Neighbor-Passive Monitoring Technique for Detecting Sinkhole Attacks in RPL Networks

Internet Protocol version 6 (IPv6) over Low-power Wireless Personal Area Networks (6LoWPAN) is extensively used in wireless sensor networks due to its capability to transmit IPv6 packets with low bandwidth and limited resources. 6LoWPAN has several operations in each layer. Most existing security challenges are focused on the network layer, which is represented by the Routing Protocol for Low-power and Lossy Networks (RPL). 6LoWPAN, with its routing protocol (RPL), usually uses nodes that have constrained resources (memory, power, and processor). In addition, RPL messages are exchanged among network nodes without any message authentication mechanism, thereby exposing the RPL to various attacks that may lead to network disruptions. A sinkhole attack utilizes the vulnerabilities in an RPL and attracts considerable traffic by advertising falsified data that change the routing preference for other nodes. This paper proposes the neighbor-passive monitoring technique (NPMT) for detecting sinkhole attacks in RPL-based networks. The proposed technique is evaluated using the COOJA simulator in terms of power consumption and detection accuracy. Moreover, NPMT is compared with popular detection mechanisms.

[1]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[2]  Remi Badonnel,et al.  Using the RPL protocol for supporting passive monitoring in the Internet of Things , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[3]  Utz Roedig,et al.  Secure communication for the Internet of Things - a comparison of link-layer security and IPsec for 6LoWPAN , 2014, Secur. Commun. Networks.

[4]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[5]  Jonathan Loo,et al.  A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology , 2016, Inf..

[6]  Xianfeng Li,et al.  Evaluating and analyzing the performance of RPL in contiki , 2014, MSCC '14.

[7]  Aleksandra Mileva,et al.  Running and Testing Applications for Contiki OS Using Cooja Simulator , 2016 .

[8]  Mohammed Anbar,et al.  Internet of Things (IoT) communication protocols: Review , 2017, 2017 8th International Conference on Information Technology (ICIT).

[9]  Pedro José Marrón,et al.  COOJA/MSPSim: interoperability testing for wireless sensor networks , 2009, SimuTools.

[10]  Soohong Park Hierarchical Routing over 6LoWPAN (HiLow) , 2007 .

[11]  Mohammed Anbar,et al.  Review on mechanisms for detecting sinkhole attacks on RPLs , 2017, 2017 8th International Conference on Information Technology (ICIT).

[12]  Siarhei Kuryla,et al.  RPL: IPv6 Routing Protocol for Low power and Lossy Networks , 2010 .

[13]  Jonathan Loo,et al.  6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach , 2012, Int. J. Commun. Syst..

[14]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[15]  Hon Sun Chiu,et al.  Real Time Intrusion and Wormhole Attack Detection in Internet of Things , 2015 .

[16]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[17]  Hardik Upadhyay,et al.  Intrusion Detection System for Internet of Things , 2016 .

[18]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.