To implement the embedded systems security in ns3 contains creating a network of embedded devices and including security mechanisms to keep communication and device veracity. Given below a step-by-step guide to executed embedded systems security in ns3:
Step-by-Step Implementations:
- Setup ns3 Environment
Make sure to have ns3 installed and organised.
- Define the Network Topology
Represents the various embedded devices and their communication ways to build a network topology. These are including a central server, controllers, actuators and sensors.
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/point-to-point-module.h”
#include “ns3/applications-module.h”
using namespace ns3;
int main(int argc, char *argv[]) {
NodeContainer nodes;
nodes.Create(5); // 1 for sensor, 1 for actuator, 1 for controller, 1 for central server, 1 for attacker
PointToPointHelper pointToPoint;
pointToPoint.SetDeviceAttribute(“DataRate”, StringValue(“5Mbps”));
pointToPoint.SetChannelAttribute(“Delay”, StringValue(“2ms”));
NetDeviceContainer devices;
devices = pointToPoint.Install(nodes.Get(0), nodes.Get(1));
devices.Add(pointToPoint.Install(nodes.Get(1), nodes.Get(2)));
devices.Add(pointToPoint.Install(nodes.Get(2), nodes.Get(3)));
devices.Add(pointToPoint.Install(nodes.Get(3), nodes.Get(4)));
InternetStackHelper stack;
stack.Install(nodes);
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer interfaces = address.Assign(devices);
// Other network setup code
Simulator::Run();
Simulator::Destroy();
return 0;
}
- Implement Security Mechanisms
To make the security of the data being transmitted and the integrity of the embedded systems to add security mechanisms such as encryption, authentication, and intrusion detection.
Encryption
To implement encryption to defend the privacy of the data existence transmitted.
class SecureApp : public Application {
public:
SecureApp() {}
virtual ~SecureApp() {}
void Setup(Ptr<Socket> socket, Address address, uint32_t packetSize, uint32_t nPackets, DataRate dataRate) {
m_socket = socket;
m_peer = address;
m_packetSize = packetSize;
m_nPackets = nPackets;
m_dataRate = dataRate;
}
private:
virtual void StartApplication(void) {
m_socket->Bind();
m_socket->Connect(m_peer);
SendPacket();
}
virtual void StopApplication(void) {
m_socket->Close();
}
void SendPacket(void) {
std::string data = “Sensitive Embedded Data”;
std::string encryptedData = Encrypt(data);
Ptr<Packet> packet = Create<Packet>((uint8_t*)encryptedData.c_str(), encryptedData.size());
m_socket->Send(packet);
if (++m_packetsSent < m_nPackets) {
ScheduleTx();
}
}
std::string Encrypt(const std::string &data) {
// Simple XOR encryption for demonstration purposes
std::string encrypted = data;
char key = ‘K’; // Encryption key
for (size_t i = 0; i < data.size(); ++i) {
encrypted[i] ^= key;
}
return encrypted;
}
void ScheduleTx(void) {
Time tNext(Seconds(m_packetSize * 8 / static_cast<double>(m_dataRate.GetBitRate())));
m_sendEvent = Simulator::Schedule(tNext, &SecureApp::SendPacket, this);
}
Ptr<Socket> m_socket;
Address m_peer;
uint32_t m_packetSize;
uint32_t m_nPackets;
DataRate m_dataRate;
EventId m_sendEvent;
uint32_t m_packetsSent;
};
Ptr<Socket> ns3TcpSocket = Socket::CreateSocket(nodes.Get(0), TcpSocketFactory::GetTypeId());
Ptr<SecureApp> secureApp = CreateObject<SecureApp>();
secureApp->Setup(ns3TcpSocket, InetSocketAddress(interfaces.GetAddress(1), 9), 1040, 1000, DataRate(“1Mbps”));
nodes.Get(0)->AddApplication(secureApp);
secureApp->SetStartTime(Seconds(1.0));
secureApp->SetStopTime(Seconds(10.0));
Authentication
To make sure that only authorized objects can communicate within the embedded system network and add an authentication mechanism.
class AuthApp : public Application {
public:
AuthApp() {}
virtual ~AuthApp() {}
void Setup(Ptr<Socket> socket, Address address) {
m_socket = socket;
m_peer = address;
}
private:
virtual void StartApplication(void) {
m_socket->Bind();
m_socket->Connect(m_peer);
Authenticate();
}
virtual void StopApplication(void) {
m_socket->Close();
}
void Authenticate(void) {
std::string authMessage = “AUTH_REQUEST”;
Ptr<Packet> packet = Create<Packet>((uint8_t*)authMessage.c_str(), authMessage.size());
m_socket->Send(packet);
}
void HandleRead(Ptr<Socket> socket) {
Ptr<Packet> packet;
Address from;
while ((packet = socket->RecvFrom(from))) {
uint8_t buffer[1024];
packet->CopyData(buffer, packet->GetSize());
std::string data = std::string((char*)buffer, packet->GetSize());
if (data == “AUTH_SUCCESS”) {
// Authentication successful, proceed with secure communication
}
}
}
Ptr<Socket> m_socket;
Address m_peer;
};
Ptr<Socket> authSocket = Socket::CreateSocket(nodes.Get(1), TcpSocketFactory::GetTypeId());
Ptr<AuthApp> authApp = CreateObject<AuthApp>();
authApp->Setup(authSocket, InetSocketAddress(interfaces.GetAddress(2), 9));
nodes.Get(1)->AddApplication(authApp);
authApp->SetStartTime(Seconds(1.0));
authApp->SetStopTime(Seconds(20.0));
- Implement Intrusion Detection System (IDS)
To detect any mean activity within the embedded system network to add an IDS to monitor.
class IDSApp : public Application {
public:
IDSApp() {}
virtual ~IDSApp() {}
void Setup(Ptr<Socket> socket) {
m_socket = socket;
}
private:
virtual void StartApplication(void) {
m_socket->Bind();
m_socket->Listen();
m_socket->SetRecvCallback(MakeCallback(&IDSApp::HandleRead, this));
}
virtual void StopApplication(void) {
m_socket->Close();
}
void HandleRead(Ptr<Socket> socket) {
Ptr<Packet> packet;
Address from;
while ((packet = socket->RecvFrom(from))) {
uint8_t buffer[1024];
packet->CopyData(buffer, packet->GetSize());
std::string data = std::string((char*)buffer, packet->GetSize());
// Implement detection logic
if (DetectMaliciousActivity(data)) {
// Take appropriate action
}
}
}
bool DetectMaliciousActivity(const std::string &data) {
// Simple example of detection logic
return data.find(“malicious”) != std::string::npos;
}
Ptr<Socket> m_socket;
};
Ptr<Socket> idsSocket = Socket::CreateSocket(nodes.Get(2), TcpSocketFactory::GetTypeId());
Ptr<IDSApp> idsApp = CreateObject<IDSApp>();
idsApp->Setup(idsSocket);
nodes.Get(2)->AddApplication(idsApp);
idsApp->SetStartTime(Seconds(0.0));
idsApp->SetStopTime(Seconds(20.0));
- Monitor and Analyze Traffic
To tracing capabilities to monitor and examine network traffic by using ns3 to ensure the security mechanisms are working as predictable.
AsciiTraceHelper ascii;
pointToPoint.EnableAsciiAll(ascii.CreateFileStream(“embedded-system-security.tr”));
pointToPoint.EnablePcapAll(“embedded-system-security”);
Ptr<FlowMonitor> flowMonitor;
FlowMonitorHelper flowHelper;
flowMonitor = flowHelper.InstallAll();
- Run the Simulation
To compile and run the simulation to note was conduct and impact of the applied security mechanisms.
./waf configure
./waf build
./waf –run your-simulation-script
- Analyze Results
The usefulness of the embedded systems security mechanisms to post-process the generated trace and pcap files to analyze. For pcap analysis to use the tool like Wireshark, and ns-3’s flow monitor is used for traffic analysis.
The follow-ups are define in the method to prepare the Embedded Systems Security in ns3. To accepting to accomplish the Embedded Systems security in ns3. Now we are excited to give the energetic pack and thoughts to implement the Embedded Systems security in ns3. If you need help with setting up Embedded Systems Security in the ns3 simulation environment, our developers are here to assist you. We can provide support with performance analysis, so please send us all the important details about your project for help.