Moreover, the routing overhead of ISAODV is the smallest among the three protocols, and the link stability is the best.   Figure 11. The routing overhead after adding malicious nodes.

Conclusions
The AODV routing protocol in the UAV communication network has good performance, but its security is poor and it is easy to be attacked. In this paper, the elliptic cryptosystem is introduced into AODV routing protocol to complete the authentication function, and an improved secure routing protocol is proposed based on the advantages of the existing SAODV routing protocol. Through the simulation of three routing protocols (AODV, SAODV, ISAODV), the performance indicators such as packet delivery rate, throughput, and end-to-end delay are compared and studied. The simulation results show that the ISAODV routing protocol not only inherits the efficient route discovery and maintenance capabilities of the AODV routing protocol, but also reduces the complexity of the algorithm and has lower delay compared with the SAODV routing protocol. When there are malicious nodes in the UAV communication network, the ISAODV routing protocol can effectively improve the security of the network. under normal conditions, which indicates that the secure routing protocol maintains the link stability well. Moreover, the routing overhead of ISAODV is the smallest among the three protocols, and the link stability is the best.

Conclusions
The AODV routing protocol in the UAV communication network has good performance, but its security is poor and it is easy to be attacked. In this paper, the elliptic cryptosystem is introduced into AODV routing protocol to complete the authentication function, and an improved secure routing protocol is proposed based on the advantages of the existing SAODV routing protocol. Through the simulation of three routing protocols (AODV, SAODV, ISAODV), the performance indicators such as packet delivery rate, throughput, and end-to-end delay are compared and studied. The simulation results show that the ISAODV routing protocol not only inherits the efficient route discovery and maintenance capabilities of the AODV routing protocol, but also reduces the complexity of the algorithm and has lower delay compared with the SAODV routing protocol. When there are malicious nodes in the UAV communication network, the ISAODV routing protocol can effectively improve the security of the network.

Conclusions
The AODV routing protocol in the UAV communication network has good performance, but its security is poor and it is easy to be attacked. In this paper, the elliptic cryptosystem is introduced into AODV routing protocol to complete the authentication function, and an improved secure routing protocol is proposed based on the advantages of the existing SAODV routing protocol. Through the simulation of three routing protocols (AODV, SAODV, ISAODV), the performance indicators such as packet delivery rate, throughput, and end-to-end delay are compared and studied. The simulation results show that the ISAODV routing protocol not only inherits the efficient route discovery and maintenance capabilities of the AODV routing protocol, but also reduces the complexity of the algorithm and has lower delay compared with the SAODV routing protocol. When there are malicious nodes in the UAV communication network, the ISAODV routing protocol can effectively improve the security of the network.
Funding: This work was supported by the Natural Science Foundation of Hunan Province, under grant number 2018JJ3607.

Conflicts of Interest:
The authors declare no conflict of interest.