Advertisement

Wireless Personal Communications

, Volume 99, Issue 2, pp 1035–1059 | Cite as

A Lightweight Defense Approach to Mitigate Version Number and Rank Attacks in Low-Power and Lossy Networks

  • Mohammad Nikravan
  • Ali Movaghar
  • Mehdi Hosseinzadeh
Article

Abstract

The Internet of Things (IoT) presents a new paradigm of the future internet that intends to provide interactive communication between various processing object via heterogeneous networks. The routing protocol in the IoT environment is Routing Protocol for Low-Power and Lossy Networks (RPL). The current RPL specification defines primary security modes; therefore it is vulnerable to topological attacks. In this paper the RPL routing mechanism, its topological vulnerabilities and two important topological attacks namely version number attack and rank spoofing attack are analyzed. To counter the mentioned attacks, a lightweight Identity Based Offline–Online Signature based scheme is proposed. Our evaluation shows that our proposed scheme is secure in the random oracle model, and in terms of computational cost and energy consumption efficiently counters with these attacks.

Keywords

Internet of things Security Identity based signature RPL Version number attack Rank spoofing attack Sinkhole attack 

References

  1. 1.
    Tsai, C. W., Lai, C. F., & Vasilakos, A. V. (2014). Future internet of things: Open issues and challenges. Wireless Networks, 20(8), 2201–2217.  https://doi.org/10.1007/s11276-014-0731-0.CrossRefGoogle Scholar
  2. 2.
    Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266–2279.  https://doi.org/10.1016/j.comnet.2012.12.018.CrossRefGoogle Scholar
  3. 3.
    Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the Internet of Things: Perspectives and challenges. Wireless Networks, 20(8), 2481–2501.  https://doi.org/10.1007/s11276-014-0761-7.CrossRefGoogle Scholar
  4. 4.
    Kim, E., & Kaspar, D. (2012). Design and application spaces for IPv6 over low-power wireless personal area networks (6LoWPANs). IETF, RFC 6568. https://tools.ietf.org/html/rfc6568. Accessed 4 Mar 2017.
  5. 5.
    Winter, T., Thubert, P., & Brandt, A. (2012). RPL: IPv6 routing protocol for low-power and lossy networks. IETF, RFC 6550. https://tools.ietf.org/html/rfc6550. Accessed 15 Mar 2017.
  6. 6.
    Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., & Schönwälder, J. (2014). A study of RPL DODAG version attacks. In IFIP international conference on autonomous infrastructure, management and security (pp. 92–104). Springer.  https://doi.org/10.1007/978-3-662-43862-6_12.
  7. 7.
    Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conferenceCRYPTO 2001 (pp. 213–229). Springer.  https://doi.org/10.1007/3-540-44647-8_13.
  8. 8.
    Rahman, S. M. M., & El-Khatib, K. (2010). Private key agreement and secure communication for heterogeneous sensor networks. Journal of Parallel and Distributed Computing, 70(8), 858–870.  https://doi.org/10.1016/j.jpdc.2010.03.009.CrossRefzbMATHGoogle Scholar
  9. 9.
    Oliveira, L. B., Aranha, D. F., Gouvêa, C. P., Scott, M., Câmara, D. F., López, J., et al. (2011). TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. Computer Communications, 34(3), 485–493.  https://doi.org/10.1016/j.comcom.2010.05.013.CrossRefGoogle Scholar
  10. 10.
    Shim, K. A. (2012). CPAS: An efficient conditional privacy-preserving authentication scheme for vehicular sensor networks. IEEE Transactions on Vehicular Technology, 61(4), 1874–1883.  https://doi.org/10.1109/TVT.2012.2186992.MathSciNetCrossRefGoogle Scholar
  11. 11.
    Even, S., Goldreich, O., & Micali, S. (1996). On-line/off-line digital signatures. Journal of Cryptology, 9(1), 35–67.  https://doi.org/10.1007/BF02254791.MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Hsu, C.-L., Chuang, Y.-H., & Kuo, C. (2015). A novel remote user authentication scheme from bilinear pairings via internet. Wireless Personal Communications, 83(1), 163–174.  https://doi.org/10.1007/s11277-015-2386-2.CrossRefGoogle Scholar
  13. 13.
    Luo, M., & Zhao, H. (2015). An authentication and key agreement mechanism for multi-domain wireless networks using certificateless public-key cryptography. Wireless Personal Communications, 81(2), 779–798.  https://doi.org/10.1007/s11277-014-2157-5.CrossRefGoogle Scholar
  14. 14.
    Tsai, J.-L., & Lo, N.-W. (2015). Provably secure and efficient anonymous ID-based authentication protocol for mobile devices using bilinear pairings. Wireless Personal Communications, 83(2), 1273–1286.  https://doi.org/10.1007/s11277-015-2449-4.CrossRefGoogle Scholar
  15. 15.
    Hafizul, S. K., & Biswas, I. G. P. (2015). Design of two-party authenticated key agreement protocol based on ECC and self-certified public keys. Wireless Personal Communications, 82(4), 2727–2750.  https://doi.org/10.1007/s11277-015-2375-5.CrossRefGoogle Scholar
  16. 16.
    Bakhtiari-Chehelcheshmeh, S., & Hosseinzadeh, M. (2016). A new certificateless and secure authentication scheme for ad hoc networks. Wireless Personal Communications.  https://doi.org/10.1007/s11277-016-3721-y.Google Scholar
  17. 17.
    Mayzaud, A., Badonnel, R., & Chrisment, I. (2016). A Taxonomy of Attacks in RPL-based Internet of Things. International Journal of Network Security, 18(3), 459–473. https://hal.inria.fr/hal-01207859. Accessed 20 Jan 2017.
  18. 18.
    Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., & Richardson, M. (2015). A security threat analysis for the routing protocol for low-power and lossy networks (RPLs). IETF, RFC 7416. https://tools.ietf.org/html/rfc7416. Accessed 18 Feb 2017.
  19. 19.
    Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011). Specification-based IDS for securing RPL from topology attacks. In Wireless Days (WD), 2011 IFIP (pp. 1–3).  https://doi.org/10.1109/wd.2011.6098218.
  20. 20.
    Dvir, A., & Buttyan, L. (2011). VeRA-version number and rank authentication in rpl. In Proceedings of IEEE 8th international conference on mobile adhoc and sensor systemsMASS 2011 (pp. 709–714). IEEE.  https://doi.org/10.1109/mass.2011.76.
  21. 21.
    Weekly, K., & Pister, K. (2012). Evaluating sinkhole defense techniques in RPL networks. In Proceeedings of 20th IEEE international conference on network protocolsICNP 2012 (pp. 1–6). IEEE.  https://doi.org/10.1109/icnp.2012.6459948.
  22. 22.
    Wallgren, L., Raza, S., & Voigt, T. (2013). Routing attacks and countermeasures in the RPL-based Internet of Things. International Journal of Distributed Sensor Networks, 9, 400–410.  https://doi.org/10.1155/2013/794326.CrossRefGoogle Scholar
  23. 23.
    Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., & Schönwälder, J. (2015). Mitigation of topological inconsistency attacks in RPL-based low-power lossy networks. International Journal of Network Management, 25(5), 320–339.  https://doi.org/10.1002/nem.1898.CrossRefGoogle Scholar
  24. 24.
    Perrey, H., Landsmann, M., Ugus, O., Schmidt, T. C., & Wählisch, M. (2013). TRAIL: Topology authentication in RPL. In Proceedings of the 2016 international conference on embedded wireless systems and networksEWSN 2016 (pp. 50–56). ACM.Google Scholar
  25. 25.
    Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.  https://doi.org/10.1145/359340.359342.MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Whiting, D., Ferguson, N., & Housley, R. (2003). Counter with cbc-mac (ccm). IETF, RFC 3610. https://tools.ietf.org/html/rfc3610. Accessed 25 Feb 2017.
  27. 27.
    Wander, A. S., Gura, N., Eberle, H., Gupta, V., & Shantz, S. C. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In Proceedings of Third IEEE international conference on pervasive computing and communicationsPerCom 2005 (pp. 324–328). IEEE.  https://doi.org/10.1109/percom.2005.18.
  28. 28.
    Piotrowski, K., Langendoerfer, P., & Peter, S. (2006). How public key cryptography influences wireless sensor node lifetime. In Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks (pp. 169–176). ACM.  https://doi.org/10.1145/1180345.1180366.
  29. 29.
    Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S. C. (2004, August). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In International workshop on cryptographic hardware and embedded systems (pp. 119–132). Springer.  https://doi.org/10.1007/978-3-540-28632-5_9.
  30. 30.
    Yasmin, R., Ritter, E., & Wang, G. (2010). An authentication framework for wireless sensor networks using identity-based signatures. In Proceedings of IEEE international conference on computer and information technologyCIT 2010 (pp. 882–889). IEEE.  https://doi.org/10.1109/cit.2010.165.
  31. 31.
    Xu, S., Mu, Y., & Susilo, W. (2005). Efficient authentication scheme for routing in mobile ad hoc networks. In Embedded and ubiquitous computingEUC 2005 Workshops (pp. 854–863). Springer.  https://doi.org/10.1007/11596042_88.
  32. 32.
    Zhang, J., Yang, Y., Niu, X., Gao, S., Chen, H., & Geng, Q. (2009). An improved secure identity-based on-line/off-line signature scheme. In International conference on information security and assurance (pp. 588–597). Springer.  https://doi.org/10.1007/978-3-642-02617-1_60.
  33. 33.
    Xu, S., Mu, Y., & Susilo, W. (2006). Online/Offline signatures and multisignatures for AODV and DSR routing security. In Australasian conference on information security and privacy (pp. 99–110). Springer.  https://doi.org/10.1007/11780656_9.
  34. 34.
    Ming, Y., & Wang, Y. (2010, October). Improved identity based online/offline signature scheme. In 2010 7th international conference on ubiquitous intelligence & computing and 7th international conference on autonomic & trusted computing (UIC/ATC) (pp. 126–131). IEEE.  https://doi.org/10.1109/uic-atc.2010.20.
  35. 35.
    Liu, J. K., Baek, J., Zhou, J., Yang, Y., & Wong, J. W. (2010). Efficient online/offline identity-based signature for wireless sensor network. International Journal of Information Security, 9(4), 287–296.  https://doi.org/10.1007/s10207-010-0109-y.CrossRefGoogle Scholar
  36. 36.
    Li, F., Shirase, M., & Takagi, T. (2008, December). On the security of online/offline signatures and multisignatures from acisp’06. In International conference on cryptology and network security (pp. 108–119). Springer.  https://doi.org/10.1007/978-3-540-89641-8_8.
  37. 37.
    Boyen, X. (2003). Multipurpose identity-based signcryption. In Proceedings of international conference on cryptologyCRYPTO 2003, (pp. 383–399). Springer.  https://doi.org/10.1007/978-3-540-45146-4_23.
  38. 38.
    Barreto, P. S., Libert, B., McCullagh, N., & Quisquater, J. J. (2005). Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In International conference on the theory and application of cryptology and information security (pp. 515–532). Springer.  https://doi.org/10.1007/11593447_28.
  39. 39.
    Libert, B., & Quisquater, J. J. (2003, January). A new identity based signcryption schemes from pairings. In Proceedings of the 2003 IEEE workshop on information theoryITW 2003 (pp. 155–158). IEEE.  https://doi.org/10.1109/itw.2003.1216718.
  40. 40.
    Vasseur, J. P., Kim, M., Pister, K., Dejean, N., & Barthel, D. (2012). Routing metrics used for path calculation in low-power and lossy networks. IETF, RFC 6551. https://tools.ietf.org/html/rfc6551. Accessed 10 Jan 2017.
  41. 41.
    Shim, K. A., Lee, Y. R., & Park, C. M. (2013). EIBAS: An efficient identity-based broadcast authentication scheme in wireless sensor networks. Ad Hoc Networks, 11(1), 182–189.  https://doi.org/10.1016/j.adhoc.2012.04.015.CrossRefGoogle Scholar
  42. 42.
    Pointcheval, D., & Stern, J. (2000). Security arguments for digital signatures and blind signatures. Journal of cryptology, 13(3), 361–396.  https://doi.org/10.1007/s001450010003.CrossRefzbMATHGoogle Scholar
  43. 43.
    Choon, J. C., & Cheon, J. H. (2003). An identity-based signature from gap Diffie–Hellman groups. In International workshop on public key cryptography (pp. 18–30). Springer.  https://doi.org/10.1007/3-540-36288-6_2.
  44. 44.
    Cao, X., Kou, W., Dang, L., & Zhao, B. (2008). IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks. Computer Communications, 31(4), 659–667.  https://doi.org/10.1016/j.comcom.2007.10.017.CrossRefGoogle Scholar
  45. 45.
    Ma, C., Xue, K., & Hong, P. (2014). Distributed access control with adaptive privacy preserving property for wireless sensor networks. Security and Communication Networks, 7(4), 759–773.  https://doi.org/10.1002/sec.777.CrossRefGoogle Scholar
  46. 46.
    Shim, K. A. (2014). S 2 DRP: Secure implementations of distributed reprogramming protocol for wireless sensor networks. Ad Hoc Networks, 19, 1–8.  https://doi.org/10.1016/j.adhoc.2014.01.011.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Faculty of Electrical and Computer EngineeringIslamic Azad University, Science and Research BranchTehranIran
  2. 2.Department of Computer EngineeringSharif University of TechnologyTehranIran
  3. 3.Iran University of Medical SciencesTehranIran
  4. 4.Computer ScienceUniversity of Human DevelopmentSulaimaniyahIraq

Personalised recommendations