How to Implement Edge computing security in OMNeT++

To implement the Edge Computing security in OMNeT++ encompasses mimicking a network where data processing and computation happen at the edge of the network, closer to the data source. Security mechanisms must be executed from several threats to protect data, devices, and communication channels. Given below is a step-by-step process to execute Edge Computing security in OMNeT++.

Step-by-Step Implementations:

1. Understand the Components

Before implementation, it’s vital to know the key components contained in Edge Computing security:

• Edge Devices: These are devices at the edge of the network that perform calculation and data processing tasks. They can contain smart sensors, IoT devices, and local servers.
• Edge Nodes: These are nodes that total data from edge devices and possibly do more difficult processing tasks before transferring data to the cloud or a central server.
• Security Mechanisms: These involves encryption, authentication, access control, intrusion detection systems (IDS), and secure communication protocols to save edge devices, data, and communication.
• Threat Actors: Mimic potential threats such as attackers attempting data breaches, DDoS attacks, or inserting malicious data.

2. Define the Edge Computing Network Topology

Describe a network topology in OMNeT++ that contains edge devices, edge nodes, and central servers or cloud nodes. Contain security components like firewalls, IDS, and secure communication channels.

network EdgeComputingNetwork

{

submodules:

edgeDevice1: EdgeDevice {

@display(“p=100,150”);

}

edgeDevice2: EdgeDevice {

@display(“p=100,250”);

}

edgeNode: EdgeNode {

@display(“p=300,200”);

}

cloudNode: CloudNode {

@display(“p=500,200”);

}

firewall: FirewallModule {

@display(“p=200,100”);

}

ids: IDSModule {

@display(“p=400,100”);

}

attacker: AttackerNode {

@display(“p=600,250”);

}

}

connections:

edgeDevice1.ethg++ <–> Eth100M <–> edgeNode.ethg++;

edgeDevice2.ethg++ <–> Eth100M <–> edgeNode.ethg++;

edgeNode.ethg++ <–> Eth100M <–> firewall.ethg++;

firewall.ethg++ <–> Eth100M <–> ids.ethg++;

ids.ethg++ <–> Eth100M <–> cloudNode.ethg++;

attacker.wlan++ <–> Adhoc80211Nic <–> edgeNode.wlan++;

}

3. Implement the Edge Device

The Edge Device denotes a device at the edge of the network that gathers data and executes local processing. It is a critical point for security, as it might manage sensitive data and interact directly with users or sensors.

Edge Device Implementation

#include <omnetpp.h>

#include “inet/common/INETDefs.h”

#include “inet/applications/udpapp/UDPBasicApp.h”

using namespace omnetpp;

using namespace inet;

class EdgeDevice : public cSimpleModule

{

protected:

virtual void initialize(int stage) override;

virtual void handleMessage(cMessage *msg) override;

void generateData();

};

Define_Module(EdgeDevice);

void EdgeDevice::initialize(int stage)

{

cSimpleModule::initialize(stage);

if (stage == inet::INITSTAGE_APPLICATION_LAYER) {

EV << “Edge Device Initialized” << endl;

scheduleAt(simTime() + uniform(1, 3), new cMessage(“generateData”));

}

}

void EdgeDevice::handleMessage(cMessage *msg)

{

if (strcmp(msg->getName(), “generateData”) == 0) {

generateData();

}

delete msg;

}

void EdgeDevice::generateData()

{

// Simulate generating and sending data to the edge node

Packet *packet = new Packet(“EdgeDataPacket”);

packet->insertAtBack(makeShared<Chunk>(std::vector<int>{10, 20, 30})); // Example data

send(packet, “ethgOut”);

// Schedule next data generation

scheduleAt(simTime() + uniform(1, 3), new cMessage(“generateData”));

}

4. Implement the Edge Node

The Edge Node combinations data from several edge devices, does more complex processing, and securely communicates with the cloud or central servers.

Edge Node Implementation

#include <omnetpp.h>

#include “inet/common/INETDefs.h”

#include “inet/common/packet/Packet.h”

using namespace omnetpp;

using namespace inet;

class EdgeNode : public cSimpleModule

{

protected:

virtual void initialize() override;

virtual void handleMessage(cMessage *msg) override;

void processData(Packet *packet);

};

Define_Module(EdgeNode);

void EdgeNode::initialize()

{

EV << “Edge Node Initialized” << endl;

}

void EdgeNode::handleMessage(cMessage *msg)

{

if (Packet *packet = dynamic_cast<Packet *>(msg)) {

processData(packet);

}

delete msg;

}

void EdgeNode::processData(Packet *packet)

{

const auto &payload = packet->peekData();

EV << “Processing data from edge device: ” << payload->str() << endl;

// Simulate data aggregation and processing

// Implement any data validation, cleaning, or transformation needed

// Forward processed data to the cloud node

Packet *processedPacket = new Packet(“ProcessedDataPacket”);

processedPacket->insertAtBack(payload->dup());

send(processedPacket, “ethgOut”);

}

5. Implement the Cloud Node

The Cloud Node denotes the central server or cloud environment that gets processed data from edge nodes for storage, or decision-making, further analysis. Security is critical here to protect data at rest and in transfer.

Cloud Node Implementation

#include <omnetpp.h>

#include “inet/common/INETDefs.h”

#include “inet/common/packet/Packet.h”

#include <openssl/evp.h>

using namespace omnetpp;

using namespace inet;

class CloudNode : public cSimpleModule

{

protected:

virtual void initialize() override;

virtual void handleMessage(cMessage *msg) override;

void storeData(Packet *packet);

std::string encryptData(const std::string &data);

};

Define_Module(CloudNode);

void CloudNode::initialize()

{

EV << “Cloud Node Initialized” << endl;

}

void CloudNode::handleMessage(cMessage *msg)

{

if (Packet *packet = dynamic_cast<Packet *>(msg)) {

storeData(packet);

}

delete msg;

}

void CloudNode::storeData(Packet *packet)

{

const auto &payload = packet->peekData();

std::string data = payload->str();

// Encrypt the data before storing

std::string encryptedData = encryptData(data);

EV << “Storing encrypted data in the cloud: ” << encryptedData << endl;

// Simulate data storage (e.g., write to cloud storage, database, etc.)

}

std::string CloudNode::encryptData(const std::string &data)

{

// Simplified encryption using OpenSSL

unsigned char key[16] = “cloudkey12345678”;

unsigned char iv[16] = “initialvector12”;

EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();

EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);

unsigned char encrypted[1024];

int len;

EVP_EncryptUpdate(ctx, encrypted, &len, (unsigned char*)data.c_str(), data.length());

int ciphertext_len = len;

EVP_EncryptFinal_ex(ctx, encrypted + len, &len);

ciphertext_len += len;

EVP_CIPHER_CTX_free(ctx);

return std::string((char*)encrypted, ciphertext_len);

}

6. Implement the Firewall Module

The Firewall Module filters traffic to and from the edge nodes and cloud nodes, make sure only legitimate traffic passes over and stopping any suspicious activity.

Firewall Module Implementation

#include <omnetpp.h>

#include “inet/common/INETDefs.h”

#include “inet/common/packet/Packet.h”

using namespace omnetpp;

using namespace inet;

class FirewallModule : public cSimpleModule

{

protected:

virtual void initialize() override;

virtual void handleMessage(cMessage *msg) override;

bool isAllowed(Packet *packet);

};

Define_Module(FirewallModule);

void FirewallModule::initialize()

{

EV << “Firewall Module Initialized” << endl;

}

void FirewallModule::handleMessage(cMessage *msg)

{

if (Packet *packet = dynamic_cast<Packet *>(msg)) {

if (isAllowed(packet)) {

send(packet, “ethgOut”);

} else {

EV << “Packet dropped by firewall.” << endl;

delete packet;

}

}

}

bool FirewallModule::isAllowed(Packet *packet)

{

// Implement filtering logic (e.g., block specific IPs or patterns)

const auto &payload = packet->peekData();

std::string data = payload->str();

return data.find(“malicious”) == std::string::npos;  // Example rule

}

7. 7. Implement the IDS Module

The IDS Module observes network traffic to detect any possible intrusions or attacks, like data breaches or DDoS attempts.

IDS Module Implementation

#include <omnetpp.h>

#include “inet/common/INETDefs.h”

#include “inet/common/packet/Packet.h”

using namespace omnetpp;

using namespace inet;

class IDSModule : public cSimpleModule

{

protected:

virtual void initialize() override;

virtual void handleMessage(cMessage *msg) override;

void detectIntrusion(Packet *packet);

};

Define_Module(IDSModule);

void IDSModule::initialize()

{

EV << “IDS Module Initialized” << endl;

}

void IDSModule::handleMessage(cMessage *msg)

{

if (Packet *packet = dynamic_cast<Packet *>(msg)) {

detectIntrusion(packet);

send(packet, “ethgOut”);

}

delete msg;

}

void IDSModule::detectIntrusion(Packet *packet)

{

const auto &payload = packet->peekData();

std::string data = payload->str();

// Implement simple intrusion detection logic

if (data.find(“attack”) != std::string::npos) {

EV << “Intrusion detected! Taking action…” << endl;

// Implement any action needed (e.g., alerting, blocking)

}

}

8. Implement the Attacker Node

The Attacker Node simulates adversarial behaviour, like trying to breach data storage, launch a DDoS attack, or inject malicious data into the edge network.

Attacker Node Implementation

#include <omnetpp.h>

#include “inet/applications/tcpapp/TcpAppBase.h”

using namespace omnetpp;

using namespace inet;

class AttackerNode : public TcpAppBase

{

protected:

virtual void initialize(int stage) override;

virtual void handleMessageWhenUp(cMessage *msg) override;

void launchDataBreach();

void launchDDoSAttack();

};

Define_Module(AttackerNode);

void AttackerNode::initialize(int stage)

{

TcpAppBase::initialize(stage);

if (stage == inet::INITSTAGE_APPLICATION_LAYER) {

scheduleAt(simTime() + 2, new cMessage(“launchDataBreach”));

scheduleAt(simTime() + 5, new cMessage(“launchDDoSAttack”));

}

}

void AttackerNode::handleMessageWhenUp(cMessage *msg)

{

if (strcmp(msg->getName(), “launchDataBreach”) == 0) {

launchDataBreach();

delete msg;

} else if (strcmp(msg->getName(), “launchDDoSAttack”) == 0) {

launchDDoSAttack();

delete msg;

} else {

TcpAppBase::handleMessageWhenUp(msg);

}

}

void AttackerNode::launchDataBreach()

{

EV << “Launching data breach attempt…” << endl;

// Send a malicious packet to the edge node or cloud node

Packet *packet = new Packet(“DataBreachAttempt”);

packet->insertAtBack(makeShared<Chunk>(std::vector<int>{999, 999, 999})); // Example malicious data

sendToUDP(packet, localPort, Ipv4AddressResolver().resolve(“edgeNode”), 5000);

}

void AttackerNode::launchDDoSAttack()

{

EV << “Launching DDoS attack on edge node…” << endl;

for (int i = 0; i < 100; i++) {

Packet *packet = new Packet(“DDoSPacket”);

sendToUDP(packet, localPort, Ipv4AddressResolver().resolve(“edgeNode”), 5000);

}

}

9. Integrate All Components into the Edge Computing Security Network

Perform the edge nodes, cloud node, firewall, IDS, edge devices and attacker node into the network to make a complete Edge Computing security simulation.

network EdgeComputingNetwork

{

submodules:

edgeDevice1: EdgeDevice {

@display(“p=100,150”);

}

edgeDevice2: EdgeDevice {

@display(“p=100,250”);

}

edgeNode: EdgeNode {

@display(“p=300,200”);

}

cloudNode: CloudNode {

@display(“p=500,200”);

}

firewall: FirewallModule {

@display(“p=200,100”);

}

ids: IDSModule {

@display(“p=400,100”);

}

attacker: AttackerNode {

@display(“p=600,250”);

}

}

connections:

edgeDevice1.ethg++ <–> Eth100M <–> edgeNode.ethg++;

edgeDevice2.ethg++ <–> Eth100M <–> edgeNode.ethg++;

edgeNode.ethg++ <–> Eth100M <–> firewall.ethg++;

firewall.ethg++ <–> Eth100M <–> ids.ethg++;

ids.ethg++ <–> Eth100M <–> cloudNode.ethg++;

attacker.wlan++ <–> Adhoc80211Nic <–> edgeNode.wlan++;

}

10. Run the Simulation

Compile and run the simulation in OMNeT++. The network would securely manage data processing and storage at the edge, during mitigating and detecting any adversarial activities in line with the executed functionality.

11. Analyse the Results

Verify the OMNeT++ simulation log to watch how the network managed data, detected intrusions, and defended against attacks. Check that:

• Data is processed and stored safely.
• Intrusions and attacks are detected and mitigated.
• Authentic data flows are processed properly without interruption.

12. Extend the Edge Computing Security Simulation

We can extend this setup by:

• Implementing more advanced security mechanisms: Contain approaches like data masking, tokenization, and advanced encryption techniques.
• Simulating additional threats: Involve insider threats, ransom ware attacks, or supply chain attacks.
• Adding data privacy measures: Execute methods like differential privacy to make sure that sensitive information is not exposed during data processing.
• Integrating with other environments: Mimic Edge Computing security in hybrid situations, where edge nodes communicate with cloud settings and IoT networks.

Through this paper, we are learned and got more knowledge to execute the Edge computing security using in OMNeT++. We will provide additional details about this topic as per your requirements.

Do you struggle to implement edge computing security in OMNeT++? Please let us know what you need, and we will provide you with the finest comparative analysis findings.