A Trust-Based Intrusion Detection System for RPL Networks: Detecting a Combination of Rank and Blackhole Attacks

Routing attacks are a major security issue for Internet of Things (IoT) networks utilising routing protocols, as malicious actors can overwhelm resource-constrained devices with denial-of-service (DoS) attacks, notably rank and blackhole attacks. In this work, we study the impact of the combination of rank and blackhole attacks in the IPv6 routing protocol for low-power and lossy (RPL) networks, and we propose a new security framework for RPL-based IoT networks (SRF-IoT). The framework includes a trust-based mechanism that detects and isolates malicious attackers with the help of an external intrusion detection system (IDS). Both SRF-IoT and IDS are implemented in the Contiki-NG operating system. Evaluation of the proposed framework is based on simulations using the Whitefield framework that combines both the Contiki-NG and the NS-3 simulator. Analysis of the simulations of the scenarios under active attacks showed the effectiveness of deploying SRF-IoT with 92.8% packet delivery ratio (PDR), a five-fold reduction in the number of packets dropped, and a three-fold decrease in the number of parent switches in comparison with the scenario without SRF-IoT. Moreover, the packet overhead introduced by SRF-IoT in attack scenarios is minimal at less than 2%. Obtained results suggest that the SRF-IoT framework is an efficient and promising solution that combines trust-based and IDS-based approaches to protect IoT networks against routing attacks. In addition, our solution works by deploying a watchdog mechanism on detector nodes only, leaving unaffected the operation of existing smart devices

A Signature-based Intrusion Detection System for the Internet of Things

Internet of Things (IoT) is envisioned as a transformative approach with a wide range of applications in various sectors such as home automation, industrial control, and agriculture. It promises innovative business models and improved user experience. However, as evidenced by recent attacks such as the Mirai botnet, IoT networks and systems remain very vulnerable and require stronger protection mechanisms. Furthermore, due to processing, memory, and power constraints of typical IoT devices, traditional Internet security mechanisms are not always feasible or appropriate. In this work, we are concerned with designing an Intrusion Detection System (IDS) for protecting IoT networks from external threats as well as internal compromised devices. Our proposed design adopts a signature-based intrusion detection approach and involves both certralised and distributed IDS modules. Using the Cooja simulator, we have implemented a Denial of Service (DoS) attack scenario on IoT devices. This scenario exploits the RPL protocol, which is widely used for routing in low-power networks, including IoT networks. In particular, we have implemented two variants of DoS attacks, namely “Hello” flooding and version number modification. As shown by simulation results, these attacks may impact the reachability of certain IoT devices and their power consumption

Battery draining attacks against edge computing nodes in IoT networks

Many IoT devices, especially those deployed at the network edge have limited power resources. In this work, we study the effects of a variety of battery draining attacks against edge nodes. Specifically, we implemented hello flooding, packet flooding, selective forwarding, rank attack, and versioning attack in ContikiOS and simulated them in the Cooja simulator. We consider a number of relevant metrics, such as CPU time, low power mode time, TX/RX time, and battery consumption. Besides, we test the stretch attack with three different batteries as an extreme scenario. Our results show that versioning attack is the most severe in terms of draining the power resources of the network, followed by packet flooding and hello flooding attacks. Furthermore, we find that selective forwarding and rank attacks are not able to considerably increase the power resource usage in our scenarios. By quantifying the effects of these attacks, we demonstrate that under specific scenarios, versioning attack can be three to four times as effective as packet flooding and hello flooding attacks in wasting network resources. At the same time, packet flooding is generally comparable to hello flooding in CPU and TX time usage increase but twice as powerful in draining device batteries

Protecting IoT networks against routing attacks

The rapid development of Internet of Things (IoT) will offer great benefits for both individuals and companies. However, as smart devices are widely deployed, they become attractive to hackers. Some recent examples are the 25 critical vulnerabilities discovered, known as "BadAlloc", which allow the execution of Denial-of-Service (DoS) attacks, as well as the existence of IoT malware such as Mozi which affect network operation. Therefore, new solutions should be developed to protect the computationally-limited devices. In this work, a new Security Framework for IoT-based networks (SRF-IoT) is proposed. Our focus is on detecting and isolating attackers that exploit routing protocols which are used in 6LoWPAN IoT networks for packet routing. Although, many works study the security of routing protocols such as the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), they are still vulnerable to various attacks. We study the impact of well-known routing attacks such as DoS, rank and blackhole attacks in IoT networks. To investigate the impact of routing attacks, we design and develop the algorithms in ContikiOS, a popular Operating System, and using Cooja simulator we simulate the different scenarios. The obtained simulation results help us understand the characteristics of an RPL-based IoT network under its normal operation and devise effective countermeasures against malicious activity. The SRF-IoT framework contains a trust-based mechanism that identifies and isolates malicious attackers with the help of an external Intrusion Detection System. Evaluation is based on simulations on a new simulator tool called Whitefield framework that combines both Contiki-NG and NS-3 simulator. This new simulator is used in this project as it allows large scale (over 100 nodes) realistic simulations using real-world stacks such as Contiki-NG. The analysis of the results showed the effectiveness of SRF-IoT in a network under combined rank and blackhole attacks with 92.8% Packet Delivery Ratio, and 8.2% packets dropped. Moreover, parent switches are kept low, reaching almost a hundred. Simulation results demonstrate that SRF-IoT is an efficient and promising solution to protect an IoT network against routing attacks

Battery Drain Denial-of-Service Attacks and Defenses in the Internet of Things

IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is a popular routing protocol used in wireless sensor networks and in the Internet of Things (IoT). RPL was standardized by the IETF in 2012 and has been designed for devices with limited resources and capabilities. Open-source RPL implementations are supported by popular IoT operating systems (OS), such as ContikiOS and TinyOS. In this work, we investigate the possibility of battery drain Denial-of-Service (DoS) attacks in the RPL implementation of ContikiOS. In particular, we use the popular Cooja simulator and implement two types of DoS attacks, particularly version number modification and “Hello” flooding. We demonstrate the impact of these attacks on the power consumption of IoT devices. Finally, we discuss potential defenses relying on distributed intrusion detection modules

An Intrusion Detection System for RPL-Based IoT Networks

The Internet of Things (IoT) has become very popular during the last decade by providing new solutions to modern industry and to entire societies. At the same time, the rise of the industrial Internet of Things (IIoT) has provided various benefits by linking infrastructure around the world via sensors, machine learning, and data analytics. However, the security of IoT devices has been proven to be a major concern. Almost a decade ago, the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) was designed to handle routing in IoT and IIoT. Since then, numerous types of attacks on RPL have been published. In this paper, a novel intrusion detection system (IDS) is designed and implemented for RPL-based IoT. The objective is to perform an accurate and efficient detection of various types of routing and denial-of-service (DoS) attacks such as version number attack, blackhole attack, and grayhole attack, and different variations of flooding attacks such as Hello flood attack, DIS attack, and DAO insider attack. To achieve this, different detection strategies are combined, taking advantage of the strengths of each individual strategy. In addition, the proposed IDS is experimentally evaluated by performing a deep analysis of the aforementioned attacks in order to study the impact caused. This evaluation also estimates the accuracy and effectiveness of the IDS performance when confronted with the considered attacks. The obtained results show high detection accuracy. Furthermore, the overhead introduced in terms of CPU usage and power consumption is negligible. In particular, the CPU usage overhead is less than 2% in all cases, whereas the average power consumption increase is no more than 0.5%, which can be considered an insignificant impact on the overall resource utilisation