利用ns2仿真MANET中的虫洞攻击

时间:2021-12-10 17:27:37

一、虫洞攻击原理

        虫洞(Wormhole)攻击又可称为隧道攻击,它是利用两个相距很远的攻击节点间共谋建立一条高质量高带宽的私有隧道,攻击者在私有隧道一端上记录数据包或位信息,通过此私有隧道将窃取的信息传递到隧道的另一端。因为私有隧道的距离一般远大于单跳无线传输半径,所以通过私用通道传递的数据包比通过正常多跳路径传递的数据包早到达目标节点。由于该隧道的高效特点,周围节点都选择该私有隧道进行数据传递。如图 2-4 所示, A、G 是无线传感器网络中相隔很远的两个普通节点,彼此都不在对方的通信半径内,W1、W2 表示虫洞攻击节点,B、C、D、E、F 表示中间节点,正常的节点路径为A→B→C→D→E→F→G。但是当虫洞攻击存在时,恶意节点 W1 接收到请求消息,通过私有隧道传送到恶意节点 W2。当 W2 接收到请求消息时,它直接传送该消息到节点 G,似乎数据包传送经过了节点 A、W1 和W2,即A→W1→W2→G。节点 W2 同样通过私有隧道将回复消息传送回 W1。这样,节点 W1、W2 虚假地宣称在它们之间存在一条更高效的路径,从而欺骗合法节点 A 选择路径 W1→W2 (因为它的路径最短)。两个恶意节点之间的实际距离远远大于节点的通信半径。若是攻击节点采用隐式方式进行虫洞攻击,则数据包经过 A 直接到达节点 G,恶意节点 W1 和 W2 对网络不可见。

利用ns2仿真MANET中的虫洞攻击

       因为虫洞攻击者能够伪造远小于合法路径的虚假高效路径,将会破坏依靠节点间距离信息的路由机制,从而使路由发现协议的失效,同时使虫洞隧道附近节点的邻居列表混乱。虫洞攻击能破坏消息的完整性和机密性等基本安全目标。如在传递消息包的过程中,攻击者可以随意丢弃收到的消息包,以及伪造和更改消息包的内容,造成数据的丢失或者错误。也可以实施被动攻击来窃听消息包的内容。虫洞攻击非常难于检测,因为它用于传递信息的路径通常不是实际网络的一部分,而且它能够在任何路由协议或网络提供的服务的情况下进行破坏。


二、实现

从代码库中搜索到的代码,http://slogix.in/how-to-create-wormhole-attack-in-manet-using-ns2/index.html

仿真并没有出现于原稿中一样的nam界面,但是得到了所有的数据。

#Filename: sample22.tcl
# Define options
set val(chan) Channel/WirelessChannel ;# channel type
set val(prop) Propagation/TwoRayGround ;# radio-propagation model
set val(netif) Phy/WirelessPhy ;# network interface type
set val(mac) Mac/802_11 ;# MAC type
set val(ifq) Queue/DropTail/PriQueue ;# interface queue type
set val(ll) LL ;# link layer type
set val(ant) Antenna/OmniAntenna ;# antenna model
set val(ifqlen) 50 ;# max packet in ifq
set val(nn) 14 ;# number of mobilenodes
set val(rp) AODV ;# routing protocol
set val(x) 500 ;# X dimension of topography
set val(y) 500 ;# Y dimension of topography
set val(stop) 20 ;# time of simulation end
set sender 0 ;# Sender
set receiver 9 ;# Receiver

#-------Event scheduler object creation--------#

set ns [new Simulator]
# Predefine tracing
set f [open out.tr w]
$ns trace-all $f
set nf [open out.nam w]
$ns namtrace-all $nf

# set up topography object
set topo [new Topography]
$topo load_flatgrid $val(x) $val(y)

set god_ [create-god $val(nn)]

# unity gain, omni-directional antennas
# set up the antennas to be centered in the node and 1.5 meters above it
Antenna/OmniAntenna set X_ 0
Antenna/OmniAntenna set Y_ 0
Antenna/OmniAntenna set Z_ 1.5
Antenna/OmniAntenna set Gt_ 1.0
Antenna/OmniAntenna set Gr_ 1.0

# Initialize the SharedMedia interface with parameters to make
# it work like the 914MHz Lucent WaveLAN DSSS radio interface
Phy/WirelessPhy set CPThresh_ 10.0
Phy/WirelessPhy set CSThresh_ 1.559e-11
Phy/WirelessPhy set RXThresh_ 3.652e-10 ;#250m
Phy/WirelessPhy set Rb_ 2*1e6
Phy/WirelessPhy set Pt_ 0.2818
Phy/WirelessPhy set freq_ 914e+6
Phy/WirelessPhy set L_ 1.0

#configure the nodes
$ns node-config -adhocRouting $val(rp) \
-llType $val(ll) \
-macType $val(mac) \
-ifqType $val(ifq) \
-ifqLen $val(ifqlen) \
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channelType $val(chan) \
-topoInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace OFF \
-movementTrace ON

# unity gain, omni-directional antennas
# set up the antennas to be centered in the node and 1.5 meters above it
Antenna/OmniAntenna set X_ 0
Antenna/OmniAntenna set Y_ 0
Antenna/OmniAntenna set Z_ 1.5
Antenna/OmniAntenna set Gt_ 1.0
Antenna/OmniAntenna set Gr_ 1.0

# Initialize the SharedMedia interface with parameters to make
# it work like the 914MHz Lucent WaveLAN DSSS radio interface
Phy/WirelessPhy set CPThresh_ 10.0
Phy/WirelessPhy set CSThresh_ 1.559e-11
Phy/WirelessPhy set RXThresh_ 3.652e-10 ;#250m
Phy/WirelessPhy set Rb_ 2*1e6
Phy/WirelessPhy set Pt_ 0.2818
Phy/WirelessPhy set freq_ 914e+6
Phy/WirelessPhy set L_ 1.0





$ns node-config -adhocRouting $val(rp) \
-llType $val(ll) \
-macType $val(mac) \
-ifqType $val(ifq) \
-ifqLen $val(ifqlen) \
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channelType $val(chan) \
-topoInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace OFF \
-movementTrace ON

for {set i 0} {$i < $val(nn) } { incr i } {
set node_($i) [$ns node]
}





set udp [new Agent/UDP]
$ns attach-agent $node_(0) $udp

set cbr [new Application/Traffic/CBR]
$cbr set packetSize_ 1024
$cbr set interval_ 0.1
$cbr attach-agent $udp

set null [new Agent/Null]
$ns attach-agent $node_(1) $null

$ns connect $udp $null
$ns at 2.0 "$cbr start"
$ns at 10.0 "$cbr stop"

$ns at 2.0 "$ns trace-annotate \"Sender sends the data to the receiver through the selected router which is attacker\""
$ns at 2.1 "$ns trace-annotate \"Attacker 3 and 8 forms wormhole\""


set udp [new Agent/UDP]
$ns attach-agent $node_(1) $udp

set cbr [new Application/Traffic/CBR]
$cbr set packetSize_ 1024
$cbr set interval_ 0.1
$cbr attach-agent $udp

set null [new Agent/Null]
$ns attach-agent $node_(3) $null

$ns connect $udp $null
$ns at 3.0 "$cbr start"
$ns at 10.0 "$cbr stop"
$ns at 3.0 "$ns trace-annotate \"Attacker forwards the data to Attacker 8 which does not forward the data to receiver\""

$ns at 0.0 "$ns set-animation-rate 0.1ms"
$ns run