Multiple intrusion detection in RPL based networks

Routing Protocol for Low Power and Lossy Networks based networks consists of large number of tiny sensor nodes with limited resources. These nodes are directly connected to the Internet through the border router. Hence these nodes are susceptible to different types of attacks. The possible attacks are rank attack, selective forwarding, worm hole and Denial of service attack. These attacks can be effectively identified by intrusion detection system model. The paper focuses on identification of multiple intrusions by considering the network size as 10, 40 and 100 nodes and adding 10%, 20% and 30% of malicious nodes to the considered network. Experiments are simulated using Cooja simulator on Contiki operating system. Behavior of the network is observed based on the percentage of inconsistency achieved, energy consumption, accuracy and false positive rate. Experimental results show that multiple intrusions can be detected effectively by machine learning techniques

On the performance of key pre-distribution for RPL-based IoT Networks

A core ingredient of the the Internet of Things (IoT) is the use of deeply embedded resource constrained devices, often connected to the Internet over Low Power and Lossy Networks. These constraints compounded by the need for unsupervised operation within an untrusted environment create considerable challenges for the secure operation of these systems. In this paper, we propose a novel method to secure an edge IoT network using the concept of key pre-distribution proposed by Eschenauer and Gligor in the context of distributed sensor networks. First, we investigate the performance of the unmodified algorithm in the Internet of Things setting and then analyse the results with a view to determine its performance and thus its suitability in this context. Specifically, we investigate how ring size influences performance in order to determine the required ring size that guarantees full connectivity of the network. We then proceed to propose a novel RPL objective function and associated metrics that ensure that any node that joins the network can establish secure communication with Internet destinations. , N., , H., , Th., , Th., , A., , P

Performance analysis of Routing Protocol for Low power and Lossy Networks (RPL) in large scale networks

With growing needs to better understand our environments, the Internet-of-Things (IoT) is gaining importance among information and communication technologies. IoT will enable billions of intelligent devices and networks, such as wireless sensor networks (WSNs), to be connected and integrated with computer networks. In order to support large scale networks, IETF has defined the Routing Protocol for Low power and Lossy Networks (RPL) to facilitate the multi-hop connectivity. In this paper, we provide an in-depth review of current research activities. Specifically, the large scale simulation development and performance evaluation under various objective functions and routing metrics are pioneering works in RPL study. The results are expected to serve as a reference for evaluating the effectiveness of routing solutions in large scale IoT use cases

IPv6 Mesh over BLUETOOTH(R) Low Energy using IPSP

RFC 7668 describes the adaptation of 6LoWPAN techniques to enable IPv6 over Bluetooth low energy networks that follow the star topology. However, recent Bluetooth specifications allow the formation of extended topologies as well. This document specifies mechanisms that are needed to enable IPv6 mesh over Bluetooth Low Energy links established by using the Bluetooth Internet Protocol Support Profile. This document does not specify the routing protocol to be used in an IPv6 mesh over Bluetooth LE links.Preprin

TN-IDS for Network Layer Attacks in RPL based IoT Systems

Routing protocol for Low power and lossy network (RPL) is a standardized optimal protocol for routing in Internet of Things (IoT). The constrained wireless sensor network in IoT is characterized by lack of processing speed, low power and low memory. Sometimes various network attacks enabling the RPL network affect the network performance dismally. This leads to drastic variation in energy consumption at nodes and disturb the RPL network protocol structure. This leads to reduced processing speed and memory allocation in the network. We first illustrate the attacks and their impact in RPL network by simulation. To detect such attacks, we propose an Intrusion Detection System (IDS) scheme for RPL network based on trust computation. Trust based Neighbor notification IDS (TN-IDS) is a secure hierarchical distribution system which monitors the network intrusion and checks the performance of the network. The new TN-IDS system will track all nodes in the network and identify the malicious nodes. The activity list prepared by IDS indicates them to a sink node. This is achieved by introducing a distributed leader election algorithm to collect metrics related to the RPL network. Hence, the performance metrics of the RPL network together with TN-IDS module can identify the malicious node and isolate them

Multicast DIS attack mitigation in RPL-based IoT-LLNs

The IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) was standardised by the IETF ROLL Working Group to address the routing issues in the Internet of Things (IoT) Low-Power and Lossy Networks (LLNs). RPL builds and maintains a Destination Oriented Directed Acyclic Graph (DODAG) topology using pieces of information propagated within the DODAG Information Object (DIO) control message. When a node intends to join the DODAG, it either waits for DIO or sends a DODAG Information Solicitation (DIS) control message Multicast to solicit DIOs from nearby nodes. Nevertheless, sending Multicast DIS messages resets the timer that regulates the transmission rate of DIOs to its minimum value, which leads to the network’s congestion with control messages. Because of the resource-constrained nature of RPL-LLNs, the lack of tamper resistance, and the security gaps of RPL, malicious nodes can exploit the Multicast DIS solicitation mechanism to trigger an RPL-specification-based attack, named DIS attack. The DIS attack can have severe consequences on RPL networks, especially on control packets overhead and power consumption. In this paper, we use the Cooja–Contiki simulator to assess the DIS attack’s effects on both static and dynamic PRL networks. Besides, we propose and implement a novel approach, namely RPL-MRC, to improve the RPL’s resilience against DIS Multicast. RPL-MRC aims to reduce the response to DIS Multicast messages. Simulation results demonstrate how the attack could damage the network performance by significantly increasing the control packets overhead and power consumption. On the other hand, the RPL-MRC proposed mechanism shows a significant enhancement in reducing the control overhead and power consumption for different scenarios

Survey on RPL enhancements: a focus on topology, security and mobility

International audienceA few years ago, the IPv6 Routing Protocol for Low-power and Lossy Networks (RPL) was proposed by IETF as the routing standard designed for classes of networks in which both nodes and their interconnects are constrained. Since then, great attention has been paid by the scientific and industrial communities for the protocol evaluation and improvement. Indeed, depending on applications scenarios, constraints related to the target environments or other requirements, many adaptations and improvements can be made. So, since the initial release of the standard, several implementations were proposed, some targeting specific optimization goals whereas others would optimize several criteria while building the routing topology. They include, but are not limited to, extending the network lifetime, maximizing throughput at the sink node, avoiding the less secured nodes, considering nodes or sink mobility. Sometimes, to consider the Quality of Service (QoS), it is necessary to consider several of those criteria at the same time. This paper reviews recent works on RPL and highlights major contributions to its improvement, especially those related to topology optimization, security and mobility. We aim to provide an insight into relevant efforts around the protocol, draw some lessons and give useful guidelines for future developments

Adaptation of the human nervous system for self-aware secure mobile and IoT systems

IT systems have been deployed across several domains, such as hospitals and industries, for the management of information and operations. These systems will soon be ubiquitous in every field due to the transition towards the Internet of Things (IoT). The IoT brings devices with sensory functions into IT systems through the process of internetworking. The sensory functions of IoT enable them to generate and process information automatically, either without human contribution or having the least human interaction possible aside from the information and operations management tasks. Security is crucial as it prevents system exploitation. Security has been employed after system implementation, and has rarely been considered as a part of the system. In this dissertation, a novel solution based on a biological approach is presented to embed security as an inalienable part of the system. The proposed solution, in the form of a prototype of the system, is based on the functions of the human nervous system (HNS) in protecting its host from the impacts caused by external or internal changes. The contributions of this work are the derivation of a new system architecture from HNS functionalities and experiments that prove the implementation feasibility and efficiency of the proposed HNS-based architecture through prototype development and evaluation. The first contribution of this work is the adaptation of human nervous system functions to propose a new architecture for IT systems security. The major organs and functions of the HNS are investigated and critical areas are identified for the adaptation process. Several individual system components with similar functions to the HNS are created and grouped to form individual subsystems. The relationship between these components is established in a similar way as in the HNS, resulting in a new system architecture that includes security as a core component. The adapted HNS-based system architecture is employed in two the experiments prove its implementation capability, enhancement of security, and overall system operations. The second contribution is the implementation of the proposed HNS-based security solution in the IoT test-bed. A temperature-monitoring application with an intrusion detection system (IDS) based on the proposed HNS architecture is implemented as part of the test-bed experiment. Contiki OS is used for implementation, and the 6LoWPAN stack is modified during the development process. The application, together with the IDS, has a brain subsystem (BrSS), a spinal cord subsystem (SCSS), and other functions similar to the HNS whose names are changed. The HNS functions are shared between an edge router and resource-constrained devices (RCDs) during implementation. The experiment is evaluated in both test-bed and simulation environments. Zolertia Z1 nodes are used to form a 6LoWPAN network, and an edge router is created by combining Pandaboard and Z1 node for a test-bed setup. Two networks with different numbers of sensor nodes are used as simulation environments in the Cooja simulator. The third contribution of this dissertation is the implementation of the proposed HNS-based architecture in the mobile platform. In this phase, the Android operating system (OS) is selected for experimentation, and the proposed HNS-based architecture is specifically tailored for Android. A context-based dynamically reconfigurable access control system (CoDRA) is developed based on the principles of the refined HNS architecture. CoDRA is implemented through customization of Android OS and evaluated under real-time usage conditions in test-bed environments. During the evaluation, the implemented prototype mimicked the nature of the HNS in securing the application under threat with negligible resource requirements and solved the problems in existing approaches by embedding security within the system. Furthermore, the results of the experiments highlighted the retention of HNS functions after refinement for different IT application areas, especially the IoT, due to its resource-constrained nature, and the implementable capability of our proposed HNS architecture.--- IT-järjestelmiä hyödynnetään tiedon ja toimintojen hallinnassa useilla aloilla, kuten sairaaloissa ja teollisuudessa. Siirtyminen kohti esineiden Internetiä (Internet of Things, IoT) tuo tällaiset laitteet yhä kiinteämmäksi osaksi jokapäiväistä elämää. IT-järjestelmiin liitettyjen IoT-laitteiden sensoritoiminnot mahdollistavat tiedon automaattisen havainnoinnin ja käsittelyn osana suurempaa järjestelmää jopa täysin ilman ihmisen myötävaikutusta, poislukien mahdolliset ylläpito- ja hallintatoimenpiteet. Turvallisuus on ratkaisevan tärkeää IT-järjestelmien luvattoman käytön estämiseksi. Valitettavan usein järjestelmäsuunnittelussa turvallisuus ei ole osana ydinsuunnitteluprosessia, vaan otetaan huomioon vasta käyttöönoton jälkeen. Tässä väitöskirjassa esitellään uudenlainen biologiseen lähestymistapaan perustuva ratkaisu, jolla turvallisuus voidaan sisällyttää erottamattomaksi osaksi järjestelmää. Ehdotettu prototyyppiratkaisu perustuu ihmisen hermoston toimintaan tilanteessa, jossa se suojelee isäntäänsä ulkoisten tai sisäisten muutosten vaikutuksilta. Tämän työn keskeiset tulokset ovat uuden järjestelmäarkkitehtuurin johtaminen ihmisen hermoston toimintaperiaatteesta sekä tällaisen järjestelmän toteutettavuuden ja tehokkuuden arviointi kokeellisen prototyypin kehittämisen ja toiminnan arvioinnin avulla. Tämän väitöskirjan ensimmäinen kontribuutio on ihmisen hermoston toimintoihin perustuva IT-järjestelmäarkkitehtuuri. Tutkimuksessa arvioidaan ihmisen hermoston toimintaa ja tunnistetaan keskeiset toiminnot ja toiminnallisuudet, jotka mall-innetaan osaksi kehitettävää järjestelmää luomalla näitä vastaavat järjestelmäkomponentit. Nä-istä kootaan toiminnallisuudeltaan hermostoa vastaavat osajärjestelmät, joiden keskinäinen toiminta mallintaa ihmisen hermoston toimintaa. Näin luodaan arkkitehtuuri, jonka keskeisenä komponenttina on turvallisuus. Tämän pohjalta toteutetaan kaksi prototyyppijärjestelmää, joiden avulla arvioidaan arkkitehtuurin toteutuskelpoisuutta, turvallisuutta sekä toimintakykyä. Toinen kontribuutio on esitetyn hermostopohjaisen turvallisuusratkaisun toteuttaminen IoT-testialustalla. Kehitettyyn arkkitehtuuriin perustuva ja tunkeutumisen estojärjestelmän (intrusion detection system, IDS) sisältävä lämpötilan seurantasovellus toteutetaan käyttäen Contiki OS -käytöjärjestelmää. 6LoWPAN protokollapinoa muokataan tarpeen mukaan kehitysprosessin aikana. IDS:n lisäksi sovellukseen kuuluu aivo-osajärjestelmä (Brain subsystem, BrSS), selkäydinosajärjestelmä (Spinal cord subsystem, SCSS), sekä muita hermoston kaltaisia toimintoja. Nämä toiminnot jaetaan reunareitittimen ja resurssirajoitteisten laitteiden kesken. Tuloksia arvioidaan sekä simulaatioiden että testialustan tulosten perusteella. Testialustaa varten 6LoWPAN verkon toteutukseen valittiin Zolertia Z1 ja reunareititin on toteutettu Pandaboardin ja Z1:n yhdistelmällä. Cooja-simulaattorissa käytettiin mallinnukseen ymp-äristönä kahta erillistä ja erikokoisuta sensoriverkkoa. Kolmas tämän väitöskirjan kontribuutio on kehitetyn hermostopohjaisen arkkitehtuurin toteuttaminen mobiilialustassa. Toteutuksen alustaksi valitaan Android-käyttöjärjestelmä, ja kehitetty arkkitehtuuri räätälöidään Androidille. Tuloksena on kontekstipohjainen dynaamisesti uudelleen konfiguroitava pääsynvalvontajärjestelmä (context-based dynamically reconfigurable access control system, CoDRA). CoDRA toteutetaan mukauttamalla Androidin käyttöjärjestelmää ja toteutuksen toimivuutta arvioidaan reaaliaikaisissa käyttöolosuhteissa testialustaympäristöissä. Toteutusta arvioitaessa havaittiin, että kehitetty prototyyppi jäljitteli ihmishermoston toimintaa kohdesovelluksen suojaamisessa, suoriutui tehtävästään vähäisillä resurssivaatimuksilla ja onnistui sisällyttämään turvallisuuden järjestelmän ydintoimintoihin. Tulokset osoittivat, että tämän tyyppinen järjestelmä on toteutettavissa sekä sen, että järjestelmän hermostonkaltainen toiminnallisuus säilyy siirryttäessä sovellusalueelta toiselle, erityisesti resursseiltaan rajoittuneissa IoT-järjestelmissä