|| Home || IT Security || Smart cards || Resources || Links || switch_to_cz

Sensor Security Simulator (S3)

Sensor security simulation software S3 was developed as a research simulation software for selected security problems in wireless sensor networks on Faculty of Informatics, Masaryk University. The simulator core, Key Infection and secrecy amplification protocols, probabilistic pre-distribution and evolutionary circuit were written by Petr Svenda, parts devoted to attacks against routing algorithms and probabilistic key predistribution improvements were written by Jiri Kur. Adaptation of simulator for distributed computation via BOINC infrastructure and extensions of secrecy amplification protocols was done by Tobias Smolka. Simulator is written in C++ for MS Windows 2000/XP/Vista/7 operating system with Visual Studio 2010 IDE.

Development of the new simulator instead of using an existing one was motivated by two main reasons:
  • No suitable simulator was available for simulation of very large scale networks was not available when we started our work in 2004 as we aimed for simulations of up to hundreds thousands nodes. The situation is now different with wide range of available simulators. If you need general purpose simulator and simulation speed is not critical for you, use different one, e.g., ns2 or OMNet++. The simulation of large networks requires significant speed and memory optimization that are hard achieve for a general purpose simulator. Our purpose-built simulator provides the level of abstraction suitable for a particular tasks, lowering computation and memory requirements but is not intended as general purpose simulator.
  • Simulation speed is a critical factor for most of our experiments, especially for the usage in automatic protocol generation with evolutionary algorithms where up to hundreds of thousands full network simulations must be performed in a reasonable time. With our purpose-built simulator, we have been able to focus on and simulate only relevant operations, obtaining significant performance improvements over a general purpose simulator.


arrow Download compiled binaries for MS Windows 2000/XP/Vista/7 32bits here: S3_2.0.0.26_32bit.zip (1.2MB).
arrow Download compiled binaries for MS Windows 2000/XP/Vista/7 64bits here: S3_2.0.0.26_64bit.zip (0.8MB).
arrow Download source codes (Visual Studion 2010) here: S3_2.0.0.26_sources.zip (0.9MB).

Older downloads

arrow Download compiled binaries for MS Windows 2000/XP/Vista 32bits here: S3_2.0.0.22_32bit.zip (360kB).
arrow Download compiled binaries for MS Windows 2000/XP/Vista 64bits here: S3_2.0.0.22_64bit.zip (470kB).
arrow Download source codes (Visual Studion 2005) here: S3_2.0.0.22_sources.zip (970kB).

Please, report any bugs or suggestions to my mail (see footer of the page). Thank you!

Simulator architecture

Our simulator has been developed for Microsoft Windows 2K/XP/Vista/7 operating systems in C++, currently having almost forty thousand lines of code. The simulator can be compiled both for 32-bit and 64-bit Intel/AMD architectures, with the 64-bit version providing some performance advantage.

A pseudo-random generator based on the MD5 hash function is used to provide pseudo-random data where required, starting from a specified seed. Once the initial seed is fixed, the simulator steps are fully deterministic, except for random operations used internally by evolutionary algorithms where determinism is undesirable. Truly random data is taken from the QRBG service (http://random.irb.hr/). Simulations are repeatable if the seed is preserved.

The parameters of a simulation can be set either from the GUI or can be provided from a configuration file. Once a simulation is started, all configuration parameters are saved together with the used random seed, making an exact repetition of a particular simulation possible.

The simulator can be run with all settings given from the command line. Support for execution on either local or remote machines with centralized management is implemented. Speedup of extensive simulations with naturally parallel operations can be distributed over several machines with real-time reporting to the central management application (e.g., each deployment is simulated on a separate machine). This capability enables to automatically execute large number of computations in distributed manner via BOINC infrastructure

Support for batch sequential execution of several simulations is also implemented. The start of a particular simulation can be delayed until the previous simulations finish. The selected characteristics of network deployment can be automatically iterated over a specified range with fixed steps, providing separate simulations (e.g., increasing network density within a given range with a defined increase step).

Detailed data produced during simulation is written into files with format suitable for later processing with the Matlab software. Several Matlab scripts were created for further processing, data visualization and graph plotting.

Network deployment

The deployment of nodes is done in a specified two-dimensional rectangle area, every node having a position in the x and y axes with float number precision. Nodes can be deployed either randomly or according to a freely specifiable pattern. Every node has a definable transmission range with connection to nodes in range established during neighbour discovery. Eavesdropping nodes can be deployed similarly to legal nodes.

Multiple deployments can be performed at the same time. Subsequent operations are performed over all deployments with some simulation results averaged. The averaging of results over multiple deployments decreases the dependence of simulation statistics on the particular placement of nodes. This property is of a special importance for automatic protocol generation, where over-learning on a particular deployment is undesirable.

Support for secrecy amplification protocols

The deployment of the nodes can be followed by establishment of link keys between neighbours in transmission range with several supported key exchange mechanisms (maximum screaming, whispering, random and probabilistic pre-distribution). Links are marked either secure or compromised based on the attacker model and actual distribution of eavesdropping nodes (Key Infection) or node capture (probabilistic pre-distribution). Such mesh of links with different secrecy state (secure/compromised) forms a starting point for secrecy amplification protocols. These protocols are either directly implemented in the code or can be specified in a metalanguage from script (slower but more flexible option) as a sequence of elementary instructions.

Metalanguage-based execution of amplification protocols is used for automatic protocol generation. The simulator contains a built-in protocol generator based on evolutionary algorithms (GALib package http://lancet.mit.edu/ga/ was used for the implementation). Generated protocols are executed in the deployed networks and evaluated with a fraction of secure links used as an indicator of protocol quality. Interrupted protocol generation can be restarted from a temporal state stored in files generated during simulation.

Primitive instructions set

Each party (sensor node) in the protocol is modeled as a computing unit with a limited number of memory slots, where all local information is stored. The memory slot can be loaded with a) random value, b) encryption key and c) message. The set of primitive instructions is defined in such a way that each of the instructions has one or two parameters Nx indicating the node(s) that will execute a given instruction (e.g., local generation of a random value will have only one node parameter; sending a message between nodes will have two parameters) and up to three parameters Rx for the identification of used memory slots. These instructions were selected with the aim to describe all published secrecy amplification protocols and use only (cryptographic) operations available on real nodes. A candidate secrecy amplification protocol is represented as a program composed of these instructions and modeled as an array of bytes.

The instructions set is as follows:
  • NOP -- No operation is performed.
  • RNG Na Ri -- Generate a random value on node Na into slot Ri.
  • CMB Na Ri Rj Rk -- Combine values from slots Ri and Rj and store the results in slot Rk. The combination function may vary on the application needs (e.g., a cryptographic hash function such as SHA-1).
  • SND Na Nb Ri Rj -- Send a value from node Na to Nb. The message is taken from Na's slot Ri and stored in Nb's slot Rj.
  • ENC Na Ri Rj Rk -- Encrypt a value from slot Ri using the key from slot Rj and store encrypted result in slot Rk.
  • DEC Na Ri Rj Rk -- Decrypt a value from slot Ri using the key from slot Rj and store decrypted result in slot Rk.
Each instruction has an additional boolean switch, which can turn the operation off (to equivalent of NOP), without changing the instruction itself. This allows the LGP to temporarily disable or enable some instructions. Node identifications Na and Nb can be either fixed (the index) in case of node-oriented protocols or distance-relative in a group-oriented protocol.

Support for probabilistic pre-distribution

Support for probabilistic key pre-distribution is implemented with evaluation of the number of secure links after a compromise of specified number of randomly or selectively captured nodes. The basic schemes described by Eschenaur and Gligor and extended q-EG are implemented. The simulator is optimized for fast queries with respect to the a subset of shared keys and the evaluation of the compromise impact of node capture.

Support for the automatic generation of node capture attacks is implemented. The subset of nodes selected either randomly or selectively is marked as compromised, keys are extracted and the compromise impact on the network links is evaluated. The implementation of evolutionary algorithms based on the GALib package is used.

Routing protocols

Several routing algorithms for data delivery between end nodes and base stations are implemented, namely routing with the selection of the geographically ideal next hop, routing with partial information about the position of neighbours, Implicit Geographic Routing (IGF) and Minimal Cost Forwarding (MCF) algorithms. A high level of abstraction is used, and lower level issues like MAC layers collisions are not considered. Majority of code for routing protocols was written by Jiri Kur. Support for routing protocols is used for automated searching for attacks against routing protocols IGF and MCF.

OpenPGP key : 0x89CEB31C