NS2 code for Rushing attacks (Jellyfish and Byzantine attacks)

Workshop on Cyber Security and Forensics (16th to 20th August 2016)

http://svecw.edu.in/docs/CSEFDPCS.pdf  

Workshop on Big Data Analytics (2nd to 6th August 2016)

http://svecw.edu.in/docs/CSEFDPBigDataAnalytics2016.pdf

Rushing attack

 Rushing attack is a zero delay attack andmore effective when the attacker nearby source or destination node.On-demand routing protocols like AODV and DSR are more vulnerable to this attack, because whenever source nodefloods the route request packet in the network, an adversary nodereceives the route request packet and sends without any hop_count update and delay intothe network. Whenever the legitimate nodes receive the originalsource request packets, they are dropped because legitimate nodes,would have already received packet from the attacker and treat the currently received packets asduplicate packets. Thus, adversary is included in active routeand disturbs the data forwarding phase. Rushing attack can be takenplace at source side or destination side or at the middle.

** The following conditions the rushing attacker is not included in active route

1. When source and destination nodes have direct communication link

2. When source and destination nodes have better route than rushing attackers route

** Rushing attack is more effective when attacker near to source or destination node

Rushing attacks:

 Rushing attacks mainly classified into two types:

1.    Rushing attack followed by jellyfish attack

2.    Rushing attack followed by byzantine attack

Rushing attacker disturbs the data forwarding phase by either jellyfish or byzantine attack.

Rushing attacks implementation in aodv routing protocol

The following scenario consists of 25 nodes. In which 7, 8 and 10 nodes are rushing attacks other nodes are non-malicious.

To create multiple rushing attackers in aodv protocol

·         In aodv.h, the following blue colour lines needs to be added to define rushing attackers

/*

      * History management

      */

    

double               PerHopTime(aodv_rt_entry *rt);

nsaddr_t malicious;

·         In aodv.cc the following blue colour lines needs to be added to initialize the attackers

// To initialize the rushing attackers

int

AODV::command(intargc, const char*const* argv) {

if(argc == 2) {

Tcl&tcl = Tcl::instance();

if(strncasecmp(argv[1], "id", 2) == 0) {

tcl.resultf("%d", index);

return TCL_OK;

    }

                    if(strncasecmp(argv[1], "rushingattack", 13) == 0) {

     malicious= 1000;

        return TCL_OK;

    }

                 

AODV::AODV(nsaddr_t id) : Agent(PT_AODV),

btimer(this), htimer(this), ntimer(this),

rtimer(this), lrtimer(this), rqueue() {

index = id;

seqno = 2;

bid = 1;

  LIST_INIT(&nbhead);

  LIST_INIT(&bihead);

malicious=999;

 

·         Malicious nodes 7, 8 and 10 generate malicious route requests using following blue colour code

Each rushing attacker do not increase the hop_count and simply broadcast without delay. Other than rushing attackers, they will follow the AODV protocol to broadcast route request

//add blue colour lines in send route request packet

/*

  * Can't reply. So forward the  Route Request

  */

else {

ih->saddr() = index;

ih->daddr() = IP_BROADCAST;

if (malicious==1000)

rq->rq_hop_count += 1;

   // Maximum sequence number seen en route

if (rt) rq->rq_dst_seqno = max(rt->rt_seqno, rq->rq_dst_seqno);

if (malicious==1000)

forward((aodv_rt_entry*) 0, p, 0);

else

forward((aodv_rt_entry*) 0, p, DELAY);

 }

// add the blue colour lines code in forward packet

if (ih->daddr() == (nsaddr_t) IP_BROADCAST) {

 // If it is a broadcast packet

assert(rt == 0);

if ((ch->ptype()==PT_AODV) && (malicious!=1000)) {

     /*

*  Jitter the sending of AODV broadcast packets by 10ms

      */

     Scheduler::instance().schedule(target_, p, 0.01 * Random::uniform());

   } else {

     Scheduler::instance().schedule(target_, p, 0.);  // No jitter

   }

 }

  

·         Rushing Attackers can do two attacks: Byzantine and Jellyfish attacks

/*

  * If the route is up, forward the packet

  */

                                                  

if(rt->rt_flags == RTF_UP) {

assert(rt->rt_hops != INFINITY2);

//Byzantine attack can be done : drop all /selective packets

//                       Modify [or]injectflase packets

//Here,  only dropping packets are considered

if((ch->ptype()!=PT_AODV) && (malicious==1000))

                                                   {

                           if(t < CURRENT_TIME)

                                                   {

                                               t=t+2;

                             drop(p, DROP_RTR_NO_ROUTE);

       }

//Jellyfish attack can be done two ways: delaying packets [or] re-ordering //packets.

//Here, only delaying packets and 0.8 can be varied till the good put is zero

else                                            

forward(rt, p, 0.8); 

 }

else

forward(rt, p, NO_DELAY);

 }

·         Since, all attackers drop the packets due to no route to destination, attackers have to disable the send[error]

The following blue colour lines code disables the send (error)

 // add in route resolve function (AODV::rt_resolve(Packet *p) )

else {

 Packet *rerr = Packet::alloc();

structhdr_aodv_error *re = HDR_AODV_ERROR(rerr);

 /*

  * For now, drop the packet and send error upstream.

  * Now the route errors are broadcast to upstream

  * neighbors - Mahesh 09/11/99

  */    

assert (rt->rt_flags == RTF_DOWN);

re->DestCount = 0;

re->unreachable_dst[re->DestCount] = rt->rt_dst;

re->unreachable_dst_seqno[re->DestCount] = rt->rt_seqno;

re->DestCount += 1;

#ifdef DEBUG

fprintf(stderr, "%s: sending RERR...\n", __FUNCTION__);

#endif

if(malicious==1000) drop(p, DROP_RTR_NO_ROUTE);

else

sendError(rerr, false);

drop(p, DROP_RTR_NO_ROUTE);

To define the rushing attackers in tcl add these lines after node initializations

$ns at 0.0 "[$n5 set ragent_] rushingattack"

$ns at 0.0 "[$n7 set ragent_] rushingattack"

$ns at 0.0 "[$n8 set ragent_] rushingattack"

Above scenario example tcl  file : rushing attacks

Rushing attack aodv.cc file : aodv.cc

                         aodv.h file : aodv.h