This document discusses routing attacks and countermeasures in RPL-based Internet of Things networks. It analyzes how IoT technologies like RPL, 6LoWPAN and CoAP can be exploited by attackers or intrusion detection systems. The document implements common routing attacks against a 6LoWPAN network using RPL and Contiki, demonstrating the effectiveness of these attacks and how RPL's self-healing mechanisms mitigate some attacks. It also proposes a lightweight heartbeat protocol using new IPv6 security features to detect selective forwarding attacks in IoT networks.
Efficient End-to-End Secure Key Management Protocol for Internet of Things IJECEIAES
Internet of things (IoT) has described a futurevision of internetwhere users, computing system, and everyday objects possessing sensing and actuating capabilities are part of distributed applications and required to support standard internet communication with more powerful device or internet hosts. This vision necessitates the security mechanisms for end-to-end communication. A key management protocol is critical to ensuring the secure exchange of data between interconnecting entities, but due to the nature of this communication system where a high resource constrained node may be communicating with node with high energy makes the application of existing key management protocols impossible. In this paper, we propose a new lightweight key management protocol that allows the constrained node in 6loWPAN network to transmit captured data to internet host in secure channel. This protocol is based on cooperation of selected 6loWPAN routers to participate in computation of highly consuming cryptographic primitives. Our protocol is assessed with AVISPA tool, the results show that our scheme ensured security properties.
Working Survey of Authentication Header and Encapsulating Security Payloadijtsrd
In this paper we are discuss about IP security in AH and ESP. Internet Protocol suit is used to provide separation and Authentication services at the IP layer by authenticating and encrypting method. It is a collective of authentication between nodes at the starting session and transaction of cryptographic keys to be used during the session. Internet Protocol address is also known as IP address and IP suit. Internet Protocol Security IP sec functionality is based on two main techniques i.e. Protocol to exchange security parameters IKE and IP header extensions to carry the cryptographic information. AH ESP . IKE protocol aims for end points to exchange security parameters or proposals each of the service that is Authentication Header AH or Encapsulation Header ESP and the type of operation mode Tunnel mode or Transport mode. Now we are discuss two types of security protocols defined by IP sec i.e. Authentication Header AH and Encapsulating Security Payload ESP . Encapsulating Security Payload ESP protocol is to contribute confidentiality by specifying how to encrypt the data that is to be sent and Authentication Header AH service provides integrity protection, authentication of origin and anti replay attacks and does not offer encryption services to the payload portion of the packet. It also provides service of data integrity and origin authentication. Now we are discuss briefly implementation of AH and ESP in IP Suit. Er. Komalpret Kaur | Rajwinder Kaur | Arpan Chadak "Working Survey of Authentication Header and Encapsulating Security Payload" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31122.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-network/31122/working-survey-of-authentication-header-and-encapsulating-security-payload/er-komalpret-kaur
A SURVEY OF THE S TATE OF THE A RT IN Z IG B EEIJCI JOURNAL
ZigBee is one of the most widely used wireless comm
unication technologies. ZigBee is being widely used
for sensor communications and many other research f
ields. Why consider ZigBee? Because it is cheap and
has better compatibility when compared to other com
munication technologies. We have given a detailed
description on comparison between all the available
technologies. In this paper, we have discussed so
me
basic concepts about ZigBee and its security aspect
s in networking. We have also listed out the major
manufacturers who are into the production of the tr
ansceivers for ZigBee
Efficient End-to-End Secure Key Management Protocol for Internet of Things IJECEIAES
Internet of things (IoT) has described a futurevision of internetwhere users, computing system, and everyday objects possessing sensing and actuating capabilities are part of distributed applications and required to support standard internet communication with more powerful device or internet hosts. This vision necessitates the security mechanisms for end-to-end communication. A key management protocol is critical to ensuring the secure exchange of data between interconnecting entities, but due to the nature of this communication system where a high resource constrained node may be communicating with node with high energy makes the application of existing key management protocols impossible. In this paper, we propose a new lightweight key management protocol that allows the constrained node in 6loWPAN network to transmit captured data to internet host in secure channel. This protocol is based on cooperation of selected 6loWPAN routers to participate in computation of highly consuming cryptographic primitives. Our protocol is assessed with AVISPA tool, the results show that our scheme ensured security properties.
Working Survey of Authentication Header and Encapsulating Security Payloadijtsrd
In this paper we are discuss about IP security in AH and ESP. Internet Protocol suit is used to provide separation and Authentication services at the IP layer by authenticating and encrypting method. It is a collective of authentication between nodes at the starting session and transaction of cryptographic keys to be used during the session. Internet Protocol address is also known as IP address and IP suit. Internet Protocol Security IP sec functionality is based on two main techniques i.e. Protocol to exchange security parameters IKE and IP header extensions to carry the cryptographic information. AH ESP . IKE protocol aims for end points to exchange security parameters or proposals each of the service that is Authentication Header AH or Encapsulation Header ESP and the type of operation mode Tunnel mode or Transport mode. Now we are discuss two types of security protocols defined by IP sec i.e. Authentication Header AH and Encapsulating Security Payload ESP . Encapsulating Security Payload ESP protocol is to contribute confidentiality by specifying how to encrypt the data that is to be sent and Authentication Header AH service provides integrity protection, authentication of origin and anti replay attacks and does not offer encryption services to the payload portion of the packet. It also provides service of data integrity and origin authentication. Now we are discuss briefly implementation of AH and ESP in IP Suit. Er. Komalpret Kaur | Rajwinder Kaur | Arpan Chadak "Working Survey of Authentication Header and Encapsulating Security Payload" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31122.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-network/31122/working-survey-of-authentication-header-and-encapsulating-security-payload/er-komalpret-kaur
A SURVEY OF THE S TATE OF THE A RT IN Z IG B EEIJCI JOURNAL
ZigBee is one of the most widely used wireless comm
unication technologies. ZigBee is being widely used
for sensor communications and many other research f
ields. Why consider ZigBee? Because it is cheap and
has better compatibility when compared to other com
munication technologies. We have given a detailed
description on comparison between all the available
technologies. In this paper, we have discussed so
me
basic concepts about ZigBee and its security aspect
s in networking. We have also listed out the major
manufacturers who are into the production of the tr
ansceivers for ZigBee
Framework for wireless network security using quantum cryptographyIJCNCJournal
Data that is transient over an unsecured wireless network is always susceptible to being intercepted by
anyone within the range of the wireless signal. Hence providing secure communication to keep the user’s
information and devices safe when connected wirelessly has become one of the major concerns. Quantum cryptography provides a solution towards absolute communication security over the network by encoding
information as polarized photons, which can be sent through the air. This paper explores on the aspect of
application of quantum cryptography in wireless networks.
In this paper we present a methodology for integrating quantum cryptography and security of IEEE 802.11 wireless networks in terms of distribution of the encryption keys.
Throughput Analysis of IEEE WLAN "802.11 ac" Under WEP, WPA, and WPA2 Securit...CSCJournals
WLAN (Wireless Local Area Networks) are gaining their grounds, and widely deployed in organizations, college campuses, public places, and residential areas. This growing popularity of WLAN makes these networks more vulnerable towards attacks and data thefts. Attacker attempts unauthorized access to the network for accessing the sensitive data of the users. Thus, it's necessary to address all the security challenges and its countermeasures using various encryption algorithms to prevent the attacks. However, with the use of security protocols the performance of the WLAN network can be varied. Thus this paper addresses the impact of various security protocols on the WLAN network, keeping throughput as the benchmark for network performance.
IEEE 802.11 ac is the latest wireless standard that operates in 5 Ghz frequency band with higher data rate, compare to its previous standards. This research has also chosen IEEE 802.11 ac standard for investigating the impact of security protocols including WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access), and WPA2 (WiFi Protected Access 2) on throughput of WLAN IEEE 802.11 ac in Windows environment using TCP and UDP traffic for both IP versions (IPv4 & IPv6). The research was launched in a real test-bed setup, with a Client/Server network structure. The results from the experiment showed that the performance of data throughput in the open system were higher comparable to secured systems. However, the results demonstrated that the performance of throughput have different behavior to different security protocols under TCP/UDP traffic with IPV4 & IPV6. A detailed comparison of results in all scenarios is explained in the paper.
MeshDynamics Internet of Things (IoT) initiatives are in partnership with the US Military agencies and our commercial OEM licensees.
Our embedded software runs on OpenWRT and MAC80211. Network processors supported, include Intel, Cavium, MIPS. OEM Customer applications, running on the routers, support real time, secure, M2M Machine control. Kernel level applications provide real time translation and encapsulation of Native Machine protocols and their transmitters (e.g. LED remote).
MeshDynamics routers thus support low power IoT "chirp" devices, see "Rethinking the Internet Of Things". [Slides] [Jolt Award]
Author Francis daCosta, previously founded Advanced Cybernetics Group, providing robot control system software for mission critical applications, including both local and supervisory real time M2M control. At MITRE, he served as an advisor to the United States Air Force Robotics and Automation Center of Excellence (RACE). Francis also held senior technical positions at Northrop Grumman, Ingersoll-Rand, Xerox. He has a MS from Stanford University and BS from Indian Institute of Technology.
As sensor networks edge closer towards wide-spread placement, security issues become a central concern. So far, much research has concentrated on making sensor networks feasible and useful, and has not focused on security.
We present a set of security building blocks optimized for resource constrained environments and wireless communication. SPINS has two secure building blocks: SNEP and TESLA. SNEP provides the following important baseline security primitives: Data confidentiality, two-party data authentication, and data freshness. A particularly hard problem is to provide effective broadcast authentication, which is an important mechanism for sensor networks. TESLA is a new protocol which provides authenticated broadcast for severely resource-constrained surroundings. We realized the above protocols, and show that they are practical straighly on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we prove that the suite can be used for building higher level protocols
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
Scale-able Internet of Things (Presented June 12015) MeshDynamics
Scalable, Mission Critical Mesh Networking for Internet of Things.that support resource constrained devices, operating with Native Machine protocols, rudimentary communications capabilities. These simpler devices communicate with trusted routers through custom interfaces (e.g. LED remote). Custom routers also run applications providing the processing needed for low cost devices connectivity. The framework supports dynamic, temporal and mobile mesh networking infrastructure for both IP and non IP based devices. Applications use local processing power for both analysis (e.g. deep packet inspection) and control (e.g Real time M2M control). OEM Licensees include the US Military.
Open Source For Self Classification of Data Stream in the Internet Of Things. MeshDynamics
It is well understood that the Internet of Things represents unprecedented challenges of scope, with trillions of appliances, sensors, and actuators expected to be connected over the coming years. What is not yet appreciated is that current peer-to-peer networking schemes will be unable to create the kind of publish / discover / subscribe architectures that will be needed. Instead, a new type of self-classified data stream is needed, which can only be enabled by open-source collaborations in defining and implementing the emerging architecture of the IoT. Mr. daCosta will explore the implications of open source for end devices and networking equipment, as well as describing how even proprietary IoT data flows can help build an open source implementation.
Presented at IoTWorldEvent, June 16, 2014
Wireless ad hoc networks are autonomous nodes that communicate with each other in a
decentralized manner through multi hop radio network. Wireless nodes form a dynamic network
topology and communicate with each other directly without wireless access point. Wireless networks
are particularly vulnerable to intrusions, as they operate in open medium, and use cooperative
strategies for network communication.
Virtual security gateways at network edge are key to protecting ultra broadba...Paul Stevens
Combined technologies create a virtualized security gateway with real-time processing even for small packets associated with IP voice applications.
The future of wireless is ultra-broadband packet throughput, with 4G/LTE speeds hitting 25 Mbps to 50 Mbps¹ and 5G technologies targeting even faster speeds. But the IP mobile networks that are serving up this throughput have new security risks for MNOs that can negatively impact their infrastructure, operations, customer services, and data.
Utilizing security gateways (SeGW) in every base station and small cell is the proven way to secure the network against hackers. But legacy gateways don’t offer the performance or flexibility to scale for cost-effective deployment at a macrocell or at a small cell. Casa Systems worked with Intel and Intel® Network Builders ecosystem members Advantech and Wind River to build a complete virtual SeGW system with the performance and flexibility for these edge locations—even for demanding IP voice applications that transmit floods of small packets that typically have overwhelmed legacy gateways.
Seminar Paper on Security Issues of 802.11b based on IEEE Whitepaper by Boland, H. and Mousavi, H., Carleton University, Ottawa, Ont., Canada, IEEE Canadian Conference on Electrical and Computer Engineering, 2-5 May 2004
Although many techniques exist to transfer data from the widely distributed sensors that make up the Internet of Things IoT e.g., using 3G 4G networks or cables , these methods are associated with prohibitively high costs, making them impractical for real life applications. LoRa Long Range modulation together with LoRaWAN LoRa Wide Area Networks communication protocol can represent a suitable candidate ensuring a high level of performance in wireless technologies. The objective is to contribute toward the realization of LoRa as a viable communication technology for applications that needs long range links and deployed in a distributed manner. The LoRaWAN networks are the evolution of wireless sensor networks directed to the IoT concept, which entails sensor connectivity to the Internet. LoRa technology is summarized by reviewing some aspects regarding the architecture, security and application of the technology. Ms. Helina Tandel | Ms. Anjali Gharat | Mr. Ketan Bagade "LoRa Technology - DNA of IoT" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-1 , December 2019, URL: https://www.ijtsrd.com/papers/ijtsrd28102.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/28102/lora-technology---dna-of-iot/ms-helina-tandel
Abstract— Internet of things (IoT) is a new networks paradigm,
that billions of internet things can be connected at anytime and
anyplace, and it’s expected to include billions of smart devices,
these devices characterized by small memory, low transfer rate
and low energy, internet protocol version 6 (IPv6) it was
introduced to offer huge address space, however it doesn’t
compatible with capabilities of the constrained device, therefore
IPv6 over low power Wireless Personal Area network
(6LoWPAN) adaptation layer was introduced to carry IPv6
datagram over constrained links, in this paper, we first provide
intensive analysis of 6LoWPAN specifications that includes IPv6
encapsulation, frame format, 6LoWPAN header compression,
fragmentation of the payload datagram and encoding of user
datagram protocol UDP, in addition to the implementation of the
6LoWPAN in the NS-3 using different payload size, then we
evaluate the following metrics throughput, packets loss, delay
and jitter, the results showed that the fragmentation effects the
network throughput and increase the delay and the number of
lost packets, moreover, when payload fit within a single frame the
network show better performance , there are no packets lost as
well as minimum values of the delay and the jitter, and in the
two cases 6LoWPAN shows reasonable packets delivery ratio.
Framework for wireless network security using quantum cryptographyIJCNCJournal
Data that is transient over an unsecured wireless network is always susceptible to being intercepted by
anyone within the range of the wireless signal. Hence providing secure communication to keep the user’s
information and devices safe when connected wirelessly has become one of the major concerns. Quantum cryptography provides a solution towards absolute communication security over the network by encoding
information as polarized photons, which can be sent through the air. This paper explores on the aspect of
application of quantum cryptography in wireless networks.
In this paper we present a methodology for integrating quantum cryptography and security of IEEE 802.11 wireless networks in terms of distribution of the encryption keys.
Throughput Analysis of IEEE WLAN "802.11 ac" Under WEP, WPA, and WPA2 Securit...CSCJournals
WLAN (Wireless Local Area Networks) are gaining their grounds, and widely deployed in organizations, college campuses, public places, and residential areas. This growing popularity of WLAN makes these networks more vulnerable towards attacks and data thefts. Attacker attempts unauthorized access to the network for accessing the sensitive data of the users. Thus, it's necessary to address all the security challenges and its countermeasures using various encryption algorithms to prevent the attacks. However, with the use of security protocols the performance of the WLAN network can be varied. Thus this paper addresses the impact of various security protocols on the WLAN network, keeping throughput as the benchmark for network performance.
IEEE 802.11 ac is the latest wireless standard that operates in 5 Ghz frequency band with higher data rate, compare to its previous standards. This research has also chosen IEEE 802.11 ac standard for investigating the impact of security protocols including WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access), and WPA2 (WiFi Protected Access 2) on throughput of WLAN IEEE 802.11 ac in Windows environment using TCP and UDP traffic for both IP versions (IPv4 & IPv6). The research was launched in a real test-bed setup, with a Client/Server network structure. The results from the experiment showed that the performance of data throughput in the open system were higher comparable to secured systems. However, the results demonstrated that the performance of throughput have different behavior to different security protocols under TCP/UDP traffic with IPV4 & IPV6. A detailed comparison of results in all scenarios is explained in the paper.
MeshDynamics Internet of Things (IoT) initiatives are in partnership with the US Military agencies and our commercial OEM licensees.
Our embedded software runs on OpenWRT and MAC80211. Network processors supported, include Intel, Cavium, MIPS. OEM Customer applications, running on the routers, support real time, secure, M2M Machine control. Kernel level applications provide real time translation and encapsulation of Native Machine protocols and their transmitters (e.g. LED remote).
MeshDynamics routers thus support low power IoT "chirp" devices, see "Rethinking the Internet Of Things". [Slides] [Jolt Award]
Author Francis daCosta, previously founded Advanced Cybernetics Group, providing robot control system software for mission critical applications, including both local and supervisory real time M2M control. At MITRE, he served as an advisor to the United States Air Force Robotics and Automation Center of Excellence (RACE). Francis also held senior technical positions at Northrop Grumman, Ingersoll-Rand, Xerox. He has a MS from Stanford University and BS from Indian Institute of Technology.
As sensor networks edge closer towards wide-spread placement, security issues become a central concern. So far, much research has concentrated on making sensor networks feasible and useful, and has not focused on security.
We present a set of security building blocks optimized for resource constrained environments and wireless communication. SPINS has two secure building blocks: SNEP and TESLA. SNEP provides the following important baseline security primitives: Data confidentiality, two-party data authentication, and data freshness. A particularly hard problem is to provide effective broadcast authentication, which is an important mechanism for sensor networks. TESLA is a new protocol which provides authenticated broadcast for severely resource-constrained surroundings. We realized the above protocols, and show that they are practical straighly on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we prove that the suite can be used for building higher level protocols
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
Scale-able Internet of Things (Presented June 12015) MeshDynamics
Scalable, Mission Critical Mesh Networking for Internet of Things.that support resource constrained devices, operating with Native Machine protocols, rudimentary communications capabilities. These simpler devices communicate with trusted routers through custom interfaces (e.g. LED remote). Custom routers also run applications providing the processing needed for low cost devices connectivity. The framework supports dynamic, temporal and mobile mesh networking infrastructure for both IP and non IP based devices. Applications use local processing power for both analysis (e.g. deep packet inspection) and control (e.g Real time M2M control). OEM Licensees include the US Military.
Open Source For Self Classification of Data Stream in the Internet Of Things. MeshDynamics
It is well understood that the Internet of Things represents unprecedented challenges of scope, with trillions of appliances, sensors, and actuators expected to be connected over the coming years. What is not yet appreciated is that current peer-to-peer networking schemes will be unable to create the kind of publish / discover / subscribe architectures that will be needed. Instead, a new type of self-classified data stream is needed, which can only be enabled by open-source collaborations in defining and implementing the emerging architecture of the IoT. Mr. daCosta will explore the implications of open source for end devices and networking equipment, as well as describing how even proprietary IoT data flows can help build an open source implementation.
Presented at IoTWorldEvent, June 16, 2014
Wireless ad hoc networks are autonomous nodes that communicate with each other in a
decentralized manner through multi hop radio network. Wireless nodes form a dynamic network
topology and communicate with each other directly without wireless access point. Wireless networks
are particularly vulnerable to intrusions, as they operate in open medium, and use cooperative
strategies for network communication.
Virtual security gateways at network edge are key to protecting ultra broadba...Paul Stevens
Combined technologies create a virtualized security gateway with real-time processing even for small packets associated with IP voice applications.
The future of wireless is ultra-broadband packet throughput, with 4G/LTE speeds hitting 25 Mbps to 50 Mbps¹ and 5G technologies targeting even faster speeds. But the IP mobile networks that are serving up this throughput have new security risks for MNOs that can negatively impact their infrastructure, operations, customer services, and data.
Utilizing security gateways (SeGW) in every base station and small cell is the proven way to secure the network against hackers. But legacy gateways don’t offer the performance or flexibility to scale for cost-effective deployment at a macrocell or at a small cell. Casa Systems worked with Intel and Intel® Network Builders ecosystem members Advantech and Wind River to build a complete virtual SeGW system with the performance and flexibility for these edge locations—even for demanding IP voice applications that transmit floods of small packets that typically have overwhelmed legacy gateways.
Seminar Paper on Security Issues of 802.11b based on IEEE Whitepaper by Boland, H. and Mousavi, H., Carleton University, Ottawa, Ont., Canada, IEEE Canadian Conference on Electrical and Computer Engineering, 2-5 May 2004
Although many techniques exist to transfer data from the widely distributed sensors that make up the Internet of Things IoT e.g., using 3G 4G networks or cables , these methods are associated with prohibitively high costs, making them impractical for real life applications. LoRa Long Range modulation together with LoRaWAN LoRa Wide Area Networks communication protocol can represent a suitable candidate ensuring a high level of performance in wireless technologies. The objective is to contribute toward the realization of LoRa as a viable communication technology for applications that needs long range links and deployed in a distributed manner. The LoRaWAN networks are the evolution of wireless sensor networks directed to the IoT concept, which entails sensor connectivity to the Internet. LoRa technology is summarized by reviewing some aspects regarding the architecture, security and application of the technology. Ms. Helina Tandel | Ms. Anjali Gharat | Mr. Ketan Bagade "LoRa Technology - DNA of IoT" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-1 , December 2019, URL: https://www.ijtsrd.com/papers/ijtsrd28102.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/28102/lora-technology---dna-of-iot/ms-helina-tandel
Abstract— Internet of things (IoT) is a new networks paradigm,
that billions of internet things can be connected at anytime and
anyplace, and it’s expected to include billions of smart devices,
these devices characterized by small memory, low transfer rate
and low energy, internet protocol version 6 (IPv6) it was
introduced to offer huge address space, however it doesn’t
compatible with capabilities of the constrained device, therefore
IPv6 over low power Wireless Personal Area network
(6LoWPAN) adaptation layer was introduced to carry IPv6
datagram over constrained links, in this paper, we first provide
intensive analysis of 6LoWPAN specifications that includes IPv6
encapsulation, frame format, 6LoWPAN header compression,
fragmentation of the payload datagram and encoding of user
datagram protocol UDP, in addition to the implementation of the
6LoWPAN in the NS-3 using different payload size, then we
evaluate the following metrics throughput, packets loss, delay
and jitter, the results showed that the fragmentation effects the
network throughput and increase the delay and the number of
lost packets, moreover, when payload fit within a single frame the
network show better performance , there are no packets lost as
well as minimum values of the delay and the jitter, and in the
two cases 6LoWPAN shows reasonable packets delivery ratio.
TRUST BASED ROUTING METRIC FOR RPL ROUTING PROTOCOL IN THE INTERNET OF THINGSpijans
While smart factories are becoming widely recognized as a fundamental concept of Industry 4.0, their
implementation has posed several challenges insofar that they generate and process vast amounts of
security critical and privacy sensitive data, in addition to the fact that they deploy IoT heterogeneous and
constrained devices communicating with each other and being accessed ubiquitously through lossy
networks. In this scenario, the routing of data is a specific area of concern especially with the inherent
constraints and limiting properties of such devices like processing resources, memory capacity and battery
life. To suit these constraints and to provide the required connectivity, the IETF has developed several
standards, among them the RPL routing protocol for Low powerand Lossy Networks (LLNs). However, and
even though RPL provides support for integrity and confidentiality of messages, its security may be
compromised by several threats and attacks. We propose in this work TRM-RPL, a Trust based Routing
Metric for the RPL protocol in an IIoT based environments. TRM-RPL uses a trust management
mechanism to detect malicious behaviors and resist routing attacks while providing QoS guarantees. In
addition, our model addresses both node and link trust and follows a multidimensional approach to enable
an accurate trust assessment for IoT entities. TRM-RPL is implemented, successfully tested and compared
with the standard RPL protocol where its effectiveniness and resilience to attacks has been proved to be
better
Trustbased Routing Metric for RPL Routing Protocol in the Internet of Things.pijans
While smart factories are becoming widely recognized as a fundamental concept of Industry 4.0, their implementation has posed several challenges insofar that they generate and process vast amounts of security critical and privacy sensitive data, in addition to the fact that they deploy IoT heterogeneous and constrained devices communicating with each other and being accessed ubiquitously through lossy networks. In this scenario, the routing of data is a specific area of concern especially with the inherent constraints and limiting properties of such devices like processing resources, memory capacity and battery life. To suit these constraints and to provide the required connectivity, the IETF has developed several standards, among them the RPL routing protocol for Low powerand Lossy Networks (LLNs). However, and
even though RPL provides support for integrity and confidentiality of messages, its security may be compromised by several threats and attacks. We propose in this work TRM-RPL, a Trust based Routing Metric for the RPL protocol in an IIoT based environments. TRM-RPL uses a trust management mechanism to detect malicious behaviors and resist routing attacks while providing QoS guarantees. In addition, our model addresses both node and link trust and follows a multidimensional approach to enable an accurate trust assessment for IoT entities. TRM-RPL is implemented, successfully tested and compared with the standard RPL protocol where its effectiveniness and resilience to attacks has been proved to be better
TRUST BASED ROUTING METRIC FOR RPL ROUTING PROTOCOL IN THE INTERNET OF THINGSpijans
While smart factories are becoming widely recognized as a fundamental concept of Industry 4.0, their implementation has posed several challenges insofar that they generate and process vast amounts of security critical and privacy sensitive data, in addition to the fact that they deploy IoT heterogeneous and constrained devices communicating with each other and being accessed ubiquitously through lossy networks. In this scenario, the routing of data is a specific area of concern especially with the inherent constraints and limiting properties of such devices like processing resources, memory capacity and battery life. To suit these constraints and to provide the required connectivity, the IETF has developed several standards, among them the RPL routing protocol for Low powerand Lossy Networks (LLNs). However, and even though RPL provides support for integrity and confidentiality of messages, its security may be compromised by several threats and attacks. We propose in this work TRM-RPL, a Trust based Routing Metric for the RPL protocol in an IIoT based environments. TRM-RPL uses a trust management mechanism to detect malicious behaviors and resist routing attacks while providing QoS guarantees. In addition, our model addresses both node and link trust and follows a multidimensional approach to enable
an accurate trust assessment for IoT entities. TRM-RPL is implemented, successfully tested and compared with the standard RPL protocol where its effectiveniness and resilience to attacks has been proved to be better.
Multiple intrusion detection in RPL based networks IJECEIAES
Routing Protocol for Low Power and Lossy Networks based networks consists of large number of tiny sensor nodes with limited resources. These nodes are directly connected to the Internet through the border router. Hence these nodes are susceptible to different types of attacks. The possible attacks are rank attack, selective forwarding, worm hole and Denial of service attack. These attacks can be effectively identified by intrusion detection system model. The paper focuses on identification of multiple intrusions by considering the network size as 10, 40 and 100 nodes and adding 10%, 20% and 30% of malicious nodes to the considered network. Experiments are simulated using Cooja simulator on Contiki operating system. Behavior of the network is observed based on the percentage of inconsistency achieved, energy consumption, accuracy and false positive rate. Experimental results show that multiple intrusions can be detected effectively by machine learning techniques.
OPTIMIZING SMART THINGS ADDRESSING THROUGH THE ZIGBEE-BASED INTERNET OF THINGSIJCNCJournal
Devices are becoming increasingly interconnected; linked with each other and with humans. The internet
of things(IoT) concept is currently used in machine to machine (M2M) applications like power, gas, and oil
utilities transmission and transport. The most profound challenge that IoT faces is how to connect several
very different devices into a network of things. In this regard, the standard for sending information between
devices supporting IoT is called ZigBee, also known as the IEEE 802.15.4-2006 standard: ZigBee is
indispensable to the functioning of the IoT. In this paper, OPNET has been used to simulate two quite
differently scaled Wireless Sensor Network environments. The two environments had quite different ZigBee
topologies; thus, an analysis of the performance in regard to each topology could be made. We
propose,ZigBee as optional addressing method for smart-things making up the smart world which
facilitates the transmission and analysis of data automatically.
Congestion and Energy Aware Multipath Load Balancing Routing for LLNSIJCNCJournal
The Internet of Things (IoT) is presently in its golden era with its current technological evolution towards digital transformation. Low-power and Lossy Networks (LLNs) form the groundwork for IoT, where the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is designated by Internet Engineering Task Force as the benchmark protocol for routing. Although RPL, with its unique capabilities, has addressed many IoT routing requirements, Load balancing and Congestion control are the outliers. This paper builds on the RPL protocol and proposes a multipath Congestion and Energy Aware RPL (CEARPL) that alleviates the load balancing and congestion concerns associated with RPL and improves the network performance. For congestion avoidance, a Congestion and Energy Aware Objective Function (CEA-OF) is suggested during parent selection that considers multiple metrics like Child Count metric, Estimated Lifetime metric, and Queue Occupancy metric, to equally distribute the traffic in LLNs. The Queue Occupancy metric is used to detect congestion in the network, and a Multipath routing strategy is utilized to mitigate the congestion in the network. A comparison of the performance of CEA-RPL was made against the existing Objective Functions of RPL, OFO, and MRHOF, as well as COM-OF, utilizing Contiki OS 3.0's Cooja emulator. CEA-RPL projected superior results with power consumption lowering by 33%, end-to-end delay decreasing by 30%, queue loss ratio reducing by 49%, and packet receiving rate and network lifetime improving by 7% and 49%, on an average, respectively.
CONGESTION AND ENERGY AWARE MULTIPATH LOAD BALANCING ROUTING FOR LLNSIJCNCJournal
The Internet of Things (IoT) is presently in its golden era with its current technological evolution towards
digital transformation. Low-power and Lossy Networks (LLNs) form the groundwork for IoT, where the
IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is designated by Internet Engineering
Task Force as the benchmark protocol for routing. Although RPL, with its unique capabilities, has
addressed many IoT routing requirements, Load balancing and Congestion control are the outliers. This
paper builds on the RPL protocol and proposes a multipath Congestion and Energy Aware RPL (CEARPL)
that alleviates the load balancing and congestion concerns associated with RPL and improves the network
performance. For congestion avoidance, a Congestion and Energy Aware Objective Function (CEA-OF) is
suggested during parent selection that considers multiple metrics like Child Count metric, Estimated
Lifetime metric, and Queue Occupancy metric, to equally distribute the traffic in LLNs. The Queue
Occupancy metric is used to detect congestion in the network, and a Multipath routing strategy is utilized
to mitigate the congestion in the network. A comparison of the performance of CEA-RPL was made against
the existing Objective Functions of RPL, OFO, and MRHOF, as well as COM-OF, utilizing Contiki OS
3.0's Cooja emulator. CEA-RPL projected superior results with power consumption lowering by 33%, endto-end delay decreasing by 30%, queue loss ratio reducing by 49%, and packet receiving rate and network
lifetime improving by 7% and 49%, on an average, respectively.
AN EXPERIMENTAL STUDY OF IOT NETWORKS UNDER INTERNAL ROUTING ATTACKIJCNCJournal
Internet of Things (IoT) deployments mostly relies on the establishment of Low-Power and Lossy Networks (LLNs) among a large number of constraint devices. The Internet Engineering Task Force (IETF) provides an effective IPv6-based LLN routing protocol, namely the IPv6 Routing Protocol for Low Power and Lossy Network (RPL). RPL provides adequate protection against external security attacks but stays vulnerable to internal routing attacks such as a rank attack. Malicious RPL nodes can carry out a rank attack in different forms and cause serious network performance degradation. An experimental study of the impact of the decreased rank attack on the overall network performance is presented in this paper. In also besides, it is
important to understand the main influencing factors in this context. In this study, several some many network scenarios were considered with varying network sizes, attacker properties, and topological setups. The experimental results indicate a noticeable adverse effect of the rank attack on the average PDR, delay, ETX, and beacon interval. However, such impact was varied according to network size, attacker position,
attacker neighbor count, number of attack-affected nodes, and overall hops increase. The results give a practical reference to the overall performance of RPL networks under rank attacks.
An Experimental Study of IoT Networks Under Internal Routing AttackIJCNCJournal
Internet of Things (IoT) deployments mostly relies on the establishment of Low-Power and Lossy Networks (LLNs) among a large number of constraint devices. The Internet Engineering Task Force (IETF) provides an effective IPv6-based LLN routing protocol, namely the IPv6 Routing Protocol for Low Power and Lossy Network (RPL). RPL provides adequate protection against external security attacks but stays vulnerable to internal routing attacks such as a rank attack. Malicious RPL nodes can carry out a rank attack in different forms and cause serious network performance degradation. An experimental study of the impact of the decreased rank attack on the overall network performance is presented in this paper. In also besides, it is important to understand the main influencing factors in this context. In this study, several some many network scenarios were considered with varying network sizes, attacker properties, and topological setups. The experimental results indicate a noticeable adverse effect of the rank attack on the average PDR, delay, ETX, and beacon interval. However, such impact was varied according to network size, attacker position, attacker neighbor count, number of attack-affected nodes, and overall hops increase. The results give a practical reference to the overall performance of RPL networks under rank attacks.
A Review of Low Power Wide Area Technology in Licensed and Unlicensed Spectru...journalBEEI
There are many platforms in licensed and license free spectrum that support LPWA (low power wide area) technology in the current markets. However, lack of standardization of the different platforms can be a challenge for an interoperable IoT environment. Therefore understanding the features of each technology platform is essential to be able to differentiate how the technology can be matched to a specific IoT application profile. This paper provides an analysis of LPWA underlying technology in licensed and unlicensed spectrum by means of literature review and comparative assessment of Sigfox, LoRa, NB-IoT and LTE-M. We review their technical aspect and discussed the pros and cons in terms of their technical and other deployment features. General IoT application requirements is also presented and linked to the deployment factors to give an insight of how different applications profiles is associated to the right technology platform, thus provide a simple guideline on how to match a specific application profile with the best fit connectivity features.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Water billing management system project report.pdfKamal Acharya
Our project entitled “Water Billing Management System” aims is to generate Water bill with all the charges and penalty. Manual system that is employed is extremely laborious and quite inadequate. It only makes the process more difficult and hard.
The aim of our project is to develop a system that is meant to partially computerize the work performed in the Water Board like generating monthly Water bill, record of consuming unit of water, store record of the customer and previous unpaid record.
We used HTML/PHP as front end and MYSQL as back end for developing our project. HTML is primarily a visual design environment. We can create a android application by designing the form and that make up the user interface. Adding android application code to the form and the objects such as buttons and text boxes on them and adding any required support code in additional modular.
MySQL is free open source database that facilitates the effective management of the databases by connecting them to the software. It is a stable ,reliable and the powerful solution with the advanced features and advantages which are as follows: Data Security.MySQL is free open source database that facilitates the effective management of the databases by connecting them to the software.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
2. 2 International Journal of Distributed Sensor Networks
Internet IPv6/RPL connected 6LoWPAN
Thing
RPL DODAG
6BRStandard
computer
Secure end-to-end (E2E) communication
IPv6
Figure 1: An IoT setup that shows an interconnection of IPv6/RPL
connected things in a 6LoWPAN network and the Internet through
the 6LoWPAN Border Router (6BR).
networks [7]. In this paper we implement common routing
attacks in a 6LoWPAN network where nodes run the Contiki
OS [8], the RPL protocol (ContikiRPL [9]) for routing and
other novel IoT protocols and show how the RPL protocol
behaves in the presence of a particular routing attack.
To counter attacks in a network, Intrusion Detection
Systems (IDSs) are used. An IDS analyzes the activities in
the network and tries to detect malicious behavior and/or
intruders that are trying to disrupt the network. To this end,
we investigate the novel IoT protocols/technologies such as
CoAP [10], RPL [1], and 6LoWPAN [2] and discuss their
strengths and weaknesses which can be exploited by security
providers or attackers. Finally, we highlight the new features
in the IPv6 protocol that can be used by IDSs or by attackers.
To exemplify the use of novel IPv6 security features for
intrusion detection we propose and implement a lightweight
heartbeat protocol that protects the IoT against selective-
forwarding attacks.
The main contributions of this paper are the following.
(i) We investigate how novel features of IoT technologies
can be exploited by attackers or IDSs.
(ii) We implement and demonstrate attacks against
6LoWPAN networks running IoT protocols, and we
show the effectiveness of well-known routing attacks
against RPL and how RPL’s self-healing mechanisms
protect against some of these attacks.
(iii) We also highlight new security features in the IPv6
protocol and provide a lightweight heartbeat protocol
to exemplify that these novel features can be exploited
for intrusion detection and mitigation of attacks.
Section 2 discusses IoT technologies with relation to
intrusion detection. Section 3 demonstrates attacks against
RPL. In Section 4 we discuss IDS in the IoT where we present
a heartbeat protocol for the IoT. Finally, Section 5 concludes
the paper.
2. IoT Technologies and IDS
In this section we discuss RPL, other IoT technologies,
and the novel features in the IoT technologies that can be
exploited either by attacks to disrupt networks or by the IDSs
to defend against intrusions.
2.1. Internet of Things (IoT). The Internet of Things (IoT) or
strictly speaking the IP-connected IoT is a heterogeneous
network that consists of the conventional Internet and net-
works of constrained devices connected together using IP
protocol. The networks of constrained devices in the IoT,
called 6LoWPAN networks or an IP-connected WSN, are
connected to the conventional Internet using 6LoWPAN
Border Routers (6BR). Figure 1 shows the interconnection
of things in a 6LoWPAN network with the Internet using
the 6BR. Things in the IoT are uniquely identifiable objects
that sense the physical environment and/or the host devices
and communicate this data to the Internet. An IoT device (a
thing) can be a light bulb, a thermostat, an home appliance,
an inventory item, a smartphone, a personal computer, or
potentially anything. IPv6 with its potentially unlimited
address space can connect billion or even trillion of these
devices with the IoT.
The fact that the devices in the IoT are extremely het-
erogeneous and many of them are resource constrained and
are globally connected makes it much more challenging to
secure the IoT. The constrained devices in the IoT especially
are prone to attacks from the Internet and also from the
wireless devices within 6LoWPAN networks. The available
IDSs for the Internet and/or for the WSNs may not be
suitable to protect IoT devices because they are either too
heavyweight for the constrained device or they were not
developed in the context of the IoT. Therefore, uncovering the
novel requirements of the IoT and providing an IDS for the
IoT are worth investigating.
2.2. 6LoWPAN. IPv6 over Low-Power Wireless Personal
Area Network [2] (6LoWPAN) is a low cost and low-
power communication network which connects resource-
constrained wireless devices, typically wireless sensors or
actuators, using compressed Internet Protocol version 6
(IPv6). It defines IPv6 header compression [11] and specifies
how packets are routed in wireless networks that use the
IEEE 802.15.4 protocol at the link and physical layer. It also
defines fragmentation [11] of IPv6 datagrams when the size
of the datagram is more than the IEEE 802.15.4 Maximum
Transmission Unit (MTU) of 127 bytes.
6LoWPAN networks support multihop communication
where nodes can forward packets on behalf of other nodes.
Energy is one of the scarce resources in 6LoWPAN networks,
and usually most of the energy is consumed on idle listening;
therefore, 6LoWPAN networks are usually duty cycled mean-
ing that the radio is turned off most of the time and is turned
on only for a very short time for listening.
Due to global IP connectivity, 6LoWPAN networks are
vulnerable to most of the available attacks against WSNs [12]
plus attacks originating from the Internet. Due to the wireless
medium and usually unattended deployments, it is easier to
compromise 6LoWPAN devices than typical hosts on the
Internet. This gives rise to new threats against the core Inter-
net as the compromised 6LoWPAN devices become sources
3. International Journal of Distributed Sensor Networks 3
of attacks against conventional Internet hosts. An IDS for
6LoWPAN networks should consider these vulnerabilities.
Also, it is important to consider the capabilities of 6LoWPAN
devices when designing an IDS.
2.3. CoAP/CoAPs. Due to low-power and lossy links, it is
hard to maintain a continuous connection between devices
in a 6LoWPAN network. Hence, the connection-less User
Datagram Protocol (UDP) is mostly used as the transport
layer in 6LoWPAN networks. Further, since connection-
oriented web protocols such as HTTP or HTTPs are designed
to be used over TCP, a new protocol, the Constrained
Application Protocol (CoAP) [10], is being standardized for
the IoT. The secure version of CoAP is CoAPs that uses DTLS
to protect CoAP messages between two applications in the
IoT.
Unlike typical WSNs that have no web protocol, 6LoW-
PAN networks may use CoAP or CoAPs. Reliability in the
CoAP protocol is achieved through the use of confirmable
messages. An IDS for the IoT can utilize these built-in reli-
ability and security mechanisms in CoAP/CoAPs to protect
IoT devices against many known and potential attacks. For
example, a well-known attack in the WSN and hence in
6LoWPAN is the HELLO flood [12] that can be detected
using reliability mechanisms in the CoAP protocol where
devices can check the bidirectionality of paths through CoAP
acknowledgments.
2.4. RPL. The IPv6 Routing Protocol for Low-Power and
Lossy Networks (RPL) [1] is a standardized routing pro-
tocol for the IoT. RPL is primarily used in a 6LoWPAN
network. RPL creates a destination-oriented directed acyclic
graph (DODAG) between the nodes in a 6LoWPAN. It
supports unidirectional traffic towards a DODAG root and
bidirectional traffic between 6LoWPAN devices and between
devices and the DODAG root (typically the 6BR). There may
exist multiple global RPL instances for a single 6LoWPAN
network, and a local RPL DODAG can be created among
a set of nodes inside a global DODAG. In Figure 2 an RPL
DODAG is shown where each node has a node ID (an IPv6
address), a list of neighbors, and a parent node. Each node
in a DODAG has a rank that indicates the position of a
node relative to other nodes and with respect to the DODAG
root. Ranks strictly decrease in the up direction towards the
DODAG root and strictly increase from the DODAG root
towards nodes.
In order to support downward routing either source rout-
ing (RPL nonstoring mode) or stateful in-network routing
tables (RPL storing mode) are used. Source routing means
each packet contains the route the packet is supposed to take
through the network. This requires that the DODAG root
keeps the information about each node in the network. In a
nonstoring mode, all forwarding nodes in an RPL DODAG
must maintain in-network routing tables to know where to
send packets; in-network routing tables differentiate between
the packets heading upwards and the packets traveling down-
wards in the network. For both modes described previously
aaaa::1
aaaa::2
aaaa::5
aaaa::3
aaaa::4
aaaa::7
aaaa::6 aaaa::8
Figure 2: A sample RPL DODAG where each node has a unique
IPv6 address.
the RPL DODAG root maintains a complete list of nodes to
support downward traffic.
RPL enables each node in the network to determine
whether packets are to be forwarded upwards to their parents
or downwards to their children. Typically, as in the case in
ContikiRPL [9] that we use to demonstrate attacks in this
paper, the simplest way a node can determine the direction
of a packet is to know all its descendants which determines
the route towards leaf nodes and consider up direction as the
default route of a packet. In RPL storing mode, in-network
routing tables are used to separate packets heading upwards
and the packets heading downwards in the network.
The RPL protocol provides new ICMPv6 control mes-
sages to exchange routing graph information. RPL DODAG
Information Objects (DIO) are used to advertise informa-
tion that are used to build the RPL DODAG. Destination
Advertisement Object (DAO) messages are used to advertise
information required to support downward traffic towards
leaf nodes. Each child node upon joining sends a DAO mes-
sage to its parents; also, parent nodes can explicitly poll the
sub-DODAG for DAO messages using DIO messages. Nodes
may use DODAG Information Solicitation (DIS) messages
to request graph related information from the neighboring
nodes.
The RPL protocol could be vulnerable to the routing
attacks demonstrated against WSNs [12] and also to the
attacks against the IoT [7]; therefore it is worth investigating
the routing attacks against RPL, inherent protection mecha-
nisms in RPL, and new intrusion detection mechanisms for
RPL-based networks. We discuss attacks in RPL networks in
Section 3.
Self-Healing in RPL. RPL has global and local repair mecha-
nisms that can come into action if there is a routing topology
failure, a link failure, or a node failure. On a node (parent) or
a link failure a local repair mechanism tries to select a new
4. 4 International Journal of Distributed Sensor Networks
Compatibility
with any network
Hop-by-hop security
802.15.4
Link
Any
Internet
Any
Transport
Any
Application
(a) Link-layer security
Compatibility
with IP
End-to-end security
802.15.4
Link
IP + IPsec
Internet
Any
Transport
Any
Application
(b) Internet-layer security
Compatibility
with UDP-based
applications
Application-
to-application
security
802.15.4
Link
IP
Internet
UDP + DTLS
Transport
Any
Application
(c) Transport-layer security
Figure 3: Communications can be secured at different layers of the protocol stack, and each solution has its own pros and cons and has its
own scope and level of interoperability.
parent or path. If there are more local failures, RPL performs
a complementary global repair where the whole DODAG
is rebuilt. The RPL protocol uses the link-layer metric as
a parameter in the calculation of a default route. The path
is assumed to be good if link-layer acknowledgements are
received on it.
RPL also uses a trickle timer to handle inconsistencies
in the RPL DODAG. When an RPL network is stable, the
trickle timer interval is large. However, upon detection of
inconsistencies, the trickle timer is reset, and more DIO
messages are sent (by the nodes) in the vicinity of nodes
that are subjected to inconsistencies. The following events are
considered as inconsistencies in the RPL:
(i) when routing loops are detected;
(ii) when a node joins a DODAG;
(iii) when a node moves within a network and changes
rank.
2.5. Message Security for the IoT. Security is one of the main
requirements in real world deployments of the IoT. Security
can be provided on per hop basis between two neighboring
devices in 6LoWPANs, and/or it can be provided end to
end (E2E) between source and destination nodes. Per hop
security is important to grant access to the wireless medium
and to detect message integrity violations as early as possible
to hinder constrained resource depletion. Message security in
the IoT can be enabled at different layers in the stack using
standardized mechanisms; security at the data-link layer
using standardized IEEE 802.15.4 security protects messages
on a per hop basis but works with any networking and
communication protocol at the upper layer. In addition to
the actual messages it can protect the data-link layer and
upper layer headers as well. Previously, we have implemented
and evaluated IEEE 802.15.4 data-link layer security in the
6LoWPAN [6]. RPL also provides per hop security between
two neighboring nodes which protects the RPL messages.
Security at the routing layer (i.e., at the RPL layer) is not
needed if link layer security (i.e., per hop security) is enabled.
Also, it is more secure to provide security at the link layer
because it can protect the integrity of the link-layer and
upper layers (that include RPL) as well and can even encrypt
the 6LoWPAN layer and upper layer headers and payloads
including the RPL messages.
Security at the IP layer using standardized IPsec is E2E
between two hosts on the Internet and works with both
TCP and UDP protocols. We have previously provided
lightweight 6LoWPAN compressed IPsec for the IoT [3].
Transport/session layer security protects messages between
two applications on an E2E basis but only works with one
of the transport protocol such as TCP or UDP. In the IoT,
UDP is mostly used, and hence standardized Datagram TLS
(DTLS) can be used. Earlier, we have provided 6LoWPAN
header compression for DTLS [5] to make it lightweight for
the constrained devices in the IoT.
Despite message security with any of the previous mecha-
nisms, IoT devices are still vulnerable to network disruptions,
such as DoS attacks. An IDS for the IoT should consider
and/or utilize the standardized message security technologies
discussed previously. Figure 3 summarizes the pros and cons
of providing security at different layers.
2.6. Intrusion Detection Systems. An Intrusion Detection
System (IDS) analyzes activities or processes in a network or
in a device and detects attacks, reports them, and/or mitigates
the harmful effect of the detected attacks. Due to the diversity
of attacks and the unpredictable behavior of novel attacks,
IDSs are subjected to false positives (to raise an alarm when
there is no attack) and false negatives (not raising an alarm
when there is an attack). Generally, there are two categories
of IDSs: signature based and anomaly based. Signature based
detections compare the current activities in a network or in
a device against predefined and stored attack patterns called
signatures. This approach cannot detect new attacks, needs
specific knowledge of each attack, has a significant storage
cost that grows with the number of attacks, and has a high
false negative but low false positive rate. Anomaly based
detections determine the ordinary behavior of a network or a
device, use it as a baseline, and detect anomalies when there
are deviations from the baseline. This approach can detect
new attacks but has comparatively high false positive and false
negative rates because it may raise false alarms and/or cannot
detect attack when attacks only show small deviations from
the baseline.
5. International Journal of Distributed Sensor Networks 5
Table 1: The IoT technologies at different layers with example open source implementations in the Contiki operating system.
OSI layer IoT technology Contiki impl.
Application CoAP, CoAPs Erbium [16]
Session DTLS TinyDTLS [http://tinydtls.sourceforge.net]
Transport UDP 𝜇IP [17]
Network
IPv6, RPL, IPsec 𝜇IP [17], ContikiRPL [9], and IPsec in Contiki [6]
6LoWPAN SICSLoWPAN [8]
Data link 802.15.4 MAC ContikiMAC [18]
Physical 802.15.4 PHY Contiki 802.15.4 [8]
An IDS for 6LoWPAN networks requires a trade-off
between the storage cost of the signature based detection
and the computing cost of the anomaly based techniques,
should counter attackers from the conventional Internet,
and should consider that the attackers in a 6LoWPAN can
harm both the 6LoWPAN network and the Internet. We
propose to complement an IDS for the IoT with a firewall
that can be typically placed in the 6BR. Unlike a typical one-
way firewall, a firewall for the IoT should block malicious
activities and allow benign activities from the Internet to
6LoWPAN networks, and vice versa. In our previous work
we have developed a real-time intrusion detection system in
the context of the IoT [13].
3. Attacks against RPL
In this section we investigate the protection capabilities of
the RPL protocol against the well-known security attacks
presented for WSNs. We experimentally study if the RPL
protocol can counter these attacks and/or mitigate their
impact.
Attack Implementation. We implement well-known routing
attacks in a 6LoWPAN network where nodes run the Contiki
OS [8], a well-known operating system for the IoT. Contiki
has an implementation of RPL, ContikiRPL [9]. We make use
of the RPL implementation in the Contiki OS to implement
attacks. ContikiRPL storing mode uses in-network routing
where nodes keep track of all descendants. To provide IP
communication in 6LoWPAN we utilize 𝜇IP, an IP stack
in the Contiki OS. We demonstrate attacks against a sim-
ulated RPL network using the Cooja simulator [14]. In our
simulations we use emulated Tmote Sky nodes [15] running
ContikiRPL.
In Table 1 we highlight the standardized IoT technologies
at different layers of the protocol stack that are expected to
be used in most of the IoT deployments that rely on inter-
operability among different vendors. We also mentioned the
corresponding open source implementations (ContikiMAC
is not a true implementation of the 802.15.4 MAC) of these
IoT technologies in the Contiki OS which we use in this paper
to demonstrate attacks against the RPL protocol.
3.1. Selective-Forwarding Attacks. With selective-forwarding
attacks [12] it is possible to launch DoS attacks where
malicious nodes selectively forward packets. This attack is
primarily targeted to disrupt routing paths; however, it can
be use to filter any protocol. For example, an attacker could
forward all RPL control messages and drop the rest of the
traffic. This attack has severer consequences when coupled
with other attacks, for example, sinkhole attacks.
One of the solutions to guard against selective-forwarding
attacks is to create disjoint paths between the source and
the destination nodes. However, it is quite hard to create
network-wide completely disjoint paths. To counter selective-
forwarding attacks, nodes in the RPL may dynamically select
the paths to parents/children; as there may be multiple parent
or child nodes in the RPL DODAG with almost the same link
quality. Also, RPL supports source routing, though not widely
implemented, that can be used by an IDS for the IoT to verify
path availability in the DODAG.
It is generally very difficult to defend against all selective-
forwarding attacks. One can, however, defend against many
with the use of encryption and analysis of application level
traffic. That is to detect if any application traffic is lost and
report such losses to the underlying RPL system in order
to improve path quality. Another effective countermeasure
against selective-forwarding attacks is to make sure the
attacker cannot distinguish between different types of traffic,
thus forcing the attacker to either forward all traffic or none.
In IPv6, ICMPv6 messages are protected by IPsec; hence
IPsec can be used to secure the RPL control messages DIO,
DAO, and DIS.
3.1.1. Implementing Selective-Forwarding Attacks against RPL.
In our implementation of the selective-forwarding attacks we
let the malicious node drop all packets except RPL packets.
As specified in Algorithm 1, we check in the malicious node
running Contiki OS and ContikiRPL that if the received
packet is not destined to the malicious node and is not an
RPL packet, it is dropped. Our selective-forwarding attack
allows for RPL to function normally, but any application data
is lost. We simulate this attack in Cooja, and through serial
output from the nodes we can verify that the application
data is in fact lost from children to the attacker. We run the
simulation for 24 hours to allow RPL self-healing and self-
management mechanisms to correct this malicious behavior;
however, we could see through the output of the malicious
node and its parent node that the attack is still active. This
means the malicious node still drops all packets except
of RPL messages, which shows that, even after running
simulation for 24 hours, the RPL self-healing mechanisms
6. 6 International Journal of Distributed Sensor Networks
Require: Packet—The IPv6 packet received
Require: OwnIP—The IPv6 address of this node
if Packet.protocol ̸= RPL and Packet.destination ̸= OwnIP then
Drop packet
end if
Algorithm 1: Selective-forwarding attacks in RPL.
cannot self-correct the network. Therefore, an IDS for the IoT
running RPL in 6LoWPAN networks should actively provide
countermeasures to detect selective-forwarding attacks.
3.2. Sinkhole Attacks. In sinkhole attacks [12] a malicious
node advertises an artificial beneficial routing path and
attracts many nearby nodes to route traffic through it. This
attack in itself does not necessarily disrupt the network
operation; however when coupled with another attack, it
can become very powerful. Ngai et al. present an IDS
[19] against sinkhole attacks. Their approach requires two-
way communication with the nodes and encryption of the
messages. RPL already uses IP and has standardized ways to
provide bidirectional communication; E2E message security
is enforced using IPsec which is mandatory in IPv6.
Routing protocols that do not use metrics provided by
neighboring nodes are immune to sinkhole attacks, as there
is nothing for the attacker to spoof. For example, this is the
case with preprogrammed routes. The RPL protocol provides
several mechanisms to nodes in the DODAG to determine
which node to use as its default route. One of them is
rank, which is calculated and transmitted by the neighboring
nodes, though based on the relative position of nodes from
the DODAG root. An attacker can launch a sinkhole by
advertising a better rank thus attracting nodes down in the
DODAG to select it as parent. RPL, however, uses the link-
layer quality to calculate routes which makes sinkhole attack
less effective in RPL-based networks.
If the geographical locations of the nodes in the RPL
DODAG are known, the effect of sinkhole attacks can be
mitigated by using flow control and making sure that the
messages are traveling towards the actual destination. RPL
also supports multiple DODAG instances which provides
alternative routes to the DODAG root. A potential IDS for the
IoT could be hosted in the 6BR and can utilize information
from multiple DODAGs to detect sinkhole attacks.
3.2.1. Implementing Sinkhole Attacks against RPL. We imple-
ment a sinkhole attack in a Cooja simulated RPL network
by simply changing the advertised rank when sending RPL
control messages, specifically the DIO messages. Any delay
normally used to reduce network congestion is also removed
in order to allow our malicious node to be the first node
to advertise such a beneficial route. Figure 4 shows that the
sinkhole attack is very effective against an ordinary RPL
network and causes a lot of traffic to get routed through
the attacker. Figure 4 shows node number 26 performing a
sinkhole attack. Most of the nodes down in the DODAG
232221
25
20
24
19
15 16 17
12 13
26
11
10
14
9
5
2
6
3
1
4
7 8
18
Figure 4: Screenshot of a simulated RPL network with sinkhole
attack, running actually implemented IoT technologies, shows that
RPL is effected by sinkhole attacks.
select it as their parent. We run this simulation for 24 hours to
let RPL DODAG correct itself against the malicious behavior;
however, we see no noticeable changes in the network state,
and the sinkhole attack is still effective, except that the nodes
with bad links to node 26 choose different parents.
3.3. HELLO Flood Attacks. The HELLO message refers to
the initial message a node sends when joining a network. By
broadcasting a “HELLO” message with strong signal power
and a favorable routing metric, an attacker can introduce
himself as a neighbor to many nodes, possibly the entire
network; however, in some of the nodes in the attacker’s
vicinity, when trying to join the attacker, their messages may
get lost because the attacker might be out of range.
In RPL, DIO messages that are used to advertise infor-
mation about DODAGs to new nodes can potentially be used
to launch a HELLO flood attack. If secure DIO messages are
used for advertisements or link-layer security is enabled, the
attacker has to compromise a node in order to perform this
attack.
Karlof and Wagner suggest a simple solution to this attack
where for each HELLO message the link is checked to be
bidirectional [12]. This solution is similar to what is already
available in the RPL protocol where it uses the link-layer
metric as a parameter in the calculation of the default route.
If no link-layer acknowledgements are received, the path is
assumed to be bad, and a different route is chosen.
7. International Journal of Distributed Sensor Networks 7
1317
21
3
19
8 6
14
16
2
9
23
20
12
5
15
11 18
4
25 24
1
10
26
227
(a) RPL network with HELLO flood attack at the start of simulation
2
9
17 13
16
14
68
1
25 24
19
3
26
10
4
11
15
5
18
20
12
21
23
227
(b) RPL network with HELLO flood attack after 10 minutes of simulation
Figure 5: Cooja screenshot of an RPL network running actually implemented IoT technologies shows that RPL self-healing mechanisms
overcome HELLO flood attack without any designated IDS.
If geographical locations of the nodes in the RPL DODAG
are known, all packets received from a node that is far beyond
the transmission capabilities of ordinary network nodes
could be discarded to mitigate HELLO flood attacks. The self-
healing mechanisms in the RPL, discussed in Section 2.4, may
overcome this attack by trying another parent.
3.3.1. Implementing HELLO Flood Attacks against RPL. We
implement a HELLO flood attack against an RPL network
and let the RPL self-healing mechanism counter the attack.
Using the Cooja simulator we alter the connectivity between
the simulated nodes in the RPL network. We thus simulate
a HELLO flood by letting a malicious node have the ability
to send data to all other nodes in the network; however
only nodes physically close to the attacker have the ability
to respond. In order to increase the efficiency of the HELLO
flood attack we combine it with a sinkhole attack, described
in Section 3.2.
At first the HELLO flood attack interrupts the network
as almost all nodes in the network choose the attacker (node
26) as its default route, as shown in Figure 5(a). However,
nodes soon realize that the attacker is in fact not a valid route,
and choose a different default route. We show in Figure 5(b)
that the state of the network changes using RPL inherent
mechanisms, and the HELLO flood attack is automatically
mitigated within 10 minutes of its launch. However, nodes 3,
10, 19, and 21 are still connected through the malicious node
26 which shows that the sinkhole attack is not fully eliminated.
3.4. Wormhole Attacks. A wormhole is an out of band
connection between two nodes using wired or wireless links.
Wormholes can be used to forward packets faster than via
normal paths. A wormhole in itself is not necessarily a
breach security; for example, a wormhole can be used to
forward mission critical messages where high throughput is
important, and the rest of the traffic follows the normal path.
However, a wormhole created by an attacker and combined
with another attacks, such as sinkhole, is a serious security
threat.
As we discussed in Section 4.1, an IDS for the IoT could
place processing intensive modules and a firewall in the 6BR.
An attacker can create a wormhole between a compromised
constrained node in a 6LoWPAN network and a typical
device on the Internet and can bypass the 6BR. Such a
wormhole can become a very serious security breach and
is very hard to detect especially when the wormhole is
systematically switched on and off. Ways to prevent or at least
detect such a wormhole in the IoT are a research challenge
that needs to be addressed.
It is comparatively easy to detect wormholes created
within an RPL DODAG. One approach is to use separate link-
layer keys for different segments of the network. This can
counteract the wormhole attack as no communication will
be possible between nodes in two separate segments. Also,
by binding geographic information to the neighborhoods it
is possible to overcome a wormhole [20]. As wormholes are
usually coupled with other attacks, detecting the other attack
and removing/avoiding the malicious node will ultimately
overcome wormhole attacks.
3.4.1. Implementing Wormhole Attacks against RPL. We simu-
late a wormhole attack by using the network simulator Cooja
and set up a physical medium where two nodes on opposite
sides of the network have a very good connection. As nodes 2
and 25, shown in Figure 6, are subjected to a wormhole attack,
they form a high quality route, and the neighboring nodes
connect through the malicious nodes 2 and 5. We run this
8. 8 International Journal of Distributed Sensor Networks
22 2
13
16
14
68
1
4
25
11 18
15
5
7
20
12
10
24
19
3
21
17
23
9
Figure 6: Screenshot of the simulated RPL network, running
actually implemented IoT technologies, shows that RPL is effected
by wormhole attacks.
simulation for 24 hours to allow RPL inherent mechanisms
to self-heal the RPL DODAG. However, the network state
has shown that the attack is still there after 24 hours which
means that RPL does not provide any specific mechanisms to
counter wormhole attacks.
3.5. Clone ID and Sybil Attacks. In a clone ID attack, an
attacker copies the identities of a valid node onto another
physical node. This can, for example, be used in order to gain
access to a larger part of the network or in order to overcome
voting schemes. In a sybil attack, which is similar to a clone
ID attack, an attacker uses several logical entities on the same
physical node. Sybil attacks can be used to take control over
large parts of a network without deploying physical nodes.
By keeping track of the number of instances of each
identity it is possible to detect cloned identities. It would
also be possible to detect cloned identities by knowing the
geographical location of the nodes, as no identity should be
able to be at several places at the same time. The location
of nodes or similar information could be stored either
centralized in the 6BR or distributed throughout the network
in a distributed hash table (DHT) [21].
In an IP/RPL network cloned identities will cause trouble
when packets are heading to one of the cloned identities.
Packets will be forwarded to one of the cloned identities
based on the routing metrics in the network, and the rest of
the cloned identities will be unreachable from certain nodes
in the network. This however does not affect the network
otherwise, and therefore cloned identities on their own cause
no harm on a 6LoWPAN network.
3.5.1. Implementing Clone ID Attacks against RPL. Using the
Cooja network simulator we simulate cloned identities by
disabling the multiple-id check in the simulator and simply
add several nodes with the same ID. In our Cooja simulated
IPv6 network running RPL the cloned identities have the
same IP address.
Simulations show that there are no inherent mechanisms
in RPL to counter cloned identities. In Figure 7 the cloned
identities are indicated in purple and have ID 26. The paths
shown with blue arrows represent the downward path. The
downward paths from the cloned identities are visualized
correct as Cooja nodes in such cases are aware of the source
node. However, all nodes which have chosen one of the
cloned nodes as their parent will all have their upwards route,
the black arrows, pointing towards the leftmost cloned node.
RPL is also subject to alteration and spoofing routing
attacks. In RPL a malicious node can send modified rank
information to the neighboring nodes. It can also send
modified or spoofed DIS, DIO, and DAO messages if RPL
security is disabled which is the typical case. The 6LoWPAN
networks can also suffer from traffic analysis that in itself is
not disrupting, but the information obtained from analyzing
the traffic could be used to launch other sophisticated attacks.
Typically, IPsec in tunnel mode or traffic randomization
with extra generated traffic is used to counter these attacks.
However, the constrained nature of the IoT devices precludes
the applicability of these countermeasures. Usually attacks are
not performed in isolation and are combined to get more
gains. An IDS for the IoT should consider different possible
combinations of these attacks and device solutions to protect
network against multiple attacks.
4. IDS and the IoT
In this section we present a placement of an IDS in a novel IoT
setup and propose a mechanism to eliminate malicious nodes
in the RPL network. We also discuss intrusion detection
capabilities of IPv6 through the heartbeat protocol.
4.1. Placement of an IDS in the IoT. Unlike typical WSN that
assume no constant connectivity with the sink node, in the
IoT the sink node (the 6BR) is assumed to be always available
and is not the end point of communication, but rather things
are globally recognizable. This novel architecture, as shown
in Figure 1, based on standardized protocol such as RPL and
6LoWPAN, gives us more flexibility in the placement of IDSs.
An IDS for the IoT can better utilize this architec-
ture and place processing intensive IDS modules, such as
anomaly based detections, in the 6BR, and the correspond-
ing lightweight modules, such as rule or signature based
detections, in the constrained sensor nodes. As already
discussed, the 6BR has more capacities than a typical
resource-constrained sensor node. Any such distributed
architecture, however, requires a trade-off between the local
storage/processing and network communication. Placement
of IDS modules in constrained devices will require more
storage and processing capabilities; however, these devices
have limited resources. On the other hand, a placement of an
IDS in the 6BR requires a fresh state of the network, which
ultimately incurs more communication overhead between
sensors and the 6BR. In LLNs, sending and receiving bits
9. International Journal of Distributed Sensor Networks 9
Require: Hosts—A list of hosts in the RPL DODAG
Require: Responses—A list of ICMPv6 Echo
Replies from the previous iteration of this algorithm
for Host in Hosts do
ICMP.sendEchoRequest(Host)
end for
for Respons in Responses do
Hosts.remove(Respons.source)
end for
for Host in Hosts do
Alarm.raise(“Host is offline or filetered”, Host)
end for
Algorithm 2: Lightweight heartbeat.
11 12
26
25
20
15
14
19
24
9
26
5
2
1
3
6
10
26
7
4
8
13
18
2322
17
21
16
Figure 7: Screenshot of the simulated RPL network, running actu-
ally implemented IoT technologies, visualizes the cloned identities
and shows that RPL is effected by clone ID attacks.
are more power consuming than local processing. Hence it is
worth evaluating an IDS approach in both the centralized and
distributed placements to better understand its applicability
in the IP-connected LLNs. IDS modules in the 6BR have the
additional advantage that they can stop intrusion attempts
from the Internet. Also, they can block intrusion attempts
from inside LLNs against critical infrastructure on the Inter-
net. This is useful since it is easier to physically access and
compromise wireless nodes than typical Internet hosts.
4.2. Eliminating Malicious Nodes from RPL. Once nodes are
detected as malicious it is important to eliminate these nodes
from the network. The simplest approach to avoid a fake node
is to ignore it which requires identification. In the IoT, both
IP addresses and MAC addresses are vulnerable and can be
easily spoofed. One possible way to ignore malicious nodes
is to use either a whitelist or a blacklist. A whitelist contains
all legitimate nodes, whereas a blacklist would include all
malicious nodes. On one hand maintaining a whitelist is
easier; on the other hand it is not very scalable. Considering
that there will be limited devices under one 6BR or in a single
RPL DODAG we propose to use a whitelist as it is easy to be
managed in the presence of many attackers. However, there
can be potentially thousands of devices in an RPL network. In
such large networks blacklists are easier to manage. In either
way it is important that an attacker should not be able to
obtain another valid identity since that would enable sybil or
clone ID attacks [12].
4.3. Intrusion Detection and IPv6. Compared to IPv4 that is
mostly used in the Internet today and is well tested, IPv6
is a new protocol and is not yet widely deployed. IPv6 also
provides some novel features that can be exploited by both the
security provider and the attacker. For example, the flow label
field in IPv6 is not protected by IPsec E2E security. Unlike in
IPv4, IPsec is mandatory in IPv6. Further, in IPv6 ICMPv6
is protected by IPsec. In this section we use IPsec protected
ICMPv6 echo messages and provide a lightweight solution to
defend against selective-forwarding attacks in the IoT that are
otherwise difficult to detect.
Lightweight Heartbeat. For a 6LoWPAN network, for running
RPL or any other IPv6 based routing scheme, we can use
a simple heartbeat. Our heartbeat protocol is described in
Algorithm 2. In this algorithm, we simply send an ICMPv6
echo request from the 6BR to each node and expect a
response. We will notice if traffic is being filtered to and/or
from that node if we do not receive an ICMPv6 echo
reply. We do this with regular intervals, called heartbeats,
to have an up-to-date picture of the state of the network.
ICMPv6 echo/reply mechanisms are widely available in IPv6
networks; hence it is not required that the nodes should be
reprogrammed to support ICMPv6. For example, in many
Contiki OS configurations it is enabled by default.
The heartbeat protocol will work with its full potential if
IPsec with ESP [22] is used. Without IPsec, this method will
only be able to detect the simplest attacks if there are faults in
the networks for other reasons, for example, a broken node.
This is because without IPsec, it is possible for an attacker to
simply choose not filter ICMPv6 packets and therefore avoid
being detected by this technique. The lightweight heartbeat in
an IPsec enabled network would be able to detect selective-
forwarding attacks as there is no way to distinguish between
ICMPv6 traffic and normal traffic as everything after the IPv6
10. 10 International Journal of Distributed Sensor Networks
Table 2: Energy and power usage of one node in an RPL network
for one heartbeat compared with RPL only (no heartbeat).
Overhead Energy (mJ) Power (mW)
RPL only 202.6 1.702
RPL and heartbeat 225.3 1.893
Heartbeat only 22.7 0.191
ESP extension header is encrypted, including the ICMPv6
extension header [23]. The heartbeat concept can be extended
to potentially detect many attacks, for example, jamming
or physically damaging nodes, since the nodes would stop
responding to ICMPv6 requests.
As a proof-of-concept we implement the heartbeat pro-
tocol in a 6LoWPAN network running ContikiRPL and
other IoT technologies shown in Table 1. We measured the
ROM/RAM and energy overhead of the heartbeat protocol.
No additional ROM or RAM is used in the constrained nodes
as ICMPv6 is already available in most of the IPv6 imple-
mentations including the 𝜇IP in the Contiki OS. However,
each constrained node in the 6LoWPAN network consumes
0.1158 mJ of additional energy to process a single ICMPv6
message. The heartbeat protocol has a little ROM/RAM
overhead in the 6BR that sends ICMPv6 messages to the
nodes in the 6LoWPAN; however, in the IoT the 6BR is not
assumed to be a constrained device.
We also evaluate the network-wide energy overhead of
our lightweight heartbeat where the 6BR sends ICMPv6 echo
requests to all nodes, and each node handles its ICMPv6 reply
and routes replies on behalf of other nodes. In this experiment
the RPL DODAG consists of 16 emulated Tmote Sky nodes.
Total energy and power usage by a single node (on average)
for one ICMPv6 message from the 6BR to all nodes are shown
in Table 2.
An IDS for the IoT should take into account the other
unexplored IPv6 features to protect the IoT devices against
potential malicious activities. We plan to explore this in the
future.
5. Conclusion
In this paper we have reviewed novel IoT protocols and
highlighted their strengths and weaknesses that can be
exploited by the IDSs. We have shown that, while the RPL
protocol is vulnerable to different routing attacks, it has
inherent mechanisms to counter HELLO flood attacks and
mitigate the effects of sinkhole attacks. An IDS for the IoT can
be complemented with the novel security mechanisms in the
IPv6 protocol; for example, our heartbeat protocol can defend
against selective-forwarding attacks.
The aim of this paper is to highlight the importance of
security in the RPL-based IoT and to provide grounds to the
future researchers who plan to design and implement IDSs
for the IoT.
Acknowledgments
This work was financed by the SICS Center for Networked
Systems (CNS), SSF through the Promos Project, and
Connect All IP-based Smart Objects (CALIPSO), funded by
the European Commission under FP7 with Contract no. FP7-
ICT-2011.1.3-288879.
References
[1] T. Winter, P. Thubert, A. Brandt et al., “RPL: IPv6 routing
protocol for low-power and lossynetworks,” RFC 6550, March
2012.
[2] N. Kushalnagar, G. Montenegro, and C. Schumacher, “IPv6
over low-power wireless personalArea networks (6LoWPANs):
overview, assumptions, problem statement, and goals,” RFC
4919, 2007.
[3] S. Raza, S. Duquennoy, T. Chung, D. Yazar, T. Voigt, and U.
Roedig, “Securing communication in 6LoWPAN with com-
pressed IPsec,” in Proceeding of the 7th IEEE International
Conference on Distributed Computing in Sensor Systems (DCOSS
’11), Barcelona, Spain, June 2011.
[4] T. Kothmayr, C. Schmitt, W. Hu, M. Br¨unig, and G. Carle, DTLS
Based Security and Twowayauthentication for the Internet of
Things, Ad Hoc Networks, 2013.
[5] S. Raza, D. Trabalza, and T. Voigt, “6low-pan compressed dtls
for coap,” in Proceeding IEEE 8th International Conference of
Distributed Computing in Sensor Systems (DCOSS ’12), pp. 287–
289, IEEE, 2012.
[6] S. Raza, S. Duquennoy, J. H¨oglund, U. Roedig, and T. Voigt,
Secure Communication for the Internet of Things—A Comparison
of Link- Layer Security and IPsec for 6LoWPAN, Security and
Communication Networks, John Wiley & Sons, 2012.
[7] O. Garcia-Morchon, R. Hummen, S. S. Kumar, R. Struik, and
S. L. Keoh, “Security Considerations in the IP-based Internet of
Things,” March 2012.
[8] A. Dunkels et al., “The contiki operatingsystem,” 2012, http://
www.sics.se/contiki/.
[9] N. Tsiftes, J. Eriksson, and A. Dunkels, “Low-power wire-
less IPv6 routing with ContikiRPL,” in Proceeding of the 9th
ACM/IEEE International Conference on Information Processing
in Sensor Networks (IPSN ’10), pp. 406–407, ACM, April 2010.
[10] Z. Shelby, K. Kartke, C. Bormann, and B. Frank, “Constrained
application protocol(CoAP),” draft-ietf-core-coap-12, October
2012.
[11] J. Hui and P. Thubert, “Compression format for IPv6 datagrams
over IEEE 802.15.4-basednetworks,” RFC 6282, 2011.
[12] C. Karlof and D. Wagner, “Secure routing in wireless sensor
networks: attacks and countermeasures,” Ad Hoc Networks, vol.
1, no. 2, pp. 293–315, 2003.
[13] S. Raza, L. Wallgren, and T. Voigt, SVELTE: Real-Time Intrusion
Detection in the Internetof Things, Ad Hoc Networks, Elsevier,
2013.
[14] F. ¨Osterlind, A. Dunkels, J. Eriksson, N. Finne, and T. Voigt,
“Cross-level sensor network simulation with cooja,” in Pro-
ceeding of the 31st Annual IEEE Conference on Local Computer
Networks (LCN ’06), pp. 641–648, IEEE, November 2006.
[15] J. Polastre, R. Szewczyk, and D. Culler, “Telos: enabling ultra-
low power wireless research,” in Proceeding of the 4th Interna-
tional Symposium on Information Processing in Sensor Networks
(IPSN ’05), April 2005.
[16] M. Kovatsch, S. Duquennoy, and A. Dunkels, “A low-power
CoAP for Contiki,” in Proceeding of 8th IEEE International
Conference on Mobile Ad-hoc and Sensor Systems (MASS ’11), pp.
855–860, IEEE, October 2011.
11. International Journal of Distributed Sensor Networks 11
[17] A. Dunkels, “Full tcp/ip for 8-bit architectures,” in Proceedings of
the 1st International Conference on Mobile Systems, Applications
and Services, pp. 85–98, ACM, 2003.
[18] A. Dunkels, “The ContikiMAC radio duty cycling protocol,”
SICS Technical Report T2011:13, 2011.
[19] E. C. H. Ngai, J. Liu, and M. R. Lyu, “On the intruder detection
for sinkhole attack in wireless sensor networks,” in Proceeding
of the IEEE International Conference on Communications (ICC
’06), vol. 8, pp. 3383–3389, IEEE, 2006.
[20] L. Lazos, R. Poovendran, C. Meadows, P. Syverson, and L.
W. Chang, “Preventing wormhole attacks on wireless ad hoc
networks: a graph theoretic approach,” in Proceeding of the IEEE
Wireless Communications and Networking Conference (WCNC
’05), vol. 2, pp. 1193–1199, March 2005.
[21] J. Newsome, E. Shi, D. Song, and A. Perrig, “The Sybil attack in
sensor networks: analysis & defenses,” in Proceeding of the 3rd
International Symposium on Information Processing in Sensor
Networks (IPSN ’04), pp. 259–268, ACM, April 2004.
[22] S. Kent, “Ip encapsulating security payload(esp),” RFC 4303,
2005.
[23] A. Conta, S. Deering, and M. Gupta, “Internet control message
protocol (ICMPv6) forthe internet protocol version 6 (IPv6)
specification,” RFC 4443 (Draft Standard), 2006.
12. International Journal of
Aerospace
EngineeringHindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Robotics
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Active and Passive
Electronic Components
Control Science
and Engineering
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
International Journal of
Rotating
Machinery
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com
Journal of
Engineering
Volume 2014
Submit your manuscripts at
http://www.hindawi.com
VLSI Design
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Shock and Vibration
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Civil Engineering
Advances in
Acoustics and Vibration
Advances in
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Electrical and Computer
Engineering
Journal of
Advances in
OptoElectronics
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
The Scientific
World JournalHindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Sensors
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Modelling &
Simulation
in Engineering
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Chemical Engineering
International Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Navigation and
Observation
International Journal of
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Distributed
Sensor Networks
International Journal of