In order to simulate most of the Byzantine attacks described in [1] [2], we developed a protocol-independent Byzantine attack simulation module for ns2. This module provides the capability to simulate the black hole, Byzantine wormhole, and Byzantine overlay network wormhole attacks without modifying the routing protocol. It was not possible to simulate the flood rushing attack using this technique because it requires timing changes in the routing protocol code. Because this attack simulation module is potentially useful to the secure routing community, we make it publicly available below.

The module is implemented as part of the ns2 Link Layer (LL) object which lies directly below the Routing Agent and directly above the MAC layer. The modified LL has several commands that allow it to be configured from the simulation TCL setup script. The first command enables the black hole attack, which is executed by checking the packet type of any packet sent down by the routing agent, and silently dropping any packet which has an application data type (as opposed to a routing protocol type). The second command is used to setup the various wormhole configurations, and creates a back channel connection from one node to another wormhole peer node. The attack module manages any number of these wormhole peer connections, thus allowing the setup TCL script to create either a simple point to point wormhole or the more complicated overlay network wormhole. As a packet is sent down from the routing protocol, its next hop address is used to determine the correct action. In addition to being sent down to the interface queue for transmission by the MAC, copies of any broadcast packets are sent to every configured wormhole peer. If the next hop address of a unicast packet matches a wormhole peer address, the packet is sent directly to that peer. Otherwise, it is sent down the stack normally.

Download the Byzantine attack module

The module was developed for version 2.27 of ns2. The archive contains a directory with the original ns2 files (orig-ns-2.27) and a directory with the modified files for the attack module (odsbr-ns-2.27).

[1] Baruch Awerbuch, Reza Curtmola, David Holmer, Cristina Nita-Rotaru and Herbert Rubens. On the Survivability of Routing Protocols in Ad Hoc Wireless Networks. In Proc. of IEEE First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM '05), 2005.

[2] Baruch Awerbuch, Reza Curtmola, David Holmer, Cristina Nita-Rotaru and Herbert Rubens. ODSBR: An On-Demand Secure Byzantine Resilient Routing Protocol for Wireless Ad Hoc Networks. In ACM Transactions on Information and System Security (TISSEC), Volume 10, Issue 4, 2007.