Advertisement

Demo: Do Not Trust Your Neighbors! A Small IoT Platform Illustrating a Man-in-the-Middle Attack

  • Renzo E. Navas
  • Hélène Le Bouder
  • Nora Cuppens
  • Frédéric Cuppens
  • Georgios Z. Papadopoulos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11104)

Abstract

This demonstration defines a small IoT wireless network that uses TI CC2538-OpenMote as hardware platform and state-of-the-art IETF network standards such as 6LoWPAN, RPL, and CoAP implemented by ContikiOS. The IoT nodes are controlled from outside the IoT network using end-to-end connectivity provided by IPv6-CoAP messages. We implement a man-in-the-middle attack that disrupts the normal behavior of the system. Our attack leverages on the inherent hierarchical routing topology of RPL-based IoT networks. The demonstration aims at highlighting the need for end-to-end source-authentication and authorization enforcement of information even inside a trusted IoT network. We also provide some insights on how these services can be offered in a IoT-friendly way.

Keywords

IoT MITM attack IPv6 CoAP RPL e2e security 

References

  1. 1.
    Demo video: IoT man-in-the-middle attack (2018). http://www.industry-of-the-future.org/asset/demo/
  2. 2.
    Bormann, C., Ersue, M., Keränen, A.: Terminology for constrained-node networks. RFC 7228, May 2014.  https://doi.org/10.17487/RFC7228
  3. 3.
    ContikiOS: The contiki 2.7 github repository (2018). https://github.com/contiki-os/contiki/blob/release-2-7/core/net/uip6.c#L1187
  4. 4.
    Granjal, J., et al.: Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun. Surv. Tutor. 17(3), 1294–1312 (2015)CrossRefGoogle Scholar
  5. 5.
    Kamble, A., Malemath, V.S., Patil, D.: Security attacks and secure routing protocols in RPL-based internet of things: survey. In: ICEI 2017 (2017)Google Scholar
  6. 6.
    Schaad, J.: CBOR Object Signing and Encryption (COSE). RFC 8152, Jul 2017.  https://doi.org/10.17487/RFC8152

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Renzo E. Navas
    • 1
  • Hélène Le Bouder
    • 1
  • Nora Cuppens
    • 1
  • Frédéric Cuppens
    • 1
  • Georgios Z. Papadopoulos
    • 1
  1. 1.IMT Atlantique, UBLCesson-SévignéFrance

Personalised recommendations