Traffic forensics for IPv6-based Wireless Sensor Networks and the Internet of Things

Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network's state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.

[1]  Panayotis Kikiras,et al.  Live forensics framework for wireless sensor nodes using sandboxing , 2010, Q2SWinet '10.

[2]  Noureddine Boudriga,et al.  Pattern-based digital investigation of x-hole attacks in wireless adhoc and sensor networks , 2009, 2009 International Conference on Ultra Modern Telecommunications & Workshops.

[3]  Noureddine Boudriga,et al.  Digital Investigation of Wormhole Attacks in Wireless Sensor Networks , 2009, 2009 Eighth IEEE International Symposium on Network Computing and Applications.

[4]  Thomas Clausen,et al.  Some Considerations on Routing In Particular and Lossy Environments , 2011 .

[5]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[6]  Christoph Meinel,et al.  Secure Neighbor Discovery: Review, Challenges, Perspectives, and Recommendations , 2012, IEEE Security & Privacy.

[7]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[8]  Lan Zhang Intrusion Detection System for Low-Power and Lossy Networks , 2013 .

[9]  Pekka Nikander,et al.  IPv6 Neighbor Discovery (ND) Trust Models and Threats , 2004, RFC.

[10]  Francois Mouton,et al.  A prototype for achieving digital forensic readiness on wireless sensor networks , 2011, IEEE Africon '11.

[11]  Angel Lozano,et al.  A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs) , 2015, RFC.

[12]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[13]  Theodore Tryfonas,et al.  Cryptographic Key Exchange in IPv6-Based Low Power, Lossy Networks , 2013, WISTP.

[14]  Jonathan Loo,et al.  6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach , 2012, Int. J. Commun. Syst..

[15]  Alexandros G. Fragkiadakis,et al.  Malicious traffic analysis in wireless sensor networks using advanced signal processing techniques , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[16]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[17]  Levente Buttyán,et al.  VeRA - Version Number and Rank Authentication in RPL , 2011, 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems.

[18]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[19]  Vijay Kumar,et al.  Digital investigations for IPv6-based Wireless Sensor Networks , 2014, Digit. Investig..