Trust based routing protocols framework — GSoC 2018 with NS-3

Google Summer of Code final report

Project : Trust based routing protocols framework

NS-3 is a discrete-event network simulator for Internet systems, targeted primarily for research and educational use. NS-3 is a free and open source software which is publicly available for research, development, and use. It has thousands of users which is backed by a active community. NS-3 participated in Google Summer of Code in 2018 and I was privileged enough to contribute to NS-3 with a great passion. I worked on developing a new trust based routing protocols framework to NS-3. I was really lucky enough to be guided by my mentor Tommaso Pecorella and Tom Henderson who is the executive director for the NS-3 Consortium.


Why trust based routing protocols?

Networks are susceptible to attacks by malicious nodes that could easily bring down the whole network. Therefore, it is important to have a reliable mechanism for detecting and isolating malicious nodes before they can do any harm to the network. Usually, routing protocols discover usable multi-hop routes between source and destination nodes. However, some of the routes found and used may not be as reliable or trust-worthy as expected. Thus, finding a trusted route is an important component for enhancing the security of communication.

Trust value will be calculated based on different routing parameters(rreq, rply, err, etc) or routing metrics(bandwidth, cost, etc). Therefore, trust will become a routing metric which can be used to determine the optimal route for forwarding packets. Eventually trust value can be considered as a security factor for making the routing decision.

Trust based routing protocols have great demand and researchers trying out many variations of them. There are quite a lot of research publications have presented on this topic and more are yet to be published. Therefore, it would be beneficial to facilitate for those developers who wish to try out any trust based routing protocol simulations on ns-3. This project has initiated the framework with a basic infrastructure.

Why need a trust based framework?

Trust is a subjective measurement. There are many research papers have published which has various methodologies of calculating the trust value for the same routing protocol.

For e.g.: If we consider AODV routing protocol; following papers have came up with different approaches for trust value calculation.

Li, X., Lyu, M.R. and Liu, J., 2004, March. A trust model based routing protocol for secure ad hoc networks. In Aerospace Conference, 2004. Proceedings. 2004 IEEE (Vol. 2, pp. 1286–1295). IEEE.

Marchang, N. and Datta, R., 2012. Light-weight trust-based routing protocol for mobile ad hoc networks. IET information security, 6(2), pp.77–83.

Pushpa, A.M., 2009, December. Trust based secure routing in AODV routing protocol. In Internet Multimedia Services Architecture and Applications (IMSAA), 2009 IEEE International Conference on (pp. 1–6). IEEE.

Current NS-3 version(ns-3.28) does not welcome trust based routing protocols by default. If someone wants to simulate a trust based protocol in NS-3, there are lot of changes needs to be done in many concrete level classes. This is cumbersome and it’s against the conventions that we follow from the maintenance point of view. NS-3 cannot define only one way of calculating trust value as each of the above mentioned methods/approaches have written to serve specific concerns/issues. Therefore, it’s clear that allowing any custom trust calculation run through a framework is a better move from NS-3. This will help the developers to try out trust based frameworks in NS-3 with minimal amount of coding.

Trust framework has developed with no modifications to the existing protocols and ns-3 core modules. It has been developed as a third-party ns-3 application. Anyone who wish to use the framework can simple use the “trust-routing” module. We have planned to push Trust framework to ns-3 app store and it will be publicly available soon for anyone.


trust-routing/trust framework alone cannot transform a protocol into a trust based protocol. Usually, trust based routing protocols have different favors in terms of the algorithm and trust value calculation. Therefore, framework does provide only the abstract classes and a basic trust table. It is the responsibility of the trust framework consumer to provide a suitable trust protocol implementation to run on it. Trust framework acts as a mediator between a concrete trust based protocol and ns-3 core modules.

trust framework integration

As you can see in the diagram, trust-aodv, trust-dsr and trust-dsdv are few of those such implementations provided to trust framework. Implementation modules contains all the different behaviors and how the entire protocol manipulation defined. Some could say that the trust-routing is an umbrella module that facilitates different trust implementations.

trust-routing

Similar to any other NS-3 modules, trust-routing module also have a common module structure. Sphinx documentation is available under the ‘doc’ folder. trust-manager-helper is resides inside the helper folder. Under the model, we have only three classes at the moment. Those are trust-entry, trust-table and trust-manager. Inside the test folder, test case for trust table have written.

trust-entry

Each record in the trust table is represented by a trust-entry instance. This includes only 3 attributes. ns3::Address, double m_trustValue, ns3::Time m_timestamp.

trust-table

trust table contains the trust entry objects which includes the trust values. Intended design is to have one trust table per node in the network. This will be very similar to the routing table except that it has only trust values for different destination route nodes within the network.

trust-table

trust-table provide basic operations to add, update, remove trust-entry records from the trust table. These methods have been covered from the test case available inside the test folder. There is also another method called AddOrUpdateTrustTableEntry() which in fact taken into discussion whether we could keep this method or not. Because it is simply a combination of AddRecord and UpdateRecord methods in the same class. This has provide for the ease of developers and achieve the task with less number of lines. But this is an controversial with the philosophical point of view of class trust-table.

trust-manager

In order to define the most essential operations for any trust based routing protocol, this manager has been used. It is an abstract class which forces the implementer to provide an implementation to CalculateTrust().

trust-manager -> ns3::Application

It is worth to mention that trust-manager extends from ns3::Application. This allows the developers to simply install any of the trust-manager implementations as an application to different hosts in the network. It made the usage of trust based routing protocol variations a lot easier when it comes to using them in multiple simulation setups.

trust-manager-helper

Helper classes in ns-3 are usually the entry point to install the relevant applications and access other utilities. In trust framework, trust-manager-help does the same actions. This is some what like a replica to ipv4-routing-helper / ipv6-routing-helper. Currently the main usage of this class is to print the trust tables. In future there are other utilities methods can be placed inside this class.


As mentioned above in this post, trust-routing is the trust framework. Framework has developed with the intention of facilitating different types of trust based routing protocol implementations. In order to demonstrate the usage of trust framework, we have also developed a separate trust based routing protocol. We have chosen the well-known wireless routing protocol; AODV.

trust-aodv

Transforming the traditional AODV protocol into a trust based version is implemented in this module. This is an example of how to use the trust framework and the advantages of using it. This implementation has not more focused on developing an optimal trust based routing protocol, but rather it is for the demonstration of the trust framework. Therefore, please feel free to improve it further.

This model was written as an example demonstration for transforming the 
traditional AODV protocol into a trust-based AODV protocol which uses trust
to delegate packets within the network. It used trust framework(trust-routing) to access the ns-3 core modules.

trust-aodv has direct dependencies on trust-routing and aodv modules. Class 
ns3::trustaodv::SimpleAodvTrustManager is the implementation to
ns3::trustrouting::TrustManager which defined in trust framework. This class includes the trust calculation logic and how the promiscuous callback function should react upon receiving intended packets to network nodes. It also holds trust parameter table which consists of ns3::trustaodv::AodvTrustEntry objects. trust parameter table is a different table to trust table. It contains parameters that can be considered when calculating the trust value. As we can see almost all the trust based routing protocols have different mechanisms to calculate the trust value. Therefore, this table is to manage such attributes for the trust value. Even though we have number of rreq, reply, error and hello counters, in our demonstration we have only used m_rreq and m_rrep.

There are 2 different types of aodv-protocol overriden files are available 
under the model folder. ns3::maliciousaodv::RoutingProtocol and 
ns3::selfishaodv::RoutingProtocol. These two protocol classes are used 
to simulate a malicious node behavior in our provided example. Malicious AODV implementation is able to modify the number of hops which sends out in RREP message. It is done by simply reducing 1 from the available hops counts in a RREP packet. With regard to selfish node behaviors, it will randomly drop RREP packets without forwarding to the next hop.

For each of the above mentioned routing protocol overridden versions we have separate helper classes inside the helper folder. These helpers can be used in any simulation examples. Those have been used in trust-aodv-example simulation to install the intended overridden routing protocols.

10, 000 feet overview on trust-routing & trust-aodv

According to the above design now anyone can implement a new trust based module and plug it into the trust-routing framework to see how it works in a simulation.

trust-routing does have direct compile time dependencies on core and network modules. It is because the manager class that it holds actually inherited from ns3::Application. It helps to install the any concrete trust-manager as an application. (For e.g: SimpleAodvTrustManager)

Example:

If you run the example of trust-aodv-example.cc which is available in trust-aodv module, you can observe the utilization of trust values within the traditional AODV protocol.

trust-aodv-example.cc

We have configured a simulation network setup as shown above. It is available under src/trust-aodv/examples/. As you can see there are 7 nodes and one node which marked in blue color is the malicious node in the network. It manipulates the hops counts of RREP packets that receives to that node(10.0.0.6).

Simulation default configurations are set as 100s for the runtime. It has broken into 2 phases where 1st phase goes from 0–50 seconds. 2nd phase is from 60–70 seconds. 1st phase will send ping messages from one node to rest of the nodes in the network. It will iterate the same for all 7 nodes.

In 2nd phase we make a single ping message from node 0 to node 5. This is where the RREQ and RREP process take place again over the network.

We have observed both routing table and trust table at 55th second and 75th second respectively to cover both phases of the simulation. These table are all from node 0 in different moments in time.

routing table — (55th second)
trust table — (55th second)

after making a single ping request,

routing table — (75th second)
trust table — (75th second)

You can see that in trust table, trust value for node 7 (mac address of 04–04–0a:00:00:07) has reduced because of it’s RREP hop count change and random RREP packet drop behaviour.

As this is a pilot demonstration project, it is true that there are some scientific concerns with calculating the trust values based on the AODV control packets. But as we mentioned, this is to demonstration of usage for trust framework.

GitHub repository:

This is a fork I took from the NS-3 mainline master branch. The release of the new trust framework is yet to be discussed in the community.

Experience:

Google summer of Code is a wonderful program which is hosted by Google. It’s a great honor to be a part of this program. I was so lucky enough that I could work on NS-3 which is really awesome! NS-3 is a reputed open source community among network researchers.

The project I worked on actually initiated with the concept I had. My mentor Tommaso helped me to point out that instead of implementing it as a concrete solution, make it as a framework so that other NS-3 developers will also get benefited out of it. He is the best mentor I’ve ever had.

This is my last time that I could participate in Google Summer of Code. I never worked on such a big C++ project ever and I learnt alot from this project. I also got the opportunity to interact with Tommaso and Tom which is the best part of this GSoC.

I know the framework is still lacking some of the major things. So I want to make it more reliable and people will use it to get their trust based protocols being implemented on NS-3