Demo: Do Not Trust Your Neighbors! A Small IoT Platform Illustrating a Man-in-the-Middle Attack

This demonstration defines a small IoT wireless network that uses TI CC2538-OpenMote as hardware platform and state-of-the-art IETF network standards such as 6LoWPAN, RPL, and CoAP implemented by ContikiOS. The IoT nodes are controlled from outside the IoT network using end-to-end connectivity provided by IPv6-CoAP messages. We implement a man-in-the-middle attack that disrupts the normal behavior of the system. Our attack leverages on the inherent hierarchical routing topology of RPL-based IoT networks. The demonstration aims at highlighting the need for end-to-end source-authentication and authorization enforcement of information even inside a trusted IoT network. We also provide some insights on how these services can be offered in a IoT-friendly way.

[1]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[2]  Carsten Bormann,et al.  Terminology for Constrained-Node Networks , 2014, RFC.

[3]  Jim Schaad,et al.  CBOR Object Signing and Encryption (COSE) , 2017, RFC.

[4]  V. S. Malemath,et al.  Security attacks and secure routing protocols in RPL-based Internet of Things: Survey , 2017, 2017 International Conference on Emerging Trends & Innovation in ICT (ICEI).