You are on page 1of 19

CSCI 5931 Project 2

System Design Specification

Project 2 Encryption/Decryption functions for NS-2


Class: CSCI 5931 Section 1 Name: Sam Tran Tuan Anh Nguyen

Houston - April 25, 2004 1

CSCI 5931 Project 2

System Design Specification

Revision History

Version 1.0

Completion Date 04/07/2005

Authors Sam Tran Phu Manh Tuan Anh Nguyen

Description Abstract, general design

Version 2.0

Completion Date 04/25/2005

Authors Sam Tran Phu Manh Tuan Anh Nguyen

Description Detail design, implementation Simple demonstration

-2-

CSCI 5931 Project 2

System Design Specification

Acknowledgment
We would like to thank my class mates. During the process of working on the project, we learn many things from them and from their works. We also thank Delta PCLAB for giving us its facility for printing this document. Finally, we would like to acknowledge our family members for their love, sacrifice and understanding.

-3-

CSCI 5931 Project 2 Table of content

System Design Specification

Acknowledgment.................................................................................................................................................3

I. PROBLEM STATEMENT......................................................................................................5 II. INTRODUCTION....................................................................................................................6


2.1. PURPOSE.............................................................................................................................................................6 2.2 SCOPE..................................................................................................................................................................6 2.3. INTENDED AUDIENCE........................................................................................................................................6

III. GENERAL DESIGN..............................................................................................................7


3.1. APPROACH..........................................................................................................................................................7 3.2. IMPLEMENTATION PROCESS...............................................................................................................................7

IV. IMPLEMENTATION............................................................................................................9
4.1. DETAIL DESIGN..................................................................................................................................................9 4.2. IMPLEMENTATION............................................................................................................................................10 4.3. SIMPLE DEMONSTRATION ................................................................................................................................10

V. APPENDIX.............................................................................................................................12
5.1 NEW PROTOCOL SOURCE CODE FOR NS-2 (C++):.............................................................................................12 5.2 TCL SCRIPT FOR SIMPLE DEMONSTRATION.......................................................................................................17

VI. REFERENCE DOCUMENTS.............................................................................................19

-4-

CSCI 5931 Project 2

System Design Specification

I. Problem Statement
NS-2 is an open source and very popular network simulation system. It provides support for IP protocols suite and many standard routing protocols for wire and wireless networks. Implementation of security on NS-2 is necessary in network simulation. However, currently, NS-2 does not support these features. Our project will aim to solve this issue. The purpose of the project is to find a way to add encryption/decryption features into network simulation program NS-2. For the purposes of this analysis, the assumption is that the key is pre-shared and the encryption/decryption algorithm is illustrative.

-5-

CSCI 5931 Project 2

System Design Specification

II.
2.1. Purpose

Introduction

The purpose of this System Design Specification (SDS) document is to describe the design requirements for adding encryption/decryption features into NS-2. This SDS is intended to ensure that the developers and/or implementers produce an application that fulfills SDS. It will also serve as training material for any potential new project members to obtain enough information about the project implementation that they can be efficiently and effectively integrated into the project team.

2.2

Scope

This design specification document provides the frame work for the implementation process. It is a blueprint from which we implement the system. Our project is an add-in component. It requires NS-2 version 2.27 already installed in one computer. The encryption and decryption algorithm is only illustrative.

2.3.

Intended Audience

This document is intended for use by the technical members of the project team, including the software developers, system testers, and researchers who need to do experiments with NS-2. SDS plays a pivotal role in the development and maintenance of software systems. During its lifetime, a given design description is used by project managers, quality assurance staff, configuration managers, software designers, programmers, testers, and maintainers. Each of these users has unique needs, both in terms of required design information and optimal organization of that information. Hence, a design description must contain all the design information needed by those users.

-6-

CSCI 5931 Project 2

System Design Specification

III. General Design


3.1. Approach
NS-2 is an open source system that is developed using C++ and Tool Control Language TCL. Researchers can freely add new components to the system to server their own purposes. The latest version of NS-2 is version 2.28. Within this version, most of the standard protocols supported. You can find protocol from media access layer protocols such as CSMA/CD up to application protocols as FTP and HTTP. For routing protocols, there are unicast and multicast routing protocols for wire network and DSR, DSDV, AODV for wireless ad-hoc networks. Most of these protocols were developed by researchers and adopted into standard version of NS-2. In order to experiment security features for network, we need to add security functions into NS-2. Of course for specific experiments there are specific requirements. The purpose of this project is only to illustrate a way to add security functions into NS-2 Our approach is to build a new protocol at network layer IP layer. We also define new packet format to represent new protocols. The new protocol is represented by a class derived from built-in class in NS-2. Within new derived class we will add encryption and decryption for data field in the data packet. We will also implement message digest generation function to ensure the integrity of data packet during transmission. We consider our data as plain text. The cryptography algorithm is CESAR cipher The programming language is C++. Environment development requirements: Personal Computer Windows 2000 professional and later. Cygwin Unix Simulation NS-2 version 2.27 C/C++ editor.

3.2.

Implementation process

Marc Greis's tutorial shows how to add a new packet protocol to NS-2 (Figure 1). The new packet class is created in the folder ../apps. After that, the new packet name has to register to the packet.h. Of course, the makefile has to be modified so that the

-7-

CSCI 5931 Project 2

System Design Specification

new class is complied. At the TCL layer, the new packet must be declared by adding the name and default packet size value to the ns-default.tcl file. Finally, we have to make an entry for the new packet in the ns-packet.tcl file. After recompile the ns-2, we can use the new packet for our simulation (Figure 2).

Figure 1: Flow chart of adding new protocol to NS-2

Figure 1: Flow chart of adding new protocol to NS-2

Figure 2: Screen shot of the new packet (Security_packet) on NS-2 We propose to build a new packet class carrying data. The methods of the class include some algorithms of encryption and decryption as well as generate messages digest functions for integrity. Cesar cipher is selected to demo encrypt and decrypt algorithms. The message digest generator is the hash function in C++. (Note: The proposed implementation might be extended based on the requirements of the instructor)

-8-

CSCI 5931 Project 2

System Design Specification

IV. Implementation
4.1. Detail design

Figure 3. Logical design of the encryption/decryption system Hash function: Using a simple hashing algorithm to get hashed value from a string of plain text. The hash value will be attached to packet header for data integrity checking. At the other end of communication, after decryption, the decrypted text will be hashed again to get new hashed value. This new hashed value will be compared to the value attached within packet header. If they are equal, the data integrity is ensured and decrypted text is accepted; otherwise the packet is discarded. In either case, an acknowledge packet will be sent back to sender to inform of the status of the packet. The algorithm for the hash function can be any kind of algorithm like SHA-1, MD5. Because the shortage of time and the complexity of those algorithms, we chose to implement very simple polynomial algorithm [7] that we collect from the internet. Encryption/decryption functions: For encryption and decryption feature we implement CESAR cipher with pre-shared key of 3. These cryptographic functions take input as a string of plain text and shift the ASCII value of each character in the text three positions. Any encryption/decryption algorithm with symmetric -9-

CSCI 5931 Project 2

System Design Specification

key can be implemented here. Some examples for encryption/decryption algorithms that can be implemented are DES, 3DES, EAS, Blowfish.

4.2. Implementation
Hash function: unsigned int Security_packetAgent::hashing(char value[], unsigned int len) { char *word = value; unsigned int ret = 0; unsigned int i; for(i=0; i < len; i++) { int mod = i % 32; ret ^=(unsigned int) (word[i]) << mod; ret ^=(unsigned int) (word[i]) >> (32 - mod); } return ret; } Encryption function: void Security_packetAgent::encryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { out[i]=(out[i]+key)%128; } } Decryption function: void Security_packetAgent::decryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { out[i]=(out[i]-key)%128; } } For full source code, please look at appendix 5.1.

4.3. Simple demonstration


For the demonstration purpose we create a testing scenario with 5 nodes. Node 0, 1 (figure 4) will send message to node 5 and 4 respectively and from node 5 and 4 back to node 0 and 1. Each sending node will assume to receive acknowledge packet from receiving node. The script of this demo is written in TCL language. The message to be sent will be arbitrary and put in - 10 -

CSCI 5931 Project 2

System Design Specification

script file. For full source code of TCL script please look at appendix 5.2 . The outcome of the demo will be showed in use console ( figure 5).

Figure 4: NAM for simple demonstration script.

Figure 5: Outcome of simple demo TCL script.

- 11 -

CSCI 5931 Project 2

System Design Specification

V.
5.1 New protocol source code for NS-2 (c++):
//----------------------------------// Dated: April 25,2005 // Created: Sam Tran and Tuan Nguyen. // file name: security_packet.h //----------------------------------#ifndef ns_security_packet_h #define ns_security_packet_h #include "agent.h" #include "tclcl.h" #include "packet.h" #include "address.h" #include "ip.h"

Appendix

struct hdr_security_packet { char ret; double send_time; double rcv_time; // when security packet arrived at receiver int seq; // sequence number char data[128]; unsigned int hashvalue; // Header access methods static int offset_; // required by PacketHeaderManager inline static int& offset() { return offset_; } inline static hdr_security_packet* access(const Packet* p) { return (hdr_security_packet*) p->access(offset_); } }; class Security_packetAgent : public Agent { public: Security_packetAgent(); int seq; int oneway; // enable seq number and one-way delay printouts virtual int command(int argc, const char*const* argv); virtual void recv(Packet*, Handler*); void encryption(char* out); void decryption(char* out); unsigned int hashing (char value[], unsigned int len); }; #endif // ns_security_packet_h //----------------------------------// Dated: April 25,2005 - 12 -

CSCI 5931 Project 2 // Created: Sam Tran and Tuan Nguyen. // file name: security_packet.cc //----------------------------------#include "Security_packet.h" #include "string.h"

System Design Specification

int hdr_security_packet::offset_; static class Security_packetHeaderClass : public PacketHeaderClass { public: Security_packetHeaderClass() : PacketHeaderClass("PacketHeader/Security_packet",sizeof(hdr_security_packet)) { bind_offset(&hdr_security_packet::offset_); } } class_security_packethdr; static class Security_packetClass : public TclClass { public: Security_packetClass() : TclClass("Agent/Security_packet") {} TclObject* create(int, const char*const*) { return (new Security_packetAgent()); } } class_security_packet; Security_packetAgent::Security_packetAgent() : Agent(PT_SECURITY_PACKET), seq(0), oneway(0) { bind("packetSize_", &size_); } int Security_packetAgent::command(int argc, const char*const* argv) { if (argc ==3) { if (strcmp(argv[1], "send") == 0) { // Create a new packet Packet* pkt = allocpkt(); // Access the security packet header for the new packet: hdr_security_packet* hdr = hdr_security_packet::access(pkt); // Set the 'ret' field to 0, so the receiving node // knows that it has to generate an acknowledge packet hdr->ret = 0; hdr->seq = seq++; // Store the current time in the 'send_time' field hdr->send_time = Scheduler::instance().clock(); // copy date to be sent to header strcpy(hdr->data, argv[2]); //----------------hashing-----------------------hdr->hashvalue = hashing(hdr->data,(unsigned int)strlen(hdr->data)); - 13 -

CSCI 5931 Project 2

System Design Specification

printf("Message sent %s with hashing %d\n",hdr->data,hdr->hashvalue); // ---------- encrypt the data --------------encryption(hdr->data); //----------------------------------// Send the packet send(pkt, 0); // return TCL_OK, so the calling function knows that // the command has been processed return (TCL_OK); } else if (strcmp(argv[1], "start-WL-brdcast") == 0) { Packet* pkt = allocpkt(); hdr_ip* iph = HDR_IP(pkt); hdr_security_packet* ph = hdr_security_packet::access(pkt); strcpy(ph->data, "test"); iph->daddr() = IP_BROADCAST; iph->dport() = iph->sport(); ph->ret = 0; send(pkt, (Handler*) 0); return (TCL_OK); } else if (strcmp(argv[1], "oneway") == 0) { oneway=1; return (TCL_OK); } } // If the command hasn't been processed by SecurityAgent()::command, // call the command() function for the base class return (Agent::command(argc, argv)); } // -- CESAR encryption function ---------void Security_packetAgent::encryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { out[i]=(out[i]+key)%128; } } // ---- CESAR decryption -----------------void Security_packetAgent::decryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { - 14 -

CSCI 5931 Project 2 out[i]=(out[i]-key)%128; }

System Design Specification

} //---------------hashing fucntion------------unsigned int Security_packetAgent::hashing(char value[], unsigned int len) { char *word = value; unsigned int ret = 0; unsigned int i; for(i=0; i < len; i++) { int mod = i % 32; ret ^=(unsigned int) (word[i]) << mod; ret ^=(unsigned int) (word[i]) >> (32 - mod); } return ret; } //------------------------------void Security_packetAgent::recv(Packet* pkt, Handler*) { // Access the IP header for the received packet: hdr_ip* hdrip = hdr_ip::access(pkt); // Access the security packet header for the received packet: hdr_security_packet* hdr = hdr_security_packet::access(pkt); // check if in brdcast mode if ((u_int32_t)hdrip->daddr() == IP_BROADCAST) { if (hdr->ret == 0) { printf("Recv BRDCAST Security_packet REQ : at %d.%d from %d.%d\n", here_.addr_, here_.port_, hdrip->saddr(), hdrip->sport()); Packet::free(pkt); // create reply Packet* pktret = allocpkt(); hdr_security_packet* hdrret = hdr_security_packet::access(pktret); hdr_cmn* ch = HDR_CMN(pktret); hdr_ip* ipret = hdr_ip::access(pktret); hdrret->ret = 1; // add brdcast address ipret->daddr() = IP_BROADCAST; ipret->dport() = ipret->sport(); send(pktret, 0); - 15 -

CSCI 5931 Project 2

System Design Specification

} else { printf("Recv BRDCAST security_packet REPLY : at %d.%d from %d.%d\n", here_.addr_, here_.port_, hdrip->saddr(), hdrip->sport()); Packet::free(pkt); } return; } // end of broadcast mode if (hdr->ret == 0) { // Send an 'echo'. First save the old packet's send_time double stime = hdr->send_time; //---------decrypt encrypted packet-------------// char original_data[128]; char encrypted_data[128]; strcpy(encrypted_data,hdr->data); //copy the data of the original packet strcpy(original_data,hdr->data); int rcv_seq = hdr->seq; //----------------show the encrypted packet at receiving node-----------// char out[105]; unsigned int newhash; char authenticate_result[50]; // show encryted data then decrytp it and show decryption(original_data); newhash=hashing(original_data,strlen(original_data)); if(newhash==hdr->hashvalue) { printf("data intergity ensured\n"); strcpy(authenticate_result,"Message_Accepted"); } else { printf("data modified %d\n",newhash); strcpy(authenticate_result,"MESSAGE_ERRROR-Integrity violation"); } sprintf(out, "%s recv %d %3.1f %s %s %d", name(), hdrip->src_.addr_ >> Address::instance().NodeShift_[1], (Scheduler::instance().clock()-hdr->send_time) * 1000, encrypted_data, original_data,hdr->hashvalue); Tcl& tcl = Tcl::instance(); tcl.eval(out); // Discard the packet Packet::free(pkt); // Create a new packet Packet* pktret = allocpkt(); - 16 -

CSCI 5931 Project 2

System Design Specification

// Access the header for the new packet: hdr_security_packet* hdrret = hdr_security_packet::access(pktret); // Set the 'ret' field to 1, so the receiver won't send // another echo hdrret->ret = 1; // Set the send_time field to the correct value hdrret->send_time = stime; hdrret->rcv_time = Scheduler::instance().clock(); hdrret->seq = rcv_seq; strcpy(hdrret->data, authenticate_result);//save data to new packet // Send the packet back to the originator send(pktret, 0); } else { char out[105]; // showing at originator node when packet comes back sprintf(out, "%s recv %d %3.1f %s _ %d", name(), hdrip->src_.addr_ >> Address::instance().NodeShift_[1], (Scheduler::instance().clock()-hdr->send_time) * 1000, hdr->data, hdr>hashvalue); Tcl& tcl = Tcl::instance(); tcl.eval(out); // Discard the packet Packet::free(pkt); } }

5.2

TCL script for simple demonstration

#----------------------------------# Dated: April 25,2005 # Created: Sam Tran and Tuan Nguyen. # File name: security_packet.cc #----------------------------------#Create a simulator object set ns [new Simulator] #Define different colors for data flows (for NAM) $ns color 1 Blue $ns color 2 Red #Open a trace file set nf [open out.nam w] $ns namtrace-all $nf #Define a 'finish' procedure proc finish {} { - 17 -

CSCI 5931 Project 2 global ns nf $ns flush-trace close $nf exec nam out.nam & exit 0 } #Create four nodes set n0 [$ns node] set n1 [$ns node] set n2 [$ns node] set n3 [$ns node] set n4 [$ns node] set n5 [$ns node] #Create links between the nodes $ns duplex-link $n0 $n2 5Mb 10ms DropTail $ns duplex-link $n1 $n2 5Mb 10ms DropTail $ns duplex-link $n2 $n3 1.5Mb 10ms DropTail $ns duplex-link $n3 $n4 5Mb 10ms DropTail $ns duplex-link $n3 $n5 5Mb 10ms DropTail #Set Queue Size of link (n2-n3) to 100 $ns queue-limit $n2 $n3 100 $ns duplex-link-op $n0 $n2 orient right-down $ns duplex-link-op $n1 $n2 orient right-up $ns duplex-link-op $n2 $n3 orient right $ns duplex-link-op $n3 $n4 orient right-up $ns duplex-link-op $n3 $n5 orient right-down

System Design Specification

#Define a 'recv' function for the class 'Agent/Security_packet' Agent/Security_packet instproc recv {from rtt mess originmess hash} { $self instvar node_ puts "node [$node_ id] received packet from \ $from with trip-time $rtt ms - contend: $mess - decrypted $originmess -hash: $hash" } #Create two security agents and attach them to the nodes n0 and n2 set p0 [new Agent/Security_packet] $ns attach-agent $n0 $p0 $p0 set class_ 1 set p1 [new Agent/Security_packet] $ns attach-agent $n1 $p1 $p1 set class_ 1 set p2 [new Agent/Security_packet] $ns attach-agent $n4 $p2 $p2 set class_ 2 - 18 -

CSCI 5931 Project 2 set p3 [new Agent/Security_packet] $ns attach-agent $n5 $p3 $p3 set class_ 2 #Connect the two agents $ns connect $p0 $p3 $ns connect $p1 $p2 #Schedule events

System Design Specification

for {set i 1} {$i < 2} {incr i} { set result [expr $i /2] $ns at $result "$p0 send itisalongmessageIcansend" $ns at [expr $result + 0.02] "$p1 send Itisashotermessage" $ns at [expr $result + 0.04] "$p2 send test3" $ns at [expr $result + 0.06] "$p3 send test4" } $ns at 1.0 "finish" #Run the simulation $ns run

VI. Reference Documents


[1]. SDS Outline, The University of Texas at Austin, 1999. from the World Wide Web: http://www.cs.utexas.edu/ [2]. Nguyen Viet Phuong, Vu Tat Dat, Nguyen Anh Tuan, Dinh Ngoc Lan, Simulation System System Design Specification, 2003. [3]. Matt Bishop, Computer Security: Art+Science, Publisher Addison Wesley [4]. Jess Garms and Daniel Somerfield, Professional Java Security ,Wrox Press Ltd. [5]. Marc Greis (2005). Tutorial for the network simulator ns. Retrieved 3/28/05 from: http://www.isi.edu/nsnam/ns/tutorial/index.html [6]. Free Information Society (2005). Hash Table Class. Retrieved 4/4/05 from: http://www.freeinfosociety.com/computers/programs/cpp/hashtable.h [7] Hash function implemented in C++ with polynomial algorithm. Retrieved 4/14/05 from http://wikisource.org/wiki/Polynomial_hash_function. Elevator

- 19 -

You might also like