Mitigation of Topological Inconsistency Attacks in RPL based Low Power Lossy Networks

International audienceRPL is a routing protocol for low-power and lossy networks. A malicious node can manipulate header options used by RPL to create topological inconsistencies, thereby causing denial of service attacks, reducing channel availability, increased control message overhead, and higher energy consumption at the targeted node and its neighborhood. RPL overcomes these topological inconsistencies via a fixed threshold, upon reaching which all subsequent packets with erroneous header options are ignored. However, this threshold value is arbitrarily chosen and the performance can be improved by taking into account network characteristics. To address this we present a mitigation strategy that allows nodes to dynamically adapt against a topological inconsistency attack based on the current network conditions. Results from our experiments show that our approach outperforms the fixed threshold and mitigates these attacks without significant overhead

Multiple intrusion detection in RPL based networks

Routing Protocol for Low Power and Lossy Networks based networks consists of large number of tiny sensor nodes with limited resources. These nodes are directly connected to the Internet through the border router. Hence these nodes are susceptible to different types of attacks. The possible attacks are rank attack, selective forwarding, worm hole and Denial of service attack. These attacks can be effectively identified by intrusion detection system model. The paper focuses on identification of multiple intrusions by considering the network size as 10, 40 and 100 nodes and adding 10%, 20% and 30% of malicious nodes to the considered network. Experiments are simulated using Cooja simulator on Contiki operating system. Behavior of the network is observed based on the percentage of inconsistency achieved, energy consumption, accuracy and false positive rate. Experimental results show that multiple intrusions can be detected effectively by machine learning techniques

Improved Intrusion Detection System using Quantal Response Equilibrium-based Game Model and Rule-based Classification

Wireless sensor network has large number of low-cost tiny nodes with sensing capability.  These provide low cost solutions to many real world problems such as such as defence, Internet of things, healthcare, environment monitoring and so on. The sensor nodes of these networks are placed in vulnerable environment. Hence, the security of these networks is very important. Intrusion Detection System (IDS) plays an important role in providing a security to such type of networks. The sensor nodes of the network have limited power and, traditional security mechanisms such as key-management, encryption decryption and authentication techniques cannot be installed on the nodes. Hence, there is a need of special security mechanism to handle the intrusions. In this paper, intrusion detection system is designed and implemented using game theory and machine learning to identify multiple attacks. Game theory is designed and used to apply the IDS optimally in WSN. The game model is designed by defining the players and the corresponding strategies. Quantal Response Equilibrium (QRE) concept of game theory is used to select the strategies in optimal way for the intrusion’s detection. Further, these intrusions are classified as denial of service attack, rank attack or selective forwarding attacks using supervised machine learning technique based on different parameters and rules. Results show that all the attacks are detected with good detection rate and the proposed approach provides optimal usage of IDS

Mitigation Mechanisms Against the DAO Attack on the Routing Protocol for Low Power and Lossy Networks (RPL)

Destination Advertisement Objects (DAOs) are sent upward by RPL nodes toward the DODAG root, to build the downward routing paths carrying traffic from the root to its associated nodes. This routing mechanism can be exploited by a malicious node periodically transmitting a large volume of DAO messages towards its parent, which in turn will forward such messages to its own parent and so on, until they arrive at the Direction-Oriented Directed Acyclic Graph (DODAG) root. This ultimately results in a negative effect on network performance in terms of energy consumption, latency and reliability. The first objective of this paper is to evaluate the effect of such a DAO attack in the context of an RPL IoT network. In particular, identifying the particular performance metrics and network resources affected most greatly. The second objective is the proposal of mitigating security mechanisms in relation to DAO attacks and to evaluate their effectiveness. The simulation results have shown how the attack can damage the network performance by significantly increasing the DAO overhead and power consumption. It also demonstrated that the DAO attack affect the reliability of the downward traffic under specific conditions. The proposed mechanisms showed a good capacity in restoring the optimal performance of the network by up to 205%, 181%, 87% and 6%, in terms of overhead, latency, power consumption and packet delivery ratio respectively

Using the RPL Protocol for Supporting Passive Monitoring in the Internet of Things

International audienceMost devices deployed in the Internet of Things (IoT) are expected to suffer from resource constraints. Using specialized tools on such devices for monitoring IoT networks would take away precious resources that could otherwise be dedicated towards their primary task. In many IoT applications such as Advanced Metering Infrastructure (AMI) networks, higher order devices are expected to form the backbone infrastructure, to which the constrained nodes would connect. It would, as such, make sense to exploit the capabilities of these higher order devices to perform network monitoring tasks. We propose in this paper a distributed monitoring architecture that takes benefits from specificities of the IoT routing protocol RPL to passively monitor events and network flows without having impact upon the resource constrained nodes. We describe the underlying mechanisms of this architecture, quantify its performances through a set of experiments using the Cooja environment. We also evaluate its benefits and limits through a use case scenario dedicated to anomaly detection

Survey on RPL enhancements: a focus on topology, security and mobility

International audienceA few years ago, the IPv6 Routing Protocol for Low-power and Lossy Networks (RPL) was proposed by IETF as the routing standard designed for classes of networks in which both nodes and their interconnects are constrained. Since then, great attention has been paid by the scientific and industrial communities for the protocol evaluation and improvement. Indeed, depending on applications scenarios, constraints related to the target environments or other requirements, many adaptations and improvements can be made. So, since the initial release of the standard, several implementations were proposed, some targeting specific optimization goals whereas others would optimize several criteria while building the routing topology. They include, but are not limited to, extending the network lifetime, maximizing throughput at the sink node, avoiding the less secured nodes, considering nodes or sink mobility. Sometimes, to consider the Quality of Service (QoS), it is necessary to consider several of those criteria at the same time. This paper reviews recent works on RPL and highlights major contributions to its improvement, especially those related to topology optimization, security and mobility. We aim to provide an insight into relevant efforts around the protocol, draw some lessons and give useful guidelines for future developments

Addressing the DAO Insider Attack in RPL’s Internet of Things Networks

In RPL routing protocol, the DAO (Destination Advertisement Object) control messages are announced by the child nodes to their parents to build downward routes. A malicious insider node can exploit this feature to send fake DAOs to its parents periodically, triggering those parents, in turn, to forward the fake messages upward to the root node. In this study, we show how this behaviour can have a detrimental side effect on the performance of the network, increasing power consumption, latency and reducing reliability. To address this problem, a new scheme is introduced to mitigate significantly the effect of the DAO attack on network performance

TN-IDS for Network Layer Attacks in RPL based IoT Systems

Routing protocol for Low power and lossy network (RPL) is a standardized optimal protocol for routing in Internet of Things (IoT). The constrained wireless sensor network in IoT is characterized by lack of processing speed, low power and low memory. Sometimes various network attacks enabling the RPL network affect the network performance dismally. This leads to drastic variation in energy consumption at nodes and disturb the RPL network protocol structure. This leads to reduced processing speed and memory allocation in the network. We first illustrate the attacks and their impact in RPL network by simulation. To detect such attacks, we propose an Intrusion Detection System (IDS) scheme for RPL network based on trust computation. Trust based Neighbor notification IDS (TN-IDS) is a secure hierarchical distribution system which monitors the network intrusion and checks the performance of the network. The new TN-IDS system will track all nodes in the network and identify the malicious nodes. The activity list prepared by IDS indicates them to a sink node. This is achieved by introducing a distributed leader election algorithm to collect metrics related to the RPL network. Hence, the performance metrics of the RPL network together with TN-IDS module can identify the malicious node and isolate them

On reliable and secure RPL (routing protocol low-power and lossy networks) based monitoring and surveillance in oil and gas fields

Different efforts have been made to specify protocols and algorithms for the successful operation of the Internet of things Networks including, for instance, the Low Power and Lossy Networks (LLNs) and Linear Sensor Networks (LSNs). Into such efforts, IETF, the Internet Engineering Task Force, created a working group named, ROLL, to investigate the requirement of such networks and devising more efficient solutions. The effort of this group has resulted in the specification of the IPv6 Routing Protocol for LLNs (RPL), which was standardized in 2012. However, since the introduction of RPL, several studies have reported that it suffers from various limitations and weaknesses including scalability, slow convergence, unfairness of load distribution, inefficiency of bidirectional communication and security, among many others. For instance, a serious problem is RPL’s under-specification of DAO messages which may result in conflict and inefficient implementations leading to a poor performance and scalability issues. Furthermore, RPL has been found to suffer from several security issues including, for instance, the DAO flooding attack, in which the attacker floods the network with control messages aiming to exhaust network resources. Another fundamental issue is related to the scarcity of the studies that investigate RPL suitability for Linear Sensor Networks (LSN) and devising solution in the lieu of that.Motivated by these observations, the publications within this thesis aim to tackle some of the key gaps of the RPL by introducing more efficient and secure routing solutions in consideration of the specific requirements of LLNs in general and LSNs as a special case. To this end, the first publication proposes an enhanced version of RPL called Enhanced-RPL aimed at mitigating the memory overflow and the under-specification of the of DAOs messages. Enhanced-RPL has shown significant reduction in control messages overhead by up to 64% while maintaining comparable reliability to RPL. The second publication introduces a new technique to address the DAO attack of RPL which has been shown to be effective in mitigating the attack reducing the DAO overhead and latency by up to 205% and 181% respectively as well as increasing the PDR by up to 6% latency. The third and fourth publications focus on analysing the optimal placement of nodes and sink movement pattern (fixed or mobile) that RPL should adopt in LSNs. It was concluded based on the results obtained that RPL should opt for fixed sinks with 10 m distance between deployed nodes