To implement the Edge Computing security in OMNeT++ encompasses mimicking a network where data processing and computation happen at the edge of the network, closer to the data source. Security mechanisms must be executed from several threats to protect data, devices, and communication channels. Given below is a step-by-step process to execute Edge Computing security in OMNeT++.
Step-by-Step Implementations:
Before implementation, it’s vital to know the key components contained in Edge Computing security:
Describe a network topology in OMNeT++ that contains edge devices, edge nodes, and central servers or cloud nodes. Contain security components like firewalls, IDS, and secure communication channels.
network EdgeComputingNetwork
{
submodules:
edgeDevice1: EdgeDevice {
@display(“p=100,150”);
}
edgeDevice2: EdgeDevice {
@display(“p=100,250”);
}
edgeNode: EdgeNode {
@display(“p=300,200”);
}
cloudNode: CloudNode {
@display(“p=500,200”);
}
firewall: FirewallModule {
@display(“p=200,100”);
}
ids: IDSModule {
@display(“p=400,100”);
}
attacker: AttackerNode {
@display(“p=600,250”);
}
}
connections:
edgeDevice1.ethg++ <–> Eth100M <–> edgeNode.ethg++;
edgeDevice2.ethg++ <–> Eth100M <–> edgeNode.ethg++;
edgeNode.ethg++ <–> Eth100M <–> firewall.ethg++;
firewall.ethg++ <–> Eth100M <–> ids.ethg++;
ids.ethg++ <–> Eth100M <–> cloudNode.ethg++;
attacker.wlan++ <–> Adhoc80211Nic <–> edgeNode.wlan++;
}
The Edge Device denotes a device at the edge of the network that gathers data and executes local processing. It is a critical point for security, as it might manage sensitive data and interact directly with users or sensors.
Edge Device Implementation
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/applications/udpapp/UDPBasicApp.h”
using namespace omnetpp;
using namespace inet;
class EdgeDevice : public cSimpleModule
{
protected:
virtual void initialize(int stage) override;
virtual void handleMessage(cMessage *msg) override;
void generateData();
};
Define_Module(EdgeDevice);
void EdgeDevice::initialize(int stage)
{
cSimpleModule::initialize(stage);
if (stage == inet::INITSTAGE_APPLICATION_LAYER) {
EV << “Edge Device Initialized” << endl;
scheduleAt(simTime() + uniform(1, 3), new cMessage(“generateData”));
}
}
void EdgeDevice::handleMessage(cMessage *msg)
{
if (strcmp(msg->getName(), “generateData”) == 0) {
generateData();
}
delete msg;
}
void EdgeDevice::generateData()
{
// Simulate generating and sending data to the edge node
Packet *packet = new Packet(“EdgeDataPacket”);
packet->insertAtBack(makeShared<Chunk>(std::vector<int>{10, 20, 30})); // Example data
send(packet, “ethgOut”);
// Schedule next data generation
scheduleAt(simTime() + uniform(1, 3), new cMessage(“generateData”));
}
The Edge Node combinations data from several edge devices, does more complex processing, and securely communicates with the cloud or central servers.
Edge Node Implementation
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/common/packet/Packet.h”
using namespace omnetpp;
using namespace inet;
class EdgeNode : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
void processData(Packet *packet);
};
Define_Module(EdgeNode);
void EdgeNode::initialize()
{
EV << “Edge Node Initialized” << endl;
}
void EdgeNode::handleMessage(cMessage *msg)
{
if (Packet *packet = dynamic_cast<Packet *>(msg)) {
processData(packet);
}
delete msg;
}
void EdgeNode::processData(Packet *packet)
{
const auto &payload = packet->peekData();
EV << “Processing data from edge device: ” << payload->str() << endl;
// Simulate data aggregation and processing
// Implement any data validation, cleaning, or transformation needed
// Forward processed data to the cloud node
Packet *processedPacket = new Packet(“ProcessedDataPacket”);
processedPacket->insertAtBack(payload->dup());
send(processedPacket, “ethgOut”);
}
The Cloud Node denotes the central server or cloud environment that gets processed data from edge nodes for storage, or decision-making, further analysis. Security is critical here to protect data at rest and in transfer.
Cloud Node Implementation
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/common/packet/Packet.h”
#include <openssl/evp.h>
using namespace omnetpp;
using namespace inet;
class CloudNode : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
void storeData(Packet *packet);
std::string encryptData(const std::string &data);
};
Define_Module(CloudNode);
void CloudNode::initialize()
{
EV << “Cloud Node Initialized” << endl;
}
void CloudNode::handleMessage(cMessage *msg)
{
if (Packet *packet = dynamic_cast<Packet *>(msg)) {
storeData(packet);
}
delete msg;
}
void CloudNode::storeData(Packet *packet)
{
const auto &payload = packet->peekData();
std::string data = payload->str();
// Encrypt the data before storing
std::string encryptedData = encryptData(data);
EV << “Storing encrypted data in the cloud: ” << encryptedData << endl;
// Simulate data storage (e.g., write to cloud storage, database, etc.)
}
std::string CloudNode::encryptData(const std::string &data)
{
// Simplified encryption using OpenSSL
unsigned char key[16] = “cloudkey12345678”;
unsigned char iv[16] = “initialvector12”;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
unsigned char encrypted[1024];
int len;
EVP_EncryptUpdate(ctx, encrypted, &len, (unsigned char*)data.c_str(), data.length());
int ciphertext_len = len;
EVP_EncryptFinal_ex(ctx, encrypted + len, &len);
ciphertext_len += len;
EVP_CIPHER_CTX_free(ctx);
return std::string((char*)encrypted, ciphertext_len);
}
The Firewall Module filters traffic to and from the edge nodes and cloud nodes, make sure only legitimate traffic passes over and stopping any suspicious activity.
Firewall Module Implementation
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/common/packet/Packet.h”
using namespace omnetpp;
using namespace inet;
class FirewallModule : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
bool isAllowed(Packet *packet);
};
Define_Module(FirewallModule);
void FirewallModule::initialize()
{
EV << “Firewall Module Initialized” << endl;
}
void FirewallModule::handleMessage(cMessage *msg)
{
if (Packet *packet = dynamic_cast<Packet *>(msg)) {
if (isAllowed(packet)) {
send(packet, “ethgOut”);
} else {
EV << “Packet dropped by firewall.” << endl;
delete packet;
}
}
}
bool FirewallModule::isAllowed(Packet *packet)
{
// Implement filtering logic (e.g., block specific IPs or patterns)
const auto &payload = packet->peekData();
std::string data = payload->str();
return data.find(“malicious”) == std::string::npos; // Example rule
}
The IDS Module observes network traffic to detect any possible intrusions or attacks, like data breaches or DDoS attempts.
IDS Module Implementation
#include <omnetpp.h>
#include “inet/common/INETDefs.h”
#include “inet/common/packet/Packet.h”
using namespace omnetpp;
using namespace inet;
class IDSModule : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
void detectIntrusion(Packet *packet);
};
Define_Module(IDSModule);
void IDSModule::initialize()
{
EV << “IDS Module Initialized” << endl;
}
void IDSModule::handleMessage(cMessage *msg)
{
if (Packet *packet = dynamic_cast<Packet *>(msg)) {
detectIntrusion(packet);
send(packet, “ethgOut”);
}
delete msg;
}
void IDSModule::detectIntrusion(Packet *packet)
{
const auto &payload = packet->peekData();
std::string data = payload->str();
// Implement simple intrusion detection logic
if (data.find(“attack”) != std::string::npos) {
EV << “Intrusion detected! Taking action…” << endl;
// Implement any action needed (e.g., alerting, blocking)
}
}
The Attacker Node simulates adversarial behaviour, like trying to breach data storage, launch a DDoS attack, or inject malicious data into the edge network.
Attacker Node Implementation
#include <omnetpp.h>
#include “inet/applications/tcpapp/TcpAppBase.h”
using namespace omnetpp;
using namespace inet;
class AttackerNode : public TcpAppBase
{
protected:
virtual void initialize(int stage) override;
virtual void handleMessageWhenUp(cMessage *msg) override;
void launchDataBreach();
void launchDDoSAttack();
};
Define_Module(AttackerNode);
void AttackerNode::initialize(int stage)
{
TcpAppBase::initialize(stage);
if (stage == inet::INITSTAGE_APPLICATION_LAYER) {
scheduleAt(simTime() + 2, new cMessage(“launchDataBreach”));
scheduleAt(simTime() + 5, new cMessage(“launchDDoSAttack”));
}
}
void AttackerNode::handleMessageWhenUp(cMessage *msg)
{
if (strcmp(msg->getName(), “launchDataBreach”) == 0) {
launchDataBreach();
delete msg;
} else if (strcmp(msg->getName(), “launchDDoSAttack”) == 0) {
launchDDoSAttack();
delete msg;
} else {
TcpAppBase::handleMessageWhenUp(msg);
}
}
void AttackerNode::launchDataBreach()
{
EV << “Launching data breach attempt…” << endl;
// Send a malicious packet to the edge node or cloud node
Packet *packet = new Packet(“DataBreachAttempt”);
packet->insertAtBack(makeShared<Chunk>(std::vector<int>{999, 999, 999})); // Example malicious data
sendToUDP(packet, localPort, Ipv4AddressResolver().resolve(“edgeNode”), 5000);
}
void AttackerNode::launchDDoSAttack()
{
EV << “Launching DDoS attack on edge node…” << endl;
for (int i = 0; i < 100; i++) {
Packet *packet = new Packet(“DDoSPacket”);
sendToUDP(packet, localPort, Ipv4AddressResolver().resolve(“edgeNode”), 5000);
}
}
Perform the edge nodes, cloud node, firewall, IDS, edge devices and attacker node into the network to make a complete Edge Computing security simulation.
network EdgeComputingNetwork
{
submodules:
edgeDevice1: EdgeDevice {
@display(“p=100,150”);
}
edgeDevice2: EdgeDevice {
@display(“p=100,250”);
}
edgeNode: EdgeNode {
@display(“p=300,200”);
}
cloudNode: CloudNode {
@display(“p=500,200”);
}
firewall: FirewallModule {
@display(“p=200,100”);
}
ids: IDSModule {
@display(“p=400,100”);
}
attacker: AttackerNode {
@display(“p=600,250”);
}
}
connections:
edgeDevice1.ethg++ <–> Eth100M <–> edgeNode.ethg++;
edgeDevice2.ethg++ <–> Eth100M <–> edgeNode.ethg++;
edgeNode.ethg++ <–> Eth100M <–> firewall.ethg++;
firewall.ethg++ <–> Eth100M <–> ids.ethg++;
ids.ethg++ <–> Eth100M <–> cloudNode.ethg++;
attacker.wlan++ <–> Adhoc80211Nic <–> edgeNode.wlan++;
}
Compile and run the simulation in OMNeT++. The network would securely manage data processing and storage at the edge, during mitigating and detecting any adversarial activities in line with the executed functionality.
Verify the OMNeT++ simulation log to watch how the network managed data, detected intrusions, and defended against attacks. Check that:
We can extend this setup by:
Through this paper, we are learned and got more knowledge to execute the Edge computing security using in OMNeT++. We will provide additional details about this topic as per your requirements.
Do you struggle to implement edge computing security in OMNeT++? Please let us know what you need, and we will provide you with the finest comparative analysis findings.