A Lightweight Defense Approach to Mitigate Version Number and Rank Attacks in Low-Power and Lossy Networks

The Internet of Things (IoT) presents a new paradigm of the future internet that intends to provide interactive communication between various processing object via heterogeneous networks. The routing protocol in the IoT environment is Routing Protocol for Low-Power and Lossy Networks (RPL). The current RPL specification defines primary security modes; therefore it is vulnerable to topological attacks. In this paper the RPL routing mechanism, its topological vulnerabilities and two important topological attacks namely version number attack and rank spoofing attack are analyzed. To counter the mentioned attacks, a lightweight Identity Based Offline–Online Signature based scheme is proposed. Our evaluation shows that our proposed scheme is secure in the random oracle model, and in terms of computational cost and energy consumption efficiently counters with these attacks.

[1]  Peter Langendörfer,et al.  How public key cryptography influences wireless sensor node lifetime , 2006, SASN '06.

[2]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[3]  Yang Ming,et al.  Improved Identity Based Online/Offline Signature Scheme , 2010, 2010 7th International Conference on Ubiquitous Intelligence & Computing and 7th International Conference on Autonomic & Trusted Computing.

[4]  Paulo S. L. M. Barreto,et al.  Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps , 2005, ASIACRYPT.

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Levente Buttyán,et al.  VeRA - Version Number and Rank Authentication in RPL , 2011, 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems.

[7]  Hong Zhao,et al.  An Authentication and Key Agreement Mechanism for Multi-domain Wireless Networks Using Certificateless Public-Key Cryptography , 2014, Wireless Personal Communications.

[8]  Kevin Weekly,et al.  Evaluating sinkhole defense techniques in RPL networks , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[9]  Remi Badonnel,et al.  A Study of RPL DODAG Version Attacks , 2014, AIMS.

[10]  Jia-Lun Tsai,et al.  Provably secure and efficient anonymous ID-based authentication protocol for mobile devices using bilinear pairings , 2015, Wirel. Pers. Commun..

[11]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[12]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[13]  Kyung-Ah Shim,et al.  S2DRP: Secure implementations of distributed reprogramming protocol for wireless sensor networks , 2014, Ad Hoc Networks.

[14]  Fagen Li,et al.  On the Security of Online/Offline Signatures and Multisignatures from ACISP'06 , 2008, CANS.

[15]  Angel Lozano,et al.  A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs) , 2015, RFC.

[16]  Jean-Jacques Quisquater,et al.  A new identity based signcryption scheme from pairings , 2003, Proceedings 2003 IEEE Information Theory Workshop (Cat. No.03EX674).

[17]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[18]  G. P. Biswas,et al.  Design of Two-Party Authenticated Key Agreement Protocol Based on ECC and Self-Certified Public Keys , 2015, Wirel. Pers. Commun..

[19]  Kyung-Ah Shim,et al.  EIBAS: An efficient identity-based broadcast authentication scheme in wireless sensor networks , 2013, Ad Hoc Networks.

[20]  Peilin Hong,et al.  Distributed access control with adaptive privacy preserving property for wireless sensor networks , 2014, Secur. Commun. Networks.

[21]  Joonsang Baek,et al.  Efficient online/offline identity-based signature for wireless sensor network , 2010, International Journal of Information Security.

[22]  Jean-Philippe Vasseur,et al.  Design and Application Spaces for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) , 2012, RFC.

[23]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[24]  Chien-Lung Hsu,et al.  A Novel Remote User Authentication Scheme from Bilinear Pairings Via Internet , 2015, Wireless Personal Communications.

[25]  Bin Zhao,et al.  IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks , 2008, Comput. Commun..

[26]  Thomas C. Schmidt,et al.  TRAIL: Topology Authentication in RPL , 2016, EWSN.

[27]  Remi Badonnel,et al.  Mitigation of topological inconsistency attacks in RPL-based low-power lossy networks , 2015, Int. J. Netw. Manag..

[28]  Jonathan Loo,et al.  Specification-based IDS for securing RPL from topology attacks , 2011, 2011 IFIP Wireless Days (WD).

[29]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[30]  Willy Susilo,et al.  Online/Offline Signatures and Multisignatures for AODV and DSR Routing Security , 2006, IACR Cryptol. ePrint Arch..

[31]  Guilin Wang,et al.  An Authentication Framework for Wireless Sensor Networks using Identity-Based Signatures , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[32]  Mehdi Hosseinzadeh,et al.  A New Certificateless and Secure Authentication Scheme for Ad hoc Networks , 2017, Wirel. Pers. Commun..

[33]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[34]  Ricardo Dahab,et al.  TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks , 2008, 2008 5th International Conference on Networked Sensing Systems.

[35]  Khalil El-Khatib,et al.  Private key agreement and secure communication for heterogeneous sensor networks , 2010, J. Parallel Distributed Comput..

[36]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[37]  Athanasios V. Vasilakos,et al.  Future Internet of Things: open issues and challenges , 2014, Wireless Networks.

[38]  Jianhong Zhang,et al.  An Improved Secure Identity-Based On-Line/Off-Line Signature Scheme , 2009, ISA.

[39]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[40]  Remi Badonnel,et al.  A Taxonomy of Attacks in RPL-based Internet of Things , 2016, Int. J. Netw. Secur..

[41]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[42]  Yi Mu,et al.  Efficient Authentication Scheme for Routing in Mobile Ad Hoc Networks , 2005, EUC Workshops.

[43]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[44]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[45]  Kyung-Ah Shim,et al.  ${\cal CPAS}$: An Efficient Conditional Privacy-Preserving Authentication Scheme for Vehicular Sensor Networks , 2012, IEEE Transactions on Vehicular Technology.