Mitigation of topological inconsistency attacks in RPL‐based low‐power lossy networks

Mayzaud, Anthéa; Sehgal, Anuj; Badonnel, Rémi; Chrisment, Isabelle; Schönwälder, Jürgen

doi:10.1002/nem.1898

Cited by 59 publications

(69 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dvir et al suggested an authentication scheme named VeRA to detect two routing attacks, ie, version number and decreased rank. A dynamic threshold–based defense mechanism is proposed by Mayzaud et al to mitigate DODAG inconsistency attacks. Ghaleb et al studied the impact of DAO falsification attack and proposed a defense mechanism named SecRPL to mitigate DAO falsification attack.…”

Section: Related Workmentioning

confidence: 99%

Mitigation of DIS flooding attacks in RPL‐based 6LoWPAN networks

Verma

Ranga

2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The IPv6 Routing Protocol for Low‐Power and Lossy Networks (RPL) is the de facto routing protocol for IPv6‐based Low‐Power Wireless Personal Area Networks (6LoWPAN). In RPL protocol, DODAG Information Solicitation (DIS) messages are sent by the node to join the network. A malicious node can exploit this mechanism to send illegitimate DIS messages to the neighbor nodes to perform a DIS flooding attack. In this research paper, it is observed that the DIS flooding attack increases the control packet overhead of the network, which significantly degrades the network's performance. This further increases the power consumption of the nodes in the network. To address this problem, a mitigation scheme named Secure‐RPL is proposed. The proposed scheme mitigates significantly the effects of DIS flooding attack on the network's performance. The effectiveness of the proposed Secure‐RPL scheme is compared with standard RPL protocol. The experimental results show that Secure‐RPL detects and mitigates DIS flooding attack quickly and efficiently in both static and dynamic network scenarios, without adding any significant overhead to the nodes.

show abstract

Section: Related Workmentioning

confidence: 99%

Mitigation of DIS flooding attacks in RPL‐based 6LoWPAN networks

Verma

Ranga

2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…As a result the targeted node will discard the packet and reset the trickle timer; hence, the control messages will be sent more frequently which will waste energy and increase delay. In [57], authors proposed to limit the rate of tickle timer resets to 20, while in [58] and [59] two methods, adaptive threshold and dynamic approach, were used. On the other side, in the case of rank attack an adversary can attract the large traffic by advertising false rank value, so non-optimal routes might be established.…”

Section: B Security and Attacks In Rplmentioning

confidence: 99%

“…Separate keys for network segments [48] PS The solution was not implemented/simulated yet; Merkel trees authentication [54] PS Node uses a key to encrypt its messages; High jitter and E2E delay until tree has been established; Graph theoretic approach [55] PS Cryptographic techniques based on local broadcast keys; Low overhead, no synchronization needed; Sybil attack, Clone ID Distributed hash tables (DHT) to store the graphical location of nodes [48], [56] PS Problem in how to securely verify the node location; Might not scale well with large networks; DAG/DAO inconsistency attack Limit the rate of tickle timer resets [57] PS Threshold value is fixed, no network or node characteristics are taken into account; Adaptive threshold [58] PS Takes into account the network characteristics; Dynamic approach [59] PS Improved version as node specific parameters are used; Rank attack VeRa [60] PS Authentication mechanism based on hash operations; Low time overhead, but still vulnerable to rank attacks by forgery and replay; TRAIL [61] PS Improvement of VeRa, requires almost no cryptography, but shows dependency on network sizes; choose to selectively forward data or drop all received packets. In both scenarios the network operation would be disturbed.…”

Section: Psmentioning

confidence: 99%

A Survey of Potential Security Issues in Existing Wireless Sensor Network Protocols

Tomić

McCann

2017

IEEE Internet Things J.

228

115

View full text Add to dashboard Cite

Abstract-The increasing pervasiveness of Wireless Sensor Networks (WSNs) in diverse application domains including critical infrastructure systems, sets an extremely high security bar in the design of WSN systems to exploit their full benefits, increasing trust while avoiding loss. Nevertheless, a combination of resource restrictions and the physical exposure of sensor devices inevitably cause such networks to be vulnerable to security threats, both external and internal. While several researchers have provided a set of open problems and challenges in WSN security and privacy, there is a gap in the systematic study of the security implications arising from the nature of existing communication protocols in WSNs. Therefore, we have carried out a deep-dive into the main security mechanisms and their effects on the most popular protocols and standards used in WSN deployments i.e. IEEE 802.15.4, B-MAC, 6LoWPAN, RPL, BCP, CTP, and CoAP, where potential security threats and existing countermeasures are discussed at each layer of WSN stack. This work culminates in a deeper analysis of network layer attacks deployed against the RPL routing protocol. We quantify the impact of individual attacks on the performance of a network using the Cooja network simulator. Finally, we discuss new research opportunities in network layer security and how to use Cooja as a benchmark for developing new defenses for WSN systems.

show abstract

“…Another mitigation technique for DODAG inconsistency attacks was proposed by Mayzaud et al [33] in 2015. It is an improved version of the mitigation technique proposed in Sehgal's work [49].…”

Section: Mitigation Systems and Protocol Security Solutions For Intermentioning

confidence: 99%

Security of Internet of Things for a Reliable Internet of Services

Arış

Oktuğ

Voigt

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The Internet of Things (IoT) consists of resource-constrained devices (e.g., sensors and actuators) which form low power and lossy networks to connect to the Internet. With billions of devices deployed in various environments, IoT is one of the main building blocks of future Internet of Services (IoS). Limited power, processing, storage and radio dictate extremely efficient usage of these resources to achieve high reliability and availability in IoS. Denial of Service (DoS) and Distributed DoS (DDoS) attacks aim to misuse the resources and cause interruptions, delays, losses and degrade the offered services in IoT. DoS attacks are clearly threats for availability and reliability of IoT, and thus of IoS. For highly reliable and available IoS, such attacks have to be prevented, detected or mitigated autonomously. In this study, we propose a comprehensive investigation of Internet of Things security for reliable Internet of Services. We review the characteristics of IoT environments, cryptography-based security mechanisms and D/DoS attacks targeting IoT networks. In addition to these, we extensively analyze the intrusion detection and mitigation mechanisms proposed for IoT and evaluate them from various points of view. Lastly, we consider and discuss the open issues yet to be researched for more reliable and available IoT and IoS.

show abstract

Mitigation of topological inconsistency attacks in RPL‐based low‐power lossy networks

Cited by 59 publications

References 16 publications

Mitigation of DIS flooding attacks in RPL‐based 6LoWPAN networks

Mitigation of DIS flooding attacks in RPL‐based 6LoWPAN networks

A Survey of Potential Security Issues in Existing Wireless Sensor Network Protocols

Security of Internet of Things for a Reliable Internet of Services

Contact Info

Product

Resources

About