- Email: [email protected]
Proposing a Secure RPL based Internet of Things Routing Protocol: A Review
Journal Pre-proof
Proposing a Secure RPL based Internet of Things Routing Protocol: A Review Zahrah A. Almusaylim , Abdulaziz Alhumam , N.Z. Jhanjhi PII: DOI: Reference:
S1570-8705(19)30838-8 https://doi.org/10.1016/j.adhoc.2020.102096 ADHOC 102096
To appear in:
Ad Hoc Networks
Received date: Revised date: Accepted date:
5 September 2019 14 January 2020 10 February 2020
Please cite this article as: Zahrah A. Almusaylim , Abdulaziz Alhumam , N.Z. Jhanjhi , Proposing a Secure RPL based Internet of Things Routing Protocol: A Review, Ad Hoc Networks (2020), doi: https://doi.org/10.1016/j.adhoc.2020.102096
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2020 Published by Elsevier B.V.
Proposing a Secure RPL based Internet of Things Routing Protocol: A Review
Zahrah A. Almusaylim* King Faisal University Department of Computer Science AlAhssa Saudi Arabia [email protected] Abdulaziz Alhumam King Faisal University Department of Computer Science AlAhssa Saudi Arabia [email protected] NZ Jhanjhi Taylor’s University School of Computer Science and Engineering SCE Lakeside Campus Malaysia [email protected]
*Corresponding author
1
Abstract Nowadays, the Internet of Things (IoT) research domain attracts the researchers, due to its extensive collection of applications and ease in deploying in several domains of real life, particularly for environments that are considered critical such as E-health, smart homes, and smart cities. Things in smart cities are intractable via the Internet. These things are naturally deployed in a distributed environment wirelessly. They become vulnerable to the diverse security attacks that can adversely influence their proper functionalities at any time. The stated problem severity even becomes higher when they are deployed in smart cities. In addition, it is very likely to compromise data while transferring from one source to another until reaching the destination during data routing. Existing Routing Protocols for Low Power and Lossy Networks (RPL) are considered lightweight and secure routing protocols for IoT devices, which offer a slight safeguard against innumerable forms of RPL routing attacks. Based on the nature of the IoT network, being resource constraints, the conventional routing techniques do not suit them at all. The IoT routing security is therefore, a challenging task. This review aims to elaborate on the current research literature, opportunities and research gaps of secure RPL routing protocols. Where mainly considering the Rank and Version number attacks types for IoT applications. Further, the review extravagant the need for a new secure RPL protocol to address the security issues of IoT applications for smart cities particularly based on available literature. Keyword: IoT; Smart Cities; Security; RPL; Rank Attack; Version Number Attack; 1
Introduction The contemporary technologies have facilitated the devices and their associated things around us to communicate with each other with the assistance of Radio-Frequency Identification (RFID) and Wireless Sensor Network (WSN). The wireless communication and the seamless emergence of different technologies between devices lead to the concept of the Internet of Things (IoT) that enables the transmission of data between a variety of devices and their associated things via network standards and protocols at any time any place. The Internet Protocol (IP) address is assigned uniquely to every device and things in the IoT. These devices can remotely communicate sense and collect raw data from their physical environment for data processing and decision makin g [1, 2]. The IoT has a significant contribution in introducing several applications for various sectors as smart grids smart cities, smart buildings, smart home, and healthcare, which improve the daily life of people. Smart cities are considered as one of the most important sectors of IoT. It consists of different applications and services that intend to increase the quality of services to citizens and to boost the utilization of public resources. In this context, these services can provide better management to roads, smart cars, light traffic, etc. with the help of the deployed sensors; for example the citizens can be aware and avoid incidents through activation of different alarms, etc. [3-6]. Moreover, for the devices to communicate and exchange information within the smart cities network, it needs the network layer in the IoT architecture. This layer employs different techniques, standards, and protocols to broadcast the information. Such standards and protocols are Internet Protocol Version 4 (IPv4), Internet Protocol Version 6 (IPv6), Constrained Application Protocol (CoAP), and Wireless Personal Area Network (WPAN), IPv6 over Low Power Wireless Personal Area Network (6LoWPAN), User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). The network layer facilitates the secure transmission of data between the perception layer and the application layer in the architecture. 1.1
RPL Routing Protocol Overview RPL was designed to support the vision of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) domains. RPL is also designed to be an interoperable and simple networking protocol to meet the requirements of resource-constrained devices and applications that are interconnected through multi-hop mesh networks such as in industrial, home, urban and city environments [7-10]. It enables using the energy of smart devices efficiently and also enables establishing a flexible topology and routing of data. 1.1.1
Introduction to IETF Group The ability of unique addressing and routing of data in the network layer guarantees that innumerable devices will be integrated seamlessly into a single collaborative network [11]. The Internet Engineering Task Force (IETF) group has an indispensable role in the evolution of IoT with the contribution of the 6LoWPAN standard established based on the forwarded IPv6 traffic and ensuring unique addressing of each device connected to the network. It has been evaluated by authors in [12] to determine the IoT challenges. The 6LoWPAN standard was aimed at coping with the datagram of IPv6 while transmitting over IEEE 802.15.4 standard protocol for WPAN. However, IPv6 usability was bounded because of the low bandwidth and low power. Also, Low-Power and Lossy
2
Networks (LNN) is considered as one of the backbone of the IoT for interconnected IoT devices (nodes). These nodes are constrained in terms of underlying communication systems such as low data rates, high packet loss and dynamic change of network topologies, link outage, etc. and resources such as processing, memory and energy, etc. However, 6LoWPAN standard with LNN has a challenge with its routing feature due to many reasons that make the development of efficient routing for LNN more sophisticated such as nodes with low battery life, low processing, and frequent change of mesh topologies due to mobility. IETF group have concluded that the conventional ad hoc protocol such as Ad-Hoc on-Demand Distance Vector (AODV) [13], Open Shortest Path First (OSPF) [14], Intermediate System to Intermediate System (IS-IS) [15] and Optimized Link State Routing (OLSR) [16] have efficiency issue to satisfy the requirements of unique routing for LNNs. Moreover, an abundance of routing mechanisms has suggested solving the routing issue in LNN like for example, Collection Tree Protocol (CTP) [17] and Hydro [18]. Accordingly, the IETF group developed a Routing Protocol for LLN (RPL) over Low-Power and Lossy Networks (ROLL) working group in 2012 that supports the behavior of IPv6 and the mechanism of 6LoWPAN standard. It provides minimal routing requirements with a robust behavior topology in lossy networks. PRL has a separate group of processing packet and forward packet from the routing optimization, as to allow various application domains to use them [11, 19, 20]. 1.1.2
RPL Hierarchy The RPL is a distance-vector routing protocol that built its topology based on a Destination Oriented Directed Acyclic Graph (DODAG). It is designed to support the operation of multiple link-layer protocols including IEEE 802.15.4 Physical layer and MAC layer [21]. These link layers can be potentially lossy, constrained or used with highly constrained router devices. Further details about the distance-vector routing protocol are available in [22]. The RPL was designed and able to be extremely adaptive to the conditions of the network and to support alternative routes when default routes are not accessible at any time. It can opt the optimal routing path based on Objective Functions (OF) of the Directed Acyclic Graph (DAG) which determines the selection of neighbors and parent nodes [23, 24]. The DODAG is a DAG, which is a directed graph with no cycles, without outgoing edges, and with a single destination root. The DODAG is uniquely assigned with DODAG IP and RPL instance ID. The DODAG root is used to collect default routes to the Internet and distribute them into other routing protocols and establishing communication among nodes such as Point-to-Point (P2P), Multi Point-to-Point (MP2P) or Point-toMultiPoint (P2MP). Each node in the topology is assigned a rank value that defines the position of the node with respect to the DODAG root. The rank value is the distance from the root node and it is rigorously increasing in the lower direction and it is rigorously decreasing in the higher direction based on the Objective Function (OF) [24]. In addition, according to the specification of the RPL, each DODAG root node contains a version number. To revalidate the integrity of the DODAG root node and launch a global repair mechanism, a DODAG new version is formed by incrementing the version number that is determined by the root node only. The creation of the RPL network topology is maintained with five control messages, which are: 1. DODAG Information Object (DIO) allows the construction of upward routing in which other nodes (nonroot/sink nodes) can discover the root node (RPL instance) and join it as their parent node. 2. DODAG Information Solicitation (DIS) allows the construction of downward routing for soliciting DIO from RPL node and for neighbor node discovery. 3. Destination Advertisement Object (DAO) that allows broadcasting destination information up along DODAG and allows a node to join as a child to DODAG root or DAO parent. 4. DAO Acknowledgement (DAO-ACK) that is a unicast acknowledgment packet message sent by DAO recipient as a response of the DAO message. 5. Consistency Check (CC) that is used to check the count of secure messages and issue challenge-response messages for security. All those messages belong to the RPL control message which is described as an Internet Control Message Protocol Version 6(ICMPv6) information message type with value 155 [25]. Figure 1 depicts the formation of the DODAG graph that contains the control messages with multiple RPL instances. In addition, the DODAG version number is associated with each DIO message and related to the network. Hence, when the version numbers are incremented by DODAG root, then the RPL network nodes check the version number in every incoming DIO message to find the global repair operation. Then, it can exchange control messages of the RPL and establish a new DODAG version number root.
3
Figure 1: The Formation of RPL DODAG [26]. 1.2
RPL Security Researchers have identified plenty of challenges in terms of information security transmitted within the smart cities network in IoT. Routing and addressing packets between devices in IoT are significant issues due to the need of making unified protocols/mechanisms for routing packets from the source node and transmitting across diverse network topologies to reach the destination node [11]. This field suffers from potential threats and security issues of the routed data among nodes and have great significance because it is associated with the life of users [3]. Song et al. in [27-32] elaborated and discussed the concepts and principles of IoT based smart cities and its associated applications with vulnerabilities and attacks related to it. Protecting the security of RPL routing data in IoT is a challenge that is even more critical. Malicious nodes can execute their activities during the routing forwarding of the packets, which allow different types of attacks to happen in the routed data [33]. However, the standards of RPL protocols do not take into consideration the security of smart cities networks and the routing mechanisms do not provide security standards when the network is configured. Due to the billions of interconnected devices to the network, securing and protecting them from different forms of attacks and threats create a critical challenge. When these devices are vulnerable to attacks, then the users will feel that their data are insecure [33, 34]. The objective of this research is to present the severe consequences of the two different types of RPL attacks, which are rank attack and version number attack that can have on RPL networks. To analyze and compare the existing studies that can support RPL security and counter the effect of these attacks in terms of the security techniques used and in terms of their performance. To criticize the shortcomings in the available solutions proposed by the existing studies. To propose some future solutions that can address the available shortcomings, improve the RPL security in the IoT networks by reducing the effects of these attacks. In addition, present some open issues that need more attention related to this research area. The paper is organized in a pattern such as: 1) Introduction that describes the RPL protocol in details. 2) Literature Review that describes the security attacks challenge of the RPL protocol security attacks which are rank attack and version number attack and explains the recent studies related to them. 3) Discussion that criticize the studies in the literature review section with focusing on finding the research gap in the reviewed studies. 3) Conclusion that wraps up the paper and highlights its keys. 2
Literature Review: Secure Routing RPL Challenges The section will present the RPL security attacks challenges and recent studies related to secure RPL routing protocol for smart cities network, which addresses these challenges. To hide the information of the user, several cryptography techniques for authentication purposes are used as a shield then it can make it difficult for unauthorized parties to access that information. The RPL protocols for their specifications use one type of encryption which is the symmetric encryption that is known as Advanced Encryption Standard (AES) with counter with cryptographic Block Ciphers-Message Authentication Code (Counter with CBC- MAC (CCM))-(AES/CCM). Since the same secret key is used in the symmetric encryption for exchange between nodes, then this gives the attacker an easy way to access the network. However, if the attackers get the secret keys by looking for any possible
4
available threats to hack and insert their nodes into the network, it will make it vulnerable to security attacks and compromise the nodes of the network. Then, the cryptography concept cannot safeguard the network [35, 36]. For example, all the nodes share the same secret key through the key management. Then in this way, it is vulnerable to attacks since disclosing the keys can affect the whole network and the attacker can access the network and pretend to be a normal node using that key and gain information with them, which jeopardizes the smart cities network. Hence, due to the possibility that an attacker can inject bogus data, the authentication feature in the RPL routing needs significant improving [37, 38]. 2.1
RPL Security Attacks Classification The ROLL provides a full understanding of the security features of the RPL. These security attacks are classified based on the security model, which includes Confidentiality, Integrity, Authentication, and Availability (C.I.A.A). However, available conventional mechanisms for wired security such as firewall is not applicable for RPL security due to its dynamic behavior and thus their nodes do not have boundaries that are well defined. Additionally, the cryptography mechanisms cannot be used to defend the security of the RPL routing due to the lack of centralized administration and node cooperation. Moreover, because the nodes devices in the network are nontamper resistant, then it becomes easier to expose the nodes and violate their cryptography. Hence, the compromised nodes can downgrade the RPL network performance because of the manipulation of the source code of them [39]. Furthermore, Figure 2 shows a taxonomy of RPL network attacks [40]. Security attacks against the RPL routing protocols are classified into three categories [35, 41]: 1. Attacks against resources, typically makes the nodes dispensable tasks to drain their resources. These attacks consume resources of the nodes such as storage, energy, and processing. Hence, the availability of the networked is affected by making the available links crowded and then affects the network lifetime, which can be shortened significantly. This kind of attack is classified into two sub-categories which are: a) Direct Attacks: in which the malicious node can degrade the network by generating an overload directly b) Indirect Attacks: in which other malicious nodes which result in a large number of traffic overhead will be generated might create a loop. 2. Attacks on Topology: Which harms the network topology and is classified into two sub-categories which are: a) Sub-Optimization Attacks: in which attackers degrade the performance of the network by decreasing its optimal paths. b) Isolating Attacks: in which the attackers isolate the nodes of the RPL network, which makes them unable to communicate with the parent node. 3. Attacks on Traffic: which concerns having an impact on the network traffic and is classified into two subcategories which are: a) Passive Attacks: in which the attackers produce eavesdropping activities such as analyzing the network traffic. b) Deception/Misappropriation attacks: in which the identity of the authorized node is seized, and its performance is over claimed. These attacks are used as the first step for other attacks.
5
Figure 2: A Taxonomy of RPL Network Attacks [40]. 2.2
RPL Rank Attack Based on the above classification of the RPL security attacks, the rank attack is one of the indirect attacks of the network resources category. Based on the rank calculation, the child nodes of the network topology must have the highest ranks. The rank attack with the regular network paths can make a loss of packet that is directly proportional to the attack. Based on the rank location of the neighbor node, the parent node always attracts the child node. That means a parent node is chosen for a particular child node to manage its quality of services and to send its data packet based on the node that has the lower rank [42]. The rank attack is the most destructive attack among others for RPL protocol because it produces other attacks such as a black hole, sinkhole, etc. A malicious node may manipulate the rank to downgrade the performance intentionally. For example, a rank can be decreased, and a malicious node can be falsely located closer to the parent node, then it can manipulate maliciously a massive amount of lowing packets through it. In rank attack, the malicious node advertises a fake rank location of the rank node in the control messages of the RPL or a fake route across the root node to deceive the close nodes so it can attract them to forward their packets through it [43]. The rank attack works by compromising the deeper ranks of child nodes in the RPL network topology. Then, a malicious node can modify the way in which the DIO messages are processed from neighboring nodes. Moreover, a worse rank of a random malicious node will be chosen as the preferred parent node during its operations, and as consequent, OF of the network topology cannot be achieved completely. In addition, unoptimized routing and more traffic will be created for all the data packets that go via the malicious node [39, 43, 44]. For example, as illustrated in Figure 3, a particular deeper rank of the child node is reduced, and to send a certain data packet to the root node, the neighbor nodes of the deeper child node should select it as the parent node. Moreover, once the data packet is forwarded from the neighbor nodes to the deeper child node, it will drop this packet. Therefore, this deeper child node is treated as a malicious node. Thus, the rank attack can be created by disrupting the path of the data delivery in the network topology. This affects the Packet Delivery Ratio (PDR) of the network by dropping data packets at the intermediate level of the malicious nodes.
6
Figure 3: Example of the Rank Attack [42]. Another form of rank attack is when the attacker advertises to the neighboring nodes a better routing metric, but it is a fake routing to deceive flows of the network to transmit through it. In addition, based on the attacker’s location, the network may suffer from seriously increased latency and decreased throughput [43]. There are many impacts of the rank attack that are shown in [45, 46] as the following: 1) un-optimized formation of the path. 2) No recognition of the loop formation. 3) The optimized route never used in the RPL network topology. 4) The packet delivery ratio is decreased with a small modification in end-to-end delay as the number of attackers increase. And 5) the number of DIO messages increases as the network topology changes rapidly. Hence, the rank attack impacts some of the constrained properties of the network such as Latency, Throughput, Data Rate and Energy Consumption [42]. The PRL protocols security is a great issue that should be taken into consideration because the routed data have not to be accessed/leaked by any unauthorized member of the network such as an attacker or any third party [47]. The sub-section RPL Rank Attack Countermeasures will describe the countermeasures to detect the RPL rank attack. RPL Rank Attack Countermeasures A comprehensive analysis of different security RPL attacks including rank attack and other different types of attacks was made by authors in [48]. Through the simulation study, they studied the performance impacts of these attacks such as packet delivery ratio, end-to-end delay, and control message overhead. They simulated two scenarios; one is a malicious scenario that malicious nodes with the same location to remove the effect of location attack. While the second is the normal scenario that is with no attacks to compare the performance of standardized simulation results with the performance of malicious scenarios to reveal the impact of the attacks. The simulation results for the rank attack are shown in Figures 4, 5 and 6. Figure 4 shows that the increasing number of rank attacks (from 8 to 10) decreases the delivery ratio steadily to 60% down. This allows the nodes to change preferred parents of them more frequently which makes the network topology to be unstable and unable to make optimize routes.
7
Figure 4: Comparison of the Effect of Number of Attackers and Packet Delivery Ratio among Several Attacks [48]. Figure 5 shows that the increasing number of rank attacks can slightly increase the end-to-end delay by 15% (up to 1 second). This is due to the longer path (un-optimized path) toward the root node that is created by the rank attack.
Figure 5: Comparison of the Effect of Number of Attackers and End to End Delay among Several Attacks [48]. Figure 6 shows that the increasing number of rank attacks can gain more control overhead in the network. It can be noticed that the control overhead increases to be 1100 message generated (200% gained) when the number of rank attacks increases more than 6. Therefore, the authors suggested in their study that the results of the simulation can be used to train the Intrusion Detection System (IDS) to detect such attacks by discovering any ambiguous RPL performance.
8
Figure 6: Comparison of the Effect of Number of Attackers and Control Message Overhead among Several Attacks [48]. Le et al. [49] analyzed the different rank attacks threats that downgrade the RPL network performance. Also, they studied the impact of these attacks on the RPL network performance when they are simulated on different locations in the network. They created four rank attacks scenarios which are: 1) RA I, that has a permanent DIO information update, 2) RA II that has a permanent DIO information with no update, 3) RA III that has nonpermanent DIO information with an update and RA IV that has non-permanent DIO information with no update. The simulation results shown that 1) the delivery ratio performance has a greater impact in the RA III and RA IV comparing with RA I and RA II and this is due to the much control packets of DIO messages that are created, which make the topology to change more frequently. In addition, RA II affects End-to-End delay more than RA IV because of increased usage of un-optimized routes silently as they disable the routing updated. 2) The forwarding load of a node has a strong correlation with the impact of an attack initiated around the node. 3) There is no technique to observe the parent nodes behaviors. Therefore, the nodes have to track the un-optimized routes of malicious parents. 4) Intentionally, the rank attack can be used to launch attack against specific parameters the network performance such as DIO messages control overhead, packet delivery ratio and average end-to-end delay. 5) Severe damage of the network performance can be created by the cooperation of multiple attacks if they are in the same positions. The study in [50] investigated the vulnerabilities that may occur in the RPL rank property by using a state transition diagram to design an attack graph and implement the possible threats and their impact related to the RPL’s rank property. Based on the analysis, the attack graph was presented exploring different types of internal attacks that lead to rank property misappropriation and influence the network performance, resource and the network topology. Based on the simulation results of the decreased rank attack with selective forwarding attack, they observed that: 1) the RPL network topology changes lead to the increase of Expected Transmission Count (ETX) of the affected nodes and network sub-optimization. 2) The traffic convergence towards a specific node leads to disruption of the traffic. 3) The power consumption of the malicious node increases, still, it is not a huge impact on the average power consumption of the 4) Transmit and listen duty cycle of the attacker node is doubled for most of the DODAG nodes. 5) The attacker node’s beacon interval is less too. They concluded from the observations that the decreased rank attack leads to sub-optimization in the network, traffic compromise and isolations of the network. Table 1 shows the summary of the simulated results of the effect of these attacks in which they have a huge effect on the network performance of IoT.
9
Attack Type
Increased Rank Attack Decreased Rank Attack Decreased Rank Attack with Selective Forwarding Worst Parent Attack
Table 1: Effect of Rank Attack on the Network Performance [50]. No of Average Average ETX Packet Loss Control Power Beacon Messages Consumption Interval Increases Increases Decreases -
Instigate Other Attacks Yes
-
-
-
Increases
Minimal
Yes
-
-
-
Increases
Huge
Yes
-
-
-
Increases
-
No
A rank attack using Objective Function (OF) is introduced in [51]. In this study, the attacker multicasts a fake routing metric of rank that increases the risk of the attack. The neighboring nodes are force easily and maliciously to create routing paths to route their data via the malicious node to deceive more flows in the network. The RPL nodes use the Objective Function (OF) to select the forwarding nodes a defined routing metric. They considered a simple rank calculation recommended by in Request for Comments (RFC) [52] that is based on OF for the route selection, it allows the nodes to choose the Expected Transmission Count (ETX) as a routing metric. For the RAOF to be launched successfully, the routing metric broadcasted by the parent node must be corrupted by the malicious node so the neighboring nodes OF advocated the malicious node. They used ETX formula in their work as a basic routing metric to allow the nodes to transmit data from source to destinations, and further details about the formula can be found in [53]. The simulation analysis of their work shown that RAOF can enforce the malicious node's neighbors to opt the malicious node as their forwarding node easily and that makes the data flow to be converged at the attacking node. Furthermore, the attack can reduce the delivery ratio at about 30% to 70% depending on the malicious node’s location in the RPL network. Authors of [44] discussed the effect of the rank attack in the node that is associated with a spoofed IP address on routing data that spreads the wrong rank of the victim node causing the rank attack with spoofed IP. The malicious node spoofs the IP address of the victim node and rank attack is initiated by sending wrong DIO messages to other nodes in the network with the wrong rank which is hard to detect. The complete procedure is separated into two stages which are the first preparation stage of the forged message and second phase in the forwarding these messages with the wrong rank to other neighbor nodes in the RPL network. The network performance results of the simulations shown that: 1) the rank with spoofed IP attack has a major effect on the performance of packet delivery ratio (reduced to 86.52%) comparing with the performance of delivery ratio in rank attack (92.84%). Whereas in the normal condition of the RPL network is 97.76%. 2) for both attacks, the average end-to-end delay is approximately 7612 ms which is higher than the normal condition of the RPL network that is 6512 ms and the worst impact is by nodes 23, 18 and nodes 9, 15 respectively. 3) the attacker can roughly destroy the performance of the RPL network, especially when these attacks are put in the correct position which is a region of high forwarding load. The sub-sections will describe RPL Rank Attack Countermeasures Classification to classify the RPL rank attack detection methods.
RPL Rank Attack Countermeasures Classification The countermeasures to detect the rank attacks can be classified into two categories, which are: modification techniques and Intrusion Detection Systems (IDS). The modification techniques can add or modify the RPL standards and it is used for a limited number of attacks, while IDS needs collaboration among nodes and is used to mitigate and detect multiple types of attacks [54].
10
a) Countermeasures Based RPL Rank Attack Mitigation Techniques The secure-RPL (SPRL) proposed by authors in [55] is a secure routing protocol based on RPL. It is to block a rank value manipulation of rank value by introducing the concept of rank threshold and mechanism of hash chain authentication to limit the average of decreasing or increasing rank value. The scheme blocks the malicious nodes from better reposition of itself in the DODAG of the RPL network do internal attacks and deplete network resources by illegally exploiting the feature of rank value modification. To mitigate the effect of the attack, the proposed protocol is monitoring how many times the rank values of nodes in the RPL network are increasing by enforcing the threshold function. By taking over the threshold functions, the protocol will protect the RPL network against several rank modifications attacks by making any node that exceeds these thresholds to be overwritten. In addition, verification and authentication concepts are introduced to offer a higher degree of safety. Each node in the network will be assigned a rank threshold through strict authentication measures. The network performance results shown that the protocol is very efficient in safeguarding the RPL network, but it is not immediate for some type of attacks. However, the thresholds act against all types of nodes are either malicious nodes or non-malicious nodes, which cause additional overhead. To mitigate the overhead occurred in [55], a Time-Based Trust-Aware PRL (SecTrust-RPL) routing protocol for IoT networks proposed by Airehrour et al. in [56] to provide secure protection against two types of attacks which are rank attack and Sybil attack. It detects and isolates these attacks while optimizes network performance. Every node in the framework computes the trustworthiness based on direct trust value and recommended trust value for its neighboring nodes. The neighboring nodes with greater values of trust are selected for secure routing while the neighboring nodes with lower values of trust are considered as either malicious nodes or selfish nodes that attempt to save their resources. The concept of the system is working by allowing the trusted nodes to be broadcasted throughout the network in which: 1) effective communication is safeguarded amongst trusted nodes only, and 2) the broadcast of trustworthy information is ensured only to the neighbor nodes in the network. The system guarantees this feature through the validation of the nature trust of each forwarding node and by securing the transmission of the source path of the data with a rank of the best trust formation which is provided to enhance the performance of routing nodes. The SecTrust system is implemented using the Cooja simulator based Contiki OS. The average rate of the packet loss of the SecTrust-RPL was between 22-23% while it was higher in the RPL Minimum Rank with Hysteresis Objective Function (RPL MRHOF) (60-100%). Hence, the SecTrust-RPL provides a better safeguard against the rank attacks. But the system does not take into consideration the uncertainty of recommendations. b) Countermeasures Based Intrusion Based Systems (IDS) A Specification-Based Intrusion Detection System (IDS) designed by authors in [57]. They introduced two types of attacks that disrupt and break the network topology and its protocol operations, which are rank attack and local repair attack. The system consists of Finite State Machine (FSM) transitions for early detection of attacks in each monitoring node. During the monitoring architecture, Monitor Nodes (MN) are created. The MN will create an entry table for its neighboring nodes for storing monitoring data that includes object ID and it's rank, preferred parent node and it's rank and number of topology changes during a period. It is working based on decision support that is when the MN detects that any node is working maliciously, but it cannot decide whether if it is a normal node or it is an attack. Then, it can request other MNs to gather further information about that node for investigation. The rank attack is detected by making the MN to cover the malicious node with a lower rank. However, due to the change between the real rank and fake rank in the malicious node, the MN will detect this change and suspect its action. The MNs will start the cross-checking of its information to detect the real attacks. But the system has a drawback in defining illegal and allowable nodes behaviors and it is costly for some functionalities that depend on system resources. A secure parent node selection scheme proposed in [58] in which the child nodes choose a legitimate node as their parent node by employing the threshold. In addition, if multiple parent nodes exist, they exclude a good candidate. Each node based on the threshold between the maximum and average rank judges a rank value advertised by the neighbor node. Moreover, if the value is too low, then each node opts its parent node excluding the nodes with too low-rank value. Hence, each node in the network topology avoids choosing malicious nodes as its parent node and even avoids forwarding packets to these nodes. They evaluated the scheme using the Cooja simulator based Contiki OS. Comparing with the conventional RPL scheme, the results showed that the scheme is effective in reducing the number of child nodes linked to malicious nodes and it can mitigate 95% of the rank attack. Nevertheless, the proposed scheme can slightly increase the convergence time.
11
A hybrid specification based-Intrusion Detection System (IDS) is designed by Althubaity et al. [43] that is Authentication Rank and Routing Metric (ARM) which is based on centralized module (the sink node) and distributed module (other nodes). It aims to preserve the RPL routing topology in the network of IP6 Time-Slotted Channel Hopping (6TiSCH) against DIO messages manipulations that launch the rank attack, Rank Attack based on Objective Function (RAOF) or both. The monitoring architecture reduces the number of messages exchanged between the sink and other nodes to verify the information in the RPL control messages during the construction of the routing data. It can minimize the memory and communication overheads in all nodes by running only with limited resources of computation and memory and enhance the efficiency of detecting the different forms of rank attacks. The centralized modules of the sink node analyze the DIO messages and participate in decision making, whilst the distributed modules of the nodes report the sink node about any changes that may happen to the destination nodes, send a verification request to sink node of the received DIO messages, and wait for responses to make appropriate decisions. For the detection efficiency, the A results of the evaluation of the ARM approach consistently has better performance comparing with the original RPL IDS approach. It is shown that the ARM can protect the RPL successfully with a high accuracy rate with almost no extra overhead comparing with the IDSs RPL original approach. A Sink-based Intrusion Detection System (SBDS) was presented by the researcher in [59] to detect the rank attack in RPL networks. Every node in the network in non- storing mode broadcasts their ID, preferred parent ID, and rank in control DAO message after they are encrypted with a key and shared between the sink and the node to avoid the violation of integrity. They are decrypted after passing the control DAO message from nodes to the sink. Each control DAO message will be assigned with a timespan that shows the freshness of the control message. The Node Current Rank (NCR) will be compared to the Node Parent Rank (NPR) rule of rank violating as described in [60]. If a node is at Ti rank less than at Ti-1 rank, then it is checked as either it is a malicious node or it is due to mobility. Also, a minimum rank is checked among its siblings and the parent switching threshold is deducted, then the node’s rank at Ti is compared and if it is less, then it is probably a malicious node. The results of the simulation analysis for the network performance shown that the system is effective for identifying and detecting the rank attack and it has less computation overhead because all the processes of the detection have happened at the sink and also it provides high accuracy of detection rate. 2.3
RPL Version Number Attack Another type of attack based on the indirect attacks of the attacks against the resources category is the version number attack. As there are no RPL mechanisms that guarantee the version number can be only changed by the DODAG root. The version number can be changed by the malicious nodes too as they can enforce the RPL network to set up the DODAG from the beginning. This is called a DODAG Version Number attack [61]. In DODAG version number attack, a malicious node can illegitimately change and increase the DODAG version number of the root node when the corresponding DIO message is forwarded to its neighbors. Once the neighbor nodes receive the increased version number in the DIO message, the formation of the new DODAG tree is started as shown in Figure 7 [62]. The malicious node can modify the version number of the DOI messages and transmit the modified version number to its neighboring nodes in order to disrupt the network. Once the neighboring nodes receive the DIO messages with the new malicious version number, the trickle timer of the nodes is reset. Then, they will broadcast frequent DIO messages and they will transmit an updated version of the DIO messages to all nodes [36, 41, 63, 64]. Version number manipulation in the DIO message can inefficiently rebuild and establish a new unoptimized RPL network topology with routing loops. Moreover, because the root node did not initiate the rebuilt DODAG topology, thus makes the network topology to be cyclic, which means there will be an occurrence of loops. This can cause increased network overhead, network availability issues, depletion in energy resources and loops in the routing network topology. The significant impacts of the attack are that the control overhead of the network is increasing 18 times, availability issues of the node communication channel; disrupt network operations, routing loops, shortened network lifetime and energy consumption of the nodes. Also, the data packets delivery ratio is reduced by up 30%, unnecessary RPL control messages, loss of data packets and end-to-end delay in the network is doubled [36, 41, 45, 63, 64]. The version number attack is considered to be as a serious Denial of Service (DoS) attack as it is validated by several studies in [54, 65-68]. The DoS can degrade the quality of services in the network, and it can make redundancy of large number of control messages, which leads to huge control traffic in the network and exhaust node resources. However, DoS is not of our scope, in which we are mainly focus on rank attack and version number attack.
12
Figure 7: Example of Version Number Attack [62]. The sub-section RPL Version Number Attack Countermeasures will describe the countermeasures to detect the RPL version number attack. RPL Version Number Attack Countermeasures The researchers in [69] studied and analyzed the version number attacks deeply. They investigated the version number attack under the mobility feature with a probabilistic attacker model. Then they analyzed how this attack influences the node power consumption and shown that the battery of the node can be drained severely by the attack. The result of the simulation show that the packet delivery ratio and the control message overhead are highly correlated to the attacker’s location. On the other hand, the average end-to-end delay and the power consumption of the node are not influenced by the attacker’s location and the success of the attack. The results of the simulation for mobility shown that mobile attackers have approximately the same harmful impacts on the networks as the nodes are far away from the root node. Therefore, if the malicious node is placed in the mobile network by the attacker, then this can drain the resources and the lifetime of the network. The sub-section will describe RPL Rank Attack Countermeasures Classification to classify the RPL version number attack detection methods.
RPL Version Number Attack Countermeasures Classification The countermeasures to detect the version number attacks can be classified into two categories, which are: mitigation techniques and Intrusion Detection Systems (IDS). The modification techniques can add or modify the RPL standards and it is used for a limited number of attacks, while IDS needs collaboration among nodes and is used to mitigate and detect multiple types of attacks [54]. a) Countermeasures Based RPL Version Number Attack Mitigation Techniques Authors in [70] proposed a scheme for a rank and version number authentication security based on one-way hash chains called VeRA The hash chains link the version numbers with signatures and authentication data (MAC codes). Their proposed scheme provides better safeguards against some attackers that are internal attacks, which can send DIO control messages with greater values of version numbers or broadcast a higher rank value. Each node checks if the version number of other nodes are updated by the root or not and if the parent’s rank is monotonically increasing. The version number attack allows the attacker to impersonate the DODAG root and begins rebuilding the routing topology. On the other hand, the rank attack imposes a portion of the network to connect to the DODAG root through the attacker. Consequently, making the attacker manipulate and eavesdrop part of the traffic of the
13
network. The data security can validate DIO messages of the intermediate nodes that contain new rank values and version numbers. Their evaluation showed that the overhead of the time is sufficiently small. Perrey et al. [71] proposed Trust Anchor Interconnection Loop (TRAIL) scheme to fix the drawbacks in [70] by analyzing the message rank authentication incompleteness. The scheme enhances the work in [70] by introducing a repair to it and discovering and isolating the malicious nodes that attack the hierarchy of the RPL routing. A digital signature-based scheme is proposed. The sink node in the scheme acts as a trust anchor and when the consistency of the ranks are needed to be verified by a node in the upward path, an attestation message is requested to be sent to the sink node. Each forwarded node must accomplish rank validation to check and drop violated ranks. The violated ranks can be detected after the creation of routes only; then the nodes may still send data packets to the intruder. The above mechanisms used to mitigate the version number attack afford high overhead in addition to the failure to address this kind of attack. Hence, to defend securely against version number attack, the authors of [72] proposed a cooperative, distributed verification mechanism with an effective overhead of low control, high reliability, and increase the rate of malicious node detection, whilst protecting the integrity of RPL operations. The mechanism contains two phases: 1) checking step: when a DIO message with increased DODAG version number is received by a node from its neighbors, the node checks and compares DODAG version number in the DIO message whether it is higher than the DODAG version number in the original node. Then, if it is higher, the receiving node verifies the identity of the neighbors by the cooperative verification procedure to decide whether the neighbor is a malicious node or not and 2) verification step: the verification node efficiently gains a current DODAD version number from two-hop neighboring nodes. The results of the simulation shown that the mechanism is reliable and the control overhead is reduced significantly. The impact of 10% malicious node of the rate of packet delivery drops dramatically since the malicious node blocks the data packet to reach the destination. Conversely, the mechanism can reduce the impact of the attack effectively as the performance of the mechanism is well in the occurrence of the malicious node. The control message overhead is greatly lower in the proposed mechanism with malicious nodes of 10% than the RPL. Besides, it is shown that the proposed mechanism is better in the packet delivery ratio that the RPL in the occurrence of malicious node because the malicious node can be detected by verifying the suspicious node more correctly. The authors in [73] proposed a lightweight approach to provide non-repudiation, message unforgeability and to mitigate the impact of the version number attack, rank spoofing and rank replay attacks and it is based on the signature scheme of [74]. The approach is based on the Identity Based Offline/Online Signature (IBOOS) scheme that is used in [75] in which the signature process is separated into the offline phase and the online phase. The scheme is suitable for environments with resource constraints devices because it provides low energy consumption and computational time. A scheme is a decentralized approach in which the signature size is independent on the network size. The scheme is scalable as every node in the network performs an independent fixed algorithm that does not store the state information of the nodes. The scheme performance is evaluated in terms of computational cost, signature size, offline storage, private key size, energy consumption, and security. The results of the evaluation shown that the scheme is lightweight and compatible with devices of constrained resources. Furthermore, the scheme does not need a public key authenticity verification by a certificate, which makes it more appropriate for the IoT environment. The researchers in [76] presented lightweight techniques for version number attack that take into consideration the legitimate update of version number. While they provide significant network performance which allows the administrators of the network to the trade-off between the mitigation performance and resource overhead. The first technique is the elimination technique that eliminates the malicious update effects of the version number, which might occur from the strongest attacking location (using the rank information) in the network. It accepts only the updates of the version number that directed from the root node to the leaf nodes. The second technique is the shield technique that utilizes the trust mechanism in which the version number is changed if most of the neighboring nodes with better rank closer to the root node require a change. Hence, the information of version number update coming from the directed root node to the leaf nodes are not trusted enough and further information update is predicated. The network performance results of the simulation shown that the detrimental impact of the version number attack is possible to mitigate using the proposed techniques. The Elimination technique requires only a small amount of ROM space, which provides a simple mitigation performance. While the Shield technique has better resource requirements that provide the best mitigation performance. Therefore, a trade-off exists between resource requirements and mitigation performance.
14
b) Countermeasures Based Intrusion Based Systems (IDS) Mayzaud et al. [77] that extended their work in [78] and proposed a solution to detect the version number attack and identify of the malicious nodes that are based on a distributed monitoring architecture in the RPL routing protocol networks. The architecture performs detection and monitoring operations based on two types of participated nodes, which are monitored nodes (regular nodes) and monitoring nodes, which performs the detection operation. The monitored nodes are highly constrained devices and the monitoring nodes are devices with higher order. The monitoring nodes compose a monitoring network, which is a second routing topology to maintain the resources of the monitored nodes. To identify malicious nodes and detect the attack, the location and detection algorithms were proposed. The local assessment algorithm proposed to be applied on the monitoring nodes to notify the root node whom sent the incremented version number in their neighbors. The other two algorithms are deployed on the root node, the distributed detection algorithm is to detect and collect information of the monitoring node into tables and the localization algorithm is to perform the identification of the attacker by analyzing the information that is collected previously. The network performance results of the evaluation shown that to detect a version number attack with satisfying performance, the False Positive Rate (FPR) can be reduced through the placement of strategic monitoring nodes. Moreover, to quantify the number of monitoring nodes with an acceptable FPR for a given topology size, an optimization problem that is adapted easily to various topologies were proposed for scalability consideration. Nevertheless, their architecture suffers from high computation and deployment costs. The literature review clarified that the security of RPL protocol has been widely studied due to a large number of threats in the IoT. Different types of routing RPL attacks have been studies and analyzed in [40], but few of them only gave considerable attention to the secure routing RPL mechanisms. A security vulnerability has been analyzed in LLNs [40] by IETF and they proposed general countermeasures against these vulnerabilities. Studies in [42, 7997] proposed various countermeasures against RPL topological attacks. The rank attack and version number attack challenges need to be handled due to the obstacles in securing and detecting both attacks with efficient performance in the PRL routing protocols in smart cities based IoT environment. The proposed effective countermeasures can mitigate the effects of these attacks, but still, they suffer from some shortcomings that need to be addressed. Table 2 provides a critical comparative review of the previously mentioned studies based on several criteria. Table 2: A Critical Comparative Review of the Mentioned Studies. Study/ Criteria RAOF [51]
Detected Attack Rank attack using the objective function.
Isolation of Attack No
Rank Attack with Spoofed IP [44]
Rank attack with spoofed IP.
No
SRPL [55]
Rank attack
No
Overhead Network performance: Control overhead increases with respect to time. End to End Delay: increased up to 50% delay Packet Delivery ratio: decreased by 30% to 57%. Network Performance: End-to-End delay: approximately 7612 ms. Average packet delivery ratio: 86.52%. Network performance: Packet delivery ratio: for the single attacker; decreased 0.97 to 0.26, for multiple attackers; deceased from 0.83 to 0.42. Control overhead: 1330 for DIO and 220 DAO.
15
Mobility Support No
Future Work
No
-
YesThrough the periodic update of the initial thresholds and their correspondin
Highlighting other types of attacks. Improving the performance of the SRPL.
-
Resource Requirements: Energy resources: decreased from 0.93 mW to 2.3 mW. Network Performance Packet loss rate: on average between 22%-23%.
g hash values.
SecTrustRPL [56]
Rank attack and Sybil attack.
Yes
Specificatio n-Based IDS [57]
Rank attack and Local repair attack Rank attack
No
Reasonable overhead comes from the setup phase once only.
No
No
95% of the rank attack was mitigated
No
Rank attack or Rank attack using the objective function.
No
No
Considering mobility. Considering other issues related to rank.
SBIDS [59]
Rank attack.
No
Resource Requirements: Memory overhead: ARM needs extra RAM overhead of 22 Bytes. Energy overhead: increases with the number of an increasing number of nodes. Communication Metrics: The total number of the transmitted control DIO messages is the lowest in comparison with original RPL and the original IDS. Resource Requirements: Average power consumption: 1.8 mW.
Yes
Enhancing the algorithm with more rank routing metrics. Adding lightweight cryptographic solution to the rank attack detection.
VeRA [70]
Rank attack and Version number attack.
No
Estimated time overhead of version number attack in root: ( ) Estimated time overhead of version number attack in intermediate:
No
Deploying the scheme in RPL implementation and wireless sensor networks.
Secure Parent Node Selection Scheme [58] ARM [43]
( (
)
)
Estimated time overhead of rank attack in root: ( ( ) ) Estimated time overhead of rank attack in intermediate: ) (( ( ) )
16
No
Enhance the Improve the incorporation of trusted nodes with the RPL network that has recovered their battery. Solving other types of attacks. Inspecting and installing of pre-trusted nodes and their batter record maintenance. System implementation and analysis. Improving the FSM with more robust IDS. -
TRAIL [71]
Rank chain forgery attack and rank replay attack.
Yes
Distributed and Cooperative Verification Mechanism [72]
Version number attack.
No
Lightweight Defense Approach [73]
Version number attack, Rank spoofing attack and Rank replay attack.
No
Lightweight Mitigation Techniques [76]
Version number attack
No
Distributed Monitoring Strategy [77]
Version number attack.
No
Network performance: Control overhead: the average size of messages is 204.6 for 1365 number of nodes. Convergence time is 65 for node 17 of rank 8. Network Performance: Packet delivery rate: reduced from 99 to 90 with 25% of malicious nodes. Control overhead: 500 to 1100 with 25% malicious nodes.
No
Optimizing the algorithms to reduce the dependency on the network sizes. Applying the approach to other routing protocols.
No
Modifying the verification approach to apply it on colluding malicious nodes and measuring its performance.
Computation time at root node: ~0 Energy Consumption at root node: 5.044 mj. Computation time at other nodes: 5.23 sec Energy Consumption at other nodes: 132.426 mj. Communication overhead: negligible. Network performance: Average delay: decreased to 87%. Control overhead: decreased to 71%. Packet delivery ratio: increased to 86% Resource Requirements: Average power consumption: decreased to 63%. RAM and ROM requirements: RAM = 15492 bytes, ROM= 95484 bytes.
No
-
Yes, by allowing the node to perform remove or addition of nodes on the table according to the updated rank information.
Analysis of multiple version number attacks. Analyzing of a hybrid mitigation performance. Considering the mobility of the nodes.
-
No
Performing complementary experiments. Evaluating their solution to attacker collation. Enhancing their solution to address other types of attacks.
3
Discussion The major outcome of this section is to grasp the challenges and the current studies for detecting the rank attack and version number attack in RPL routing protocols with some shortcomings that need further studies. RPL routing protocols enable effective use of smart devices, resources, build flexible topology and data routing. Secure routing protocols for IoT large smart cities networks is a challenging issue due to the characteristics that are inherited which differ this network from other networks. In recent years, considerable efforts have been made to design secure routing protocols for IoT devices. However, they all depend on conventional cryptographic functions, which drain devices' resources and drastically affect the performance of constrained devices used in IoT
17
applications. They are risky to a large number of different security attacks. The PRL characteristics such as lack of infrastructure, unreliable links, resource constraints, limited physical security, and dynamic topology make them susceptible and hard to safeguard against attacks. 3.1
Shortcomings of RPL Security Attacks Countermeasures The countermeasures for detecting rank attack have some shortcomings: The work SRPL in [55] has high computation overhead for constrained devices due to the usage of cryptography with hash chain authentication. In addition, nodes are susceptible to insider attacks that boost Selective forwarding and Blackhole attacks. Both works SecTrust-RPL [56] and SBIDS [59] lack of lightweight solutions and do not provide confidentiality and network performance evaluation. The work Specification-Based IDS in [57] lacks verification, evaluation, and implementation. It is costly in terms of system resources. In addition, there is a trade-off between complexity and performance. The works called Secure Parent Node Selection Scheme [58], ARM [43] and SBIDS [59] lack evaluation of network performance. The mitigation methods for detecting version number attack have some shortcomings: The work VeRA [70] lacks implementation and evaluation of network performance and resource requirements. It requires high control message overhead due to the usage of digital signature and MAC operations. The work TRAIL [71] allows each parent node to detect malicious nodes after reconstruction of the route so a child node elects a malicious node as its parent since a child node is unable to decide whether its parent node is a malicious node. The mechanism efficiency deeply depends on the size of the network, the RPL root trustworthiness, and the chosen digital signature scheme efficiency. In addition, it does not consider the evaluation of resource requirements. The work Distributed and Cooperative Verification Mechanism [72] does not consider the colluding malicious nodes, which have an effect on the total performance of the network. Also, it does not consider the evaluation of resource requirements. The work Lightweight Defense Approach [73] has quantitative evaluation only and it has long computation time and extra space overhead requires to store the signatures. In addition, it does not consider the evaluation of network performance. The work Lightweight Mitigation Techniques [76] does not consider the situation of multiple attacks. Moreover, it does not support the isolation of the malicious nodes in the network. The work Distributed Monitoring Strategy [77] does not consider multiple attacks in which multiple malicious nodes are involved in the network at the same time. And it lacks evaluation for communication overhead, energy consumption overhead, and memory requirements. 3.2
Performance Comparison Based on the critical review in Table 2, we can conclude that the best work is the one that can provide high protect against attacks and provides efficient performance in terms of accuracy metrics including True Positive Rate (TPR), False Positive Rate (FPR) and Accuracy Rate (AR) for 15 number of nodes and random topology. TPR is the total number of legitimate node, which are not, influenced though detection method. FPR is the total number of attacks can be considered as a legitimate node after passing the detection method. It is the total number of attacks that are falsely identified as trust-worthy nodes. AR is the ratio of the correct detection of attacks to the ratio of the total detections and un-detections. Based on the critical review in Table 2, we can conclude that the best work is the one that can provide high accuracy detection against attacks and provides efficient performance in terms of accuracy metrics including True Positive Rate (TPR), False Positive Rate (FPR) and Accuracy Rate (AR) for 15 number of nodes and random topology. TPR is the total number of legitimate nodes, which are not, influenced though the detection method. FPR is the total number of attacks that can be considered as a legitimate node after passing the detection method. It is the total number of attacks that are falsely identified as trust-worthy nodes. AR is the ratio of the correct detection of attacks to the ratio of the total detections and un-detections. Figures 8 and 9 show comparisons between the performance accuracy metrics of rank attack detection methods and version number attack detection methods. From the comparison, it is concluded that the best method for detecting rank attack is SBID [59] because it can provide high protection and AR and it is the only method that can support mobility. Additionally, the countermeasures based IDS can provide better results than the mitigation techniques. While the best method for detecting version number attack is Distributed and Cooperative Verification Mechanism [72] because it provides high TPR but still the Lightweight Mitigation Techniques[76] can have lower FPR comparing others studies and it can provide elimination against attacks and mitigation to not trust any version update coming from nodes with better ranks. Moreover, it is observed that: 1) the number of nodes, 2) location of
18
malicious nodes and 3) the type of network topology can obviously have great impact on the network performance and detection accuracy.
Figure 8: Rank Attack Accuracy Metrics Comparison.
Figure 9: Version Number Attack Accuracy Metrics Comparison. By comparing the findings with existing reviews, we found that: the survey conducted in [54] investigated the most recent mitigation methods for PRL attacks and classified these methods based on mitigation techniques used. However, they didn't suggest or provide any proposed future solutions for challenges that are found in the mitigation methods. The review in [98] presented a comprehensive study of the current intrusion detection systems available for IoT systems. Existing systems have been analyzed in three aspects: privacy effects, computation overhead, and energy consumption. As well as it identified open issues and challenges for an effective, efficient and collaborative design of intrusion detection systems for resource-constrained devices in IoT. However, the authors did not focus on RPL security attacks and their mitigation methods. The paper in [99] presented a detailed review of the various studies developed to detect the rank attack. Nevertheless, the paper did not comprehensively reviewed the recent studies on the rank attack, it did not analyze the performance of the detection methods and it did not provide any future solutions. The work in [40] classified different attacks on RPL based on some categories, but only limited work addressed the security of the RPL and it did not compare their performance. The paper in [35]
19
described a taxonomy of RPL attacks and their countermeasures. Nevertheless, no protection is proposed against these attacks. The discussion can clarified that the security of RPL protocol has been widely studied due to a large number of threats to the IoT while RPL rank and version number attacks can have severe consequences on the RPL Network. Hence, there is a need for more research to address the stated security issues for IoT RPL routing protocols. Accordingly, we shall conduct more work to propose some of mitigation mechanisms for secure RPL protocol as future solutions such as: 1. Supporting multiple types of attacks at the same time in the RPL networks based IoT for smart cities. 2. Detecting and mitigating the effects of malicious nodes of rank attack and version number attack in RPL network. 3. Isolating these malicious nodes and alerting other normal nodes in RPL network. 4. Providing different types of network topologies to measure the effectiveness of the solutions for the attacks. 5. Supporting mobility of RPL nodes to consider RPL network performance under the effect of this feature. In Figure 10, we consider an attacker model in the RPL network topology using Cooja Simulator [100] with the rank and version number attacks malicious nodes that can assist in applying these proposed future solutions. In which the PRL network topology consists of one root node representing DODAG and multiple sink nodes representing sub-DODAG that are supporting smart cities, normal sensor nodes and malicious node of rank attacks and version number attacks. It is assumed that the root node and sink node cannot be compromised and the attacker can deploy malicious nodes only when the network gets stable [59]. The rank attack happens by which the parent node selection is based on the rank metrics. The node near to the root node has low rank. Thus, the parent node should have a low rank compared to its child nodes. The attacker node has passed with low rank so that many nodes intended to select that as their preferred parent node. Therefore, it may redirect the packets from the root node. On the other hand, the version attack happens by which the root node alone has the rule to change the version of DODOG. But alternatively, malicious nodes try to change the version number. An older value of the version advertised in DIO messages indicates that the node did not migrate to the new version of the DODAG. Such a node should not be considered a preferred parent node with other nodes. Accordingly, the global rebuild operation was held by the malicious nodes. The malicious nodes propagate their version number through DIO message, then nodes receiving a malicious DIO, with a new version number, reset their own trickle timer, update the version in their own records and advertise this new version through DIO messages to their neighbor nodes as well.
Figure 10: Attacker and Security Model in RPL Topology.
20
By applying these future solutions can help in the development of secure smart cities. They can minimize the risks associated with the smart cities security. In addition, they can provide high protection against these two types of attacks while increasing user’s trust and providing efficient and effective services. In addition, supporting mobility feature of RPL nodes while providing security can cope with some problems such as mobility cause by attached sensor nodes or mobility caused by water or wind. Hence, mobile nodes in RPL can cover large areas and communicate in more efficient manner. Moreover, we highlight some of the open issues, which need to be studied and further investigation and may assist researchers to conduct more studies to mitigate the RPL routing attacks such of these issues are: scalability of mitigation attacks methods. supporting of multi-stage attacks, multiple attacks in RPL networks, attacks in large scale PRL networks and unavailability of evaluation of accurate or real time data routed by RPL nodes. 4
Conclusion Researchers have identified plenty of challenges in terms of information security, data transmitted within the smart cities network in IoT. Routing and addressing packets between devices in IoT are significant issues due to the need of making unified protocols/mechanisms for routing packets from the source node and transmitting across diverse network topologies to reach the destination node. Malicious nodes can execute their activities during the routing forwarding of the packets, which allow different types of attacks to happen in the routed information. This research has elaborated on the current research literature, prospects and research gaps of RPL routing attacks focusing on rank attack and version number attack. It has concluded that the studies either did not provide solutions for smart cities or they have some shortcomings of security and performance requirements. The countermeasures of the rank attack and version number attack show that they built useful protocols for securing routing information to its destination with good efficiency. Nevertheless, at the same time, each of them has few weaknesses and they did not address the issues of both rank attack and version number attack. Based on the review, I found that the current research literature did not provide: 1) Most of them do not provide solutions for multiple attacks and especially rank attack and version number at the same time in the RPL networks based IoT for smart cities. 2) They do not support both detection and mitigation for both attacks, 3) Most of them provide only one type of network topology for measuring the effectiveness of their solution, while the attacks can be affected by the type of network topology. 4) Based on the comparison, overall most of them have lower network performance and detection accuracy. 5) Lacks the mobility of the RPL nodes support that is needed for the smart cities, which dynamically can change the nodes’ rank and the topology. Furthermore, this research has provided some future solutions that can address the available shortcomings and improve the RPL security in the smart cities networks by reducing the effects of these attacks. Moreover, highlighting the open issues, this review provides thoughtful background for academics and researchers to enthuse them to investigate the identified open issues in order to achieve and develop effective mitigation methods for detecting these type of attacks in RPL network based IoT. Hence, this research extravagant the need for a new secure RPL protocol to address the security challenges mentioned in this review. 5
Future Work For future work, we aim to extend this review research by proposing and implementing a new secure RPL routing protocol for IoT that will mainly focus in addressing both RPL rank and version number attacks. The scope of the future work will be limited to design and develop to provide a secure PRL protocol for smart cities networks. 6
Funding Sources This research did not receive any specific grant from funding agencies in the public, commercial, or not-forprofit sectors.
21
Declaration of interests
☒ The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
7 References [1] Z. A. Almusaylim and N. Zaman, "A review on smart home present state and challenges: linked to contextawareness internet of things (IoT)," Wireless Networks, Review Article vol. 25, no. 6, pp. 3193-3204, 2019. [2] M. Almulhim and N. Zaman, "Proposing secure and lightweight authentication scheme for IoT based Ehealth applications," presented at the 2018 20th International Conference on Advanced Communication Technology (ICACT), Chuncheon-si Gangwon-do, Korea (South), 11-14 Feb. 2018, 2018. [3] D. E. Kouicem, A. Bouabdallah, and H. Lakhlef, "Internet of things security: A top-down survey," Computer Networks, vol. 141, pp. 199-221, 2018. [4] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, "Internet of Things for Smart Cities," IEEE Internet of Things Journal, vol. 1, no. 1, pp. 22-32, 2014. [5] Z. A. Almusaylim, N. Zaman, and L. T. Jung, "Proposing A Data Privacy Aware Protocol for Roadside Accident Video Reporting Service Using 5G In Vehicular Cloud Networks Environment," presented at the 2018 4th International Conference on Computer and Information Sciences (ICCOINS), Kuala Lumpur, Malaysia, 13-14 August. 2018, 2018. [6] Z. A. Almusaylim and N. Z. Jhanjhi, "Comprehensive Review: Privacy Protection of User in LocationAware Services of Mobile Cloud Computing," Wireless Personal Communications, pp. 1-24, 2019. [7] H.-S. Kim, J. Ko, D. E. Culler, and J. Paek, "Challenging the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL): A Survey," IEEE Communications Surveys & Tutorials, vol. 19, no. 4, pp. 25022525, 2017. [8] E. Aljarrah, M. B. Yassein, and S. Aljawarneh, "Routing protocol of low-power and lossy network: Survey and open issues," presented at the 2016 International Conference on Engineering & MIS (ICEMIS), Agadir, Morocco, 22-24 September, 2016. [9] J. V. V. Sobral, J. Rodrigues, R. A. L. Rabelo, J. Al-Muhtadi, and V. Korotaev, "Routing Protocols for Low Power and Lossy Networks in Internet of Things Applications," Sensors (Basel), vol. 19, no. 9, p. 2144, May 9 2019. [10] H. Kharrufa, H. A. A. Al-Kashoash, and A. H. Kemp, "RPL-Based Routing Protocols in IoT Applications: A Review," (in English), IEEE Sensors Journal, vol. 19, no. 15, pp. 5952-5967, Aug 1 2019. [11] B. N. Silva, M. Khan, and K. Han, "Internet of Things: A Comprehensive Review of Enabling Technologies, Architecture, and Challenges," IETE Technical Review, Review Article vol. 35, no. 2, pp. 205-220, 2018. [12] Z. Sheng, S. Yang, Y. Yu, A. Vasilakos, J. McCann, and K. Leung, "A survey on the ietf protocol suite for the internet of things: standards, challenges, and opportunities," IEEE Wireless Communications, vol. 20, no. 6, pp. 91-98, 2013. [13] E. M. R. C.E. Perkins, "Ad-hoc on-demand distance vector routing," in Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications, New Orleans, LA, USA, USA, 1999: IEEE. [14] A. L. Dennis Ferguson, John Moy, "OSPF for IPv6," Request for Comments, p. 94Accessed on: December. doi: 10.17487/RFC5340 Available: https://rfc-editor.org/rfc/rfc5340.txt [15] O. David, "OSI IS-IS Intra-domain Routing Protocol," Request for Comments, p. 517Accessed on: February. doi: 10.17487/RFC1142 Available: https://rfc-editor.org/rfc/rfc1142.txt [16] P. J. Thomas Clausen, C´edric Adjih, Anis Laouiti, PascaleMinet, Paul Muhlethaler, Amir Qayyum, Laurent Viennot, "Optimized link state routing protocol (OLSR)," Request for Comments, p. 75Accessed on: October. doi: 10.17487/RFC3626 Available: https://rfc-editor.org/rfc/rfc3626.txt [17] R. F. Omprakash Gnawali, Kyle Jamieson, David Moss, Philip Levis, "Collection tree protocol," in SenSys '09 Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems, Berkeley, California, USA, 2009, pp. 1-14: ACM.
22
[18]
[19]
[20]
[21] [22]
[23]
[24]
[25]
[26]
[27]
[28] [29] [30] [31] [32] [33] [34] [35]
[36] [37]
[38]
[39]
A. T. Stephen Dawson-Haggerty, David Culler, "Hydro: A Hybrid Routing Protocol for Low-Power and Lossy Networks," in 2010 First IEEE International Conference on Smart Grid Communications, Gaithersburg, MD, USA, 2010: IEEE. K. Avijit and R. Chinnaiyan, "IOT for Smart Cities," International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), vol. 3, no. 4, pp. 1126-1139, 2018. B. Ghaleb et al., "A Survey of Limitations and Enhancements of the IPv6 Routing Protocol for Low-Power and Lossy Networks: A Focus on Core Operations," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1607-1635, 11 October 2019. IEEE Standard for Low-Rate Wireless Networks, 2016. D. Waitzman, C. Partridge, and S. Deering, "Distance Vector Multicast Routing Protocol," Request for Comments, p. 24Accessed on: November. doi: 10.17487/RFC1075 Available: https://rfceditor.org/rfc/rfc1075.txt G. Ma, X. Li, Q. Pei, and Z. Li, "A Security Routing Protocol for Internet of Things Based on RPL," presented at the 2017 International Conference on Networking and Network Applications (NaNA), Kathmandu, Nepal, 16-19 October, 2017. A. Parasuram, D. Culler, and R. Katz, "An Analysis of the RPL Routing Standard for Low Power and Lossy Networks," Master of Science, Electrical Engineering and Computer Sciences, University of California at Berkeley, UCB/EECS-2016-106, 2016. X. Liu, Z. Sheng, C. Yin, F. Ali, and D. Roggen, "Performance Analysis of Routing Protocol for Low Power and Lossy Networks (RPL) in Large Scale Networks," IEEE Internet of Things Journal, vol. 4, no. 6, pp. 2172-2185, 2017. R. Mehta and M.M.Parmar, "A Survey on Security Attacks and Countermeasures in RPL for Internet of Things," International Journal of Advance Research in Science and Engineering (IJARSE), vol. 7, no. 3, pp. 55-69, 2018. D. Jiang, P. Zhang, Z. Lv, and H. Song, "Energy-Efficient Multi-Constraint Routing Algorithm With Load Balancing for Smart City Applications," IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1437-1447, Dec. 2016 2016. Y. Sun, H. Song, A. J. Jara, and R. Bie, "Internet of Things and Big Data Analytics for Smart and Connected Communities," IEEE Access, vol. 4, pp. 766-773, 2016. H. Song, G. A. Fink, and S. Jeschke, Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications. Wiley-IEEE Press, 2017, p. 472. I. Butun, P. Osterberg, and H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures," IEEE Communications Surveys & Tutorials, pp. 1-1, 2019. H. Song, R. Srinivasan, T. Sookoor, and S. Jeschke, Smart Cities: Foundations, Principles, and Applications. Wiley, 2017, p. 912. Z. Lv, T. Yin, X. Zhang, H. Song, and G. Chen, "Virtual Reality Smart City Based on WebVRGIS," IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1015-1024, 2016. D. Airehrour, J. Gutierrez, and S. K. Ray, "Secure routing for internet of things: A survey," Journal of Network and Computer Applications, vol. 66, pp. 198-213, 2016. M. Humayun, M. Niazi, N. Z. Jhanjhi, M. Alshayeb, and S. Mahmood, "Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study," Arabian Journal for Science and Engineering, 2020. A. Kamble, V. S. Malemath, and D. Patil, "Security attacks and secure routing protocols in RPL-based Internet of Things: Survey," presented at the 2017 International Conference on Emerging Trends & Innovation in ICT (ICEI), Pune, India, 3-5 February, 2017. P. O. Kamgueu, E. Nataf, and T. D. Ndie, "Survey on RPL enhancements: A focus on topology, security and mobility," Computer Communications, vol. 120, pp. 10-21, 2018. M. F. Razali, M. E. Rusli, N. Jamil, R. Ismail, and S. Yussof, "The authentication techniques for enhancing the RPL security mode: A survey," in Proceedings of the 6th International Conference on Computing & Informatics, Kuala Lumpur, Malaysia, 2017, pp. 735-743. D. Airehrour, J. Gutierrez, and S. K. Ray, "Securing RPL routing protocol from blackhole attacks using a trust-based mechanism," presented at the 2016 26th International Telecommunication Networks and Applications Conference (ITNAC), Dunedin, New Zealand, 7-9 December, 2016. W. Mardini, M. Ebrahim, and M. Al-Rudaini, "Comprehensive Performance Analysis of RPL Objective Functions in IoT Networks.," International Journal of Communication Networks and Information Security (IJCNIS), vol. 9, no. 3, pp. 323-332, 2017.
23
[40] [41]
[42]
[43]
[44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
[52]
[53]
[54] [55]
[56] [57] [58]
[59]
A. Mayzaud, R. Badonnel, and I. Chrisment, "A Taxonomy of Attacks in RPL-based Internet of Thing," International Journal of Network Security, vol. 18, no. 3, pp. 459-473, 2016. D. Sharma, I. Mishra, and S. Jain, "A detailed classification of routing attacks against RPL in Internet of Things," International Journal of Advance Research, Ideas and Innovations in Technology, vol. 3, no. 1, pp. 692-703, 2017. V.K.Karthik and M.Pushpalatha, "Addressing Attacks and Security Mechanism in the RPL based IOT," International Journal of Computer Science and Engineering Communications, vol. 5, no. 5, pp. 1715-1721, 2017. A. Althubaity, H. Ji, T. Gong, M. Nixon, R. Ammar, and S. Han, "ARM: A hybrid specification-based intrusion detection system for rank attacks in 6TiSCH networks," presented at the 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), Limassol, Cyprus, 12-15 September, 2017. K. K. Rai and K. Asawa, "Impact analysis of rank attack with spoofed IP on routing in 6LoWPAN network," presented at the 2017 Tenth International Conference on Contemporary Computing (IC3), Noida, India, 10-12 Aug, 2017. W. Xie et al., "Routing Loops in DAG-Based Low Power and Lossy Networks," presented at the 2010 24th IEEE International Conference on Advanced Information Networking and Applications, Perth, WA, Australia, 20-23 April, 2010. A. Le, J. Loo, A. Lasebae, M. Aiash, and Y. Luo, "6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach," International Journal of Communication Systems, vol. 25, no. 9, pp. 1189-1212, 2012. S. Mangelkar, S. N. Dhage, and A. V. Nimkar, "A comparative study on RPL attacks and security solutions," presented at the 2017 International Conference on Intelligent Computing and Control (I2C2), Coimbatore, India, 23-24 June, 2017. A. Le, J. Loo, Y. Luo, and A. Lasebae, "The impacts of internal threats towards Routing Protocol for Low power and lossy network performance," presented at the 2013 IEEE Symposium on Computers and Communications (ISCC), Split, Croatia, 7-10 July, 2013. A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai, "The Impact of Rank Attack on Network Topology of Routing Protocol for Low-Power and Lossy Networks," IEEE Sensors Journal, vol. 13, no. 10, pp. 3685-3692, 2013. R. Sahay, G. Geethakumari, and K. Modugu, "Attack graph — Based vulnerability assessment of rank property in RPL-6LOWPAN in IoT," presented at the 2018 IEEE 4th World Forum on Internet of Things (WF-IoT), Singapore, Singapore, 5-8 Feburary, 2018. A. Rehman, M. M. Khan, M. A. Lodhi, and F. B. Hussain, "Rank attack using objective function in RPL for low power and lossy networks," presented at the 2016 International Conference on Industrial Informatics and Computer Systems (CIICS), Sharjah, United Arab Emirates, 13-15 March, 2016. P. Thubert, "Objective Function Zero for the Routing Protocol for Low-Power and Lossy Networks (RPL)," Request for Comments, p. 14Accessed on: March. doi: 10.17487/RFC6552 Available: https://rfceditor.org/rfc/rfc6552.txt D. Barthel, J. Vasseur, K. Pister, M. Kim, and N. Dejean, "Routing Metrics Used for Path Calculation in Low-Power and Lossy Networks," Request for Comments, p. 30Accessed on: March. doi: 10.17487/RFC6551 Available: https://rfc-editor.org/rfc/rfc6551.txt A. Raoof, A. Matrawy, and C.-H. Lung, "Routing Attacks and Mitigation Methods for RPL-Based Internet of Things," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1582-1606, 2019. G. Glissa, A. Rachedi, and A. Meddeb, "A Secure Routing Protocol Based on RPL for Internet of Things," presented at the 2016 IEEE Global Communications Conference (GLOBECOM), Washington, DC, USA, 4-8 December, 2016. D. Airehrour, J. A. Gutierrez, and S. K. Ray, "SecTrust-RPL: A secure trust-aware RPL routing protocol for Internet of Things," Future Generation Computer Systems, vol. 93, pp. 860-876, 2019. A. Le, J. Loo, Y. Luo, and A. Lasebae, "Specification-based IDS for securing RPL from topology attacks," presented at the 2011 IFIP Wireless Days (WD), Niagara Falls, ON, Canada, 10-12 October, 2011. K. Iuchi, T. Matsunaga, K. Toyoda, and I. Sasase, "Secure parent node selection scheme in route construction to exclude attacking nodes from RPL network," presented at the 2015 21st Asia-Pacific Conference on Communications (APCC), Kyoto, Japan, 14-16 October, 2015. U. Shafique, A. Khan, A. Rehman, F. Bashir, and M. Alam, "Detection of rank attack in routing protocol for Low Power and Lossy Networks," Annals of Telecommunications, vol. 73, no. 7-8, pp. 429-438, 2018.
24
[60]
[61]
[62]
[63]
[64]
[65]
[66]
[67]
[68]
[69]
[70]
[71]
[72]
[73]
[74]
[75] [76] [77]
[78]
R. Alexander et al., "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks," Request for Comments, p. 157Accessed on: March. doi: 10.17487/RFC6550 Available: https://rfceditor.org/rfc/rfc6550.txt A. Arış, S. F. Oktuğ, and T. Voigt, "Security of Internet of Things for a Reliable Internet of Services," in Autonomous Control for a Reliable Internet of Services, vol. 10768, I. Ganchev, R. D. v. d. Mei, and H. v. d. Berg, Eds. (Lecture Notes in Computer Science, Cham: Springer, 2018, pp. 337-370. H. Patel, H. Patel, and B. Shrimali, "A Survey on Trust-based Intrusion Detection for Version Number Attack on RPL," International Journal of Computer Sciences and Engineering (IJCSE), vol. 6, no. 10, pp. 449-454, 2018. J. Nan, L. Jianfei, X. Wei, and S. Hongzhou, "Routing attacks prevention mechanism for RPL based on micropayment scheme," presented at the 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, India, 23-25 March, 2016. D. Airehrour, "A Trust-based Routing Framework for the Internet of Things," Doctor of Philosophy, Department of Information Technology and Software Engineering, Auckland University of Technology, 2017. P. Thulasiraman and Y. Wang, "A Lightweight Trust-Based Security Architecture for RPL in Mobile IoT Networks," presented at the 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 11-14 Jan. 2019, 2019. D. Wang and P. Wang, "Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound," IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 1-1, July-Aug. 1 2018 2016. D. Wang, W. Li, and P. Wang, "Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks," IEEE Transactions on Industrial Informatics, vol. 14, no. 9, pp. 4081-4092, Sept. 2018 2018. C. Pu, "Spam DIS Attack Against Routing Protocol in the Internet of Things," presented at the 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 18-21 Feb. 2019, 2019. A. Aris, S. F. Oktug, and S. Berna Ors Yalcin, "RPL version number attacks: In-depth study," presented at the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, 25-29 April, 2016. A. Dvir, T. m. Holczer, and L. Buttyan, "VeRA - Version Number and Rank Authentication in RPL," presented at the 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems, Valencia, Spain, 17-22 October, 2011. H. Perrey, M. Landsmann, O. Ugus, M. Wählisch, and T. C. Schmidt, "TRAIL: Topology Authentication in RPL," in EWSN '16 Proceedings of the 2016 International Conference on Embedded Wireless Systems and Networks, Graz, Austria, 2016, pp. 59-64 ACM. F. Ahmed and Y.-B. Ko, "A Distributed and Cooperative Verification Mechanism to Defend against DODAG Version Number Attack in RPL," in PECCS 2016 Proceedings of the 6th International Joint Conference on Pervasive and Embedded Computing and Communication Systems, Lisbon, Portugal, 2016, pp. 55-62: ACM. M. Nikravan, A. Movaghar, and M. Hosseinzadeh, "A Lightweight Defense Approach to Mitigate Version Number and Rank Attacks in Low-Power and Lossy Networks," Wireless Personal Communications, vol. 99, no. 2, pp. 1035-1059, 2018. P. S. L. M. Barreto, B. Libert, N. McCullagh, and J.-J. Quisquater, "Efficient and Provably-Secure IdentityBased Signatures and Signcryption from Bilinear Maps," presented at the International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, 4-8 December, 2005. S. Even, O. Goldreich, and S. Micali, "On-Line/Off-Line Digital Signatures," presented at the Conference on the Theory and Application of Cryptology, Santa Barbara, CA, USA, 20-24 August, 1989. A. Arış, S. B. Örs Yalçın, and S. F. Oktuğ, "New lightweight mitigation techniques for RPL version number attacks," Ad Hoc Networks, vol. 85, pp. 81-91, 2019. A. Mayzaud, R. Badonnel, and I. Chrisment, "A Distributed Monitoring Strategy for Detecting Version Number Attacks in RPL-Based Networks," IEEE Transactions on Network and Service Management, vol. 14, no. 2, pp. 472-486, 2017. A. Mayzaud, R. Badonnel, and I. Chrisment, "Detecting version number attacks in RPL-based networks using a distributed monitoring architecture," presented at the 2016 12th International Conference on Network and Service Management (CNSM), Montreal, QC, Canada, 31 October-4 November, 2016.
25
[79]
[80]
[81] [82] [83] [84]
[85]
[86] [87]
[88]
[89] [90] [91]
[92]
[93]
[94] [95]
[96]
[97]
[98] [99]
P. Thulasiraman and Y. Wang, "A Lightweight Trust-Based Security Architecture for RPL in Mobile IoT Networks," presented at the 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, USA, 11-14 Januray, 2019. T. Tsao, R. Alexander, M. Dohler, V. Daza, A. Lozano, and M. Richardson, "A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)," in "Request for Comments," Januray 2015, Available: https://rfc-editor.org/rfc/rfc7416.txt. A. Le, J. Loo, K. Chai, and M. Aiash, "A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology," Information, vol. 7, no. 2, p. 25, 2016. H. Perrey, "On Secure Routing in Low-Power and Lossy Networks: The Case of RPL," Master of Science, Department of Computer Science, Hamburg University of Applied Sciences 2013. L. Wallgren, S. Raza, and T. Voigt, "Routing Attacks and Countermeasures in the RPL-Based Internet of Things," International Journal of Distributed Sensor Networks, vol. 9, no. 8, 2013. M. Landsmann, M. Wahlisch, and T. Schmidt, "Topology Authentication in RPL," presented at the 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Turin, Italy, 14-19 April, 2013. A. Mayzaud, A. Sehgal, R. Badonnel, I. Chrisment, and J. Schönwälder, "A Study of RPL DODAG Version Attacks," presented at the IFIP International Conference on Autonomous Infrastructure, Management and Security, Brno, Czech Republic, 30 June - 3 July, 2014. A. Mayzaud, "Monitoring and Security for the RPL-based Internet of Things," Doctor of Philosophy, Université de Lorraine, 2016LORR0207, 2016. J. Arshad, M. A. Azad, M. Mahmoud Abdellatif, M. H. Ur Rehman, and K. Salah, "COLIDE: a collaborative intrusion detection framework for Internet of Things," IET Networks, vol. 8, no. 1, pp. 3-14, 2019. D. Airehrour, J. Gutierrez, and S. K. Ray, "A testbed implementation of a trust-aware RPL routing protocol," presented at the 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), Melbourne, VIC, Australia, 22-24 November, 2017. S. Raza, L. Wallgren, and T. Voigt, "SVELTE: Real-time intrusion detection in the Internet of Things," Ad Hoc Networks, vol. 11, no. 8, pp. 2661-2674, 2013. E. Gül, D. Ünal, and F. Y. Yavuz, "Deep Learning for Detection of Routing Attacks in the Internet of Things," International Journal of Computational Intelligence Systems, vol. 12, no. 1, pp. 39 - 58, 2018. E. Aydogan, S. Yilmaz, S. Sen, I. Butun, S. Forsstrom, and M. Gidlund, "A Central Intrusion Detection System for RPL-Based Industrial Internet of Things," presented at the 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS), Sundsvall, Sweden, 27-29 May 2019, 2019. A. Tandon and P. Srivastava, "Trust-based Enhanced Secure Routing against Rank and Sybil Attacks in IoT," presented at the 2019 Twelfth International Conference on Contemporary Computing (IC3), Noida, India, 2019. V. Neerugatti and A. R. M. Reddy, "Machine Learning Based Technique for Detection of Rank Attack in RPL based Internet of Things Networks," International Journal of Innovative Technology and Exploring Engineering (IJITEE) vol. 8, no. 9S3, p. 5, 2019. A. Raoof, A. Matrawy, and C.-H. Lung, "Secure Routing in IoT: Evaluation of RPL Secure Mode under Attacks," presented at the Globecom 2019 conference, 2019. A. Jain and S. Jain, "A Survey on Miscellaneous Attacks and Countermeasures for RPL Routing Protocol in IoT," in Emerging Technologies in Data Mining and Information Security, vol. 814, A. Abraham, P. Dutta, J. K. Mandal, A. Bhattacharya, and S. Dutta, Eds. (Advances in Intelligent Systems and Computing, Singapore: Springer, 2019, pp. 611-620. B. Farzaneh, M. A. Montazeri, and S. Jamali, "An Anomaly-Based IDS for Detecting Attacks in RPLBased Internet of Things," presented at the 2019 5th International Conference on Web Research (ICWR), Tehran, Iran, 24-25 April 2019, 2019. Fatima-tuz-Zahra, N. Jhanjhi, S. N. Brohi, and N. A. Malik, "Proposing a Rank and Wormhole Attack Detection Framework using Machine Learning," presented at the 2019 13th International Conference on Mathematics, Actuarial Science, Computer Science and Statistics (MACS), Karachi, Pakistan, 2019. J. Arshad, M. A. Azad, K. Salah, W. Jie, R. Iqbal, and M. Alazab, "A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT," Available: http://arxiv.org/abs/1812.09160 S. Kalyani and D. Vydeki, "Survey of Rank Attack Detection Algorithms in Internet of Things," presented at the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India, 19-22 Septemper, 2018.
26
[100]
I. Romdhani, A. Y. Al-Dubai, M. Qasem, and B. Ghaleb, "Cooja Simulator Manual," Edinburgh Napier University, United Kingdom2016.
Author 1 Ms Zahrah A. Almusaylim She an assistant scientific researcher at King AbdulAziz for Science and Technology (KACST), Saudi Arabia. She earned her BSc in Computer Science in 2014 from College of King Faisal University, Saudi Arabia. She is currently pursuing her master in Computer Science at King Faisal University since 2015 up to date. Her area of interests include: Internet of Things, Cloud Computing, IoT Privacy and Security, Wireless Sensor Network, Security of RPL networks, Cloud Computing Security, Network Security, Mobile Computing, Context-Aware Computing, Machine Learning, Web and Mobile Applications Programming.
Author 2 Dr. Noor Zaman has 16 years of teaching and administrative experience internationally, authored several research papers in indexed and impact factor research journals and conferences, edited 06 international reputed Computer Science area books, focused on research students. He has successfully completed more than 18 international research grants. He is Associate Editor, Regional Editor, and Editorial board member, PC member, reviewer for several reputed international journals and conferences around the globe. His areas of interest include Wireless Sensor Network (WSN), Internet of Things IoT, Mobile Application Programming, Ad hoc Networks, Cloud Computing, Big Data, Mobile Computing, and Software Engineering.
Author 3 Dr. Abdulaziz Al-Humam is an Assistant professor at College of Computer Sciences and Information Technology (CCSIT), King Faisal University (KFU), Al- Ahssa, Saudi Arabia. He 27
earned his B.Sc. degree in CIS from College Of Management Science and Planning, King Faisal University, 2005. He earned his M.Sc. degrees in CS from Wollongong University, Faculty of Informatics, Australia, 2009. Then, He earned his Ph.D. degrees in CS from University of York, UK, 2015. He is currently the Chairman of Computer Science Department and Vice Dean of Academic Affairs at CCSIT, KFU. He is interested in Computer Science in general, Technology Innovation and Software Engineering, Model-driven engineering, Requirements Engineering, Self-adaptive Software Systems, Software Reuse and service-based systems, Cloud Computing, Service-Oriented Architecture, Assurance and certification of safety-critical systems engineering.
28
Proposing a Secure RPL based Internet of Things Routing Protocol: A Review Zahrah A. Almusaylim , Abdulaziz Alhumam , N.Z. Jhanjhi PII: DOI: Reference:
S1570-8705(19)30838-8 https://doi.org/10.1016/j.adhoc.2020.102096 ADHOC 102096
To appear in:
Ad Hoc Networks
Received date: Revised date: Accepted date:
5 September 2019 14 January 2020 10 February 2020
Please cite this article as: Zahrah A. Almusaylim , Abdulaziz Alhumam , N.Z. Jhanjhi , Proposing a Secure RPL based Internet of Things Routing Protocol: A Review, Ad Hoc Networks (2020), doi: https://doi.org/10.1016/j.adhoc.2020.102096
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2020 Published by Elsevier B.V.
Proposing a Secure RPL based Internet of Things Routing Protocol: A Review
Zahrah A. Almusaylim* King Faisal University Department of Computer Science AlAhssa Saudi Arabia [email protected] Abdulaziz Alhumam King Faisal University Department of Computer Science AlAhssa Saudi Arabia [email protected] NZ Jhanjhi Taylor’s University School of Computer Science and Engineering SCE Lakeside Campus Malaysia [email protected]
*Corresponding author
1
Abstract Nowadays, the Internet of Things (IoT) research domain attracts the researchers, due to its extensive collection of applications and ease in deploying in several domains of real life, particularly for environments that are considered critical such as E-health, smart homes, and smart cities. Things in smart cities are intractable via the Internet. These things are naturally deployed in a distributed environment wirelessly. They become vulnerable to the diverse security attacks that can adversely influence their proper functionalities at any time. The stated problem severity even becomes higher when they are deployed in smart cities. In addition, it is very likely to compromise data while transferring from one source to another until reaching the destination during data routing. Existing Routing Protocols for Low Power and Lossy Networks (RPL) are considered lightweight and secure routing protocols for IoT devices, which offer a slight safeguard against innumerable forms of RPL routing attacks. Based on the nature of the IoT network, being resource constraints, the conventional routing techniques do not suit them at all. The IoT routing security is therefore, a challenging task. This review aims to elaborate on the current research literature, opportunities and research gaps of secure RPL routing protocols. Where mainly considering the Rank and Version number attacks types for IoT applications. Further, the review extravagant the need for a new secure RPL protocol to address the security issues of IoT applications for smart cities particularly based on available literature. Keyword: IoT; Smart Cities; Security; RPL; Rank Attack; Version Number Attack; 1
Introduction The contemporary technologies have facilitated the devices and their associated things around us to communicate with each other with the assistance of Radio-Frequency Identification (RFID) and Wireless Sensor Network (WSN). The wireless communication and the seamless emergence of different technologies between devices lead to the concept of the Internet of Things (IoT) that enables the transmission of data between a variety of devices and their associated things via network standards and protocols at any time any place. The Internet Protocol (IP) address is assigned uniquely to every device and things in the IoT. These devices can remotely communicate sense and collect raw data from their physical environment for data processing and decision makin g [1, 2]. The IoT has a significant contribution in introducing several applications for various sectors as smart grids smart cities, smart buildings, smart home, and healthcare, which improve the daily life of people. Smart cities are considered as one of the most important sectors of IoT. It consists of different applications and services that intend to increase the quality of services to citizens and to boost the utilization of public resources. In this context, these services can provide better management to roads, smart cars, light traffic, etc. with the help of the deployed sensors; for example the citizens can be aware and avoid incidents through activation of different alarms, etc. [3-6]. Moreover, for the devices to communicate and exchange information within the smart cities network, it needs the network layer in the IoT architecture. This layer employs different techniques, standards, and protocols to broadcast the information. Such standards and protocols are Internet Protocol Version 4 (IPv4), Internet Protocol Version 6 (IPv6), Constrained Application Protocol (CoAP), and Wireless Personal Area Network (WPAN), IPv6 over Low Power Wireless Personal Area Network (6LoWPAN), User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). The network layer facilitates the secure transmission of data between the perception layer and the application layer in the architecture. 1.1
RPL Routing Protocol Overview RPL was designed to support the vision of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) domains. RPL is also designed to be an interoperable and simple networking protocol to meet the requirements of resource-constrained devices and applications that are interconnected through multi-hop mesh networks such as in industrial, home, urban and city environments [7-10]. It enables using the energy of smart devices efficiently and also enables establishing a flexible topology and routing of data. 1.1.1
Introduction to IETF Group The ability of unique addressing and routing of data in the network layer guarantees that innumerable devices will be integrated seamlessly into a single collaborative network [11]. The Internet Engineering Task Force (IETF) group has an indispensable role in the evolution of IoT with the contribution of the 6LoWPAN standard established based on the forwarded IPv6 traffic and ensuring unique addressing of each device connected to the network. It has been evaluated by authors in [12] to determine the IoT challenges. The 6LoWPAN standard was aimed at coping with the datagram of IPv6 while transmitting over IEEE 802.15.4 standard protocol for WPAN. However, IPv6 usability was bounded because of the low bandwidth and low power. Also, Low-Power and Lossy
2
Networks (LNN) is considered as one of the backbone of the IoT for interconnected IoT devices (nodes). These nodes are constrained in terms of underlying communication systems such as low data rates, high packet loss and dynamic change of network topologies, link outage, etc. and resources such as processing, memory and energy, etc. However, 6LoWPAN standard with LNN has a challenge with its routing feature due to many reasons that make the development of efficient routing for LNN more sophisticated such as nodes with low battery life, low processing, and frequent change of mesh topologies due to mobility. IETF group have concluded that the conventional ad hoc protocol such as Ad-Hoc on-Demand Distance Vector (AODV) [13], Open Shortest Path First (OSPF) [14], Intermediate System to Intermediate System (IS-IS) [15] and Optimized Link State Routing (OLSR) [16] have efficiency issue to satisfy the requirements of unique routing for LNNs. Moreover, an abundance of routing mechanisms has suggested solving the routing issue in LNN like for example, Collection Tree Protocol (CTP) [17] and Hydro [18]. Accordingly, the IETF group developed a Routing Protocol for LLN (RPL) over Low-Power and Lossy Networks (ROLL) working group in 2012 that supports the behavior of IPv6 and the mechanism of 6LoWPAN standard. It provides minimal routing requirements with a robust behavior topology in lossy networks. PRL has a separate group of processing packet and forward packet from the routing optimization, as to allow various application domains to use them [11, 19, 20]. 1.1.2
RPL Hierarchy The RPL is a distance-vector routing protocol that built its topology based on a Destination Oriented Directed Acyclic Graph (DODAG). It is designed to support the operation of multiple link-layer protocols including IEEE 802.15.4 Physical layer and MAC layer [21]. These link layers can be potentially lossy, constrained or used with highly constrained router devices. Further details about the distance-vector routing protocol are available in [22]. The RPL was designed and able to be extremely adaptive to the conditions of the network and to support alternative routes when default routes are not accessible at any time. It can opt the optimal routing path based on Objective Functions (OF) of the Directed Acyclic Graph (DAG) which determines the selection of neighbors and parent nodes [23, 24]. The DODAG is a DAG, which is a directed graph with no cycles, without outgoing edges, and with a single destination root. The DODAG is uniquely assigned with DODAG IP and RPL instance ID. The DODAG root is used to collect default routes to the Internet and distribute them into other routing protocols and establishing communication among nodes such as Point-to-Point (P2P), Multi Point-to-Point (MP2P) or Point-toMultiPoint (P2MP). Each node in the topology is assigned a rank value that defines the position of the node with respect to the DODAG root. The rank value is the distance from the root node and it is rigorously increasing in the lower direction and it is rigorously decreasing in the higher direction based on the Objective Function (OF) [24]. In addition, according to the specification of the RPL, each DODAG root node contains a version number. To revalidate the integrity of the DODAG root node and launch a global repair mechanism, a DODAG new version is formed by incrementing the version number that is determined by the root node only. The creation of the RPL network topology is maintained with five control messages, which are: 1. DODAG Information Object (DIO) allows the construction of upward routing in which other nodes (nonroot/sink nodes) can discover the root node (RPL instance) and join it as their parent node. 2. DODAG Information Solicitation (DIS) allows the construction of downward routing for soliciting DIO from RPL node and for neighbor node discovery. 3. Destination Advertisement Object (DAO) that allows broadcasting destination information up along DODAG and allows a node to join as a child to DODAG root or DAO parent. 4. DAO Acknowledgement (DAO-ACK) that is a unicast acknowledgment packet message sent by DAO recipient as a response of the DAO message. 5. Consistency Check (CC) that is used to check the count of secure messages and issue challenge-response messages for security. All those messages belong to the RPL control message which is described as an Internet Control Message Protocol Version 6(ICMPv6) information message type with value 155 [25]. Figure 1 depicts the formation of the DODAG graph that contains the control messages with multiple RPL instances. In addition, the DODAG version number is associated with each DIO message and related to the network. Hence, when the version numbers are incremented by DODAG root, then the RPL network nodes check the version number in every incoming DIO message to find the global repair operation. Then, it can exchange control messages of the RPL and establish a new DODAG version number root.
3
Figure 1: The Formation of RPL DODAG [26]. 1.2
RPL Security Researchers have identified plenty of challenges in terms of information security transmitted within the smart cities network in IoT. Routing and addressing packets between devices in IoT are significant issues due to the need of making unified protocols/mechanisms for routing packets from the source node and transmitting across diverse network topologies to reach the destination node [11]. This field suffers from potential threats and security issues of the routed data among nodes and have great significance because it is associated with the life of users [3]. Song et al. in [27-32] elaborated and discussed the concepts and principles of IoT based smart cities and its associated applications with vulnerabilities and attacks related to it. Protecting the security of RPL routing data in IoT is a challenge that is even more critical. Malicious nodes can execute their activities during the routing forwarding of the packets, which allow different types of attacks to happen in the routed data [33]. However, the standards of RPL protocols do not take into consideration the security of smart cities networks and the routing mechanisms do not provide security standards when the network is configured. Due to the billions of interconnected devices to the network, securing and protecting them from different forms of attacks and threats create a critical challenge. When these devices are vulnerable to attacks, then the users will feel that their data are insecure [33, 34]. The objective of this research is to present the severe consequences of the two different types of RPL attacks, which are rank attack and version number attack that can have on RPL networks. To analyze and compare the existing studies that can support RPL security and counter the effect of these attacks in terms of the security techniques used and in terms of their performance. To criticize the shortcomings in the available solutions proposed by the existing studies. To propose some future solutions that can address the available shortcomings, improve the RPL security in the IoT networks by reducing the effects of these attacks. In addition, present some open issues that need more attention related to this research area. The paper is organized in a pattern such as: 1) Introduction that describes the RPL protocol in details. 2) Literature Review that describes the security attacks challenge of the RPL protocol security attacks which are rank attack and version number attack and explains the recent studies related to them. 3) Discussion that criticize the studies in the literature review section with focusing on finding the research gap in the reviewed studies. 3) Conclusion that wraps up the paper and highlights its keys. 2
Literature Review: Secure Routing RPL Challenges The section will present the RPL security attacks challenges and recent studies related to secure RPL routing protocol for smart cities network, which addresses these challenges. To hide the information of the user, several cryptography techniques for authentication purposes are used as a shield then it can make it difficult for unauthorized parties to access that information. The RPL protocols for their specifications use one type of encryption which is the symmetric encryption that is known as Advanced Encryption Standard (AES) with counter with cryptographic Block Ciphers-Message Authentication Code (Counter with CBC- MAC (CCM))-(AES/CCM). Since the same secret key is used in the symmetric encryption for exchange between nodes, then this gives the attacker an easy way to access the network. However, if the attackers get the secret keys by looking for any possible
4
available threats to hack and insert their nodes into the network, it will make it vulnerable to security attacks and compromise the nodes of the network. Then, the cryptography concept cannot safeguard the network [35, 36]. For example, all the nodes share the same secret key through the key management. Then in this way, it is vulnerable to attacks since disclosing the keys can affect the whole network and the attacker can access the network and pretend to be a normal node using that key and gain information with them, which jeopardizes the smart cities network. Hence, due to the possibility that an attacker can inject bogus data, the authentication feature in the RPL routing needs significant improving [37, 38]. 2.1
RPL Security Attacks Classification The ROLL provides a full understanding of the security features of the RPL. These security attacks are classified based on the security model, which includes Confidentiality, Integrity, Authentication, and Availability (C.I.A.A). However, available conventional mechanisms for wired security such as firewall is not applicable for RPL security due to its dynamic behavior and thus their nodes do not have boundaries that are well defined. Additionally, the cryptography mechanisms cannot be used to defend the security of the RPL routing due to the lack of centralized administration and node cooperation. Moreover, because the nodes devices in the network are nontamper resistant, then it becomes easier to expose the nodes and violate their cryptography. Hence, the compromised nodes can downgrade the RPL network performance because of the manipulation of the source code of them [39]. Furthermore, Figure 2 shows a taxonomy of RPL network attacks [40]. Security attacks against the RPL routing protocols are classified into three categories [35, 41]: 1. Attacks against resources, typically makes the nodes dispensable tasks to drain their resources. These attacks consume resources of the nodes such as storage, energy, and processing. Hence, the availability of the networked is affected by making the available links crowded and then affects the network lifetime, which can be shortened significantly. This kind of attack is classified into two sub-categories which are: a) Direct Attacks: in which the malicious node can degrade the network by generating an overload directly b) Indirect Attacks: in which other malicious nodes which result in a large number of traffic overhead will be generated might create a loop. 2. Attacks on Topology: Which harms the network topology and is classified into two sub-categories which are: a) Sub-Optimization Attacks: in which attackers degrade the performance of the network by decreasing its optimal paths. b) Isolating Attacks: in which the attackers isolate the nodes of the RPL network, which makes them unable to communicate with the parent node. 3. Attacks on Traffic: which concerns having an impact on the network traffic and is classified into two subcategories which are: a) Passive Attacks: in which the attackers produce eavesdropping activities such as analyzing the network traffic. b) Deception/Misappropriation attacks: in which the identity of the authorized node is seized, and its performance is over claimed. These attacks are used as the first step for other attacks.
5
Figure 2: A Taxonomy of RPL Network Attacks [40]. 2.2
RPL Rank Attack Based on the above classification of the RPL security attacks, the rank attack is one of the indirect attacks of the network resources category. Based on the rank calculation, the child nodes of the network topology must have the highest ranks. The rank attack with the regular network paths can make a loss of packet that is directly proportional to the attack. Based on the rank location of the neighbor node, the parent node always attracts the child node. That means a parent node is chosen for a particular child node to manage its quality of services and to send its data packet based on the node that has the lower rank [42]. The rank attack is the most destructive attack among others for RPL protocol because it produces other attacks such as a black hole, sinkhole, etc. A malicious node may manipulate the rank to downgrade the performance intentionally. For example, a rank can be decreased, and a malicious node can be falsely located closer to the parent node, then it can manipulate maliciously a massive amount of lowing packets through it. In rank attack, the malicious node advertises a fake rank location of the rank node in the control messages of the RPL or a fake route across the root node to deceive the close nodes so it can attract them to forward their packets through it [43]. The rank attack works by compromising the deeper ranks of child nodes in the RPL network topology. Then, a malicious node can modify the way in which the DIO messages are processed from neighboring nodes. Moreover, a worse rank of a random malicious node will be chosen as the preferred parent node during its operations, and as consequent, OF of the network topology cannot be achieved completely. In addition, unoptimized routing and more traffic will be created for all the data packets that go via the malicious node [39, 43, 44]. For example, as illustrated in Figure 3, a particular deeper rank of the child node is reduced, and to send a certain data packet to the root node, the neighbor nodes of the deeper child node should select it as the parent node. Moreover, once the data packet is forwarded from the neighbor nodes to the deeper child node, it will drop this packet. Therefore, this deeper child node is treated as a malicious node. Thus, the rank attack can be created by disrupting the path of the data delivery in the network topology. This affects the Packet Delivery Ratio (PDR) of the network by dropping data packets at the intermediate level of the malicious nodes.
6
Figure 3: Example of the Rank Attack [42]. Another form of rank attack is when the attacker advertises to the neighboring nodes a better routing metric, but it is a fake routing to deceive flows of the network to transmit through it. In addition, based on the attacker’s location, the network may suffer from seriously increased latency and decreased throughput [43]. There are many impacts of the rank attack that are shown in [45, 46] as the following: 1) un-optimized formation of the path. 2) No recognition of the loop formation. 3) The optimized route never used in the RPL network topology. 4) The packet delivery ratio is decreased with a small modification in end-to-end delay as the number of attackers increase. And 5) the number of DIO messages increases as the network topology changes rapidly. Hence, the rank attack impacts some of the constrained properties of the network such as Latency, Throughput, Data Rate and Energy Consumption [42]. The PRL protocols security is a great issue that should be taken into consideration because the routed data have not to be accessed/leaked by any unauthorized member of the network such as an attacker or any third party [47]. The sub-section RPL Rank Attack Countermeasures will describe the countermeasures to detect the RPL rank attack. RPL Rank Attack Countermeasures A comprehensive analysis of different security RPL attacks including rank attack and other different types of attacks was made by authors in [48]. Through the simulation study, they studied the performance impacts of these attacks such as packet delivery ratio, end-to-end delay, and control message overhead. They simulated two scenarios; one is a malicious scenario that malicious nodes with the same location to remove the effect of location attack. While the second is the normal scenario that is with no attacks to compare the performance of standardized simulation results with the performance of malicious scenarios to reveal the impact of the attacks. The simulation results for the rank attack are shown in Figures 4, 5 and 6. Figure 4 shows that the increasing number of rank attacks (from 8 to 10) decreases the delivery ratio steadily to 60% down. This allows the nodes to change preferred parents of them more frequently which makes the network topology to be unstable and unable to make optimize routes.
7
Figure 4: Comparison of the Effect of Number of Attackers and Packet Delivery Ratio among Several Attacks [48]. Figure 5 shows that the increasing number of rank attacks can slightly increase the end-to-end delay by 15% (up to 1 second). This is due to the longer path (un-optimized path) toward the root node that is created by the rank attack.
Figure 5: Comparison of the Effect of Number of Attackers and End to End Delay among Several Attacks [48]. Figure 6 shows that the increasing number of rank attacks can gain more control overhead in the network. It can be noticed that the control overhead increases to be 1100 message generated (200% gained) when the number of rank attacks increases more than 6. Therefore, the authors suggested in their study that the results of the simulation can be used to train the Intrusion Detection System (IDS) to detect such attacks by discovering any ambiguous RPL performance.
8
Figure 6: Comparison of the Effect of Number of Attackers and Control Message Overhead among Several Attacks [48]. Le et al. [49] analyzed the different rank attacks threats that downgrade the RPL network performance. Also, they studied the impact of these attacks on the RPL network performance when they are simulated on different locations in the network. They created four rank attacks scenarios which are: 1) RA I, that has a permanent DIO information update, 2) RA II that has a permanent DIO information with no update, 3) RA III that has nonpermanent DIO information with an update and RA IV that has non-permanent DIO information with no update. The simulation results shown that 1) the delivery ratio performance has a greater impact in the RA III and RA IV comparing with RA I and RA II and this is due to the much control packets of DIO messages that are created, which make the topology to change more frequently. In addition, RA II affects End-to-End delay more than RA IV because of increased usage of un-optimized routes silently as they disable the routing updated. 2) The forwarding load of a node has a strong correlation with the impact of an attack initiated around the node. 3) There is no technique to observe the parent nodes behaviors. Therefore, the nodes have to track the un-optimized routes of malicious parents. 4) Intentionally, the rank attack can be used to launch attack against specific parameters the network performance such as DIO messages control overhead, packet delivery ratio and average end-to-end delay. 5) Severe damage of the network performance can be created by the cooperation of multiple attacks if they are in the same positions. The study in [50] investigated the vulnerabilities that may occur in the RPL rank property by using a state transition diagram to design an attack graph and implement the possible threats and their impact related to the RPL’s rank property. Based on the analysis, the attack graph was presented exploring different types of internal attacks that lead to rank property misappropriation and influence the network performance, resource and the network topology. Based on the simulation results of the decreased rank attack with selective forwarding attack, they observed that: 1) the RPL network topology changes lead to the increase of Expected Transmission Count (ETX) of the affected nodes and network sub-optimization. 2) The traffic convergence towards a specific node leads to disruption of the traffic. 3) The power consumption of the malicious node increases, still, it is not a huge impact on the average power consumption of the 4) Transmit and listen duty cycle of the attacker node is doubled for most of the DODAG nodes. 5) The attacker node’s beacon interval is less too. They concluded from the observations that the decreased rank attack leads to sub-optimization in the network, traffic compromise and isolations of the network. Table 1 shows the summary of the simulated results of the effect of these attacks in which they have a huge effect on the network performance of IoT.
9
Attack Type
Increased Rank Attack Decreased Rank Attack Decreased Rank Attack with Selective Forwarding Worst Parent Attack
Table 1: Effect of Rank Attack on the Network Performance [50]. No of Average Average ETX Packet Loss Control Power Beacon Messages Consumption Interval Increases Increases Decreases -
Instigate Other Attacks Yes
-
-
-
Increases
Minimal
Yes
-
-
-
Increases
Huge
Yes
-
-
-
Increases
-
No
A rank attack using Objective Function (OF) is introduced in [51]. In this study, the attacker multicasts a fake routing metric of rank that increases the risk of the attack. The neighboring nodes are force easily and maliciously to create routing paths to route their data via the malicious node to deceive more flows in the network. The RPL nodes use the Objective Function (OF) to select the forwarding nodes a defined routing metric. They considered a simple rank calculation recommended by in Request for Comments (RFC) [52] that is based on OF for the route selection, it allows the nodes to choose the Expected Transmission Count (ETX) as a routing metric. For the RAOF to be launched successfully, the routing metric broadcasted by the parent node must be corrupted by the malicious node so the neighboring nodes OF advocated the malicious node. They used ETX formula in their work as a basic routing metric to allow the nodes to transmit data from source to destinations, and further details about the formula can be found in [53]. The simulation analysis of their work shown that RAOF can enforce the malicious node's neighbors to opt the malicious node as their forwarding node easily and that makes the data flow to be converged at the attacking node. Furthermore, the attack can reduce the delivery ratio at about 30% to 70% depending on the malicious node’s location in the RPL network. Authors of [44] discussed the effect of the rank attack in the node that is associated with a spoofed IP address on routing data that spreads the wrong rank of the victim node causing the rank attack with spoofed IP. The malicious node spoofs the IP address of the victim node and rank attack is initiated by sending wrong DIO messages to other nodes in the network with the wrong rank which is hard to detect. The complete procedure is separated into two stages which are the first preparation stage of the forged message and second phase in the forwarding these messages with the wrong rank to other neighbor nodes in the RPL network. The network performance results of the simulations shown that: 1) the rank with spoofed IP attack has a major effect on the performance of packet delivery ratio (reduced to 86.52%) comparing with the performance of delivery ratio in rank attack (92.84%). Whereas in the normal condition of the RPL network is 97.76%. 2) for both attacks, the average end-to-end delay is approximately 7612 ms which is higher than the normal condition of the RPL network that is 6512 ms and the worst impact is by nodes 23, 18 and nodes 9, 15 respectively. 3) the attacker can roughly destroy the performance of the RPL network, especially when these attacks are put in the correct position which is a region of high forwarding load. The sub-sections will describe RPL Rank Attack Countermeasures Classification to classify the RPL rank attack detection methods.
RPL Rank Attack Countermeasures Classification The countermeasures to detect the rank attacks can be classified into two categories, which are: modification techniques and Intrusion Detection Systems (IDS). The modification techniques can add or modify the RPL standards and it is used for a limited number of attacks, while IDS needs collaboration among nodes and is used to mitigate and detect multiple types of attacks [54].
10
a) Countermeasures Based RPL Rank Attack Mitigation Techniques The secure-RPL (SPRL) proposed by authors in [55] is a secure routing protocol based on RPL. It is to block a rank value manipulation of rank value by introducing the concept of rank threshold and mechanism of hash chain authentication to limit the average of decreasing or increasing rank value. The scheme blocks the malicious nodes from better reposition of itself in the DODAG of the RPL network do internal attacks and deplete network resources by illegally exploiting the feature of rank value modification. To mitigate the effect of the attack, the proposed protocol is monitoring how many times the rank values of nodes in the RPL network are increasing by enforcing the threshold function. By taking over the threshold functions, the protocol will protect the RPL network against several rank modifications attacks by making any node that exceeds these thresholds to be overwritten. In addition, verification and authentication concepts are introduced to offer a higher degree of safety. Each node in the network will be assigned a rank threshold through strict authentication measures. The network performance results shown that the protocol is very efficient in safeguarding the RPL network, but it is not immediate for some type of attacks. However, the thresholds act against all types of nodes are either malicious nodes or non-malicious nodes, which cause additional overhead. To mitigate the overhead occurred in [55], a Time-Based Trust-Aware PRL (SecTrust-RPL) routing protocol for IoT networks proposed by Airehrour et al. in [56] to provide secure protection against two types of attacks which are rank attack and Sybil attack. It detects and isolates these attacks while optimizes network performance. Every node in the framework computes the trustworthiness based on direct trust value and recommended trust value for its neighboring nodes. The neighboring nodes with greater values of trust are selected for secure routing while the neighboring nodes with lower values of trust are considered as either malicious nodes or selfish nodes that attempt to save their resources. The concept of the system is working by allowing the trusted nodes to be broadcasted throughout the network in which: 1) effective communication is safeguarded amongst trusted nodes only, and 2) the broadcast of trustworthy information is ensured only to the neighbor nodes in the network. The system guarantees this feature through the validation of the nature trust of each forwarding node and by securing the transmission of the source path of the data with a rank of the best trust formation which is provided to enhance the performance of routing nodes. The SecTrust system is implemented using the Cooja simulator based Contiki OS. The average rate of the packet loss of the SecTrust-RPL was between 22-23% while it was higher in the RPL Minimum Rank with Hysteresis Objective Function (RPL MRHOF) (60-100%). Hence, the SecTrust-RPL provides a better safeguard against the rank attacks. But the system does not take into consideration the uncertainty of recommendations. b) Countermeasures Based Intrusion Based Systems (IDS) A Specification-Based Intrusion Detection System (IDS) designed by authors in [57]. They introduced two types of attacks that disrupt and break the network topology and its protocol operations, which are rank attack and local repair attack. The system consists of Finite State Machine (FSM) transitions for early detection of attacks in each monitoring node. During the monitoring architecture, Monitor Nodes (MN) are created. The MN will create an entry table for its neighboring nodes for storing monitoring data that includes object ID and it's rank, preferred parent node and it's rank and number of topology changes during a period. It is working based on decision support that is when the MN detects that any node is working maliciously, but it cannot decide whether if it is a normal node or it is an attack. Then, it can request other MNs to gather further information about that node for investigation. The rank attack is detected by making the MN to cover the malicious node with a lower rank. However, due to the change between the real rank and fake rank in the malicious node, the MN will detect this change and suspect its action. The MNs will start the cross-checking of its information to detect the real attacks. But the system has a drawback in defining illegal and allowable nodes behaviors and it is costly for some functionalities that depend on system resources. A secure parent node selection scheme proposed in [58] in which the child nodes choose a legitimate node as their parent node by employing the threshold. In addition, if multiple parent nodes exist, they exclude a good candidate. Each node based on the threshold between the maximum and average rank judges a rank value advertised by the neighbor node. Moreover, if the value is too low, then each node opts its parent node excluding the nodes with too low-rank value. Hence, each node in the network topology avoids choosing malicious nodes as its parent node and even avoids forwarding packets to these nodes. They evaluated the scheme using the Cooja simulator based Contiki OS. Comparing with the conventional RPL scheme, the results showed that the scheme is effective in reducing the number of child nodes linked to malicious nodes and it can mitigate 95% of the rank attack. Nevertheless, the proposed scheme can slightly increase the convergence time.
11
A hybrid specification based-Intrusion Detection System (IDS) is designed by Althubaity et al. [43] that is Authentication Rank and Routing Metric (ARM) which is based on centralized module (the sink node) and distributed module (other nodes). It aims to preserve the RPL routing topology in the network of IP6 Time-Slotted Channel Hopping (6TiSCH) against DIO messages manipulations that launch the rank attack, Rank Attack based on Objective Function (RAOF) or both. The monitoring architecture reduces the number of messages exchanged between the sink and other nodes to verify the information in the RPL control messages during the construction of the routing data. It can minimize the memory and communication overheads in all nodes by running only with limited resources of computation and memory and enhance the efficiency of detecting the different forms of rank attacks. The centralized modules of the sink node analyze the DIO messages and participate in decision making, whilst the distributed modules of the nodes report the sink node about any changes that may happen to the destination nodes, send a verification request to sink node of the received DIO messages, and wait for responses to make appropriate decisions. For the detection efficiency, the A results of the evaluation of the ARM approach consistently has better performance comparing with the original RPL IDS approach. It is shown that the ARM can protect the RPL successfully with a high accuracy rate with almost no extra overhead comparing with the IDSs RPL original approach. A Sink-based Intrusion Detection System (SBDS) was presented by the researcher in [59] to detect the rank attack in RPL networks. Every node in the network in non- storing mode broadcasts their ID, preferred parent ID, and rank in control DAO message after they are encrypted with a key and shared between the sink and the node to avoid the violation of integrity. They are decrypted after passing the control DAO message from nodes to the sink. Each control DAO message will be assigned with a timespan that shows the freshness of the control message. The Node Current Rank (NCR) will be compared to the Node Parent Rank (NPR) rule of rank violating as described in [60]. If a node is at Ti rank less than at Ti-1 rank, then it is checked as either it is a malicious node or it is due to mobility. Also, a minimum rank is checked among its siblings and the parent switching threshold is deducted, then the node’s rank at Ti is compared and if it is less, then it is probably a malicious node. The results of the simulation analysis for the network performance shown that the system is effective for identifying and detecting the rank attack and it has less computation overhead because all the processes of the detection have happened at the sink and also it provides high accuracy of detection rate. 2.3
RPL Version Number Attack Another type of attack based on the indirect attacks of the attacks against the resources category is the version number attack. As there are no RPL mechanisms that guarantee the version number can be only changed by the DODAG root. The version number can be changed by the malicious nodes too as they can enforce the RPL network to set up the DODAG from the beginning. This is called a DODAG Version Number attack [61]. In DODAG version number attack, a malicious node can illegitimately change and increase the DODAG version number of the root node when the corresponding DIO message is forwarded to its neighbors. Once the neighbor nodes receive the increased version number in the DIO message, the formation of the new DODAG tree is started as shown in Figure 7 [62]. The malicious node can modify the version number of the DOI messages and transmit the modified version number to its neighboring nodes in order to disrupt the network. Once the neighboring nodes receive the DIO messages with the new malicious version number, the trickle timer of the nodes is reset. Then, they will broadcast frequent DIO messages and they will transmit an updated version of the DIO messages to all nodes [36, 41, 63, 64]. Version number manipulation in the DIO message can inefficiently rebuild and establish a new unoptimized RPL network topology with routing loops. Moreover, because the root node did not initiate the rebuilt DODAG topology, thus makes the network topology to be cyclic, which means there will be an occurrence of loops. This can cause increased network overhead, network availability issues, depletion in energy resources and loops in the routing network topology. The significant impacts of the attack are that the control overhead of the network is increasing 18 times, availability issues of the node communication channel; disrupt network operations, routing loops, shortened network lifetime and energy consumption of the nodes. Also, the data packets delivery ratio is reduced by up 30%, unnecessary RPL control messages, loss of data packets and end-to-end delay in the network is doubled [36, 41, 45, 63, 64]. The version number attack is considered to be as a serious Denial of Service (DoS) attack as it is validated by several studies in [54, 65-68]. The DoS can degrade the quality of services in the network, and it can make redundancy of large number of control messages, which leads to huge control traffic in the network and exhaust node resources. However, DoS is not of our scope, in which we are mainly focus on rank attack and version number attack.
12
Figure 7: Example of Version Number Attack [62]. The sub-section RPL Version Number Attack Countermeasures will describe the countermeasures to detect the RPL version number attack. RPL Version Number Attack Countermeasures The researchers in [69] studied and analyzed the version number attacks deeply. They investigated the version number attack under the mobility feature with a probabilistic attacker model. Then they analyzed how this attack influences the node power consumption and shown that the battery of the node can be drained severely by the attack. The result of the simulation show that the packet delivery ratio and the control message overhead are highly correlated to the attacker’s location. On the other hand, the average end-to-end delay and the power consumption of the node are not influenced by the attacker’s location and the success of the attack. The results of the simulation for mobility shown that mobile attackers have approximately the same harmful impacts on the networks as the nodes are far away from the root node. Therefore, if the malicious node is placed in the mobile network by the attacker, then this can drain the resources and the lifetime of the network. The sub-section will describe RPL Rank Attack Countermeasures Classification to classify the RPL version number attack detection methods.
RPL Version Number Attack Countermeasures Classification The countermeasures to detect the version number attacks can be classified into two categories, which are: mitigation techniques and Intrusion Detection Systems (IDS). The modification techniques can add or modify the RPL standards and it is used for a limited number of attacks, while IDS needs collaboration among nodes and is used to mitigate and detect multiple types of attacks [54]. a) Countermeasures Based RPL Version Number Attack Mitigation Techniques Authors in [70] proposed a scheme for a rank and version number authentication security based on one-way hash chains called VeRA The hash chains link the version numbers with signatures and authentication data (MAC codes). Their proposed scheme provides better safeguards against some attackers that are internal attacks, which can send DIO control messages with greater values of version numbers or broadcast a higher rank value. Each node checks if the version number of other nodes are updated by the root or not and if the parent’s rank is monotonically increasing. The version number attack allows the attacker to impersonate the DODAG root and begins rebuilding the routing topology. On the other hand, the rank attack imposes a portion of the network to connect to the DODAG root through the attacker. Consequently, making the attacker manipulate and eavesdrop part of the traffic of the
13
network. The data security can validate DIO messages of the intermediate nodes that contain new rank values and version numbers. Their evaluation showed that the overhead of the time is sufficiently small. Perrey et al. [71] proposed Trust Anchor Interconnection Loop (TRAIL) scheme to fix the drawbacks in [70] by analyzing the message rank authentication incompleteness. The scheme enhances the work in [70] by introducing a repair to it and discovering and isolating the malicious nodes that attack the hierarchy of the RPL routing. A digital signature-based scheme is proposed. The sink node in the scheme acts as a trust anchor and when the consistency of the ranks are needed to be verified by a node in the upward path, an attestation message is requested to be sent to the sink node. Each forwarded node must accomplish rank validation to check and drop violated ranks. The violated ranks can be detected after the creation of routes only; then the nodes may still send data packets to the intruder. The above mechanisms used to mitigate the version number attack afford high overhead in addition to the failure to address this kind of attack. Hence, to defend securely against version number attack, the authors of [72] proposed a cooperative, distributed verification mechanism with an effective overhead of low control, high reliability, and increase the rate of malicious node detection, whilst protecting the integrity of RPL operations. The mechanism contains two phases: 1) checking step: when a DIO message with increased DODAG version number is received by a node from its neighbors, the node checks and compares DODAG version number in the DIO message whether it is higher than the DODAG version number in the original node. Then, if it is higher, the receiving node verifies the identity of the neighbors by the cooperative verification procedure to decide whether the neighbor is a malicious node or not and 2) verification step: the verification node efficiently gains a current DODAD version number from two-hop neighboring nodes. The results of the simulation shown that the mechanism is reliable and the control overhead is reduced significantly. The impact of 10% malicious node of the rate of packet delivery drops dramatically since the malicious node blocks the data packet to reach the destination. Conversely, the mechanism can reduce the impact of the attack effectively as the performance of the mechanism is well in the occurrence of the malicious node. The control message overhead is greatly lower in the proposed mechanism with malicious nodes of 10% than the RPL. Besides, it is shown that the proposed mechanism is better in the packet delivery ratio that the RPL in the occurrence of malicious node because the malicious node can be detected by verifying the suspicious node more correctly. The authors in [73] proposed a lightweight approach to provide non-repudiation, message unforgeability and to mitigate the impact of the version number attack, rank spoofing and rank replay attacks and it is based on the signature scheme of [74]. The approach is based on the Identity Based Offline/Online Signature (IBOOS) scheme that is used in [75] in which the signature process is separated into the offline phase and the online phase. The scheme is suitable for environments with resource constraints devices because it provides low energy consumption and computational time. A scheme is a decentralized approach in which the signature size is independent on the network size. The scheme is scalable as every node in the network performs an independent fixed algorithm that does not store the state information of the nodes. The scheme performance is evaluated in terms of computational cost, signature size, offline storage, private key size, energy consumption, and security. The results of the evaluation shown that the scheme is lightweight and compatible with devices of constrained resources. Furthermore, the scheme does not need a public key authenticity verification by a certificate, which makes it more appropriate for the IoT environment. The researchers in [76] presented lightweight techniques for version number attack that take into consideration the legitimate update of version number. While they provide significant network performance which allows the administrators of the network to the trade-off between the mitigation performance and resource overhead. The first technique is the elimination technique that eliminates the malicious update effects of the version number, which might occur from the strongest attacking location (using the rank information) in the network. It accepts only the updates of the version number that directed from the root node to the leaf nodes. The second technique is the shield technique that utilizes the trust mechanism in which the version number is changed if most of the neighboring nodes with better rank closer to the root node require a change. Hence, the information of version number update coming from the directed root node to the leaf nodes are not trusted enough and further information update is predicated. The network performance results of the simulation shown that the detrimental impact of the version number attack is possible to mitigate using the proposed techniques. The Elimination technique requires only a small amount of ROM space, which provides a simple mitigation performance. While the Shield technique has better resource requirements that provide the best mitigation performance. Therefore, a trade-off exists between resource requirements and mitigation performance.
14
b) Countermeasures Based Intrusion Based Systems (IDS) Mayzaud et al. [77] that extended their work in [78] and proposed a solution to detect the version number attack and identify of the malicious nodes that are based on a distributed monitoring architecture in the RPL routing protocol networks. The architecture performs detection and monitoring operations based on two types of participated nodes, which are monitored nodes (regular nodes) and monitoring nodes, which performs the detection operation. The monitored nodes are highly constrained devices and the monitoring nodes are devices with higher order. The monitoring nodes compose a monitoring network, which is a second routing topology to maintain the resources of the monitored nodes. To identify malicious nodes and detect the attack, the location and detection algorithms were proposed. The local assessment algorithm proposed to be applied on the monitoring nodes to notify the root node whom sent the incremented version number in their neighbors. The other two algorithms are deployed on the root node, the distributed detection algorithm is to detect and collect information of the monitoring node into tables and the localization algorithm is to perform the identification of the attacker by analyzing the information that is collected previously. The network performance results of the evaluation shown that to detect a version number attack with satisfying performance, the False Positive Rate (FPR) can be reduced through the placement of strategic monitoring nodes. Moreover, to quantify the number of monitoring nodes with an acceptable FPR for a given topology size, an optimization problem that is adapted easily to various topologies were proposed for scalability consideration. Nevertheless, their architecture suffers from high computation and deployment costs. The literature review clarified that the security of RPL protocol has been widely studied due to a large number of threats in the IoT. Different types of routing RPL attacks have been studies and analyzed in [40], but few of them only gave considerable attention to the secure routing RPL mechanisms. A security vulnerability has been analyzed in LLNs [40] by IETF and they proposed general countermeasures against these vulnerabilities. Studies in [42, 7997] proposed various countermeasures against RPL topological attacks. The rank attack and version number attack challenges need to be handled due to the obstacles in securing and detecting both attacks with efficient performance in the PRL routing protocols in smart cities based IoT environment. The proposed effective countermeasures can mitigate the effects of these attacks, but still, they suffer from some shortcomings that need to be addressed. Table 2 provides a critical comparative review of the previously mentioned studies based on several criteria. Table 2: A Critical Comparative Review of the Mentioned Studies. Study/ Criteria RAOF [51]
Detected Attack Rank attack using the objective function.
Isolation of Attack No
Rank Attack with Spoofed IP [44]
Rank attack with spoofed IP.
No
SRPL [55]
Rank attack
No
Overhead Network performance: Control overhead increases with respect to time. End to End Delay: increased up to 50% delay Packet Delivery ratio: decreased by 30% to 57%. Network Performance: End-to-End delay: approximately 7612 ms. Average packet delivery ratio: 86.52%. Network performance: Packet delivery ratio: for the single attacker; decreased 0.97 to 0.26, for multiple attackers; deceased from 0.83 to 0.42. Control overhead: 1330 for DIO and 220 DAO.
15
Mobility Support No
Future Work
No
-
YesThrough the periodic update of the initial thresholds and their correspondin
Highlighting other types of attacks. Improving the performance of the SRPL.
-
Resource Requirements: Energy resources: decreased from 0.93 mW to 2.3 mW. Network Performance Packet loss rate: on average between 22%-23%.
g hash values.
SecTrustRPL [56]
Rank attack and Sybil attack.
Yes
Specificatio n-Based IDS [57]
Rank attack and Local repair attack Rank attack
No
Reasonable overhead comes from the setup phase once only.
No
No
95% of the rank attack was mitigated
No
Rank attack or Rank attack using the objective function.
No
No
Considering mobility. Considering other issues related to rank.
SBIDS [59]
Rank attack.
No
Resource Requirements: Memory overhead: ARM needs extra RAM overhead of 22 Bytes. Energy overhead: increases with the number of an increasing number of nodes. Communication Metrics: The total number of the transmitted control DIO messages is the lowest in comparison with original RPL and the original IDS. Resource Requirements: Average power consumption: 1.8 mW.
Yes
Enhancing the algorithm with more rank routing metrics. Adding lightweight cryptographic solution to the rank attack detection.
VeRA [70]
Rank attack and Version number attack.
No
Estimated time overhead of version number attack in root: ( ) Estimated time overhead of version number attack in intermediate:
No
Deploying the scheme in RPL implementation and wireless sensor networks.
Secure Parent Node Selection Scheme [58] ARM [43]
( (
)
)
Estimated time overhead of rank attack in root: ( ( ) ) Estimated time overhead of rank attack in intermediate: ) (( ( ) )
16
No
Enhance the Improve the incorporation of trusted nodes with the RPL network that has recovered their battery. Solving other types of attacks. Inspecting and installing of pre-trusted nodes and their batter record maintenance. System implementation and analysis. Improving the FSM with more robust IDS. -
TRAIL [71]
Rank chain forgery attack and rank replay attack.
Yes
Distributed and Cooperative Verification Mechanism [72]
Version number attack.
No
Lightweight Defense Approach [73]
Version number attack, Rank spoofing attack and Rank replay attack.
No
Lightweight Mitigation Techniques [76]
Version number attack
No
Distributed Monitoring Strategy [77]
Version number attack.
No
Network performance: Control overhead: the average size of messages is 204.6 for 1365 number of nodes. Convergence time is 65 for node 17 of rank 8. Network Performance: Packet delivery rate: reduced from 99 to 90 with 25% of malicious nodes. Control overhead: 500 to 1100 with 25% malicious nodes.
No
Optimizing the algorithms to reduce the dependency on the network sizes. Applying the approach to other routing protocols.
No
Modifying the verification approach to apply it on colluding malicious nodes and measuring its performance.
Computation time at root node: ~0 Energy Consumption at root node: 5.044 mj. Computation time at other nodes: 5.23 sec Energy Consumption at other nodes: 132.426 mj. Communication overhead: negligible. Network performance: Average delay: decreased to 87%. Control overhead: decreased to 71%. Packet delivery ratio: increased to 86% Resource Requirements: Average power consumption: decreased to 63%. RAM and ROM requirements: RAM = 15492 bytes, ROM= 95484 bytes.
No
-
Yes, by allowing the node to perform remove or addition of nodes on the table according to the updated rank information.
Analysis of multiple version number attacks. Analyzing of a hybrid mitigation performance. Considering the mobility of the nodes.
-
No
Performing complementary experiments. Evaluating their solution to attacker collation. Enhancing their solution to address other types of attacks.
3
Discussion The major outcome of this section is to grasp the challenges and the current studies for detecting the rank attack and version number attack in RPL routing protocols with some shortcomings that need further studies. RPL routing protocols enable effective use of smart devices, resources, build flexible topology and data routing. Secure routing protocols for IoT large smart cities networks is a challenging issue due to the characteristics that are inherited which differ this network from other networks. In recent years, considerable efforts have been made to design secure routing protocols for IoT devices. However, they all depend on conventional cryptographic functions, which drain devices' resources and drastically affect the performance of constrained devices used in IoT
17
applications. They are risky to a large number of different security attacks. The PRL characteristics such as lack of infrastructure, unreliable links, resource constraints, limited physical security, and dynamic topology make them susceptible and hard to safeguard against attacks. 3.1
Shortcomings of RPL Security Attacks Countermeasures The countermeasures for detecting rank attack have some shortcomings: The work SRPL in [55] has high computation overhead for constrained devices due to the usage of cryptography with hash chain authentication. In addition, nodes are susceptible to insider attacks that boost Selective forwarding and Blackhole attacks. Both works SecTrust-RPL [56] and SBIDS [59] lack of lightweight solutions and do not provide confidentiality and network performance evaluation. The work Specification-Based IDS in [57] lacks verification, evaluation, and implementation. It is costly in terms of system resources. In addition, there is a trade-off between complexity and performance. The works called Secure Parent Node Selection Scheme [58], ARM [43] and SBIDS [59] lack evaluation of network performance. The mitigation methods for detecting version number attack have some shortcomings: The work VeRA [70] lacks implementation and evaluation of network performance and resource requirements. It requires high control message overhead due to the usage of digital signature and MAC operations. The work TRAIL [71] allows each parent node to detect malicious nodes after reconstruction of the route so a child node elects a malicious node as its parent since a child node is unable to decide whether its parent node is a malicious node. The mechanism efficiency deeply depends on the size of the network, the RPL root trustworthiness, and the chosen digital signature scheme efficiency. In addition, it does not consider the evaluation of resource requirements. The work Distributed and Cooperative Verification Mechanism [72] does not consider the colluding malicious nodes, which have an effect on the total performance of the network. Also, it does not consider the evaluation of resource requirements. The work Lightweight Defense Approach [73] has quantitative evaluation only and it has long computation time and extra space overhead requires to store the signatures. In addition, it does not consider the evaluation of network performance. The work Lightweight Mitigation Techniques [76] does not consider the situation of multiple attacks. Moreover, it does not support the isolation of the malicious nodes in the network. The work Distributed Monitoring Strategy [77] does not consider multiple attacks in which multiple malicious nodes are involved in the network at the same time. And it lacks evaluation for communication overhead, energy consumption overhead, and memory requirements. 3.2
Performance Comparison Based on the critical review in Table 2, we can conclude that the best work is the one that can provide high protect against attacks and provides efficient performance in terms of accuracy metrics including True Positive Rate (TPR), False Positive Rate (FPR) and Accuracy Rate (AR) for 15 number of nodes and random topology. TPR is the total number of legitimate node, which are not, influenced though detection method. FPR is the total number of attacks can be considered as a legitimate node after passing the detection method. It is the total number of attacks that are falsely identified as trust-worthy nodes. AR is the ratio of the correct detection of attacks to the ratio of the total detections and un-detections. Based on the critical review in Table 2, we can conclude that the best work is the one that can provide high accuracy detection against attacks and provides efficient performance in terms of accuracy metrics including True Positive Rate (TPR), False Positive Rate (FPR) and Accuracy Rate (AR) for 15 number of nodes and random topology. TPR is the total number of legitimate nodes, which are not, influenced though the detection method. FPR is the total number of attacks that can be considered as a legitimate node after passing the detection method. It is the total number of attacks that are falsely identified as trust-worthy nodes. AR is the ratio of the correct detection of attacks to the ratio of the total detections and un-detections. Figures 8 and 9 show comparisons between the performance accuracy metrics of rank attack detection methods and version number attack detection methods. From the comparison, it is concluded that the best method for detecting rank attack is SBID [59] because it can provide high protection and AR and it is the only method that can support mobility. Additionally, the countermeasures based IDS can provide better results than the mitigation techniques. While the best method for detecting version number attack is Distributed and Cooperative Verification Mechanism [72] because it provides high TPR but still the Lightweight Mitigation Techniques[76] can have lower FPR comparing others studies and it can provide elimination against attacks and mitigation to not trust any version update coming from nodes with better ranks. Moreover, it is observed that: 1) the number of nodes, 2) location of
18
malicious nodes and 3) the type of network topology can obviously have great impact on the network performance and detection accuracy.
Figure 8: Rank Attack Accuracy Metrics Comparison.
Figure 9: Version Number Attack Accuracy Metrics Comparison. By comparing the findings with existing reviews, we found that: the survey conducted in [54] investigated the most recent mitigation methods for PRL attacks and classified these methods based on mitigation techniques used. However, they didn't suggest or provide any proposed future solutions for challenges that are found in the mitigation methods. The review in [98] presented a comprehensive study of the current intrusion detection systems available for IoT systems. Existing systems have been analyzed in three aspects: privacy effects, computation overhead, and energy consumption. As well as it identified open issues and challenges for an effective, efficient and collaborative design of intrusion detection systems for resource-constrained devices in IoT. However, the authors did not focus on RPL security attacks and their mitigation methods. The paper in [99] presented a detailed review of the various studies developed to detect the rank attack. Nevertheless, the paper did not comprehensively reviewed the recent studies on the rank attack, it did not analyze the performance of the detection methods and it did not provide any future solutions. The work in [40] classified different attacks on RPL based on some categories, but only limited work addressed the security of the RPL and it did not compare their performance. The paper in [35]
19
described a taxonomy of RPL attacks and their countermeasures. Nevertheless, no protection is proposed against these attacks. The discussion can clarified that the security of RPL protocol has been widely studied due to a large number of threats to the IoT while RPL rank and version number attacks can have severe consequences on the RPL Network. Hence, there is a need for more research to address the stated security issues for IoT RPL routing protocols. Accordingly, we shall conduct more work to propose some of mitigation mechanisms for secure RPL protocol as future solutions such as: 1. Supporting multiple types of attacks at the same time in the RPL networks based IoT for smart cities. 2. Detecting and mitigating the effects of malicious nodes of rank attack and version number attack in RPL network. 3. Isolating these malicious nodes and alerting other normal nodes in RPL network. 4. Providing different types of network topologies to measure the effectiveness of the solutions for the attacks. 5. Supporting mobility of RPL nodes to consider RPL network performance under the effect of this feature. In Figure 10, we consider an attacker model in the RPL network topology using Cooja Simulator [100] with the rank and version number attacks malicious nodes that can assist in applying these proposed future solutions. In which the PRL network topology consists of one root node representing DODAG and multiple sink nodes representing sub-DODAG that are supporting smart cities, normal sensor nodes and malicious node of rank attacks and version number attacks. It is assumed that the root node and sink node cannot be compromised and the attacker can deploy malicious nodes only when the network gets stable [59]. The rank attack happens by which the parent node selection is based on the rank metrics. The node near to the root node has low rank. Thus, the parent node should have a low rank compared to its child nodes. The attacker node has passed with low rank so that many nodes intended to select that as their preferred parent node. Therefore, it may redirect the packets from the root node. On the other hand, the version attack happens by which the root node alone has the rule to change the version of DODOG. But alternatively, malicious nodes try to change the version number. An older value of the version advertised in DIO messages indicates that the node did not migrate to the new version of the DODAG. Such a node should not be considered a preferred parent node with other nodes. Accordingly, the global rebuild operation was held by the malicious nodes. The malicious nodes propagate their version number through DIO message, then nodes receiving a malicious DIO, with a new version number, reset their own trickle timer, update the version in their own records and advertise this new version through DIO messages to their neighbor nodes as well.
Figure 10: Attacker and Security Model in RPL Topology.
20
By applying these future solutions can help in the development of secure smart cities. They can minimize the risks associated with the smart cities security. In addition, they can provide high protection against these two types of attacks while increasing user’s trust and providing efficient and effective services. In addition, supporting mobility feature of RPL nodes while providing security can cope with some problems such as mobility cause by attached sensor nodes or mobility caused by water or wind. Hence, mobile nodes in RPL can cover large areas and communicate in more efficient manner. Moreover, we highlight some of the open issues, which need to be studied and further investigation and may assist researchers to conduct more studies to mitigate the RPL routing attacks such of these issues are: scalability of mitigation attacks methods. supporting of multi-stage attacks, multiple attacks in RPL networks, attacks in large scale PRL networks and unavailability of evaluation of accurate or real time data routed by RPL nodes. 4
Conclusion Researchers have identified plenty of challenges in terms of information security, data transmitted within the smart cities network in IoT. Routing and addressing packets between devices in IoT are significant issues due to the need of making unified protocols/mechanisms for routing packets from the source node and transmitting across diverse network topologies to reach the destination node. Malicious nodes can execute their activities during the routing forwarding of the packets, which allow different types of attacks to happen in the routed information. This research has elaborated on the current research literature, prospects and research gaps of RPL routing attacks focusing on rank attack and version number attack. It has concluded that the studies either did not provide solutions for smart cities or they have some shortcomings of security and performance requirements. The countermeasures of the rank attack and version number attack show that they built useful protocols for securing routing information to its destination with good efficiency. Nevertheless, at the same time, each of them has few weaknesses and they did not address the issues of both rank attack and version number attack. Based on the review, I found that the current research literature did not provide: 1) Most of them do not provide solutions for multiple attacks and especially rank attack and version number at the same time in the RPL networks based IoT for smart cities. 2) They do not support both detection and mitigation for both attacks, 3) Most of them provide only one type of network topology for measuring the effectiveness of their solution, while the attacks can be affected by the type of network topology. 4) Based on the comparison, overall most of them have lower network performance and detection accuracy. 5) Lacks the mobility of the RPL nodes support that is needed for the smart cities, which dynamically can change the nodes’ rank and the topology. Furthermore, this research has provided some future solutions that can address the available shortcomings and improve the RPL security in the smart cities networks by reducing the effects of these attacks. Moreover, highlighting the open issues, this review provides thoughtful background for academics and researchers to enthuse them to investigate the identified open issues in order to achieve and develop effective mitigation methods for detecting these type of attacks in RPL network based IoT. Hence, this research extravagant the need for a new secure RPL protocol to address the security challenges mentioned in this review. 5
Future Work For future work, we aim to extend this review research by proposing and implementing a new secure RPL routing protocol for IoT that will mainly focus in addressing both RPL rank and version number attacks. The scope of the future work will be limited to design and develop to provide a secure PRL protocol for smart cities networks. 6
Funding Sources This research did not receive any specific grant from funding agencies in the public, commercial, or not-forprofit sectors.
21
Declaration of interests
☒ The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
7 References [1] Z. A. Almusaylim and N. Zaman, "A review on smart home present state and challenges: linked to contextawareness internet of things (IoT)," Wireless Networks, Review Article vol. 25, no. 6, pp. 3193-3204, 2019. [2] M. Almulhim and N. Zaman, "Proposing secure and lightweight authentication scheme for IoT based Ehealth applications," presented at the 2018 20th International Conference on Advanced Communication Technology (ICACT), Chuncheon-si Gangwon-do, Korea (South), 11-14 Feb. 2018, 2018. [3] D. E. Kouicem, A. Bouabdallah, and H. Lakhlef, "Internet of things security: A top-down survey," Computer Networks, vol. 141, pp. 199-221, 2018. [4] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, "Internet of Things for Smart Cities," IEEE Internet of Things Journal, vol. 1, no. 1, pp. 22-32, 2014. [5] Z. A. Almusaylim, N. Zaman, and L. T. Jung, "Proposing A Data Privacy Aware Protocol for Roadside Accident Video Reporting Service Using 5G In Vehicular Cloud Networks Environment," presented at the 2018 4th International Conference on Computer and Information Sciences (ICCOINS), Kuala Lumpur, Malaysia, 13-14 August. 2018, 2018. [6] Z. A. Almusaylim and N. Z. Jhanjhi, "Comprehensive Review: Privacy Protection of User in LocationAware Services of Mobile Cloud Computing," Wireless Personal Communications, pp. 1-24, 2019. [7] H.-S. Kim, J. Ko, D. E. Culler, and J. Paek, "Challenging the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL): A Survey," IEEE Communications Surveys & Tutorials, vol. 19, no. 4, pp. 25022525, 2017. [8] E. Aljarrah, M. B. Yassein, and S. Aljawarneh, "Routing protocol of low-power and lossy network: Survey and open issues," presented at the 2016 International Conference on Engineering & MIS (ICEMIS), Agadir, Morocco, 22-24 September, 2016. [9] J. V. V. Sobral, J. Rodrigues, R. A. L. Rabelo, J. Al-Muhtadi, and V. Korotaev, "Routing Protocols for Low Power and Lossy Networks in Internet of Things Applications," Sensors (Basel), vol. 19, no. 9, p. 2144, May 9 2019. [10] H. Kharrufa, H. A. A. Al-Kashoash, and A. H. Kemp, "RPL-Based Routing Protocols in IoT Applications: A Review," (in English), IEEE Sensors Journal, vol. 19, no. 15, pp. 5952-5967, Aug 1 2019. [11] B. N. Silva, M. Khan, and K. Han, "Internet of Things: A Comprehensive Review of Enabling Technologies, Architecture, and Challenges," IETE Technical Review, Review Article vol. 35, no. 2, pp. 205-220, 2018. [12] Z. Sheng, S. Yang, Y. Yu, A. Vasilakos, J. McCann, and K. Leung, "A survey on the ietf protocol suite for the internet of things: standards, challenges, and opportunities," IEEE Wireless Communications, vol. 20, no. 6, pp. 91-98, 2013. [13] E. M. R. C.E. Perkins, "Ad-hoc on-demand distance vector routing," in Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications, New Orleans, LA, USA, USA, 1999: IEEE. [14] A. L. Dennis Ferguson, John Moy, "OSPF for IPv6," Request for Comments, p. 94Accessed on: December. doi: 10.17487/RFC5340 Available: https://rfc-editor.org/rfc/rfc5340.txt [15] O. David, "OSI IS-IS Intra-domain Routing Protocol," Request for Comments, p. 517Accessed on: February. doi: 10.17487/RFC1142 Available: https://rfc-editor.org/rfc/rfc1142.txt [16] P. J. Thomas Clausen, C´edric Adjih, Anis Laouiti, PascaleMinet, Paul Muhlethaler, Amir Qayyum, Laurent Viennot, "Optimized link state routing protocol (OLSR)," Request for Comments, p. 75Accessed on: October. doi: 10.17487/RFC3626 Available: https://rfc-editor.org/rfc/rfc3626.txt [17] R. F. Omprakash Gnawali, Kyle Jamieson, David Moss, Philip Levis, "Collection tree protocol," in SenSys '09 Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems, Berkeley, California, USA, 2009, pp. 1-14: ACM.
22
[18]
[19]
[20]
[21] [22]
[23]
[24]
[25]
[26]
[27]
[28] [29] [30] [31] [32] [33] [34] [35]
[36] [37]
[38]
[39]
A. T. Stephen Dawson-Haggerty, David Culler, "Hydro: A Hybrid Routing Protocol for Low-Power and Lossy Networks," in 2010 First IEEE International Conference on Smart Grid Communications, Gaithersburg, MD, USA, 2010: IEEE. K. Avijit and R. Chinnaiyan, "IOT for Smart Cities," International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), vol. 3, no. 4, pp. 1126-1139, 2018. B. Ghaleb et al., "A Survey of Limitations and Enhancements of the IPv6 Routing Protocol for Low-Power and Lossy Networks: A Focus on Core Operations," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1607-1635, 11 October 2019. IEEE Standard for Low-Rate Wireless Networks, 2016. D. Waitzman, C. Partridge, and S. Deering, "Distance Vector Multicast Routing Protocol," Request for Comments, p. 24Accessed on: November. doi: 10.17487/RFC1075 Available: https://rfceditor.org/rfc/rfc1075.txt G. Ma, X. Li, Q. Pei, and Z. Li, "A Security Routing Protocol for Internet of Things Based on RPL," presented at the 2017 International Conference on Networking and Network Applications (NaNA), Kathmandu, Nepal, 16-19 October, 2017. A. Parasuram, D. Culler, and R. Katz, "An Analysis of the RPL Routing Standard for Low Power and Lossy Networks," Master of Science, Electrical Engineering and Computer Sciences, University of California at Berkeley, UCB/EECS-2016-106, 2016. X. Liu, Z. Sheng, C. Yin, F. Ali, and D. Roggen, "Performance Analysis of Routing Protocol for Low Power and Lossy Networks (RPL) in Large Scale Networks," IEEE Internet of Things Journal, vol. 4, no. 6, pp. 2172-2185, 2017. R. Mehta and M.M.Parmar, "A Survey on Security Attacks and Countermeasures in RPL for Internet of Things," International Journal of Advance Research in Science and Engineering (IJARSE), vol. 7, no. 3, pp. 55-69, 2018. D. Jiang, P. Zhang, Z. Lv, and H. Song, "Energy-Efficient Multi-Constraint Routing Algorithm With Load Balancing for Smart City Applications," IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1437-1447, Dec. 2016 2016. Y. Sun, H. Song, A. J. Jara, and R. Bie, "Internet of Things and Big Data Analytics for Smart and Connected Communities," IEEE Access, vol. 4, pp. 766-773, 2016. H. Song, G. A. Fink, and S. Jeschke, Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications. Wiley-IEEE Press, 2017, p. 472. I. Butun, P. Osterberg, and H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures," IEEE Communications Surveys & Tutorials, pp. 1-1, 2019. H. Song, R. Srinivasan, T. Sookoor, and S. Jeschke, Smart Cities: Foundations, Principles, and Applications. Wiley, 2017, p. 912. Z. Lv, T. Yin, X. Zhang, H. Song, and G. Chen, "Virtual Reality Smart City Based on WebVRGIS," IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1015-1024, 2016. D. Airehrour, J. Gutierrez, and S. K. Ray, "Secure routing for internet of things: A survey," Journal of Network and Computer Applications, vol. 66, pp. 198-213, 2016. M. Humayun, M. Niazi, N. Z. Jhanjhi, M. Alshayeb, and S. Mahmood, "Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study," Arabian Journal for Science and Engineering, 2020. A. Kamble, V. S. Malemath, and D. Patil, "Security attacks and secure routing protocols in RPL-based Internet of Things: Survey," presented at the 2017 International Conference on Emerging Trends & Innovation in ICT (ICEI), Pune, India, 3-5 February, 2017. P. O. Kamgueu, E. Nataf, and T. D. Ndie, "Survey on RPL enhancements: A focus on topology, security and mobility," Computer Communications, vol. 120, pp. 10-21, 2018. M. F. Razali, M. E. Rusli, N. Jamil, R. Ismail, and S. Yussof, "The authentication techniques for enhancing the RPL security mode: A survey," in Proceedings of the 6th International Conference on Computing & Informatics, Kuala Lumpur, Malaysia, 2017, pp. 735-743. D. Airehrour, J. Gutierrez, and S. K. Ray, "Securing RPL routing protocol from blackhole attacks using a trust-based mechanism," presented at the 2016 26th International Telecommunication Networks and Applications Conference (ITNAC), Dunedin, New Zealand, 7-9 December, 2016. W. Mardini, M. Ebrahim, and M. Al-Rudaini, "Comprehensive Performance Analysis of RPL Objective Functions in IoT Networks.," International Journal of Communication Networks and Information Security (IJCNIS), vol. 9, no. 3, pp. 323-332, 2017.
23
[40] [41]
[42]
[43]
[44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
[52]
[53]
[54] [55]
[56] [57] [58]
[59]
A. Mayzaud, R. Badonnel, and I. Chrisment, "A Taxonomy of Attacks in RPL-based Internet of Thing," International Journal of Network Security, vol. 18, no. 3, pp. 459-473, 2016. D. Sharma, I. Mishra, and S. Jain, "A detailed classification of routing attacks against RPL in Internet of Things," International Journal of Advance Research, Ideas and Innovations in Technology, vol. 3, no. 1, pp. 692-703, 2017. V.K.Karthik and M.Pushpalatha, "Addressing Attacks and Security Mechanism in the RPL based IOT," International Journal of Computer Science and Engineering Communications, vol. 5, no. 5, pp. 1715-1721, 2017. A. Althubaity, H. Ji, T. Gong, M. Nixon, R. Ammar, and S. Han, "ARM: A hybrid specification-based intrusion detection system for rank attacks in 6TiSCH networks," presented at the 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), Limassol, Cyprus, 12-15 September, 2017. K. K. Rai and K. Asawa, "Impact analysis of rank attack with spoofed IP on routing in 6LoWPAN network," presented at the 2017 Tenth International Conference on Contemporary Computing (IC3), Noida, India, 10-12 Aug, 2017. W. Xie et al., "Routing Loops in DAG-Based Low Power and Lossy Networks," presented at the 2010 24th IEEE International Conference on Advanced Information Networking and Applications, Perth, WA, Australia, 20-23 April, 2010. A. Le, J. Loo, A. Lasebae, M. Aiash, and Y. Luo, "6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach," International Journal of Communication Systems, vol. 25, no. 9, pp. 1189-1212, 2012. S. Mangelkar, S. N. Dhage, and A. V. Nimkar, "A comparative study on RPL attacks and security solutions," presented at the 2017 International Conference on Intelligent Computing and Control (I2C2), Coimbatore, India, 23-24 June, 2017. A. Le, J. Loo, Y. Luo, and A. Lasebae, "The impacts of internal threats towards Routing Protocol for Low power and lossy network performance," presented at the 2013 IEEE Symposium on Computers and Communications (ISCC), Split, Croatia, 7-10 July, 2013. A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai, "The Impact of Rank Attack on Network Topology of Routing Protocol for Low-Power and Lossy Networks," IEEE Sensors Journal, vol. 13, no. 10, pp. 3685-3692, 2013. R. Sahay, G. Geethakumari, and K. Modugu, "Attack graph — Based vulnerability assessment of rank property in RPL-6LOWPAN in IoT," presented at the 2018 IEEE 4th World Forum on Internet of Things (WF-IoT), Singapore, Singapore, 5-8 Feburary, 2018. A. Rehman, M. M. Khan, M. A. Lodhi, and F. B. Hussain, "Rank attack using objective function in RPL for low power and lossy networks," presented at the 2016 International Conference on Industrial Informatics and Computer Systems (CIICS), Sharjah, United Arab Emirates, 13-15 March, 2016. P. Thubert, "Objective Function Zero for the Routing Protocol for Low-Power and Lossy Networks (RPL)," Request for Comments, p. 14Accessed on: March. doi: 10.17487/RFC6552 Available: https://rfceditor.org/rfc/rfc6552.txt D. Barthel, J. Vasseur, K. Pister, M. Kim, and N. Dejean, "Routing Metrics Used for Path Calculation in Low-Power and Lossy Networks," Request for Comments, p. 30Accessed on: March. doi: 10.17487/RFC6551 Available: https://rfc-editor.org/rfc/rfc6551.txt A. Raoof, A. Matrawy, and C.-H. Lung, "Routing Attacks and Mitigation Methods for RPL-Based Internet of Things," IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1582-1606, 2019. G. Glissa, A. Rachedi, and A. Meddeb, "A Secure Routing Protocol Based on RPL for Internet of Things," presented at the 2016 IEEE Global Communications Conference (GLOBECOM), Washington, DC, USA, 4-8 December, 2016. D. Airehrour, J. A. Gutierrez, and S. K. Ray, "SecTrust-RPL: A secure trust-aware RPL routing protocol for Internet of Things," Future Generation Computer Systems, vol. 93, pp. 860-876, 2019. A. Le, J. Loo, Y. Luo, and A. Lasebae, "Specification-based IDS for securing RPL from topology attacks," presented at the 2011 IFIP Wireless Days (WD), Niagara Falls, ON, Canada, 10-12 October, 2011. K. Iuchi, T. Matsunaga, K. Toyoda, and I. Sasase, "Secure parent node selection scheme in route construction to exclude attacking nodes from RPL network," presented at the 2015 21st Asia-Pacific Conference on Communications (APCC), Kyoto, Japan, 14-16 October, 2015. U. Shafique, A. Khan, A. Rehman, F. Bashir, and M. Alam, "Detection of rank attack in routing protocol for Low Power and Lossy Networks," Annals of Telecommunications, vol. 73, no. 7-8, pp. 429-438, 2018.
24
[60]
[61]
[62]
[63]
[64]
[65]
[66]
[67]
[68]
[69]
[70]
[71]
[72]
[73]
[74]
[75] [76] [77]
[78]
R. Alexander et al., "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks," Request for Comments, p. 157Accessed on: March. doi: 10.17487/RFC6550 Available: https://rfceditor.org/rfc/rfc6550.txt A. Arış, S. F. Oktuğ, and T. Voigt, "Security of Internet of Things for a Reliable Internet of Services," in Autonomous Control for a Reliable Internet of Services, vol. 10768, I. Ganchev, R. D. v. d. Mei, and H. v. d. Berg, Eds. (Lecture Notes in Computer Science, Cham: Springer, 2018, pp. 337-370. H. Patel, H. Patel, and B. Shrimali, "A Survey on Trust-based Intrusion Detection for Version Number Attack on RPL," International Journal of Computer Sciences and Engineering (IJCSE), vol. 6, no. 10, pp. 449-454, 2018. J. Nan, L. Jianfei, X. Wei, and S. Hongzhou, "Routing attacks prevention mechanism for RPL based on micropayment scheme," presented at the 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, India, 23-25 March, 2016. D. Airehrour, "A Trust-based Routing Framework for the Internet of Things," Doctor of Philosophy, Department of Information Technology and Software Engineering, Auckland University of Technology, 2017. P. Thulasiraman and Y. Wang, "A Lightweight Trust-Based Security Architecture for RPL in Mobile IoT Networks," presented at the 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 11-14 Jan. 2019, 2019. D. Wang and P. Wang, "Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound," IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 1-1, July-Aug. 1 2018 2016. D. Wang, W. Li, and P. Wang, "Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks," IEEE Transactions on Industrial Informatics, vol. 14, no. 9, pp. 4081-4092, Sept. 2018 2018. C. Pu, "Spam DIS Attack Against Routing Protocol in the Internet of Things," presented at the 2019 International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, USA, 18-21 Feb. 2019, 2019. A. Aris, S. F. Oktug, and S. Berna Ors Yalcin, "RPL version number attacks: In-depth study," presented at the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, 25-29 April, 2016. A. Dvir, T. m. Holczer, and L. Buttyan, "VeRA - Version Number and Rank Authentication in RPL," presented at the 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems, Valencia, Spain, 17-22 October, 2011. H. Perrey, M. Landsmann, O. Ugus, M. Wählisch, and T. C. Schmidt, "TRAIL: Topology Authentication in RPL," in EWSN '16 Proceedings of the 2016 International Conference on Embedded Wireless Systems and Networks, Graz, Austria, 2016, pp. 59-64 ACM. F. Ahmed and Y.-B. Ko, "A Distributed and Cooperative Verification Mechanism to Defend against DODAG Version Number Attack in RPL," in PECCS 2016 Proceedings of the 6th International Joint Conference on Pervasive and Embedded Computing and Communication Systems, Lisbon, Portugal, 2016, pp. 55-62: ACM. M. Nikravan, A. Movaghar, and M. Hosseinzadeh, "A Lightweight Defense Approach to Mitigate Version Number and Rank Attacks in Low-Power and Lossy Networks," Wireless Personal Communications, vol. 99, no. 2, pp. 1035-1059, 2018. P. S. L. M. Barreto, B. Libert, N. McCullagh, and J.-J. Quisquater, "Efficient and Provably-Secure IdentityBased Signatures and Signcryption from Bilinear Maps," presented at the International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, 4-8 December, 2005. S. Even, O. Goldreich, and S. Micali, "On-Line/Off-Line Digital Signatures," presented at the Conference on the Theory and Application of Cryptology, Santa Barbara, CA, USA, 20-24 August, 1989. A. Arış, S. B. Örs Yalçın, and S. F. Oktuğ, "New lightweight mitigation techniques for RPL version number attacks," Ad Hoc Networks, vol. 85, pp. 81-91, 2019. A. Mayzaud, R. Badonnel, and I. Chrisment, "A Distributed Monitoring Strategy for Detecting Version Number Attacks in RPL-Based Networks," IEEE Transactions on Network and Service Management, vol. 14, no. 2, pp. 472-486, 2017. A. Mayzaud, R. Badonnel, and I. Chrisment, "Detecting version number attacks in RPL-based networks using a distributed monitoring architecture," presented at the 2016 12th International Conference on Network and Service Management (CNSM), Montreal, QC, Canada, 31 October-4 November, 2016.
25
[79]
[80]
[81] [82] [83] [84]
[85]
[86] [87]
[88]
[89] [90] [91]
[92]
[93]
[94] [95]
[96]
[97]
[98] [99]
P. Thulasiraman and Y. Wang, "A Lightweight Trust-Based Security Architecture for RPL in Mobile IoT Networks," presented at the 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, USA, 11-14 Januray, 2019. T. Tsao, R. Alexander, M. Dohler, V. Daza, A. Lozano, and M. Richardson, "A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)," in "Request for Comments," Januray 2015, Available: https://rfc-editor.org/rfc/rfc7416.txt. A. Le, J. Loo, K. Chai, and M. Aiash, "A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology," Information, vol. 7, no. 2, p. 25, 2016. H. Perrey, "On Secure Routing in Low-Power and Lossy Networks: The Case of RPL," Master of Science, Department of Computer Science, Hamburg University of Applied Sciences 2013. L. Wallgren, S. Raza, and T. Voigt, "Routing Attacks and Countermeasures in the RPL-Based Internet of Things," International Journal of Distributed Sensor Networks, vol. 9, no. 8, 2013. M. Landsmann, M. Wahlisch, and T. Schmidt, "Topology Authentication in RPL," presented at the 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Turin, Italy, 14-19 April, 2013. A. Mayzaud, A. Sehgal, R. Badonnel, I. Chrisment, and J. Schönwälder, "A Study of RPL DODAG Version Attacks," presented at the IFIP International Conference on Autonomous Infrastructure, Management and Security, Brno, Czech Republic, 30 June - 3 July, 2014. A. Mayzaud, "Monitoring and Security for the RPL-based Internet of Things," Doctor of Philosophy, Université de Lorraine, 2016LORR0207, 2016. J. Arshad, M. A. Azad, M. Mahmoud Abdellatif, M. H. Ur Rehman, and K. Salah, "COLIDE: a collaborative intrusion detection framework for Internet of Things," IET Networks, vol. 8, no. 1, pp. 3-14, 2019. D. Airehrour, J. Gutierrez, and S. K. Ray, "A testbed implementation of a trust-aware RPL routing protocol," presented at the 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), Melbourne, VIC, Australia, 22-24 November, 2017. S. Raza, L. Wallgren, and T. Voigt, "SVELTE: Real-time intrusion detection in the Internet of Things," Ad Hoc Networks, vol. 11, no. 8, pp. 2661-2674, 2013. E. Gül, D. Ünal, and F. Y. Yavuz, "Deep Learning for Detection of Routing Attacks in the Internet of Things," International Journal of Computational Intelligence Systems, vol. 12, no. 1, pp. 39 - 58, 2018. E. Aydogan, S. Yilmaz, S. Sen, I. Butun, S. Forsstrom, and M. Gidlund, "A Central Intrusion Detection System for RPL-Based Industrial Internet of Things," presented at the 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS), Sundsvall, Sweden, 27-29 May 2019, 2019. A. Tandon and P. Srivastava, "Trust-based Enhanced Secure Routing against Rank and Sybil Attacks in IoT," presented at the 2019 Twelfth International Conference on Contemporary Computing (IC3), Noida, India, 2019. V. Neerugatti and A. R. M. Reddy, "Machine Learning Based Technique for Detection of Rank Attack in RPL based Internet of Things Networks," International Journal of Innovative Technology and Exploring Engineering (IJITEE) vol. 8, no. 9S3, p. 5, 2019. A. Raoof, A. Matrawy, and C.-H. Lung, "Secure Routing in IoT: Evaluation of RPL Secure Mode under Attacks," presented at the Globecom 2019 conference, 2019. A. Jain and S. Jain, "A Survey on Miscellaneous Attacks and Countermeasures for RPL Routing Protocol in IoT," in Emerging Technologies in Data Mining and Information Security, vol. 814, A. Abraham, P. Dutta, J. K. Mandal, A. Bhattacharya, and S. Dutta, Eds. (Advances in Intelligent Systems and Computing, Singapore: Springer, 2019, pp. 611-620. B. Farzaneh, M. A. Montazeri, and S. Jamali, "An Anomaly-Based IDS for Detecting Attacks in RPLBased Internet of Things," presented at the 2019 5th International Conference on Web Research (ICWR), Tehran, Iran, 24-25 April 2019, 2019. Fatima-tuz-Zahra, N. Jhanjhi, S. N. Brohi, and N. A. Malik, "Proposing a Rank and Wormhole Attack Detection Framework using Machine Learning," presented at the 2019 13th International Conference on Mathematics, Actuarial Science, Computer Science and Statistics (MACS), Karachi, Pakistan, 2019. J. Arshad, M. A. Azad, K. Salah, W. Jie, R. Iqbal, and M. Alazab, "A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT," Available: http://arxiv.org/abs/1812.09160 S. Kalyani and D. Vydeki, "Survey of Rank Attack Detection Algorithms in Internet of Things," presented at the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India, 19-22 Septemper, 2018.
26
[100]
I. Romdhani, A. Y. Al-Dubai, M. Qasem, and B. Ghaleb, "Cooja Simulator Manual," Edinburgh Napier University, United Kingdom2016.
Author 1 Ms Zahrah A. Almusaylim She an assistant scientific researcher at King AbdulAziz for Science and Technology (KACST), Saudi Arabia. She earned her BSc in Computer Science in 2014 from College of King Faisal University, Saudi Arabia. She is currently pursuing her master in Computer Science at King Faisal University since 2015 up to date. Her area of interests include: Internet of Things, Cloud Computing, IoT Privacy and Security, Wireless Sensor Network, Security of RPL networks, Cloud Computing Security, Network Security, Mobile Computing, Context-Aware Computing, Machine Learning, Web and Mobile Applications Programming.
Author 2 Dr. Noor Zaman has 16 years of teaching and administrative experience internationally, authored several research papers in indexed and impact factor research journals and conferences, edited 06 international reputed Computer Science area books, focused on research students. He has successfully completed more than 18 international research grants. He is Associate Editor, Regional Editor, and Editorial board member, PC member, reviewer for several reputed international journals and conferences around the globe. His areas of interest include Wireless Sensor Network (WSN), Internet of Things IoT, Mobile Application Programming, Ad hoc Networks, Cloud Computing, Big Data, Mobile Computing, and Software Engineering.
Author 3 Dr. Abdulaziz Al-Humam is an Assistant professor at College of Computer Sciences and Information Technology (CCSIT), King Faisal University (KFU), Al- Ahssa, Saudi Arabia. He 27
earned his B.Sc. degree in CIS from College Of Management Science and Planning, King Faisal University, 2005. He earned his M.Sc. degrees in CS from Wollongong University, Faculty of Informatics, Australia, 2009. Then, He earned his Ph.D. degrees in CS from University of York, UK, 2015. He is currently the Chairman of Computer Science Department and Vice Dean of Academic Affairs at CCSIT, KFU. He is interested in Computer Science in general, Technology Innovation and Software Engineering, Model-driven engineering, Requirements Engineering, Self-adaptive Software Systems, Software Reuse and service-based systems, Cloud Computing, Service-Oriented Architecture, Assurance and certification of safety-critical systems engineering.
28