Attestation-enabled secure and scalable routing protocol for IoT networks

Abstract Cybercrime in the past decade has experienced an all-time high due to the inclusion of so-called smart devices in our daily lives. These tiny devices with brittle security features are often dubbed as the Internet of Things (IoT). Their inclusion is not only limited to our daily lives but also in different fields, for example, healthcare, smart-industries, aviation, and smart-cities. Although IoT devices make our lives easy and perform our jobs in a smart way, but their fragile security mechanisms pose a severe challenge regarding safety and privacy of its users. Attacks like Stuxnet, and Mirai-botnet are the key examples of the damages that can be caused by maliciously controlling these devices. One effective tool to identify a malicious entity at a network device is to perform Remote Attestation (RA). However, performing RA over a large, heterogeneous IoT network is difficult tasks due to resource constrain nature of these networks. To this end, we propose a novel scheme called SARP, which is an attestation-assisted secure and scalable routing protocol for IoT networks. SARP performs attestation in large scale IoT networks by using Routing Protocol for Low Power and Lossy Networks (RPL) framework and exploiting the inbuilt features of RPL. In particular, SARP uses attestation technique that not only secures the network from internal attacks, but it also provides security to RPL’s data communication process, which helps to improve the overall network performance. Moreover, SARP supports network mobility, device heterogeneity, and network scalability, while it does not sacrifice the key requirements of IoT networks such as low energy and memory consumption, and low network overhead. The simulation results obtained in different IoT scenarios in presence of various types of attacks show the effectiveness of SARP, concerning energy consumption, packet delivery ratio, network overhead, data integrity, and communication security.

[1]  Ivana Tomić,et al.  A Survey of Potential Security Issues in Existing Wireless Sensor Network Protocols , 2017, IEEE Internet of Things Journal.

[2]  Mohsen Guizani,et al.  A survey of secure mobile Ad Hoc routing protocols , 2008, IEEE Communications Surveys & Tutorials.

[3]  Mauro Conti,et al.  SHeLA: Scalable Heterogeneous Layered Attestation , 2019, IEEE Internet of Things Journal.

[4]  Sayan Kumar Ray,et al.  SecTrust-RPL: A secure trust-aware RPL routing protocol for Internet of Things , 2019, Future Gener. Comput. Syst..

[5]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[6]  Mauro Conti,et al.  PADS: Practical Attestation for Highly Dynamic Swarm Topologies , 2018, 2018 International Workshop on Secure Internet of Things (SIoT).

[7]  Gene Tsudik,et al.  Secure Code Update for Embedded Devices via Proofs of Secure Erasure , 2010, ESORICS.

[8]  Levente Buttyán,et al.  VeRA - Version Number and Rank Authentication in RPL , 2011, 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems.

[9]  Andrea Zanella,et al.  IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices , 2019, IEEE Internet of Things Journal.

[10]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[11]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[12]  Abderrezak Rachedi,et al.  A Secure Routing Protocol Based on RPL for Internet of Things , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[13]  Ahmad-Reza Sadeghi,et al.  C-FLAT: Control-Flow Attestation for Embedded Systems Software , 2016, CCS.

[14]  Cong Pu Mitigating DAO inconsistency attack in RPL-based low power and lossy networks , 2018, 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC).

[15]  Matthias Wahlisch,et al.  Topology Authentication in RPL , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[16]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.

[17]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[18]  Gene Tsudik,et al.  Lightweight Swarm Attestation: A Tale of Two LISA-s , 2017, AsiaCCS.

[19]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[20]  David E. Culler,et al.  Challenging the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL): A Survey , 2017, IEEE Communications Surveys & Tutorials.

[21]  Ahmad-Reza Sadeghi,et al.  SEDA: Scalable Embedded Device Attestation , 2015, CCS.

[22]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[23]  Ahmad-Reza Sadeghi,et al.  Invited: Things, trouble, trust: On building trust in IoT systems , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[24]  Mahmoud Ammar,et al.  Journal of Information Security and Applications , 2022 .

[25]  Xiaohui Liang,et al.  Sybil Attacks and Their Defenses in the Internet of Things , 2014, IEEE Internet of Things Journal.

[26]  Mauro Conti,et al.  REMI: A Reliable and Secure Multicast Routing Protocol for IoT Networks , 2017, ARES.

[27]  Ahmad-Reza Sadeghi,et al.  SeED: secure non-interactive attestation for embedded devices , 2017, WISEC.

[28]  Emmanuel Nataf,et al.  Survey on RPL enhancements: A focus on topology, security and mobility , 2018, Comput. Commun..

[29]  Nasir Ghani,et al.  Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations , 2019, IEEE Communications Surveys & Tutorials.

[30]  G. Geethakumari,et al.  Attack graph — Based vulnerability assessment of rank property in RPL-6LOWPAN in IoT , 2018, 2018 IEEE 4th World Forum on Internet of Things (WF-IoT).

[31]  Quynh Dang,et al.  Changes in Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard , 2013, Cryptologia.

[32]  Mauro Conti,et al.  SANA: Secure and Scalable Aggregate Network Attestation , 2016, CCS.

[33]  Mauro Conti,et al.  SPLIT: A Secure and Scalable RPL routing protocol for Internet of Things , 2018, 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[34]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[35]  Azzedine Boukerche,et al.  A Survey of Limitations and Enhancements of the IPv6 Routing Protocol for Low-Power and Lossy Networks: A Focus on Core Operations , 2019, IEEE Communications Surveys & Tutorials.