The Simulation Environment

This Section describes the simulation environment, including relevant input parameters and simulation output data used for evaluating the performance of the wormhole detection framework in comparison with existing solutions. Several different test cases were designed, with each individual test case consisting of a series of specific parameter settings covering for example, the type and length of the wormhole, the environment, i.e. indoors or outdoors, and the ensuing implications for node radio ranges. The complete list of relevant simulation parameters is shown in Table 4.2.

Table 4.2: Relevant simulation parameters used for each test case.

Parameter Settings

Node wireless hardware IEEE 802.11n compliant

Packet propagation speed (S) 3∙108 m/s

Propagation Model TwoRayGround

(Goldsmith, 2005)

Number of nodes N

Network width W

Network length L

Wormhole length rwh

Maximum radio range R

Number of infected (healthy) route samples

NIR (NHR)

The simulation environment that has been developed assumes IEEE 802.11n compliant node hardware, providing a maximum radio range of 250 m when two communicating nodes are LOS (outdoors), and 70 m indoors, where the paths between nodes are assumed to be obstructed by obstacles such as walls (Barker et al., 2015). In this environment R=250 m, reflects an outdoor environment and correspondingly R = 70 m an indoor environment. For simplicity, the TwoRayGround propagation model is used throughout even though it was specifically designed for LOS. Instead, variations in node radio ranges are simulated by introducing a random instantaneous maximum radio range value Ri at each node, where

max(Ri) = R, so a node always has a circled coverage, but Ri can vary to reflect the impact of different obstacles around specific nodes and variabilities in antenna capability.

Every test case included either a specific NIR for wormhole/time tampering detection evaluation or an NHR value for false positive (FP) detection evaluation. For each simulation run, all nodes except the wormhole nodes, were assigned new random positions. The node hardware, S value, and the propagation model were assumed fixed throughout, while parameters N, W, L, rwh, and R were varied in each test case. For wormhole detection evaluation two wormhole nodes were strategically placed in the centre, a specific distance (rwh) apart, to disrupt as much traffic as possible between all network nodes. All four wormhole variants were implemented, i.e. participation mode (PM), hidden mode (HM), in-

band (I-B), and out-of-band (O-B), with each being tested separately. The wormhole link

delay twh for an O-B link was defined as rwh/S.This mirrors the circumstances where a wormhole with a direct wireless link is established between the two malicious nodes by means of a directional antenna. For I-B links, at the beginning of each simulation run, the shortest route between two wormhole nodes was firstly requested using AODV for tunnelling routing packets. In contrast, during the FP detection experiments, no wormholes were implemented in the network area.

A visualisation output example of one simulation run is shown in Figure 4.2. with W = L = 50 m, R0…19 = 10 m, rwh = 30 m, N = 20, node #2 as the source, and node #3 as the destination, while nodes #0 and #1 form a PM O-B wormhole. In this example the obtained route, i.e. #2#19#0#1#16#3, goes through the wormhole.

To simulate node movements during the route discovery procedure the random waypoint

mobility (RWM) model, introduced by Johnson & Maltz (1996) has been adopted. In RWM,

the destination along a straight line with a randomly selected speed. While several mobility models have been proposed, including random direction (Royer et al., 2001), random walk (Camp et al., 2002), and random Gauss-Markov (Liang & Haas, 1999), RWM is the most popular mobility model for evaluating MANET routing protocols, mainly due to its simplicity and wide availability (Gupta et al., 2013).

Figure 4.2: A visual output of one simulation run example.

One of the major contributions from the new wormhole detection framework involves the development of an algorithm for identifying time measurement tampering in wormhole detection with TTHCA and TTpHA. Time tampering means that malicious nodes provide fictive measurement values for the sum of the RREQ and RREP packet processing times (∆Ti) used in the PTT calculations. The processing time of a routing packet includes the packet service time (TS) and the queuing delay. These can vary because of diverse node

hardware and dissimilar traffic loads (ρ) on the nodes. One constraint on using ns-2 is that all nodes are assumed to have identical hardware, which means that packet processing delay variabilities are dependent only upon the traffic loads ρ of each node. As there is no straightforward way of introducing specific variation levels into either TS or ρ in the simulation environment, a special customised ns-2 plugin for simulating different ∆Ti values was therefore designed. This plugin, as with all standard protocol implementations in ns-2, was programmed in C++. When using this plugin, the packet processing time measurement process implemented by TTHCA and TTpHA, which occurs at the physical layer of each node, is replaced by the new time calculation procedure illustrated in Figure 4.3. In this procedure, the normal RREQ packet processing time ({∆TRREQ}i) calculation, i.e., the time between receiving and forwarding a RREQ packet ({TRREQs}i – {TRREQr}i), is replaced by a call to subroutine getPPTime which returns a packet processing delay value based on the given TS and ρ values. Full details of this customised ns-2 plugin will be presented in Chapter 7.

Figure 4.3: The packet processing time measurement process at a node i when applying the custom ns-2 plugin, using a RREQ as an example.

routes (DC) for wormhole/time tampering evaluation and the number of healthy routes falsely detected as infected (DF) for FP detection evaluation. These parameters are used to calculate the performance metrics used with critical results evaluation which will now be defined.