RPLProtocol < Sandbox

Tags: view all tags
<h1 dir="ltr" style="text-align: left;">Detecting attacks on the RPL protocol</h1> <p dir="ltr" style="text-align: left;"> The purpose of this seminar paper is to examine methods for detecting attacks on the RPL protocol. Here is a summary of the research. To download the completed version of the seminar, see the link at site: [[https://safirdep.com/product/rpl-attack-detection/][safirdep.com]]</p> <h1 dir="ltr" style="text-align: left;">Problem statement</h1> <p dir="ltr" style="text-align: left;">Lossy Low-Power Networks (LLN) are a class of networks in which nodes have mainly limited resources. These networks have limited processing power and operate with limited memory. These nodes are connected to each other by low-power links that only support low data rates. Lossy Low-Power Networks have a wide range of applications such as smart home, smart grid, etc.</p> <p dir="ltr" style="text-align: left;"> These networks are basically part of the Internet of Things (IoT) paradigm, where various physical entities are connected to the virtual world and receive their commands from the Internet. These networks have specific requirements that are different from wired or wireless networks because they face limitations such as latency, stability, scalability. Considering these requirements, the IPv6 Routing Protocol for Lossy Low-Power Networks (RPL[1]) has been designed[2].</p> <p dir="ltr" style="text-align: left;">The RPL protocol is a distance vector routing protocol that organizes nodes into a directed adjoint graph (DODAG)[2]. This protocol is optimized for point-to-multipoint traffic flow. It also provides mechanisms for point-to-point and point-to-point communications. In order to optimize, packet processing and forwarding in this protocol is separated from routing through objective function 3.</p> <p dir="ltr" style="text-align: left;">Despite its advantages, RPL still has problems, one of the most important of which is related to security issues. Since this protocol is based on the IPv6 open stack and mainly uses wireless technology to communicate between nodes, it is vulnerable to numerous attacks (such as black hole and gray hole attacks) that can disrupt network performance. By exploiting the RPL mechanisms, an attacker can gain access to the network and launch attacks originating from within the network[3].</p> <p dir="ltr" style="text-align: left;">In fact, due to the characteristics of RPL, including limited hardware and the wireless environment, ensuring data privacy and securing communications among nodes is a challenging issue. Therefore, it is necessary to identify the main security threats and inherent vulnerabilities of RPL and take countermeasures to mitigate them [2]. Therefore, in this seminar, we will examine methods for detecting attacks on the RPL protocol.</p> <h2 dir="ltr" style="text-align: left;">Research Objectives</h2> <p dir="ltr" style="text-align: left;">Investigate attacks on the RPL protocol</p> <p dir="ltr" style="text-align: left;">Investigate methods for increasing RPL security with changes to the RPL protocol</p> <p dir="ltr" style="text-align: left;">Investigate intrusion detection systems to counter attacks on RPL</p> <h2 dir="ltr" style="text-align: left;">What is RPL protocol</h2> <p dir="ltr" style="text-align: left;">RPL is a distance vector (DV) and reference routing protocol designed to work over multiple link layer mechanisms such as the IEEE 802.15.4 PHY and MAC layers. It is designed for aggregation networks where nodes regularly send measurements to the aggregation point, and also forward point-to-multipoint traffic from the central point to devices within the LLN. Point-to-point traffic is also supported in RPL. One of the key features in RPL is that it provides a special routing solution for low-power and lossy networks, which refers to networks with very limited resources in terms of energy, computation, and bandwidth that are highly susceptible to packet loss. In fact, they are specifically designed to meet the requirements of resource-constrained nodes, as mentioned in the Routing Requirements Terminology document. In particular, LLNs with RPL capabilities face two main characteristics: (i) the expected data rates are typically low (less than 250 kbps) and (ii) the connections can be accompanied by high error rates, which leads to poor data performance. A lossy link not only has a high bit error rate (BER), but also has a long downtime, which severely affects the routing protocol. In fact, this protocol is designed to adapt well to network conditions and create alternative paths when the default paths are unavailable [4].</p> <h2 dir="ltr" style="text-align: left;">Research Method and Selection of Articles</h2> <p dir="ltr" style="text-align: left;">This research is applied in terms of purpose and is considered a qualitative research based on the method of data collection. In this research, three different stages were carried out in order to investigate the different methods of attacking the RPL protocol, including: The first stage is to identify different search terms related to security in RPL. The second stage: In the second stage, for each database, an advanced search system was identified and a combination of selected keywords was searched. Then, by selecting articles in the second stage, after reading the title and abstract of the articles, a new filter was applied. The keywords used to search among different scientific journals in RPL attacks included various terms including: RPL Secure, RPL based Secure, Authentication Protocol, Attack Against and Security Routing based RPL. After searching for articles in the field of attacks and security in RPL, a very large number of articles were obtained. Keywords for searching in English-language databases IEEE Explorer, [[https://www.sciencedirect.com/][ScienceDirect]], Springer Library and ACM . As a result of searching and reviewing databases using the relevant keywords, 91 articles were found, of which 39 were used for analysis.</p> <p dir="ltr" style="text-align: left;"><img alt="" src="https://i.postimg.cc/MTH5kWLN/23.png" /></p> <p dir="ltr" style="text-align: left;">By default, RPL supports three security modes, insecure, pre-installed, and authenticated, as described below:</p> <p dir="ltr" style="text-align: left;">- Insecure: In this mode, RPL control messages are sent without any additional security mechanisms. It can use other security priorities to meet application requirements.</p> <p dir="ltr" style="text-align: left;">- Pre-installed: In this mode, nodes connecting to an RPL instance have pre-installed keys that make them secure for processing and generating secured RPL messages.</p> <p dir="ltr" style="text-align: left;">- Authenticated: In authenticated mode, nodes have pre-installed keys similar to pre-installed mode, but these pre-installed keys are only used to connect to an RPL instance as a leaf.</p> <h2 dir="ltr" style="text-align: left;"> Methods for detecting attacks on the RPL protocol</h2> <p dir="ltr" style="text-align: left;">The RPL protocol is exposed to numerous internal and external attacks. These attacks are difficult to detect and counter due to the vulnerable nature of wireless nodes and networks, node variability, node mobility, and resource constraints. Various researches have proposed various security mechanisms for RPL, including control message encryption and security modes. However, most RPL implementations do not consider security measures due to incomplete specifications of security mechanisms or additional implementation overhead.</p> <p dir="ltr" style="text-align: left;">In this section, various solutions that have been proposed to detect, detect, and counter RPL attacks according to the articles of the last five years are discussed. The solutions available in the sources are divided into two categories: secure protocol and intrusion detection system. Secure protocol-based solutions refer to defense mechanisms that are included in the RPL protocol itself to provide security against various attacks.</p> <p dir="ltr" style="text-align: left;"> These mechanisms are further categorized into cryptographic-based solutions and trust-based and threshold-based solutions. The cryptographic mechanism uses traditional cryptographic methods to provide security and defense against various attacks, while the trust-based mechanisms involve calculating the reliability of nodes to facilitate routing decisions. Threshold-based defense solutions take advantage of the internal feature of RPL and decide how to reset the trickle timer. These mechanisms are embedded in the RPL protocol.</p>