Ns3 Projects for B.E/B.Tech M.E/M.Tech PhD Scholars.  Phone-Number:9790238391   E-mail: ns3simulation@gmail.com

How to Implement OSI layers Security in ns3

To implement the OSI layer security in ns3 has encompasses to mimic the security mechanism and protocols at numerous layers of the OSI model. This contains an encryption, authentication, and integrity checks at the data link layer, network layer, and transport layer. The given below are step-by-step procedures on how to implement the security mechanism in ns3:

Step-by-Step Implementation:

  1. Set up ns3 Environment

Make sure ns3 is installed in the computer.

  1. Create a New Simulation Script

In the simulation, generate the C++ script. In this instance, we can utilize the C++.

  1. Include Necessary Headers

Include the necessary ns3 headers in the script.

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/point-to-point-module.h”

#include “ns3/applications-module.h”

#include “ns3/mobility-module.h”

4.      Define the Network Topology

Set up the basic network topology, including nodes, devices, and links.

using namespace ns3;

NS_LOG_COMPONENT_DEFINE (“OsiLayerSecurityExample”);

int main (int argc, char *argv[]) {

CommandLine cmd;

cmd.Parse (argc, argv);

// Create nodes

NodeContainer nodes;

nodes.Create (4); // Create 4 nodes

// Set up point-to-point links

PointToPointHelper p2p;

p2p.SetDeviceAttribute (“DataRate”, StringValue (“5Mbps”));

p2p.SetChannelAttribute (“Delay”, StringValue (“2ms”));

NetDeviceContainer devices;

devices = p2p.Install (nodes.Get (0), nodes.Get (1));

devices.Add (p2p.Install (nodes.Get (1), nodes.Get (2)));

devices.Add (p2p.Install (nodes.Get (2), nodes.Get (3)));

// Install the internet stack

InternetStackHelper stack;

stack.Install (nodes);

Ipv4AddressHelper address;

address.SetBase (“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer interfaces = address.Assign (devices);

// Set mobility (optional)

MobilityHelper mobility;

mobility.SetMobilityModel (“ns3::ConstantPositionMobilityModel”);

mobility.Install (nodes);

// Implement security mechanisms

// Data Link Layer Security: Implement MAC address filtering or encryption (if applicable)

// Network Layer Security: Implement IPsec (if applicable)

// Transport Layer Security: Implement TLS/SSL (for TCP) or DTLS (for UDP)

// Example of simple application layer security (encryption/decryption)

// Define a simple encryption function

auto encrypt = [](std::string data) {

std::string encrypted = data;

for (char &c : encrypted) {

c += 1; // Simple Caesar cipher

}

return encrypted;

};

// Define a simple decryption function

auto decrypt = [](std::string data) {

std::string decrypted = data;

for (char &c : decrypted) {

c -= 1; // Simple Caesar cipher

}

return decrypted;

};

// Define a custom application

class SecureApplication : public Application {

public:

void StartApplication() override {

Ptr<Socket> socket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

socket->Connect(InetSocketAddress(Ipv4Address(“10.1.1.3”), 9));

std::string message = “Hello, secure world!”;

std::string encryptedMessage = encrypt(message);

Ptr<Packet> packet = Create<Packet>((uint8_t *)encryptedMessage.c_str(), encryptedMessage.size());

socket->Send(packet);

}

void StopApplication() override {

// Clean up

}

};

// Install the secure application on the first node

Ptr<SecureApplication> app = CreateObject<SecureApplication>();

nodes.Get(0)->AddApplication(app);

app->SetStartTime(Seconds(1.0));

app->SetStopTime(Seconds(10.0));

// PacketSink to receive and decrypt the message

class SecurePacketSink : public PacketSink {

public:

void HandleRead(Ptr<Socket> socket) override {

Address from;

Ptr<Packet> packet = socket->RecvFrom(from);

std::string encryptedMessage((char *)packet->PeekData(), packet->GetSize());

std::string message = decrypt(encryptedMessage);

NS_LOG_UNCOND(“Received message: ” << message);

}

};

// Install the secure packet sink on the last node

Ptr<Socket>recvSocket=Socket::CreateSocket(nodes.Get(3), UdpSocketFactory::GetTypeId());

InetSocketAddress local = InetSocketAddress(Ipv4Address::GetAny(), 9);

recvSocket->Bind(local);

Ptr<SecurePacketSink> sink = CreateObject<SecurePacketSink>();

nodes.Get(3)->AddApplication(sink);

recvSocket->SetRecvCallback(MakeCallback(&SecurePacketSink::HandleRead, sink));

// Run simulation

Simulator::Stop(Seconds(10.0));

Simulator::Run();

Simulator::Destroy();

return 0;

}

Explanation

  • Network Topology: The script sets up a simple point-to-point network with four nodes.
  • Mobility: Nodes are given fixed positions using the ConstantPositionMobilityModel.
  • Security Mechanisms:
    • Data Link Layer: Implement MAC address filtering or encryption if applicable.
    • Network Layer: Implement IPsec for secure IP communication if applicable.
    • Transport Layer: Implement TLS/SSL for secure TCP communication or DTLS for secure UDP communication if applicable.
  • Application Layer Security: A simple Caesar cipher is used for encryption and decryption. This is just for demonstration purposes; in a real-world scenario, more robust encryption algorithms should be used.

5.      Build and Run the Script

Save the script and build it using the ns-3 build system (waf).

./waf configure

./waf build

./waf –run osi-layer-security

Extending the Example

Here, we can extend this instance to contain the more complex security scenarios, such as:

  • Data Link Layer Security:
    • Implement MAC address filtering.
    • Simulate encryption mechanisms at the data link layer.
  • Network Layer Security:
    • Implement IPsec for secure IP communication.
  • Transport Layer Security:
    • Implement TLS/SSL for secure TCP communication.
    • Implement DTLS for secure UDP communication.
  • Advanced Application Layer Security:
    • Use more robust encryption algorithms such as AES or RSA.
    • Implement authentication mechanisms.

The sample reference to setup the IPsec for network layer security:

#include “ns3/ipv4-ipsec-helper.h”

// In your main function, after installing the internet stack

Ipv4IpsecHelper ipsec;

ipsec.Install (nodes);

In this end, we have learned about how the OSI model will secured by creating the topology that contains nodes, devices, and links and then apply the security mechanism then process it that will simulated using ns3 tool. We give further additional details about the OSI security model.

Our valued developers deliver unparalleled security implementations across the OSI layers within ns3, complemented by comprehensive performance analysis support to guarantee a successful outcome for your project. Seek expert guidance on encryption, authentication, and integrity checks at the data link, network, and transport layers to elevate your project’s security framework.