Tip:
Highlight text to annotate it
X
Hi,
In this video we will show you how to create a malicious node and simulate a sinkhole attack
in NetSim. A simple MANET that runs DSR (Dynamic source routing) algorithm is used as our network
scenario. During this video we will show how to set any node to be a sinkhole in MANET
by a minor change in the DSR protocol source code.
Sinkhole is a malicious node in the MANET which gives false information that it has
the shortest route to the target thus attracting all the traffic in the MANET network to itself.
The sinkhole does not forward the data to the target and instead uses the data for other
malicious purposes.
Let’s us start by creating the scenario we intend to simulate. We navigate to create
a new project by clicking on Simulation->New->Advanced Wireless Networks->MANET. A gird-based environment
is displayed on the screen.
We add seven nodes Node1 throw Node7 as shown. Right click on N ode1->Properties and a window
will appear having sections shown per the 5 layer TCP / IP stack. In this we enable
a voice application going from Node1 to destination node6. Check the Routing Protocol as ‘DSR’
in the Network Layer Section and enable the ‘Link Layer Ack’.
Note that MANET environment operates in a wireless environment and hence, path loss
occurs. Right click on the environment and click ‘Properties’. Select Channel Characteristics
as line of sight and set the Path loss exponent relatively high, for example 3.7 so that Node1
may not directly communicate to Node6 and the route via which the packets via node1->2->3->4->5->6.
Our goal is to set Node7 as the sinkhole, and let’s see how to change the code to
reach this goal.
Create a libDSR solution in visual studio and include all the required files in it.
In the original DSR protocol code, a packet is generated in the application layer of the
source node. The packet is transmitted to Transport OUT and then to Network OUT where
it gets added to the send buffer of the source and a RREQ is generated. This RREQ is forwarded
to neighbouring nodes. The RREQ contains the target IP and also the list of IP’s that
the RREQ propagates through. We modify the code so that when a malicious node receives
the RREQ packet, it gives a false RREP that it has a direct route from itself to the target.
To do so we create a file called Malicious.c. This has three key functions -
The first is fn_NetSim_DSR_MaliciousNode(NetSim_EVENTDETAILS* pstruEventDetails)
This function returns 1 if the current deviceID is the malicious node, else it returns 0.
In the same file, malicious.c, we have defined a macro called MALICIOUS_NODE. The device
with ID which is equal to this Macro will act as a malicious node. In the, if statement
defined in this function, we can mention the ID of the device we wish to act as malicious
node and increase the number of malicious nodes by simply adding an OR condition.
The second function is - fn_NetSim_DSR_MaliciousRouteAddToCache(NetSim_EVENTDETAILS* pstruEventDetails,DSR_PRIMITIVES* dsrPrimitive).
If the device is a malicious node, this function gets evaluated and the route from itself to
the target mentioned in the route request is added to its route cache and thus the availablity
of a false shortest route from the malicious node to the target is created.
The third function is fn_NetSim_DSR_MaliciousProcessSourceRouteOption(NetSim_EVENTDETAILS* pstruEventDetails,DSR_PRIMITIVES* dsrPrimitive)
In this function, if a malicious node receives a data packet, It generates an acknowledge
request to be given to the transmitter of the packet. The DSR metrics of the node is
updated and the received packet is freed and not forwarded.
Next, in the DSR.c file, function _declspec(dllexport) int fn_NetSim_DSR_Run( ) checks what type
of event is occuring i.e Network OUT, Network IN or TIMER event.
In the case Network_In_Event, there are various subevents like the reception of RREQ packet,
reception of data packet etc. In the default subevent (where a data packet is received),
if the device which receives the packet is a malicious node, we perform the function
fn_NetSim_DSR_MaliciousProcessSourceRouteOption( ) that deletes the packet received . Else
we perform the normal DSR function DSR_PROCESS_SRC_ROUTE( ) for other nodes.
In case of subevent, control packet route request, if the present node is a malicious
node, we perform the function fn_NetSim_DSR_MaliciousRouteAddToCache ( ) which adds the false route to its route
cache. After that, the function DSR_PROCESS_RREQ is evaluated which generates a RREP from the
malicious node since a route has been made avaliable in route cache.
After completing writing this code, compile it. Replace the new libDSR.dll file in NetSim’s
bin directory.
Now we come back to the NetSim scenario and click on the ‘Simulate’ button which opens
a window where we enter Simulation Time of 50s, Experiment Name then we enable record
Animation and leave the Seeds at their default values. Then we run the simulation.
After the simulation is complete, click on the ‘View packet animation’ link on the
left hand side.
We see that a RREQ sent from node4 is received by node7 which was set to be the malicious
node. This node7 replies with a false route from itself to the target node thus creating
a false shortest path. All the data is forwarded by node4 to node7 which in turn does not forward
it. So the path of the data packet is nodes1->2->3->4->7.
When we run the default libDSR.dll, without the malicious node we see the data flow is
through the route nodes1->2->3->4->5->6
Through this video we hope you’re able to see the effect of a malicious node in MANET
Hope you enjoyed this video.
Thank you.