Abstract
The Internet of Things (IoT) presents a new paradigm of the future internet that intends to provide interactive communication between various processing object via heterogeneous networks. The routing protocol in the IoT environment is Routing Protocol for Low-Power and Lossy Networks (RPL). The current RPL specification defines primary security modes; therefore it is vulnerable to topological attacks. In this paper the RPL routing mechanism, its topological vulnerabilities and two important topological attacks namely version number attack and rank spoofing attack are analyzed. To counter the mentioned attacks, a lightweight Identity Based Offline–Online Signature based scheme is proposed. Our evaluation shows that our proposed scheme is secure in the random oracle model, and in terms of computational cost and energy consumption efficiently counters with these attacks.
Similar content being viewed by others
References
Tsai, C. W., Lai, C. F., & Vasilakos, A. V. (2014). Future internet of things: Open issues and challenges. Wireless Networks, 20(8), 2201–2217. https://doi.org/10.1007/s11276-014-0731-0.
Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266–2279. https://doi.org/10.1016/j.comnet.2012.12.018.
Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the Internet of Things: Perspectives and challenges. Wireless Networks, 20(8), 2481–2501. https://doi.org/10.1007/s11276-014-0761-7.
Kim, E., & Kaspar, D. (2012). Design and application spaces for IPv6 over low-power wireless personal area networks (6LoWPANs). IETF, RFC 6568. https://tools.ietf.org/html/rfc6568. Accessed 4 Mar 2017.
Winter, T., Thubert, P., & Brandt, A. (2012). RPL: IPv6 routing protocol for low-power and lossy networks. IETF, RFC 6550. https://tools.ietf.org/html/rfc6550. Accessed 15 Mar 2017.
Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., & Schönwälder, J. (2014). A study of RPL DODAG version attacks. In IFIP international conference on autonomous infrastructure, management and security (pp. 92–104). Springer. https://doi.org/10.1007/978-3-662-43862-6_12.
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conference—CRYPTO 2001 (pp. 213–229). Springer. https://doi.org/10.1007/3-540-44647-8_13.
Rahman, S. M. M., & El-Khatib, K. (2010). Private key agreement and secure communication for heterogeneous sensor networks. Journal of Parallel and Distributed Computing, 70(8), 858–870. https://doi.org/10.1016/j.jpdc.2010.03.009.
Oliveira, L. B., Aranha, D. F., Gouvêa, C. P., Scott, M., Câmara, D. F., López, J., et al. (2011). TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. Computer Communications, 34(3), 485–493. https://doi.org/10.1016/j.comcom.2010.05.013.
Shim, K. A. (2012). CPAS: An efficient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE Transactions on Vehicular Technology, 61(4), 1874–1883. https://doi.org/10.1109/TVT.2012.2186992.
Even, S., Goldreich, O., & Micali, S. (1996). On-line/off-line digital signatures. Journal of Cryptology, 9(1), 35–67. https://doi.org/10.1007/BF02254791.
Hsu, C.-L., Chuang, Y.-H., & Kuo, C. (2015). A novel remote user authentication scheme from bilinear pairings via internet. Wireless Personal Communications, 83(1), 163–174. https://doi.org/10.1007/s11277-015-2386-2.
Luo, M., & Zhao, H. (2015). An authentication and key agreement mechanism for multi-domain wireless networks using certificateless public-key cryptography. Wireless Personal Communications, 81(2), 779–798. https://doi.org/10.1007/s11277-014-2157-5.
Tsai, J.-L., & Lo, N.-W. (2015). Provably secure and efficient anonymous ID-based authentication protocol for mobile devices using bilinear pairings. Wireless Personal Communications, 83(2), 1273–1286. https://doi.org/10.1007/s11277-015-2449-4.
Hafizul, S. K., & Biswas, I. G. P. (2015). Design of two-party authenticated key agreement protocol based on ECC and self-certified public keys. Wireless Personal Communications, 82(4), 2727–2750. https://doi.org/10.1007/s11277-015-2375-5.
Bakhtiari-Chehelcheshmeh, S., & Hosseinzadeh, M. (2016). A new certificateless and secure authentication scheme for ad hoc networks. Wireless Personal Communications. https://doi.org/10.1007/s11277-016-3721-y.
Mayzaud, A., Badonnel, R., & Chrisment, I. (2016). A Taxonomy of Attacks in RPL-based Internet of Things. International Journal of Network Security, 18(3), 459–473. https://hal.inria.fr/hal-01207859. Accessed 20 Jan 2017.
Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., & Richardson, M. (2015). A security threat analysis for the routing protocol for low-power and lossy networks (RPLs). IETF, RFC 7416. https://tools.ietf.org/html/rfc7416. Accessed 18 Feb 2017.
Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011). Specification-based IDS for securing RPL from topology attacks. In Wireless Days (WD), 2011 IFIP (pp. 1–3). https://doi.org/10.1109/wd.2011.6098218.
Dvir, A., & Buttyan, L. (2011). VeRA-version number and rank authentication in rpl. In Proceedings of IEEE 8th international conference on mobile adhoc and sensor systems—MASS 2011 (pp. 709–714). IEEE. https://doi.org/10.1109/mass.2011.76.
Weekly, K., & Pister, K. (2012). Evaluating sinkhole defense techniques in RPL networks. In Proceeedings of 20th IEEE international conference on network protocols—ICNP 2012 (pp. 1–6). IEEE. https://doi.org/10.1109/icnp.2012.6459948.
Wallgren, L., Raza, S., & Voigt, T. (2013). Routing attacks and countermeasures in the RPL-based Internet of Things. International Journal of Distributed Sensor Networks, 9, 400–410. https://doi.org/10.1155/2013/794326.
Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., & Schönwälder, J. (2015). Mitigation of topological inconsistency attacks in RPL-based low-power lossy networks. International Journal of Network Management, 25(5), 320–339. https://doi.org/10.1002/nem.1898.
Perrey, H., Landsmann, M., Ugus, O., Schmidt, T. C., & Wählisch, M. (2013). TRAIL: Topology authentication in RPL. In Proceedings of the 2016 international conference on embedded wireless systems and networks—EWSN 2016 (pp. 50–56). ACM.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126. https://doi.org/10.1145/359340.359342.
Whiting, D., Ferguson, N., & Housley, R. (2003). Counter with cbc-mac (ccm). IETF, RFC 3610. https://tools.ietf.org/html/rfc3610. Accessed 25 Feb 2017.
Wander, A. S., Gura, N., Eberle, H., Gupta, V., & Shantz, S. C. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In Proceedings of Third IEEE international conference on pervasive computing and communications—PerCom 2005 (pp. 324–328). IEEE. https://doi.org/10.1109/percom.2005.18.
Piotrowski, K., Langendoerfer, P., & Peter, S. (2006). How public key cryptography influences wireless sensor node lifetime. In Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks (pp. 169–176). ACM. https://doi.org/10.1145/1180345.1180366.
Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S. C. (2004, August). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In International workshop on cryptographic hardware and embedded systems (pp. 119–132). Springer. https://doi.org/10.1007/978-3-540-28632-5_9.
Yasmin, R., Ritter, E., & Wang, G. (2010). An authentication framework for wireless sensor networks using identity-based signatures. In Proceedings of IEEE international conference on computer and information technology—CIT 2010 (pp. 882–889). IEEE. https://doi.org/10.1109/cit.2010.165.
Xu, S., Mu, Y., & Susilo, W. (2005). Efficient authentication scheme for routing in mobile ad hoc networks. In Embedded and ubiquitous computing—EUC 2005 Workshops (pp. 854–863). Springer. https://doi.org/10.1007/11596042_88.
Zhang, J., Yang, Y., Niu, X., Gao, S., Chen, H., & Geng, Q. (2009). An improved secure identity-based on-line/off-line signature scheme. In International conference on information security and assurance (pp. 588–597). Springer. https://doi.org/10.1007/978-3-642-02617-1_60.
Xu, S., Mu, Y., & Susilo, W. (2006). Online/Offline signatures and multisignatures for AODV and DSR routing security. In Australasian conference on information security and privacy (pp. 99–110). Springer. https://doi.org/10.1007/11780656_9.
Ming, Y., & Wang, Y. (2010, October). Improved identity based online/offline signature scheme. In 2010 7th international conference on ubiquitous intelligence & computing and 7th international conference on autonomic & trusted computing (UIC/ATC) (pp. 126–131). IEEE. https://doi.org/10.1109/uic-atc.2010.20.
Liu, J. K., Baek, J., Zhou, J., Yang, Y., & Wong, J. W. (2010). Efficient online/offline identity-based signature for wireless sensor network. International Journal of Information Security, 9(4), 287–296. https://doi.org/10.1007/s10207-010-0109-y.
Li, F., Shirase, M., & Takagi, T. (2008, December). On the security of online/offline signatures and multisignatures from acisp’06. In International conference on cryptology and network security (pp. 108–119). Springer. https://doi.org/10.1007/978-3-540-89641-8_8.
Boyen, X. (2003). Multipurpose identity-based signcryption. In Proceedings of international conference on cryptology—CRYPTO 2003, (pp. 383–399). Springer. https://doi.org/10.1007/978-3-540-45146-4_23.
Barreto, P. S., Libert, B., McCullagh, N., & Quisquater, J. J. (2005). Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In International conference on the theory and application of cryptology and information security (pp. 515–532). Springer. https://doi.org/10.1007/11593447_28.
Libert, B., & Quisquater, J. J. (2003, January). A new identity based signcryption schemes from pairings. In Proceedings of the 2003 IEEE workshop on information theory—ITW 2003 (pp. 155–158). IEEE. https://doi.org/10.1109/itw.2003.1216718.
Vasseur, J. P., Kim, M., Pister, K., Dejean, N., & Barthel, D. (2012). Routing metrics used for path calculation in low-power and lossy networks. IETF, RFC 6551. https://tools.ietf.org/html/rfc6551. Accessed 10 Jan 2017.
Shim, K. A., Lee, Y. R., & Park, C. M. (2013). EIBAS: An efficient identity-based broadcast authentication scheme in wireless sensor networks. Ad Hoc Networks, 11(1), 182–189. https://doi.org/10.1016/j.adhoc.2012.04.015.
Pointcheval, D., & Stern, J. (2000). Security arguments for digital signatures and blind signatures. Journal of cryptology, 13(3), 361–396. https://doi.org/10.1007/s001450010003.
Choon, J. C., & Cheon, J. H. (2003). An identity-based signature from gap Diffie–Hellman groups. In International workshop on public key cryptography (pp. 18–30). Springer. https://doi.org/10.1007/3-540-36288-6_2.
Cao, X., Kou, W., Dang, L., & Zhao, B. (2008). IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks. Computer Communications, 31(4), 659–667. https://doi.org/10.1016/j.comcom.2007.10.017.
Ma, C., Xue, K., & Hong, P. (2014). Distributed access control with adaptive privacy preserving property for wireless sensor networks. Security and Communication Networks, 7(4), 759–773. https://doi.org/10.1002/sec.777.
Shim, K. A. (2014). S 2 DRP: Secure implementations of distributed reprogramming protocol for wireless sensor networks. Ad Hoc Networks, 19, 1–8. https://doi.org/10.1016/j.adhoc.2014.01.011.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nikravan, M., Movaghar, A. & Hosseinzadeh, M. A Lightweight Defense Approach to Mitigate Version Number and Rank Attacks in Low-Power and Lossy Networks. Wireless Pers Commun 99, 1035–1059 (2018). https://doi.org/10.1007/s11277-017-5165-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-5165-4