Abstract
An attacker can disrupt the network operations in the 6LoWPANs by spoofing the IPv6 address while evading the detection. Despite many existing spoofing prevention techniques, spoofing threat still persists. Thus, it becomes necessary to devise a method which can offer resilience against spoofing by reducing the attack disruption time. This study aims at reducing IPv6 spoofing attack disruption time in 6LoWPANs. Hence, it provides the resiliency against IPv6 spoofing threat. The time complexity analysis of the attack tree for the spoofing attack is performed to analyze the attack disruption time. The analytical results show that attack disruption window is directly proportional to the lifetime of the node addresses. The lower lifetime of node addresses ensure the reduction of the attack disruption window. Thus, the use of temporary node addresses can be a solution for reducing the spoofing attack disruption window. Node’s IPv6 address can be changed periodically to dissociate a node from its permanent identity. Hence, an attacker has to re-perform the attack to gain significant benefits. Corrupted routing table as a result of spoofing attack and its countermeasure is simulated in Cooja running Contiki operating system. The length of the attack window depends upon the periodicity of the address change. The higher frequency of address change decreases the attack disruption time with an increase in the communication cost. Simulations have been performed to compare the optimum value of address change periodicity concerning the communication cost for two private addressing schemes proposed in the literature.
Similar content being viewed by others
References
Airehrour D, Gutierrez J, Ray SK (2016) Secure routing for internet of things: a survey. J Netw Comput Appl 66:198–213
Aura T (2005) Cryptographically Generated Addresses (CGA). RFC 3972 (Proposed Standard). http://www.ietf.org/rfc/rfc3972.txt. Updated by RFCs 4581, 4982
Badonnel AR, Mayzaud IC (2017) A distributed monitoring strategy for detecting version number attacks in rpl-based networks. IEEE Trans Netw Serv Manag 14(2):472–486. https://doi.org/10.1109/TNSM.2017.2705290
Barbir A, Murphy SL, Yang Y (2006) Generic Threats to Routing Protocols. Tech. Rep. 4593. https://doi.org/10.17487/RFC4593. https://rfc-editor.org/rfc/rfc4593.txt
Camtepe SA, Yener B (2007) Modeling and detection of complex attacks. In: 2007 Third international conference on security and privacy in communications networks and the workshops - securecomm 2007, pp 234–243. https://doi.org/10.1109/SECCOM.2007.4550338
Choi J, In Y, Park C, Seok S, Seo H, Kim H (2018) Secure iot framework and 2d architecture for end-to-end security. J Supercomput 74(8):3521–3535. https://doi.org/10.1007/s11227-016-1684-0
Chze PLR, Leong KS (2014) A secure multi-hop routing for iot communication. In: 2014 IEEE World forum on internet of things (WF-iot), pp 428–432. https://doi.org/10.1109/WF-IoT.2014.6803204
Dunkels A, Grȯnvall B, Voigt T (2004) Contiki - A lightweight and flexible operating system for tiny networked sensors. In: Proceedings - conference on local computer networks, LCN, pp 455–462. https://doi.org/10.1109/LCN.2004.38
Ghosh U, Datta R (2011) A secure dynamic ip configuration scheme for mobile ad hoc networks. Ad Hoc Netw 9(7):1327–1342. https://doi.org/10.1016/j.adhoc.2011.02.008
Gomez C, Kim E, Kaspar D, Bormann C (2012) Problem statement and requirements for IPv6 over low-power wireless personal area network (6LoWPAN) routing. RFC 6606, RFC Editor. https://tools.ietf.org/pdf/rfc6606.pdf
Granjal J, Monteiro E, Silva JS (2010) Enabling network-layer security on ipv6 wireless sensor networks. In: 2010 IEEE Global telecommunications conference GLOBECOM 2010, pp 1–6. https://doi.org/10.1109/GLOCOM.2010.5684293
Granjal J, Monteiro E, Silva JS (2015) Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun Surv Tutorials 17(3):1294–1312. https://doi.org/10.1109/COMST.2015.2388550
Granjal J, Monteiro E, Silva JS (2015) Security in the integration of low-power wireless sensor networks with the internet: a survey. Ad Hoc Netw 24:264–287
Gu T, Mohapatra P (2018) Bf-iot: Securing the iot networks via fingerprinting-based device authentication. In: 2018 IEEE 15Th international conference on mobile ad hoc and sensor systems (MASS), pp 254–262. https://doi.org/10.1109/MASS.2018.00047
Halcu I, Stamatescu G, Sgarciu V (2015) Enabling security on 6lowpan / ipv6 wireless sensor networks. In: 2015 7Th international conference on electronics, computers and artificial intelligence (ECAI), pp SSS–29–SSS–32. https://doi.org/10.1109/ECAI.2015.7301201
Hennebert C, Santos JD (2014) Security protocols and privacy issues into 6loWPAN stack: a synthesis. IEEE Internet J 1(5):384–398. https://doi.org/10.1109/JIOT.2014.2359538
Hossain M, Karim Y, Hasan R (2018) Secupan: a security scheme to mitigate fragmentation-based network attacks in 6lowpan. In: Proceedings of the eighth ACM conference on data and application security and privacy. ACM, pp 307–318
IEEE: Ieee 802.15.4 standard (2007) [Online] https://standards.ieee.org/about/get/802/802.15.html
Ikram M, Chowdhury AH, Zafar B, Cha HS, Kim K, Yoo SW, Kim D (2009) A simple lightweight authentic bootstrapping protocol for ipv6-based low rate wireless personal area networks (6lowpans). In: Proceedings of the 2009 international conference on wireless communications and mobile computing: connecting the world wirelessly, IWCMC ’09. ACM, New York, pp 937–941. https://doi.org/10.1145/1582379.1582583
Jara AJ, Marin L, Skarmeta AF, Singh D, Bakul G, Kim D (2011) Mobility modeling and security validation of a mobility management scheme based on ecc for ip-based wireless sensor networks (6lowpan). In: 2011 Fifth international conference on innovative mobile and internet services in ubiquitous computing. IEEE, pp 491–496
Krentz KF, Rafiee H, Meinel C (2013) 6lowpan security: Adding compromise resilience to the 802.15.4 security sublayer. In: Proceedings of the international workshop on adaptive security, ASPI ’13. ACM, New York, pp 1:1–1:10. https://doi.org/10.1145/2523501.2523502
Kushalnagar N, Montenegro G, Schumacher C (2007) Rfc 4919: Ipv6 over low-power wireless personal area networks (6lowpans): overview, assumptions, problem statement, and goals. IETF 31:45–75
Liu A, Ning P (2008) Tinyecc: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th international conference on information processing in sensor networks, IPSN ’08. IEEE Computer Society, Washington, pp 245–256. https://doi.org/10.1109/IPSN.2008.47
Mavani M, Asawa K (2017) Modeling and analyses of ip spoofing attack in 6lowpan network. Comput Secur 70:95–110
Mavani M, Asawa K (2018) Privacy enabled disjoint and dynamic address auto-configuration protocol for 6lowpan. Ad Hoc Netw 79:72–86. https://doi.org/10.1016/j.adhoc.2018.06.010. http://www.sciencedirect.com/science/article/pii/S1570870518303627
Mayzaud A, Badonnel R, Chrisment I (2016) A taxonomy of attacks in rpl-based internet of things. Int J Netw Secur 18(3):459–473
Mishra A, Dixit A (2018) Resolving threats in iot: Id spoofing to ddos. In: 2018 9Th international conference on computing, communication and networking technologies (ICCCNT), pp 1–7. https://doi.org/10.1109/ICCCNT.2018.8493729
Mavani M, Asawa K (2017) Privacy preserving ipv6 address auto-configuration for internet of things. In: Intelligent communication and computational technologies. Springer, pp 577–584
Nikravan M, Movaghar A, Hosseinzadeh M (2019) A lightweight signcryption scheme for defense against fragment duplication attack in the 6lowpan networks. Peer-to-Peer Netw Appl 12(1):209–226. https://doi.org/10.1007/s12083-018-0659-8
Oliveira LML, Rodrigues JJPC, Neto C, De sousa AF (2013) Network admission control solution for 6LoWPAN networks. Proceedings - 7th international conference on innovative mobile and internet services in ubiquitous computing, IMIS 2013, pp 472–477. https://doi.org/10.1109/IMIS.2013.85
Osterlind F, Dunkels A, Eriksson J, Finne N, Voigt T (2006) Cross-level sensor network simulation with cooja. In: Proceedings 2006 31st IEEE conference on Local computer networks. IEEE, pp 641–648
Park S, Kim K, Haddad W, Chakrabarti S, Laganier J (2011) Ipv6 over low power wpan security analysis. IETF. ID draft-daniel-610wpan-security-analysis-05. Retrieved 10 May 2016
Pongle P, Chavan G (2015) A survey: attacks on rpl and 6lowpan in iot. In: 2015 International conference on pervasive computing (ICPC), pp 1–6. https://doi.org/10.1109/PERVASIVE.2015.7087034
Qiu Y, Ma M (2015) An authentication and key establishment scheme to enhance security for m2m in 6lowpans. In: 2015 IEEE International conference on communication workshop (ICCW), pp 2671–2676. https://doi.org/10.1109/ICCW.2015.7247582
Sarikaya B, Thubert P (2016) Address protected neighbor discovery for low-power and lossy networks. Internet-Draft draft-sarikaya-6lo-ap-nd-02, IETF Secretariat. http://www.ietf.org/internet-drafts/draft-sarikaya-6lo-ap-nd-02.txt
Shelby C, Nordmark B (2012) Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs). RFC 6775, RFC Editor. http://www.rfc-editor.org/rfc/rfc6775.txt
Simon DEA tunslip6 utility. https://github.com/contiki-os/contiki/blob/master/tools
Vasseur JP, Dunkels A (2010) Interconnecting smart objects with ip: The next internet. Morgan Kaufmann, San Mateo
Wang X, Mu Y (2015) Addressing and privacy support for 6lowpan. IEEE Sens J 15(9):5193–5201. https://doi.org/10.1109/JSEN.2015.2438002
Wilhelm M, Martinovic I, Uzun E, Schmitt JB (2010) Sudoku: Secure and usable deployment of keys on wireless sensors. In: 2010 6Th IEEE workshop on secure network protocols, pp 1–6. https://doi.org/10.1109/NPSEC.2010.5634458
Winter T, Brandt H (2012) RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. RFC 6550, RFC Editor. http://www.rfc-editor.org/rfc/rfc6550.txt
Xiong K, Zhang Y, Zhang Z, Wang S, Zhong Z (2014) Pa-nemo: Proxy mobile ipv6-aided network mobility management scheme for 6lowpan. Elektron Elektrotechn 20(3):98–103
Yu H, He J (2012) Trust-based mutual authentication for bootstrapping in 6lowpan. JCM 7(8):634–642
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mavani, M., Asawa, K. Resilient against spoofing in 6LoWPAN networks by temporary-private IPv6 addresses. Peer-to-Peer Netw. Appl. 13, 333–347 (2020). https://doi.org/10.1007/s12083-019-00792-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-019-00792-6