To implement network security projects in ns-3, we have to simulate security protocols, attacks, and defences within a network scenario. Here’s a quick and depth guide on setting up a basic network security project in ns-3. Also, this project incorporates the implementation of a security protocol (e.g., encryption) and a simulation of an attack (e.g., a Denial of Service (DoS) attack). We follow all protocols and provide novel simulation for your work.
Step-by-Step Implementation
- Install ns-3
Make sure that ns-3 is installed in the computer. If not, install it from the official ns-3 website.
- Define the Network Topology
Define the network topology that contains:
- Normal nodes (legitimate users)
- Attacker nodes
- Server nodes
- Forensics nodes (nodes used to capture and analyze traffic)
- Create Network Nodes
Using NodeContainer, create network nodes.
NodeContainer normalNodes, attackerNodes, serverNodes, forensicNodes;
normalNodes.Create(3);
attackerNodes.Create(1);
serverNodes.Create(1);
forensicNodes.Create(1);
- Set Up Network Devices
Use the appropriate network interfaces to install network devices like Wi-Fi for wireless communication.
WifiHelper wifi;
wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);
WifiMacHelper mac;
mac.SetType(“ns3::AdhocWifiMac”);
YansWifiPhyHelper phy = YansWifiPhyHelper::Default();
YansWifiChannelHelper channel = YansWifiChannelHelper::Default();
phy.SetChannel(channel.Create());
NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);
NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);
NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);
NetDeviceContainer forensicDevices = wifi.Install(phy, mac, forensicNodes);
- Configure Mobility Model
Set up the mobility model for the nodes using using MobilityHelper.
MobilityHelper mobility;
mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);
mobility.Install(normalNodes);
mobility.Install(attackerNodes);
mobility.Install(serverNodes);
- Implement Security Protocols
To secure communication, implement a simple encryption application.
class EncryptionApplication : public Application {
public:
void StartApplication() override {
sendSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
sendSocket->Connect(InetSocketAddress(destAddress, destPort));
recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), localPort));
recvSocket->SetRecvCallback(MakeCallback(&EncryptionApplication::ReceivePacket, this));
// Schedule the first packet send
SendPacket();
}
void SetRemote(Address address, uint16_t port) {
destAddress = address;
destPort = port;
}
void SetLocalPort(uint16_t port) {
localPort = port;
}
void SendPacket() {
std::string message = “Hello, this is an encrypted message”;
std::string encryptedMessage = EncryptMessage(message);
Ptr<Packet> packet = Create<Packet>((uint8_t*) encryptedMessage.c_str(), encryptedMessage.size());
sendSocket->Send(packet);
// Schedule the next packet send
Simulator::Schedule(Seconds(1.0), &EncryptionApplication::SendPacket, this);
}
void ReceivePacket(Ptr<Socket> socket) {
Ptr<Packet> packet;
while ((packet = socket->Recv())) {
std::string encryptedMessage = std::string((char*) packet->PeekData(), packet->GetSize());
std::string message = DecryptMessage(encryptedMessage);
std::cout << “Received message: ” << message << std::endl;
}
}
std::string EncryptMessage(const std::string& message) {
// Placeholder encryption logic
return message;
}
std::string DecryptMessage(const std::string& encryptedMessage) {
// Placeholder decryption logic
return encryptedMessage;
}
private:
Ptr<Socket> sendSocket;
Ptr<Socket> recvSocket;
Address destAddress;
uint16_t destPort;
uint16_t localPort;
};
- Implement Attack Models
Simulate different types of attacks. Such as, a Denial of Service (DoS) attack.
class DoSAttackApplication : public Application {
public:
void StartApplication() override {
sendSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
sendSocket->Connect(InetSocketAddress(destAddress, destPort));
// Schedule the first packet send
SendPacket();
}
void SetRemote(Address address, uint16_t port) {
destAddress = address;
destPort = port;
}
void SendPacket() {
std::string message = “This is a DoS attack packet”;
Ptr<Packet> packet = Create<Packet>((uint8_t*) message.c_str(), message.size());
sendSocket->Send(packet);
// Schedule the next packet send
Simulator::Schedule(MilliSeconds(10), &DoSAttackApplication::SendPacket, this);
}
private:
Ptr<Socket> sendSocket;
Address destAddress;
uint16_t destPort;
};
- Set Up Applications
Install the applications on the nodes.
ApplicationContainer normalApps, attackerApps, serverApps;
for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {
Ptr<EncryptionApplication> app = CreateObject<EncryptionApplication>();
app->SetRemote(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9);
app->SetLocalPort(10);
normalNodes.Get(i)->AddApplication(app);
app->SetStartTime(Seconds(1.0));
app->SetStopTime(Seconds(20.0));
normalApps.Add(app);
}
for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {
Ptr<DoSAttackApplication> app = CreateObject<DoSAttackApplication>();
app->SetRemote(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9);
attackerNodes.Get(i)->AddApplication(app);
app->SetStartTime(Seconds(5.0));
app->SetStopTime(Seconds(20.0));
attackerApps.Add(app);
}
PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));
serverApps.Add(sink.Install(serverNodes));
serverApps.Start(Seconds(1.0));
serverApps.Stop(Seconds(20.0));
- Set Up Routing Protocols
Configure routing protocols for the network.
AodvHelper aodv;
InternetStackHelper internet;
internet.SetRoutingHelper(aodv);
internet.Install(normalNodes);
internet.Install(attackerNodes);
internet.Install(serverNodes);
- Assign IP Addresses
Using Ipv4AddressHelper address, assign IP addresses to the network devices.
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);
Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);
Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);
11. Run the Simulation
Define the simulation run time and execute it.
Simulator::Stop(Seconds(20.0));
Simulator::Run();
Simulator::Destroy();
Example of a Simple Network Security Script
#include “ns3/core-module.h”
#include “ns3/network-module.h”
#include “ns3/internet-module.h”
#include “ns3/wifi-module.h”
#include “ns3/mobility-module.h”
#include “ns3/applications-module.h”
#include “ns3/aodv-module.h”
using namespace ns3;
class EncryptionApplication : public Application {
public:
void StartApplication() override {
sendSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
sendSocket->Connect(InetSocketAddress(destAddress, destPort));
recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), localPort));
recvSocket->SetRecvCallback(MakeCallback(&EncryptionApplication::ReceivePacket, this));
// Schedule the first packet send
SendPacket();
}
void SetRemote(Address address, uint16_t port) {
destAddress = address;
destPort = port;
}
void SetLocalPort(uint16_t port) {
localPort = port;
}
void SendPacket() {
std::string message = “Hello, this is an encrypted message”;
std::string encryptedMessage = EncryptMessage(message);
Ptr<Packet> packet = Create<Packet>((uint8_t*) encryptedMessage.c_str(), encryptedMessage.size());
sendSocket->Send(packet);
// Schedule the next packet send
Simulator::Schedule(Seconds(1.0), &EncryptionApplication::SendPacket, this);
}
void ReceivePacket(Ptr<Socket> socket) {
Ptr<Packet> packet;
while ((packet = socket->Recv())) {
std::string encryptedMessage = std::string((char*) packet->PeekData(), packet->GetSize());
std::string message = DecryptMessage(encryptedMessage);
std::cout << “Received message: ” << message << std::endl;
}
}
std::string EncryptMessage(const std::string& message) {
// Placeholder encryption logic
return message;
}
std::string DecryptMessage(const std::string& encryptedMessage) {
// Placeholder decryption logic
return encryptedMessage;
}
private:
Ptr<Socket> sendSocket;
Ptr<Socket> recvSocket;
Address destAddress;
uint16_t destPort;
uint16_t localPort;
};
class DoSAttackApplication : public Application {
public:
void StartApplication() override {
sendSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());
sendSocket->Connect(InetSocketAddress(destAddress, destPort));
// Schedule the first packet send
SendPacket();
}
void SetRemote(Address address, uint16_t port) {
destAddress = address;
destPort = port;
}
void SendPacket() {
std::string message = “This is a DoS attack packet”;
Ptr<Packet> packet = Create<Packet>((uint8_t*) message.c_str(), message.size());
sendSocket->Send(packet);
// Schedule the next packet send
Simulator::Schedule(MilliSeconds(10), &DoSAttackApplication::SendPacket, this);
}
private:
Ptr<Socket> sendSocket;
Address destAddress;
uint16_t destPort;
};
int main(int argc, char *argv[]) {
NodeContainer normalNodes, attackerNodes, serverNodes;
normalNodes.Create(3);
attackerNodes.Create(1);
serverNodes.Create(1);
// WiFi setup
WifiHelper wifi;
wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);
WifiMacHelper mac; mac.SetType(“ns3::AdhocWifiMac”);
YansWifiPhyHelper phy = YansWifiPhyHelper::Default();
YansWifiChannelHelper channel = YansWifiChannelHelper::Default();
phy.SetChannel(channel.Create());
NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);
NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);
NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);
// Mobility setup
MobilityHelper mobility;
mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”); mobility.Install(normalNodes); mobility.Install(attackerNodes); mobility.Install(serverNodes);
// Internet stack and routing
AodvHelper aodv;
InternetStackHelper internet; internet.SetRoutingHelper(aodv); internet.Install(normalNodes);
internet.Install(attackerNodes); internet.Install(serverNodes);
Ipv4AddressHelper address;
address.SetBase(“10.1.1.0”, “255.255.255.0”);
Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);
Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);
Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);
// Install applications
ApplicationContainer normalApps, attackerApps, serverApps;
for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {
Ptr<EncryptionApplication> app = CreateObject<EncryptionApplication>();
app->SetRemote(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9);
app->SetLocalPort(10);
normalNodes.Get(i)->AddApplication(app);
app->SetStartTime(Seconds(1.0));
app->SetStopTime(Seconds(20.0));
normalApps.Add(app);
}
for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {
Ptr<DoSAttackApplication> app = CreateObject<DoSAttackApplication>();
app->SetRemote(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9);
attackerNodes.Get(i)->AddApplication(app);
app->SetStartTime(Seconds(5.0));
app->SetStopTime(Seconds(20.0));
attackerApps.Add(app);
}
PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));
serverApps.Add(sink.Install(serverNodes)); serverApps.Start(Seconds(1.0)); serverApps.Stop(Seconds(20.0)); Simulator::Stop(Seconds(20.0));
Simulator::Run();
Simulator::Destroy();
return 0;
}
Overall. We have learned on implementing network security projects in ns-3 by simulating security protocols, attacks, and defenses within a network scenario. Also, we provide more related coding support on network security projects.