Demo: Do Not Trust Your Neighbors! A Small IoT Platform Illustrating a Man-in-the-Middle Attack
This demonstration defines a small IoT wireless network that uses TI CC2538-OpenMote as hardware platform and state-of-the-art IETF network standards such as 6LoWPAN, RPL, and CoAP implemented by ContikiOS. The IoT nodes are controlled from outside the IoT network using end-to-end connectivity provided by IPv6-CoAP messages. We implement a man-in-the-middle attack that disrupts the normal behavior of the system. Our attack leverages on the inherent hierarchical routing topology of RPL-based IoT networks. The demonstration aims at highlighting the need for end-to-end source-authentication and authorization enforcement of information even inside a trusted IoT network. We also provide some insights on how these services can be offered in a IoT-friendly way.
KeywordsIoT MITM attack IPv6 CoAP RPL e2e security
- 1.Demo video: IoT man-in-the-middle attack (2018). http://www.industry-of-the-future.org/asset/demo/
- 2.Bormann, C., Ersue, M., Keränen, A.: Terminology for constrained-node networks. RFC 7228, May 2014. https://doi.org/10.17487/RFC7228
- 3.ContikiOS: The contiki 2.7 github repository (2018). https://github.com/contiki-os/contiki/blob/release-2-7/core/net/uip6.c#L1187
- 5.Kamble, A., Malemath, V.S., Patil, D.: Security attacks and secure routing protocols in RPL-based internet of things: survey. In: ICEI 2017 (2017)Google Scholar
- 6.Schaad, J.: CBOR Object Signing and Encryption (COSE). RFC 8152, Jul 2017. https://doi.org/10.17487/RFC8152