How to Implement OSI layers Security in NS2

To implement OSI Layers Security in NS2 has needs to follow numerous steps that include mimicking security characteristics for different layers of the Open Systems Interconnection (OSI) model. The OSI model has seven layers, each with diverse security requirements, from physical to application layer. In NS2, we can approximate this by adding security mechanisms such as encryption, authentication, firewalling, or access control at different layers (such as data link, network, or transport layers).

Since NS2 doesn’t directly support the full-fledged security protocols such as SSL/TLS for the transport layer or IPSec for the network layer, we can execute simple security behaviours by adjust packet handling at different layers.

The below is the procedure to execute the OSI Layers Security in NS2:

OSI Layers and Security Considerations

  • Physical Layer: Guard against jamming or interception (usually not simulated in NS2).
  • Data Link Layer: Secure MAC address spoofing or encryption at this layer like WPA/WPA2.
  • Network Layer: Execute firewalls, IP filtering, or IPsec-like behavior.
  • Transport Layer: Add packet filtering or mimic transport layer encryption such as SSL/TLS.
  • Application Layer: Add application-level encryption (like HTTPS) or authentication.

Approach to Implementing OSI Layers Security in NS2

In NS2, security mechanisms can be executed at the data link, network, and transport layers by adjustig how packets are processed in these layers. Here’s a general approach:

  1. Data Link Layer Security: We can mimic access control, MAC address filtering, or encryption by adjusting the MAC layer behaviour.
  2. Network Layer Security: Use packet filtering, access control lists (ACLs), or firewall-like behaviour to block or let specific IP packets.
  3. Transport Layer Security: Mimic an encryption and packet filtering to secure communication channels.
  1. Data Link Layer Security Example (MAC Address Filtering)

In this instance, we will execute MAC address filtering at the data link layer, that permits or blocking communication based on the source MAC address.

Example TCL Script for MAC Address Filtering:

# Create a new NS2 simulator

set ns [new Simulator]

# Open trace and NAM output files

set tracefile [open mac_filter.tr w]

$ns trace-all $tracefile

set namfile [open mac_filter.nam w]

$ns namtrace-all $namfile

# Define wireless parameters

set val(chan)   Channel/WirelessChannel

set val(prop)   Propagation/TwoRayGround

set val(ant)    Antenna/OmniAntenna

set val(netif)  Phy/WirelessPhy

set val(mac)    Mac/802_11               ;# MAC layer (we will add filtering)

set val(ifq)    Queue/DropTail/PriQueue

set val(ifqlen) 50

set val(ll)     LL

set val(rp)     AODV

set val(x)      1000

set val(y)      1000

# Create topography

set topo [new Topography]

$topo load_flatgrid $val(x) $val(y)

# Configure node parameters

$ns node-config -adhocRouting $val(rp) \

-llType $val(ll) \

-macType $val(mac) \

-ifqType $val(ifq) \

-ifqLen $val(ifqlen) \

-antType $val(ant) \

-propType $val(prop) \

-phyType $val(netif) \

-channelType $val(chan) \

-topoInstance $topo \

-agentTrace ON \

-routerTrace ON \

-macTrace ON

# Create nodes

set node0 [$ns node]

set node1 [$ns node]

set node2 [$ns node]   ;# Third node with a different MAC address (possible attacker)

# Set positions

$node0 set X_ 100

$node0 set Y_ 100

$node0 set Z_ 0

$node1 set X_ 500

$node1 set Y_ 500

$node1 set Z_ 0

$node2 set X_ 300

$node2 set Y_ 300

$node2 set Z_ 0

# Define MAC filtering (allowed MAC addresses for node0)

set allowed_mac “00:00:00:00:00:01”  ;# MAC address of node1

set blocked_mac “00:00:00:00:00:02”  ;# MAC address of node2 (blocked)

# Create UDP agents for communication between node0 and node1

set udp0 [new Agent/UDP]

$ns attach-agent $node0 $udp0

set null0 [new Agent/Null]

$ns attach-agent $node1 $null0

$ns connect $udp0 $null0

# Create CBR traffic over UDP

set cbr0 [new Application/Traffic/CBR]

$cbr0 set packetSize_ 512

$cbr0 set rate_ 1Mb

$cbr0 attach-agent $udp0

# Start and stop CBR traffic

$ns at 1.0 “$cbr0 start”

$ns at 9.0 “$cbr0 stop”

# Add MAC address filtering logic (in the simulation for node0)

proc mac_filter {src_mac dst_mac} {

global allowed_mac blocked_mac

if {$src_mac == $blocked_mac} {

puts “Packet dropped from $src_mac (blocked)”

return 0   ;# Drop the packet

}

if {$src_mac == $allowed_mac} {

puts “Packet accepted from $src_mac (allowed)”

return 1   ;# Accept the packet

}

return 0   ;# Drop other packets by default

}

# Schedule simulation end

$ns at 10.0 “finish”

# Finish procedure to close trace and NAM files

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam mac_filter.nam &

exit 0

}

# Run the simulation

$ns run

  1. Network Layer Security Example (IP Filtering)

In this instance, we will execute IP filtering at the network layer, that permits or blocking packets based on the source IP address.

Example TCL Script for IP Filtering:

# Create a new NS2 simulator

set ns [new Simulator]

# Open trace and NAM output files

set tracefile [open ip_filter.tr w]

$ns trace-all $tracefile

set namfile [open ip_filter.nam w]

$ns namtrace-all $namfile

# Define wireless parameters

set val(chan)   Channel/WirelessChannel

set val(prop)   Propagation/TwoRayGround

set val(ant)    Antenna/OmniAntenna

set val(netif)  Phy/WirelessPhy

set val(mac)    Mac/802_11

set val(ifq)    Queue/DropTail/PriQueue

set val(ifqlen) 50

set val(ll)     LL

set val(rp)     AODV

set val(x)      1000

set val(y)      1000

# Create topography

set topo [new Topography]

$topo load_flatgrid $val(x) $val(y)

# Configure node parameters

$ns node-config -adhocRouting $val(rp) \

-llType $val(ll) \

-macType $val(mac) \

-ifqType $val(ifq) \

-ifqLen $val(ifqlen) \

-antType $val(ant) \

-propType $val(prop) \

-phyType $val(netif) \

-channelType $val(chan) \

-topoInstance $topo \

-agentTrace ON \

-routerTrace ON \

-macTrace ON

# Create nodes

set node0 [$ns node]

set node1 [$ns node]

set node2 [$ns node]

# Set positions

$node0 set X_ 100

$node0 set Y_ 100

$node0 set Z_ 0

$node1 set X_ 500

$node1 set Y_ 500

$node1 set Z_ 0

$node2 set X_ 300

$node2 set Y_ 300

$node2 set Z_ 0

# Define IP filtering logic for node0

set allowed_ip “192.168.1.1”  ;# IP address of node1

set blocked_ip “192.168.1.2”  ;# IP address of node2 (blocked)

# Function to simulate IP filtering

proc ip_filter {src_ip} {

global allowed_ip blocked_ip

if {$src_ip == $blocked_ip} {

puts “Packet dropped from $src_ip (blocked)”

return 0   ;# Drop the packet

}

if {$src_ip == $allowed_ip} {

puts “Packet accepted from $src_ip (allowed)”

return 1   ;# Accept the packet

}

return 0   ;# Drop other packets

}

# Create UDP agents for communication between node0 and node1

set udp0 [new Agent/UDP]

$ns attach-agent $node0 $udp0

set null0 [new Agent/Null]

$ns attach-agent $node1 $null0

$ns connect $udp0 $null0

# Create CBR traffic over UDP

set cbr0 [new Application/Traffic/CBR]

$cbr0 set packetSize_ 512

$cbr0 set rate_ 1Mb

$cbr0 attach-agent $udp0

# Schedule traffic

$ns at 1.0 “$cbr0 start”

$ns at 9.0 “$cbr0 stop”

# End the simulation

$ns at 10.0 “finish”

# Finish procedure to close trace and NAM files

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam ip_filter.nam &

exit 0

}

# Run the simulation

$ns run

  1. Transport Layer Security (Encryption Simulation)

At the transport layer, we can replicate a simple encryption or packet filtering to secure data in transit. Since NS2 does not support full encryption protocols, that we can mimic encrypted packets by marking them in the payload or avoid transmission of unencrypted packets.

  1. Extending the Simulation

We can expand the security implementation by adding more sophisticated protocols that involves:

  • Encryption: Mimic an encrypted communication at the application or transport layer.
  • Intrusion Detection Systems (IDS): Execute packet inspection and filtering for classifying intrusions or attacks.
  • Key Management: To mimic key exchange and secure session setup among nodes.

Through this technique, we offered the entire information through instruction regarding the implementation of OSI layers security in ns2 simulation with examples and establishments of its security mechanism. If you need more information regarding the OSI layers security we will offered it.

If you are unsure how to implement OSI layer security in the NS2 tool, please contact the ns2project.com staff for personalized advice. We supply you with the greatest project ideas and subjects.