Professional Documents
Culture Documents
Revision History
Version 1.0
Version 2.0
-2-
Acknowledgment
We would like to thank my class mates. During the process of working on the project, we learn many things from them and from their works. We also thank Delta PCLAB for giving us its facility for printing this document. Finally, we would like to acknowledge our family members for their love, sacrifice and understanding.
-3-
Acknowledgment.................................................................................................................................................3
IV. IMPLEMENTATION............................................................................................................9
4.1. DETAIL DESIGN..................................................................................................................................................9 4.2. IMPLEMENTATION............................................................................................................................................10 4.3. SIMPLE DEMONSTRATION ................................................................................................................................10
V. APPENDIX.............................................................................................................................12
5.1 NEW PROTOCOL SOURCE CODE FOR NS-2 (C++):.............................................................................................12 5.2 TCL SCRIPT FOR SIMPLE DEMONSTRATION.......................................................................................................17
-4-
I. Problem Statement
NS-2 is an open source and very popular network simulation system. It provides support for IP protocols suite and many standard routing protocols for wire and wireless networks. Implementation of security on NS-2 is necessary in network simulation. However, currently, NS-2 does not support these features. Our project will aim to solve this issue. The purpose of the project is to find a way to add encryption/decryption features into network simulation program NS-2. For the purposes of this analysis, the assumption is that the key is pre-shared and the encryption/decryption algorithm is illustrative.
-5-
II.
2.1. Purpose
Introduction
The purpose of this System Design Specification (SDS) document is to describe the design requirements for adding encryption/decryption features into NS-2. This SDS is intended to ensure that the developers and/or implementers produce an application that fulfills SDS. It will also serve as training material for any potential new project members to obtain enough information about the project implementation that they can be efficiently and effectively integrated into the project team.
2.2
Scope
This design specification document provides the frame work for the implementation process. It is a blueprint from which we implement the system. Our project is an add-in component. It requires NS-2 version 2.27 already installed in one computer. The encryption and decryption algorithm is only illustrative.
2.3.
Intended Audience
This document is intended for use by the technical members of the project team, including the software developers, system testers, and researchers who need to do experiments with NS-2. SDS plays a pivotal role in the development and maintenance of software systems. During its lifetime, a given design description is used by project managers, quality assurance staff, configuration managers, software designers, programmers, testers, and maintainers. Each of these users has unique needs, both in terms of required design information and optimal organization of that information. Hence, a design description must contain all the design information needed by those users.
-6-
3.2.
Implementation process
Marc Greis's tutorial shows how to add a new packet protocol to NS-2 (Figure 1). The new packet class is created in the folder ../apps. After that, the new packet name has to register to the packet.h. Of course, the makefile has to be modified so that the
-7-
new class is complied. At the TCL layer, the new packet must be declared by adding the name and default packet size value to the ns-default.tcl file. Finally, we have to make an entry for the new packet in the ns-packet.tcl file. After recompile the ns-2, we can use the new packet for our simulation (Figure 2).
Figure 2: Screen shot of the new packet (Security_packet) on NS-2 We propose to build a new packet class carrying data. The methods of the class include some algorithms of encryption and decryption as well as generate messages digest functions for integrity. Cesar cipher is selected to demo encrypt and decrypt algorithms. The message digest generator is the hash function in C++. (Note: The proposed implementation might be extended based on the requirements of the instructor)
-8-
IV. Implementation
4.1. Detail design
Figure 3. Logical design of the encryption/decryption system Hash function: Using a simple hashing algorithm to get hashed value from a string of plain text. The hash value will be attached to packet header for data integrity checking. At the other end of communication, after decryption, the decrypted text will be hashed again to get new hashed value. This new hashed value will be compared to the value attached within packet header. If they are equal, the data integrity is ensured and decrypted text is accepted; otherwise the packet is discarded. In either case, an acknowledge packet will be sent back to sender to inform of the status of the packet. The algorithm for the hash function can be any kind of algorithm like SHA-1, MD5. Because the shortage of time and the complexity of those algorithms, we chose to implement very simple polynomial algorithm [7] that we collect from the internet. Encryption/decryption functions: For encryption and decryption feature we implement CESAR cipher with pre-shared key of 3. These cryptographic functions take input as a string of plain text and shift the ASCII value of each character in the text three positions. Any encryption/decryption algorithm with symmetric -9-
key can be implemented here. Some examples for encryption/decryption algorithms that can be implemented are DES, 3DES, EAS, Blowfish.
4.2. Implementation
Hash function: unsigned int Security_packetAgent::hashing(char value[], unsigned int len) { char *word = value; unsigned int ret = 0; unsigned int i; for(i=0; i < len; i++) { int mod = i % 32; ret ^=(unsigned int) (word[i]) << mod; ret ^=(unsigned int) (word[i]) >> (32 - mod); } return ret; } Encryption function: void Security_packetAgent::encryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { out[i]=(out[i]+key)%128; } } Decryption function: void Security_packetAgent::decryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { out[i]=(out[i]-key)%128; } } For full source code, please look at appendix 5.1.
script file. For full source code of TCL script please look at appendix 5.2 . The outcome of the demo will be showed in use console ( figure 5).
- 11 -
V.
5.1 New protocol source code for NS-2 (c++):
//----------------------------------// Dated: April 25,2005 // Created: Sam Tran and Tuan Nguyen. // file name: security_packet.h //----------------------------------#ifndef ns_security_packet_h #define ns_security_packet_h #include "agent.h" #include "tclcl.h" #include "packet.h" #include "address.h" #include "ip.h"
Appendix
struct hdr_security_packet { char ret; double send_time; double rcv_time; // when security packet arrived at receiver int seq; // sequence number char data[128]; unsigned int hashvalue; // Header access methods static int offset_; // required by PacketHeaderManager inline static int& offset() { return offset_; } inline static hdr_security_packet* access(const Packet* p) { return (hdr_security_packet*) p->access(offset_); } }; class Security_packetAgent : public Agent { public: Security_packetAgent(); int seq; int oneway; // enable seq number and one-way delay printouts virtual int command(int argc, const char*const* argv); virtual void recv(Packet*, Handler*); void encryption(char* out); void decryption(char* out); unsigned int hashing (char value[], unsigned int len); }; #endif // ns_security_packet_h //----------------------------------// Dated: April 25,2005 - 12 -
CSCI 5931 Project 2 // Created: Sam Tran and Tuan Nguyen. // file name: security_packet.cc //----------------------------------#include "Security_packet.h" #include "string.h"
int hdr_security_packet::offset_; static class Security_packetHeaderClass : public PacketHeaderClass { public: Security_packetHeaderClass() : PacketHeaderClass("PacketHeader/Security_packet",sizeof(hdr_security_packet)) { bind_offset(&hdr_security_packet::offset_); } } class_security_packethdr; static class Security_packetClass : public TclClass { public: Security_packetClass() : TclClass("Agent/Security_packet") {} TclObject* create(int, const char*const*) { return (new Security_packetAgent()); } } class_security_packet; Security_packetAgent::Security_packetAgent() : Agent(PT_SECURITY_PACKET), seq(0), oneway(0) { bind("packetSize_", &size_); } int Security_packetAgent::command(int argc, const char*const* argv) { if (argc ==3) { if (strcmp(argv[1], "send") == 0) { // Create a new packet Packet* pkt = allocpkt(); // Access the security packet header for the new packet: hdr_security_packet* hdr = hdr_security_packet::access(pkt); // Set the 'ret' field to 0, so the receiving node // knows that it has to generate an acknowledge packet hdr->ret = 0; hdr->seq = seq++; // Store the current time in the 'send_time' field hdr->send_time = Scheduler::instance().clock(); // copy date to be sent to header strcpy(hdr->data, argv[2]); //----------------hashing-----------------------hdr->hashvalue = hashing(hdr->data,(unsigned int)strlen(hdr->data)); - 13 -
printf("Message sent %s with hashing %d\n",hdr->data,hdr->hashvalue); // ---------- encrypt the data --------------encryption(hdr->data); //----------------------------------// Send the packet send(pkt, 0); // return TCL_OK, so the calling function knows that // the command has been processed return (TCL_OK); } else if (strcmp(argv[1], "start-WL-brdcast") == 0) { Packet* pkt = allocpkt(); hdr_ip* iph = HDR_IP(pkt); hdr_security_packet* ph = hdr_security_packet::access(pkt); strcpy(ph->data, "test"); iph->daddr() = IP_BROADCAST; iph->dport() = iph->sport(); ph->ret = 0; send(pkt, (Handler*) 0); return (TCL_OK); } else if (strcmp(argv[1], "oneway") == 0) { oneway=1; return (TCL_OK); } } // If the command hasn't been processed by SecurityAgent()::command, // call the command() function for the base class return (Agent::command(argc, argv)); } // -- CESAR encryption function ---------void Security_packetAgent::encryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { out[i]=(out[i]+key)%128; } } // ---- CESAR decryption -----------------void Security_packetAgent::decryption(char out[]) { int key =3; int i=0; for (i=0;i<strlen(out);i++) { - 14 -
} //---------------hashing fucntion------------unsigned int Security_packetAgent::hashing(char value[], unsigned int len) { char *word = value; unsigned int ret = 0; unsigned int i; for(i=0; i < len; i++) { int mod = i % 32; ret ^=(unsigned int) (word[i]) << mod; ret ^=(unsigned int) (word[i]) >> (32 - mod); } return ret; } //------------------------------void Security_packetAgent::recv(Packet* pkt, Handler*) { // Access the IP header for the received packet: hdr_ip* hdrip = hdr_ip::access(pkt); // Access the security packet header for the received packet: hdr_security_packet* hdr = hdr_security_packet::access(pkt); // check if in brdcast mode if ((u_int32_t)hdrip->daddr() == IP_BROADCAST) { if (hdr->ret == 0) { printf("Recv BRDCAST Security_packet REQ : at %d.%d from %d.%d\n", here_.addr_, here_.port_, hdrip->saddr(), hdrip->sport()); Packet::free(pkt); // create reply Packet* pktret = allocpkt(); hdr_security_packet* hdrret = hdr_security_packet::access(pktret); hdr_cmn* ch = HDR_CMN(pktret); hdr_ip* ipret = hdr_ip::access(pktret); hdrret->ret = 1; // add brdcast address ipret->daddr() = IP_BROADCAST; ipret->dport() = ipret->sport(); send(pktret, 0); - 15 -
} else { printf("Recv BRDCAST security_packet REPLY : at %d.%d from %d.%d\n", here_.addr_, here_.port_, hdrip->saddr(), hdrip->sport()); Packet::free(pkt); } return; } // end of broadcast mode if (hdr->ret == 0) { // Send an 'echo'. First save the old packet's send_time double stime = hdr->send_time; //---------decrypt encrypted packet-------------// char original_data[128]; char encrypted_data[128]; strcpy(encrypted_data,hdr->data); //copy the data of the original packet strcpy(original_data,hdr->data); int rcv_seq = hdr->seq; //----------------show the encrypted packet at receiving node-----------// char out[105]; unsigned int newhash; char authenticate_result[50]; // show encryted data then decrytp it and show decryption(original_data); newhash=hashing(original_data,strlen(original_data)); if(newhash==hdr->hashvalue) { printf("data intergity ensured\n"); strcpy(authenticate_result,"Message_Accepted"); } else { printf("data modified %d\n",newhash); strcpy(authenticate_result,"MESSAGE_ERRROR-Integrity violation"); } sprintf(out, "%s recv %d %3.1f %s %s %d", name(), hdrip->src_.addr_ >> Address::instance().NodeShift_[1], (Scheduler::instance().clock()-hdr->send_time) * 1000, encrypted_data, original_data,hdr->hashvalue); Tcl& tcl = Tcl::instance(); tcl.eval(out); // Discard the packet Packet::free(pkt); // Create a new packet Packet* pktret = allocpkt(); - 16 -
// Access the header for the new packet: hdr_security_packet* hdrret = hdr_security_packet::access(pktret); // Set the 'ret' field to 1, so the receiver won't send // another echo hdrret->ret = 1; // Set the send_time field to the correct value hdrret->send_time = stime; hdrret->rcv_time = Scheduler::instance().clock(); hdrret->seq = rcv_seq; strcpy(hdrret->data, authenticate_result);//save data to new packet // Send the packet back to the originator send(pktret, 0); } else { char out[105]; // showing at originator node when packet comes back sprintf(out, "%s recv %d %3.1f %s _ %d", name(), hdrip->src_.addr_ >> Address::instance().NodeShift_[1], (Scheduler::instance().clock()-hdr->send_time) * 1000, hdr->data, hdr>hashvalue); Tcl& tcl = Tcl::instance(); tcl.eval(out); // Discard the packet Packet::free(pkt); } }
5.2
#----------------------------------# Dated: April 25,2005 # Created: Sam Tran and Tuan Nguyen. # File name: security_packet.cc #----------------------------------#Create a simulator object set ns [new Simulator] #Define different colors for data flows (for NAM) $ns color 1 Blue $ns color 2 Red #Open a trace file set nf [open out.nam w] $ns namtrace-all $nf #Define a 'finish' procedure proc finish {} { - 17 -
CSCI 5931 Project 2 global ns nf $ns flush-trace close $nf exec nam out.nam & exit 0 } #Create four nodes set n0 [$ns node] set n1 [$ns node] set n2 [$ns node] set n3 [$ns node] set n4 [$ns node] set n5 [$ns node] #Create links between the nodes $ns duplex-link $n0 $n2 5Mb 10ms DropTail $ns duplex-link $n1 $n2 5Mb 10ms DropTail $ns duplex-link $n2 $n3 1.5Mb 10ms DropTail $ns duplex-link $n3 $n4 5Mb 10ms DropTail $ns duplex-link $n3 $n5 5Mb 10ms DropTail #Set Queue Size of link (n2-n3) to 100 $ns queue-limit $n2 $n3 100 $ns duplex-link-op $n0 $n2 orient right-down $ns duplex-link-op $n1 $n2 orient right-up $ns duplex-link-op $n2 $n3 orient right $ns duplex-link-op $n3 $n4 orient right-up $ns duplex-link-op $n3 $n5 orient right-down
#Define a 'recv' function for the class 'Agent/Security_packet' Agent/Security_packet instproc recv {from rtt mess originmess hash} { $self instvar node_ puts "node [$node_ id] received packet from \ $from with trip-time $rtt ms - contend: $mess - decrypted $originmess -hash: $hash" } #Create two security agents and attach them to the nodes n0 and n2 set p0 [new Agent/Security_packet] $ns attach-agent $n0 $p0 $p0 set class_ 1 set p1 [new Agent/Security_packet] $ns attach-agent $n1 $p1 $p1 set class_ 1 set p2 [new Agent/Security_packet] $ns attach-agent $n4 $p2 $p2 set class_ 2 - 18 -
CSCI 5931 Project 2 set p3 [new Agent/Security_packet] $ns attach-agent $n5 $p3 $p3 set class_ 2 #Connect the two agents $ns connect $p0 $p3 $ns connect $p1 $p2 #Schedule events
for {set i 1} {$i < 2} {incr i} { set result [expr $i /2] $ns at $result "$p0 send itisalongmessageIcansend" $ns at [expr $result + 0.02] "$p1 send Itisashotermessage" $ns at [expr $result + 0.04] "$p2 send test3" $ns at [expr $result + 0.06] "$p3 send test4" } $ns at 1.0 "finish" #Run the simulation $ns run
- 19 -