More Related Content
What's hot
What's hot (20)
Similar to Security of RPL in IoT
Similar to Security of RPL in IoT (20)
Recently uploaded
Recently uploaded (20)
Security of RPL in IoT
- 1. A Lightweight Intrusion Detection for Sybil Attack under Mobile RPL in the Internet of Things
- 2. Introduction The Internet of Things (IoT) is an emerging technology that can monitor and control the physical world by gathering and processing data generated by the sensors. IoT for the connectivity of its devices makes use of protocols like 6LoWPAN, RPL etc. Here we discuss RPL (Routing protocol for Low power and lossy networks) which is a standard routing protocol for resource-constrained and lossy IoT networks. RPL because of its flexible and dynamic nature is vulnerable to security attacks, hence there is a need for detection and defense against these attacks. Security in RPL is critical and Sybil Attack is one among such security issues in RPL.
- 3. Index Terms Internet of Things (IoT) RPL Sybil Attack Mobility Intrusion Detection Lightweight Security Accuracy
- 4. Related Work Faiza Medjek et al. proposed the evaluation of the impacts of the Sybil attack in RPL and analyzed the results. A. K. Mishra et al. proposed the general analytical model for Sybil attack in IoT. According to Zhang et al. Sybil attack has become a severe threat to social networks and distinguished the Sybil attack into three types based on the nature of behavior. Karaboga et al. proposed the comprehensive survey on artificial bee colony (ABC) algorithm and its applications.
- 5. Overview of RPL RPL is a distance-vector and source routing protocol which is working under a tree-based topology, namely Destination Oriented Direct Acyclic Graph (DODAG). A DODAG comprises of a sink node called border router(BR),which gathers all sensed information from the remaining nodes in the DAG. Every DODAG is distinguished by its RPL instance ID, DODAG ID, DODAG version number and Rank. There are three types of control messages have been exchanged in RPL: • DIO - DODAG Information Object • DAO - DODAG Advertisement Object • DIS - DODAG Information Solicitation
- 6. Overview of RPL Cont. Rank is the relative position of the node from the border router. Rank is computed using the Equation: R(N) = R(P) + 128 ∗ ETX(N) R(N) is the rank value of each node. R(P) is the rank of its parent node. ETX(N) is the Expected Transmission Count. Expected Transmission Count denotes the number of expected transmissions that a node required for the successful delivery of a packet.
- 7. RPL Network Overview Border Router Nodes DIO DAO DIS 1 2 3 4 5 6 7
- 8. Mobile RPL In this discussion, we considered and simulated RPL under mobility (mobile RPL). Mobile RPL or Mobility-aware RPL is an enhanced RPL protocol which supports random mobility of the nodes in the network. Dynamic Trickle Timer (D-Trickle) has been used to optimize the number of control message transfer under mobility. RPL determines the best parent from the preferred parent list under mobility by considering the following metrics, namely, ETX, Expected Life Time (ELT) and RSSI (Received Signal Strength Indicator).
- 9. Sybil Attack In Sybil attack, attacker claims multiple illegitimate identities either by fabricating the identities or compromising the legitimate nodes in the network. Sybil attack is the most serious threat to the mobile RPL which can degrade the performance by exponentially increasing the control overhead transmission, and in turn, reduces the overall lifetime of the network. The attacker overloads the DODAG with fake control messages and try to capture the identity of the border router to obtain the network authority.
- 10. Classification of Sybil Attack There are three kinds of Sybil attack: • SA-1 Type Sybil Attack • SA-2 Type Sybil Attack • SA-3 Type Sybil Attack The classification of types of attacks is made on the basis of distribution, position and movement of compromised nodes in the RPL.
- 11. SA-1 Type Attack In SA-1 type of Sybil attack, malicious nodes will target one fixed region, and they will try to compromise the identities of the nearby nodes to perform the attack. All the sybil identities and attackers are fixed at one point in the DODAG.
- 12. SA-2 Type Attack In SA-2 type Sybil attack, malicious nodes are scattered among the legitimate nodes in the DODAG and it won’t bound to one region. Though the nodes are fixed, the attacker compromises randomly distributed nodes in the DODAG and makes the detection process complex by socializing with the legitimate nodes.
- 13. SA-3 Type Attack In SA-3 type Sybil attack, Sybil nodes are under mobility and, also it is distributed among the network. Sybil identities moves from one position to other position dynamically, and it tries to attack the nearby nodes on the way of motion.
- 14. Artificial Bee Colony Overview ABC algorithm is a population-based algorithm and an optimization technique that simulates the foraging behavior of honey bees. Foraging behavior refers to the act of searching food sources (nectar) by the honey bees. Algorithm consists of four significant components: • Food Sources: The gain of a food source depends on closeness to the nest, ease of extracting the food and breeding. • Employed Bees: The employed foragers are those that keep visiting the food sources to obtain the nectar from the explored sources. • Onlooker Bees: The onlooker bees are waiting in the nest and establishing food source through the information shared by employed foragers. • Scout Bees: Scout foragers are searching the environment surrounding the nest for new food sources.
- 15. ABC inspired Sybil Attack Model Employed bees are related to the compromised Sybil identities in the RPL network. Food sources (Nectar collection) are correlated to the collecting of compromised identities or stolen identities in the DODAG structure. Onlooker Bee (Main attacker) is the one which attempts to perform the Sybil attack in the community to intrude the network. Scout bees are those who have been already compromised by the attacker (Onlooker bee), and these scout bees try to compromise the nearby neighboring nodes.
- 16. ABC inspired Sybil Attack Model Cont.
- 17. The attacking scenario for ABC inspired attack is divided into 5 phases: 1. Initialization Phase: Initialize the Sybil nodes (Central attacker) to start foraging the identities. 2. Fitness Factor Computation Phase: Sybil node attempt to select any arbitrary node based on the following five fitness evaluation criteria. 3. Compromising Phase: Node compromising phase is the process of compromising the legitimate nodes in the network. 4. Contagious phase: Contagious phase is the action of spreading from one node to another node. 5. Hive selection and Launching phase: The node with the highest remaining residual energy value and more compromised neighbor nodes nearby has been chosen as Sybil node to perform the attack. ABC inspired Sybil Attack Model Cont.
- 18. ABC inspired attack Algorithm
- 19. An example scenario of Sybil Attack
- 20. Lightweight Intrusion Detection Against Sybil Attack in Mobile RPL A lightweight intrusion detection algorithm is introduced against the Sybil attack, which needs less computation and provides high accuracy, which are quintessential in the case of a resource-constrained network. Three new variables are introduced in DIO messages, they are: • NONCE ID(Number used only once in a life): Nonce ID has been created and allocated to each node when it is joining the DODAG structure after receiving the DIO message for the first time. If both the NONCE ID and DODAG ID match with the previous record then the node is safe. • Control Message Counter: A node attempts to establish a connection with a nearby node, it can exchange a maximum of 5 control messages within 10 seconds of interval. If it exceeds the threshold value, there is a potential sign of a malicious attack.
- 21. Lightweight Intrusion Detection Against Sybil Attack in Mobile RPL Cont. • Time Stamp for Control Messages: It will track the time of arrival of the control messages exchanged from the neighbors. If the frequency of transmission of control messages within a speculative period is more than it is a sign of malicious attack. Cumulative Trust Factor: The three trust factors are: α, β and γ. • ρN[n] is the Cumulative Trust Factor. • ρN[n] = α.[ω.β + (1−ω).γ] Pheromone Computation: Γ is the pheromone value, which has been used to identify the set of best trusted node list. •
- 22. Lightweight Intrusion Detection Algorithm
- 23. Performance Evaluation and Related Metrics Confusion Matrix Based on the confusion matrix the performance of the proposed algorithm has been analyzed. Accuracy is used to estimate the probability of Sybil attack detection by the proposed intrusion detection algorithm.
- 24. Performance Evaluation and Related Metrics Cont. Sensitivity indicates the percentage of actual positive events correctly predicted. Specificity shows the rate of actual adverse events identified. Precision is positive predictive value (PPV) and NPV (Negative Predictive Value).
- 25. Performance Evaluation and Related Metrics Cont. F-score rate represents higher detection performance. Simulation Results for the metrics.
- 26. Performance Evaluation Results Control traffic overhead is the cumulative sum of DIO, DAO, and DIS control messages transfer in the DODAG.
- 27. Performance Evaluation Results Cont. Energy Consumption indicates the average energy consumption.
- 28. Conclusion A bio-inspired analytical model for Sybil attack and lightweight intrusion detection algorithm for mobile RPL in the Internet of things network is been designed. Considered different types of Sybil attacks and analyzed the performance of the mobile RPL in terms of control traffic overhead, energy cost, and accuracy. For Type-3 Sybil attack proposed algorithm gains an average accuracy of 95% under mobile RPL.