IPv6 Security Issues: A Systematic Review Following PRISMA Guidelines

Since Internet Protocol version 6 is a new technology, insecure network configurations are inevitable. The researchers contributed a lot to spreading knowledge about IPv6 vulnerabilities and how to address them over the past two decades. In this study, a systematic literature review is conducted to analyze research progress in IPv6 security field following the Preferred Reporting Items for the Systematics Review and Meta-Analysis (PRISMA) method. A total of 427 studies have been reviewed from two databases, IEEE and Scopus. To fulfil the review goal, several key data elements were extracted from each study and two kinds of analysis were administered: descriptive analysis and literature classification. The results show positive signs of the research contributions in the field, and generally, they could be considered as a reference to explore the research of in the past two decades in IPv6 security field and to draw the future directions. For example, the percentage of publishing increased from 147 per decade from 2000-2010 to 330 per decade from 2011 to 2020 which means that the percentage increase was 124%. The number of citations is another key finding that reflects the great global interest in research devoted to IPv6 security issues, as it was 409 citations in the decade from 2000-2010, then increased to 1643 citations during the decade from 2011 to 2020, that is, the percentage increase was 302%

A PKI adapted model for secure information dissemination in industrial control and automation 6LoWPANs

Wireless sensor nodes have a wide span of applications ranging from industrial monitoring to military operations. These nodes are highly constrained in terms of battery life, processing capabilities, and in-built memory. Industrial wireless sensor networks (IWSNs) have to meet the constraints and peculiarities of industrial environments to ensure synchronization with parallel production processes. Applications of WSNs in industrial communication vary from condition monitoring and sensing to process automation. The 6LoWPAN standard enables efficient utilization of IPv6 protocol over low-power wireless personal area networks (LoWPANs). The use of 6LoWPANs for industrial communication necessitates the fulfillment of special QoS and security. We examine the aspect of secured information dissemination for industrial control and automation processes in this paper. Researchers have proposed several schemes to secure transfer of data over the Internet. Public key infrastructure (PKI) is one of the most popular security schemes being used in the present scenario. The hostile deployment scenarios of 6LoWPANs and resource constraints of the nodes necessitate the presence of a robust security mechanism to safeguard the communication. In this paper, we propose an integration scheme for PKI and 6LoWPAN to meet the enhanced security needs of industrial communication. The approach is to delegate a major portion of key management activity to the edge routers (gateway) of the LoWPAN and limit the involvement of the end nodes to minimal communication with the edge router. We do not propose a change in the current PKI, but we put forth a scheme to facilitate the integration of PKI to 6LoWPAN in an efficient manner. The effectiveness of the proposed algorithm was evaluated using a protocol analyzer for normal 6LoWPAN traffic as well as HUI HC-01 compressed traffic. A marginal increase of 2% in channel utilization was observed, which scaled down to 1% using HUI HC-01 compression. The results indicated that the proposed algorithm can be implemented for industrial control and automation networks without any speed, security, or performance tradeoffs

Integrated Framework For Mobile Low Power IoT Devices

Ubiquitous object networking has sparked the concept of the Internet of Things (IoT) which defines a new era in the world of networking. The IoT principle can be addressed as one of the important strategic technologies that will positively influence the humans’ life. All the gadgets, appliances and sensors around the world will be connected together to form a smart environment, where all the entities that connected to the Internet can seamlessly share data and resources. The IoT vision allows the embedded devices, e.g. sensor nodes, to be IP-enabled nodes and interconnect with the Internet. The demand for such technique is to make these embedded nodes act as IP-based devices that communicate directly with other IP networks without unnecessary overhead and to feasibly utilize the existing infrastructure built for the Internet. In addition, controlling and monitoring these nodes is maintainable through exploiting the existed tools that already have been developed for the Internet. Exchanging the sensory measurements through the Internet with several end points in the world facilitates achieving the concept of smart environment. Realization of IoT concept needs to be addressed by standardization efforts that will shape the infrastructure of the networks. This has been achieved through the IEEE 802.15.4, 6LoWPAN and IPv6 standards. The bright side of this new technology is faced by several implications since the IoT introduces a new class of security issues, such as each node within the network is considered as a point of vulnerability where an attacker can utilize to add malicious code via accessing the nodes through the Internet or by compromising a node. On the other hand, several IoT applications comprise mobile nodes that is in turn brings new challenges to the research community due to the effect of the node mobility on the network management and performance. Another defect that degrades the network performance is the initialization stage after the node deployment step by which the nodes will be organized into the network. The recent IEEE 802.15.4 has several structural drawbacks that need to be optimized in order to efficiently fulfil the requirements of low power mobile IoT devices. This thesis addresses the aforementioned three issues, network initialization, node mobility and security management. In addition, the related literature is examined to define the set of current issues and to define the set of objectives based upon this. The first contribution is defining a new strategy to initialize the nodes into the network based on the IEEE 802.15.4 standard. A novel mesh-under cluster-based approach is proposed and implemented that efficiently initializes the nodes into clusters and achieves three objectives: low initialization cost, shortest path to the sink node, low operational cost (data forwarding). The second contribution is investigating the mobility issue within the IoT media access control (MAC) infrastructure and determining the related problems and requirements. Based on this, a novel mobility scheme is presented that facilitates node movement inside the network under the IEEE 802.15.4e time slotted channel hopping (TSCH) mode. The proposed model mitigates the problem of frequency channel hopping and slotframe issue in the TSCH mode. The next contribution in this thesis is determining the mobility impact on low latency deterministic (LLDN) network. One of the significant issues of mobility is increasing the latency and degrading packet delivery ratio (PDR). Accordingly, a novel mobility protocol is presented to tackle the mobility issue in LLDN mode and to improve network performance and lessen impact of node movement. The final contribution in this thesis is devising a new key bootstrapping scheme that fits both IEEE 802.15.4 and 6LoWPAN neighbour discovery architectures. The proposed scheme permits a group of nodes to establish the required link keys without excessive communication/computational overhead. Additionally, the scheme supports the mobile node association process by ensuring secure access control to the network and validates mobile node authenticity in order to eliminate any malicious node association. The purposed key management scheme facilitates the replacement of outdated master network keys and release the required master key in a secure manner. Finally, a modified IEEE 802.15.4 link-layer security structure is presented. The modified architecture minimizes both energy consumption and latency incurred through providing authentication/confidentiality services via the IEEE 802.15.4