To implement the Cyber-Physical Security in OMNeT++, we have to simulate a system that has protecting mechanisms in which the physical processes are controlled or observed by computational elements. It is typically used in Industrial Control Systems (ICS), Smart Grids, and Internet of Things (IoT) networks. Below, we offered the steps to implement this in OMNeT++:
Step-by-Step Implementation:
First, we have to describe the network topology that contains cyber-physical components like sensors, actuators, controllers, and a central control server. These components will communicate with each other and with security mechanisms like firewalls, IDS, and secure communication channels.
network CyberPhysicalNetwork
{
submodules:
sensor1: StandardHost {
@display(“p=100,100”);
}
sensor2: StandardHost {
@display(“p=100,200”);
}
actuator1: StandardHost {
@display(“p=300,100”);
}
actuator2: StandardHost {
@display(“p=300,200”);
}
controller: StandardHost {
@display(“p=500,150”);
}
firewall: FirewallModule {
@display(“p=200,150”);
}
ids: IDSModule {
@display(“p=400,150”);
}
controlServer: SecureControlServerModule {
@display(“p=700,150”);
}
connections:
sensor1.ethg++ <–> Eth100M <–> firewall.in++;
sensor2.ethg++ <–> Eth100M <–> firewall.in++;
firewall.out++ <–> ids.in++;
ids.out++ <–> controller.ethg++;
controller.ethg++ <–> Eth100M <–> actuator1.ethg++;
controller.ethg++ <–> Eth100M <–> actuator2.ethg++;
controller.ethg++ <–> Eth100M <–> controlServer.ethg++;
}
The firewall module will filter traffic amongst sensors, actuators, and the controller, ensuring only authorize communications are allowed.
Firewall Module
// FirewallModule.cc
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/common/packet/Packet.h”
#include “inet/networklayer/ipv4/Ipv4Header_m.h”
using namespace omnetpp;
using namespace inet;
class FirewallModule : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
bool isAllowed(Packet *packet);
};
Define_Module(FirewallModule);
void FirewallModule::initialize()
{
EV << “Firewall Module Initialized” << endl;
}
void FirewallModule::handleMessage(cMessage *msg)
{
if (Packet *packet = dynamic_cast<Packet *>(msg)) {
if (isAllowed(packet)) {
send(packet, “out”);
} else {
EV << “Packet dropped by firewall.” << endl;
delete packet;
}
}
}
bool FirewallModule::isAllowed(Packet *packet)
{
const auto& networkHeader = packet->peekAtFront<Ipv4Header>();
std::string source = networkHeader->getSrcAddress().str();
std::string destination = networkHeader->getDestAddress().str();
// Example: Allow only specific sensor-to-controller and controller-to-actuator communications
if ((source == “192.168.1.10” && destination == “192.168.1.30”) ||
(source == “192.168.1.30” && destination == “192.168.1.40”)) {
return true; // Allow traffic
}
return false; // Block all other traffic
}
The IDS module will observe for abnormal behavior or unauthorized access, particularly vital in identifying cyber-attacks targeting physical processes.
IDS Module
// IDSModule.cc
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/common/packet/Packet.h”
#include “inet/networklayer/ipv4/Ipv4Header_m.h”
using namespace omnetpp;
using namespace inet;
class IDSModule : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
void detectIntrusion(Packet *packet);
void logSecurityEvent(const std::string &event);
};
Define_Module(IDSModule);
void IDSModule::initialize()
{
EV << “IDS Module Initialized” << endl;
}
void IDSModule::handleMessage(cMessage *msg)
{
if (Packet *packet = dynamic_cast<Packet *>(msg)) {
detectIntrusion(packet);
send(msg, “out”);
}
}
void IDSModule::detectIntrusion(Packet *packet)
{
const auto& networkHeader = packet->peekAtFront<Ipv4Header>();
std::string source = networkHeader->getSrcAddress().str();
std::string destination = networkHeader->getDestAddress().str();
// Example: Detect suspicious or unauthorized communications
if (source == “192.168.1.50” || destination == “192.168.1.50”) {
logSecurityEvent(“Suspicious communication detected from ” + source + ” to ” + destination);
}
}
void IDSModule::logSecurityEvent(const std::string &event)
{
EV << “IDS Event: ” << event << endl;
// Additional logging to files or alerts can be implemented here
}
The control server should use secure communication protocols to communicate with the physical components, making sure the integrity and privacy of commands and data.
Secure Control Server Module
// SecureControlServerModule.cc
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/common/packet/Packet.h”
#include <string>
#include <openssl/evp.h>
#include <openssl/aes.h>
using namespace omnetpp;
using namespace inet;
class SecureControlServerModule : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
std::string encryptData(const std::string &data);
std::string decryptData(const std::string &data);
void processSecureCommand(Packet *packet);
};
Define_Module(SecureControlServerModule);
void SecureControlServerModule::initialize()
{
EV << “Secure Control Server Initialized” << endl;
}
void SecureControlServerModule::handleMessage(cMessage *msg)
{
if (Packet *packet = dynamic_cast<Packet *>(msg)) {
const auto& payload = packet->peekData();
std::string data(payload->str());
std::string decryptedData = decryptData(data);
EV << “Data decrypted: ” << decryptedData << endl;
processSecureCommand(packet);
}
}
std::string SecureControlServerModule::encryptData(const std::string &data)
{
unsigned char key[16] = “controlkey123456”;
unsigned char iv[16] = “initialvector12”;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
unsigned char encrypted[1024];
int len;
EVP_EncryptUpdate(ctx, encrypted, &len, (unsigned char*)data.c_str(), data.length());
int ciphertext_len = len;
EVP_EncryptFinal_ex(ctx, encrypted + len, &len);
ciphertext_len += len;
EVP_CIPHER_CTX_free(ctx);
return std::string((char*)encrypted, ciphertext_len);
}
std::string SecureControlServerModule::decryptData(const std::string &data)
{
unsigned char key[16] = “controlkey123456”;
unsigned char iv[16] = “initialvector12”;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
unsigned char decrypted[1024];
int len;
EVP_DecryptUpdate(ctx, decrypted, &len, (unsigned char*)data.c_str(), data.length());
int plaintext_len = len;
EVP_DecryptFinal_ex(ctx, decrypted + len, &len);
plaintext_len += len;
EVP_CIPHER_CTX_free(ctx);
return std::string((char*)decrypted, plaintext_len);
}
void SecureControlServerModule::processSecureCommand(Packet *packet)
{
// Process the command securely (e.g., control a physical process)
EV << “Secure command processed: ” << packet->str() << endl;
}
Simulate potential cyber-physical attacks like spoofing sensor data, sending malicious commands to actuators, or trying to take control of the system.
Attack Simulation Module
// CyberPhysicalAttackModule.cc
#include <omnetpp.h>
#include “inet/applications/tcpapp/TcpAppBase.h”
using namespace omnetpp;
using namespace inet;
class CyberPhysicalAttackModule : public TcpAppBase
{
protected:
virtual void initialize(int stage) override;
virtual void handleMessageWhenUp(cMessage *msg) override;
void simulateSensorSpoofing();
void simulateMaliciousCommand();
};
Define_Module(CyberPhysicalAttackModule);
void CyberPhysicalAttackModule::initialize(int stage)
{
TcpAppBase::initialize(stage);
if (stage == inet::INITSTAGE_APPLICATION_LAYER) {
scheduleAt(simTime() + 2, new cMessage(“simulateSensorSpoofing”));
scheduleAt(simTime() + 4, new cMessage(“simulateMaliciousCommand”));
}
}
void CyberPhysicalAttackModule::handleMessageWhenUp(cMessage *msg)
{
if (strcmp(msg->getName(), “simulateSensorSpoofing”) == 0) {
simulateSensorSpoofing();
delete msg;
} else if (strcmp(msg->getName(), “simulateMaliciousCommand”) == 0) {
simulateMaliciousCommand();
delete msg;
} else {
TcpAppBase::handleMessageWhenUp(msg);
}
}
void CyberPhysicalAttackModule::simulateSensorSpoofing()
{
EV << “Simulating sensor data spoofing…” << endl;
sendRequest(“GET /sensor_data HTTP/1.1\r\nHost: controller\r\n\r\nFake sensor data”);
}
void CyberPhysicalAttackModule::simulateMaliciousCommand()
{
EV << “Simulating malicious command to actuator…” << endl;
sendRequest(“POST /actuate HTTP/1.1\r\nHost: controller\r\n\r\nCommand=shutdown”);
}
Generate a comprehensive simulation of cyber-physical security by incorporating the firewall, IDS, secure control server, and attack simulation modules into the network.
network CyberPhysicalNetwork
{
submodules:
sensor1: StandardHost {
@display(“p=100,100”);
}
sensor2: StandardHost {
@display(“p=100,200”);
}
actuator1: StandardHost {
@display(“p=300,100”);
}
actuator2: StandardHost {
@display(“p=300,200”);
}
controller: StandardHost {
@display(“p=500,150”);
}
firewall: FirewallModule {
@display(“p=200,150”);
}
ids: IDSModule {
@display(“p=400,150”);
}
controlServer: SecureControlServerModule {
@display(“p=700,150”);
}
attacker: CyberPhysicalAttackModule {
@display(“p=100,300”);
}
connections:
sensor1.ethg++ <–> Eth100M <–> firewall.in++;
sensor2.ethg++ <–> Eth100M <–> firewall.in++;
firewall.out++ <–> ids.in++;
ids.out++ <–> controller.ethg++;
controller.ethg++ <–> Eth100M <–> actuator1.ethg++;
controller.ethg++ <–> Eth100M <–> actuator2.ethg++;
controller.ethg++ <–> Eth100M <–> controlServer.ethg++;
attacker.ethg++ <–> Eth100M <–> firewall.in++;
}
Compile and run the simulation in OMNeT++. The IDS should identify irregular behaviors, the firewall should block unapproved traffic, and the control server should perform commands securely.
Monitor how cyber-physical system reacted to different simulated attacks by evaluating the OMNeT++ simulation log. Verify that:
You can extend this setup by:
In this procedure, we thoroughly go through the provided materials about how to implement the cyber-physical security in OMNeT++. If you need any details about their security mechanisms or anything, we will offer them through another script.
Omnet-manual.com team is brimming with Cyber Physical Security project ideas, and we have all of the tools and resources you need to complete your work on time. We also work on industrial control systems (ICS), smart grids, and Internet of Things (IoT) networks that are relevant to your projects. Please let us know about your needs, and we will assist you. Stay in touch with our team to get the best implementation support.