A Trust-Based Intrusion Detection System for RPL Networks: Detecting a Combination of Rank and Blackhole Attacks

Routing attacks are a major security issue for Internet of Things (IoT) networks utilising routing protocols, as malicious actors can overwhelm resource-constrained devices with denial-of-service (DoS) attacks, notably rank and blackhole attacks. In this work, we study the impact of the combination of rank and blackhole attacks in the IPv6 routing protocol for low-power and lossy (RPL) networks, and we propose a new security framework for RPL-based IoT networks (SRF-IoT). The framework includes a trust-based mechanism that detects and isolates malicious attackers with the help of an external intrusion detection system (IDS). Both SRF-IoT and IDS are implemented in the Contiki-NG operating system. Evaluation of the proposed framework is based on simulations using the Whitefield framework that combines both the Contiki-NG and the NS-3 simulator. Analysis of the simulations of the scenarios under active attacks showed the effectiveness of deploying SRF-IoT with 92.8% packet delivery ratio (PDR), a five-fold reduction in the number of packets dropped, and a three-fold decrease in the number of parent switches in comparison with the scenario without SRF-IoT. Moreover, the packet overhead introduced by SRF-IoT in attack scenarios is minimal at less than 2%. Obtained results suggest that the SRF-IoT framework is an efficient and promising solution that combines trust-based and IDS-based approaches to protect IoT networks against routing attacks. In addition, our solution works by deploying a watchdog mechanism on detector nodes only, leaving unaffected the operation of existing smart devices

A Signature-based Intrusion Detection System for the Internet of Things

Internet of Things (IoT) is envisioned as a transformative approach with a wide range of applications in various sectors such as home automation, industrial control, and agriculture. It promises innovative business models and improved user experience. However, as evidenced by recent attacks such as the Mirai botnet, IoT networks and systems remain very vulnerable and require stronger protection mechanisms. Furthermore, due to processing, memory, and power constraints of typical IoT devices, traditional Internet security mechanisms are not always feasible or appropriate. In this work, we are concerned with designing an Intrusion Detection System (IDS) for protecting IoT networks from external threats as well as internal compromised devices. Our proposed design adopts a signature-based intrusion detection approach and involves both certralised and distributed IDS modules. Using the Cooja simulator, we have implemented a Denial of Service (DoS) attack scenario on IoT devices. This scenario exploits the RPL protocol, which is widely used for routing in low-power networks, including IoT networks. In particular, we have implemented two variants of DoS attacks, namely “Hello” flooding and version number modification. As shown by simulation results, these attacks may impact the reachability of certain IoT devices and their power consumption

Battery draining attacks against edge computing nodes in IoT networks

Many IoT devices, especially those deployed at the network edge have limited power resources. In this work, we study the effects of a variety of battery draining attacks against edge nodes. Specifically, we implemented hello flooding, packet flooding, selective forwarding, rank attack, and versioning attack in ContikiOS and simulated them in the Cooja simulator. We consider a number of relevant metrics, such as CPU time, low power mode time, TX/RX time, and battery consumption. Besides, we test the stretch attack with three different batteries as an extreme scenario. Our results show that versioning attack is the most severe in terms of draining the power resources of the network, followed by packet flooding and hello flooding attacks. Furthermore, we find that selective forwarding and rank attacks are not able to considerably increase the power resource usage in our scenarios. By quantifying the effects of these attacks, we demonstrate that under specific scenarios, versioning attack can be three to four times as effective as packet flooding and hello flooding attacks in wasting network resources. At the same time, packet flooding is generally comparable to hello flooding in CPU and TX time usage increase but twice as powerful in draining device batteries

Protecting IoT networks against routing attacks

The rapid development of Internet of Things (IoT) will offer great benefits for both individuals and companies. However, as smart devices are widely deployed, they become attractive to hackers. Some recent examples are the 25 critical vulnerabilities discovered, known as "BadAlloc", which allow the execution of Denial-of-Service (DoS) attacks, as well as the existence of IoT malware such as Mozi which affect network operation. Therefore, new solutions should be developed to protect the computationally-limited devices. In this work, a new Security Framework for IoT-based networks (SRF-IoT) is proposed. Our focus is on detecting and isolating attackers that exploit routing protocols which are used in 6LoWPAN IoT networks for packet routing. Although, many works study the security of routing protocols such as the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), they are still vulnerable to various attacks. We study the impact of well-known routing attacks such as DoS, rank and blackhole attacks in IoT networks. To investigate the impact of routing attacks, we design and develop the algorithms in ContikiOS, a popular Operating System, and using Cooja simulator we simulate the different scenarios. The obtained simulation results help us understand the characteristics of an RPL-based IoT network under its normal operation and devise effective countermeasures against malicious activity. The SRF-IoT framework contains a trust-based mechanism that identifies and isolates malicious attackers with the help of an external Intrusion Detection System. Evaluation is based on simulations on a new simulator tool called Whitefield framework that combines both Contiki-NG and NS-3 simulator. This new simulator is used in this project as it allows large scale (over 100 nodes) realistic simulations using real-world stacks such as Contiki-NG. The analysis of the results showed the effectiveness of SRF-IoT in a network under combined rank and blackhole attacks with 92.8% Packet Delivery Ratio, and 8.2% packets dropped. Moreover, parent switches are kept low, reaching almost a hundred. Simulation results demonstrate that SRF-IoT is an efficient and promising solution to protect an IoT network against routing attacks

Multinationality and firm value: The role of real options awareness

We contribute to multinationality and real options theories by considering the role of firm heterogeneity in real options awareness for MNCs. We test the joint impact of real options awareness (RO-AWN) and multinationality on firm value using an extensive sample of U.S.-listed international firms over the ten-year period 1996–2005. We show that when a firm's growth options and degree of RO-AWN are considered, multinationality has a significant positive impact on firm value and performance as measured by Tobin's Q, return-on-assets and the 3-year average stock returns. We find that the benefits of multinationality accrue asymmetrically to firms differing in RO-AWN. Managers who are more aware of their corporate real options are able to significantly enhance firm value. Our findings are robust to a range of dataset and measurement specifications, endogeneity issues and controlling for alternative theories of the firm

Battery Drain Denial-of-Service Attacks and Defenses in the Internet of Things

IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is a popular routing protocol used in wireless sensor networks and in the Internet of Things (IoT). RPL was standardized by the IETF in 2012 and has been designed for devices with limited resources and capabilities. Open-source RPL implementations are supported by popular IoT operating systems (OS), such as ContikiOS and TinyOS. In this work, we investigate the possibility of battery drain Denial-of-Service (DoS) attacks in the RPL implementation of ContikiOS. In particular, we use the popular Cooja simulator and implement two types of DoS attacks, particularly version number modification and “Hello” flooding. We demonstrate the impact of these attacks on the power consumption of IoT devices. Finally, we discuss potential defenses relying on distributed intrusion detection modules

Multinationality, portfolio diversification, and asymmetric MNE performance: The moderating role of real options awareness

The field of international business is fundamentally concerned with the implications of managerial actions that affect multinational risk and performance outcomes. While portfolio diversification and real options theory are often used to describe the outcomes of multinational investment, existing work often confuses the actions and predictions proposed by these theories. This is concerning, as the two theories emphasize different causal mechanisms, managerial actions, and conceptions of risk and performance. Whereas portfolio theory argues that passive management affects symmetric outcomes, such as variance in returns by attaining a well-diversified portfolio, real options theory posits that managers actively shift subsidiary resources to affect asymmetric outcomes, such as upside potential or downside risk by monitoring and responding to environmental changes affecting the portfolio. This paper disentangles these two theories by focusing on unique predictions from real options theory – that geographic dispersion of MNE activities is associated with asymmetric outcomes, that this association is contingent on management being aware of real options logic, and that these effects are moderated by the degree of market uncertainty. Our findings confirm these predictions and suggest differences in the types of managerial strategies and actions required to effectively implement these distinct theories of the MNE