An efficient detection of selective forwarding attacks in heterogeneous IoT Networks

Transcription

1 Chiew, T.K., et al. (Eds.): PGRES 2017, Kuala Lumpur: Eastin Hotel, FCSIT, 2017: pp 1-8 An efficient detection of selective forwarding attacks in heterogeneous IoT Networks Shapla Khanam, Ismail Ahmedy and Mohd Yamani Idna Idris Faculty of Computer Science and Information Technology University of Malaya, Kuala Lumpur, Malaysia ABSTRACT The Internet of Things (IoT) is the revolutionary technology which connects resource constrained smart objects to untrustworthy internet using compressed Internet Protocol version 6 (IPv6) over IPv6 Low Power Personal Area Networks (6LoWPAN). IoT networks are heterogeneous in nature and the connected things are exposed to various security attacks from inside and outside the networks. Therefore, there is a need for a unified security framework to analyze and detect selective forwarding attacks to ensure a secure routing. In this paper we propose a game-theory based attack model to analyze the malicious behavior of attackers in the IoT networks. In this model two players are involved in the game where player_1 and player_2 play to maximize and minimize the throughputs of the network respectively. Additionally, a hop-by-hop acknowledgement (ACK) algorithm is also presented detect malicious attacker in order to defend networks from selective forwarding attacks in IoT. We illustrates and analyze the proposed mathematical model to verify the effectiveness of the presented approach. Keywords: IoT, Selective forwarding attacks, game theory INTRODUCTION The IoT can be perceived as the internet and things when add together, gives a semantical meaning as a world-wide network of interconnected objects uniquely addressable, based on standard communication protocols (Li, Xu, and Zhao 2015) which involves a massive number of heterogeneous objects from our day to day life. The IoT is presently a new technological field in the development of modern wireless communications. The things include the physical devices, such as mobile or sensors devices that monitor and gather of all kinds of data about human social life, smart environment, smart cities and so on (Yan, Zhang, and Vasilakos 2014). The billions of connected devices being part of IoT, has made IoT heterogeneous in nature as this will make the connected devices to be vulnerable to threats because each of the devices has different security measure. The IoTs nodes, network topology, network links are very heterogeneous in nature and the nodes are constrained with low power, low memory, weak computation and communication competencies. IoT devices may can be deployed in hostile locations therefore, they are susceptible to network and physical attacks. In IoT the nodes are connected using standardized compressed IPv6 protocol over low power personal area networks (6LoWPAN) (Raza, Simon Duquennoy, Tony Chung 2011 and Kumar and Tiwari 2012). In IoT the smart objects are deployed in low power Page 1

2 Shapla Khanam, Ismail Ahmedy, Mohd Yamani Idris and lossy network (Pongle and Chavan 2015). A typical IoT device can be both static and mobile which are connected to the local and global infrastructures through a wide and diverse range of wireless and wired links such as Zigbee, Bluetooth, WiFi, WiMax, GSM, 3G,4G. It is envisioned to be connected with 5G in near future. Therefore, IoTs networks security are different from a typical conventional WSNs networks security. A comprehensive security mechanism is necessary to address these heterogeneity in IoT network, which is currently a challenge. IoT networks are susceptible to different types of security threats and attacks such as Denial of Service (DoS) attacks (Kasinathan et al. 2013) which can be host or networks based attacks. In this work a focus has been paid to one of the variation of DoS attacks known as Selective Forwarding (SF) attack. In SF attacks a malicious node known as attacker compromises one or more nodes in the network and drops certain number of packets. In SF attacks, attacker drops packet randomly and forward packets selectively. To address the selective forwarding attacks in IoT heterogeneous networks, an optimal game theoretic model was proposed in this paper. The paper is organized as follows. Section II presents the existing literature review on game theory in to mitigate selective forwarding attacks. Section III describes the proposed system model. Section IV analyzes the expected results and finally section V concludes our work. LITERATURE REVIEW Heartbeat self-healing protocol was proposed in (Wallgren, Raza, and Voigt 2013) to detect the disruption in network topology and to defend against selective forwarding attack. End-to-End packet loss adaptation algorithm (Raza, Wallgren, and Voigt 2013) is presented to detect SF attacks. However, these algorithm does not remove the attack and the protocol does not correct the network topology. Game theory has been used to solve the issue of selective forwarding attacks in Ad hoc networks, WSNs and WMNs. A secure data transmission protocol is formulated in (Raza, Wallgren, and Voigt 2013), where integration of security issues in medical WSN was illustrated. Raza et al. (2013) proposed a lightweight security mechanism IoT medical application. This approach is implemented in resource constrained hardware and access control method is used to provide data transmission. Several researchers have used game theory to solve selective forwarding attacks. A zero-sum Markov (Alpcan and Basar 2006) security model based on 2-players game theory is discussed and analyzed numerically using game parameters. Depending on the available information the players of the game optimize their strategies. A sampling scheme based on game theory is introduced and evaluated on sample networks in (Kodialam and Lakshman 2003) to minimize chances of detection of attackers. DESCRIPTION OF SYSTEM MODEL a) Game Theory Based Attack Model Game theory has been used to solve several networks attacks in ad hoc networks, WSNs, WMNs, in the past (Pathan et al. 2013; Shila and Anjali 2008;Mohammad Page 2

3 An efficient detection of selective forwarding attacks in heterogeneous IoT Networks 2011;Shin et.al 2012;Khanam et al. 2012). Game theory is defined as the mathematical model to evaluate a strategic interaction between groups of players. Figure 1 demonstrates a typical network attack model. In this model we consider two players such as source node S is Player_1 and intermediate (attacker or malicious) node A as Player_2. D is the destination node and lets the finite number of players be N. It is a non-cooperative game with inadequate information, where the players do not have relevant and sufficient information such as the utilities, game strategies of the other players. If one player wins then the other player have to lose contributing to sum the loss and gain to be zero thus known as zero-sum game model (Mohammad 2011). In order to drop packet selectively and minimize throughput in IoT network the attacker must use more utility than that of the target node. Fig. 1. Source S transmits packet directly or through A to destination D Figure 1 demonstrate the transmission of packet from sender S to destination D. Let assume the v i as an intermediate, v i 1 as upstream and v i+1 as downstream nodes. We consider probability P i is the probability of securing ith node in the IoT network. The amount of energy spent for utility cost is equal to the sum of total probability to secure N N N all nodes: E sd = i=1 P i. The residual energy E r = 1 i=1 P i and i=1 P i 1. To drop the nodes, the attacker must spend more energy than the target. The energy spent N i=1 P i by sender to transmit packet through attacker is E sa =. is defined as a constant and If > 1, attacker proceeds to attack, if = 1, the utility of both attacker and target are equal. When = 0, the attacker fail to attack, and finally, if < 1, attacker fails to drop packet. (m, n) is the game s initial state where m and n are the sending and dropping buffers of Player_1 and Player_2respectively. m =1 if any packet is available in the sending buffer and n= 0 (packet has not dropped) or n=d (packet has dropped). Therefore, s 1 = (0,0), s 2 = (0, d), s 3 = (1,0), and s 4 = (1, d) are the possible states of the game. The transition probabilities P(t) are calculated as below (Khanam, Saleem, and Pathan 2012): (1 μ)(p d + p a q f ) ; when n = 0 and i = 1 P(t) (m,n)(m+i,n) (x) = When,m=1 (1) { (1 μ)(p a q d ) ; when n = d and i = 1 μ(p d + p a q f ) ; when n = 0 andi = 0 μ(p a q d ) ; when n = d and i = 0 Page 3

4 Shapla Khanam, Ismail Ahmedy, Mohd Yamani Idris (1 μ) ; when n = 0 and i = 0 P(t) (m,n)(m+i,n) (x) = { When, m=0 (μ) ; when n = d i = 1 (2) Where, x is the joint strategy and μ is the new packet arrival rate. The game strategy set of Player_1 is S 1 = {s 1, s 2 } where Player_1 transmit packets either directly or via A (s 2 ) to D (s 1 ). Mixed game strategy of S 1 are π s (s 1, s 2 ) = (p d, p a ), where p d + p a = 1. The strategy set for the attacker (Player_2) is A 2 = (a 1, a 2 ). Mixed game strategy of A 2 are π a (a 1, a 2 ) = (q f, q d ) and q f + q d = 1. Here, q d =drop probability. Hence, x = (π s, π a ) = (p d, p a, q f, q d ). For instance, lets (1,0) be current state of the game, Player_1 (i.e., S) can transmit packet to destination D either directly or via A. in direct transmission, (0,0) or (1,0) are the states with probability p d. Otherwise, with probability p a the transmission is done via Player_2 (i.e., A). If Player_2 drops packet, the states are (0, d) or (1, d) or if it forward packet, the states are (0,0) or(1,0). However, either strategy has a payoff or utility expenditure or it is calculated for the zero-sum game as utility expenditure of player_1 = - utility expenditure of player_2. The successful packet transmission depend on returning rewards sent by destination to the sender. If packet arrives at destination D, the sender S will receive some rewards Pt d from the destination node D. When sender S sends packets through A, it shares a portion of rewards Pt sa with A. If no rewards were received indicates that the packet wasn t transmitted successfully. Based on the spent energy and received rewards on each transmission the net utility for sender and the attacker will remain as follows (Pathan et al. 2013): Pt d E sd ; if S sends packet directly to D. Utility of S, U s = { Pt d Pt sa E sa ; if S sends packet via A to D. Pt sa E sa ; if attacker A drops the packet. (3) and, Pt Utility of A, U a = { sa E ad ; if A forwards the packet to D. Pt sa + β ; if attacker A drops the packet. (4) β is the earned profit of attacker A. If ( Pt sa E sa ) < (Pt d E sd ) < (Pt d Pt sa E sa ), and if player_2 drops the packet then the utility of player_1 decreases. If(Pt sa E ad ) < (Pt sa + β), the utility is higher in dropping than transmitting packets. Hence, based on packet dropping and forwarding probability, the utility can be recalculated as follows: U s (x) = μ(1 μ p a q d ){p d(pt d E sd ) + p a (q f (Pt d Pt sa E sa ) + q d ( Pt sa E sa ))} + μ 2 p a q d {p d (Pt d E sa ) + p a (q f (Pt d pt sa E sa )) + p a (q d ( Pt sa E sa ))} (5) And, U a (x) = μ(1 μ p a q d ){p a (q f (Pt sa E ad ) + q d (Pt sa + β))} + μ 2 p a q d {p a (q f (Pt sa E ad ))} + μ 2 p a q d (p a q d (Pt sa + β)) (6) Page 4

5 An efficient detection of selective forwarding attacks in heterogeneous IoT Networks b) Detection Algorithm In this model, a successful transmission is based on rewards or acknowledgement points Y. Each node in the IoT network should send acknowledge (ACK) to the source node after successfully receiving a packet. We assume that the packet loss occur only by attacker. For future references, the source node keeps entry of every route. A typical structure of an IoT network is presented in Figure 2, consisting of source node S and Destination node D. the total number of nodes is assumed as N and total malicious node is M in the IoT networks. Let s assume there is one good node X between two attackers or malicious nodes, Y is the ACK points and Z is the percentage of check points. Fig. 2. Hop-by-hop acknowledgement Source node S receives multiple route reply when it sends route request to the IoT network. We assume S selects the route SFGHIJK D, where H is the attacker node. We assume node G and J will send ACK after receiving packets from sender, hence, we have two acknowledgement points as Y = 2. Therefore, we may consider the following possible situation: Situation 1: One of nodes is the attacker or malicious node. Situation 2: More than one nodes are attacker Situation 3: Either or both G and J are attacker nodes This algorithm detects malicious node using hop-by-hop inspection and traffic overhearing. We assume v i as an intermediate, v i 1 as upstream and v i+1 as downstream nodes. After receiving packets from upstream node v i 1, the downstream node v i+1 updates its packet count table and packet sequence number and then send the ACK packet to upstream nodev i 1. The total number of successfully sent and received packet is denoted by w s and number of successfully received packets is denoted by n vi v i+1. When a packet is transmitted to a downstream node, the upstream node send ACK and overhear the traffic by making sure if the packet is forwarded or tempered. The upstream node simply analysis the scenario by observing these two operations. However, downstream node uses two detection parameters such as probability of acknowledgment P Ack = 1 P NAck and probability of noacknowledgment P NAck = (n t + n d )/n f, here n t, n d and n f are the number of tempered, dropped and forwarded packets respectively. Moreover, Probe and Probe_Ack packets are introduced in order for network to detect malicious node. Sender transmits Probe packet over the route to destination for every w s data packet. Probe packets are marked with the detection parameter at each node through the route. Additionally, while Probe packet travels the route, each node Page 5

6 Shapla Khanam, Ismail Ahmedy, Mohd Yamani Idris attaches its opinion with the mark. We will calculate behavior of each node by loss-rate of the link (LR vi v i+1 = 1 (n vi v i+1 /n vi 1 v i )) from v i to v i+1 and it is observed by v i+1 node. The value of monitoring threshold t m and loss-rate threshold t l is between 0 and 1 which is used to indicate the malicious behavior of a node. This algorithm detects the behavior of malicious node as the value of t l and t m decrease. The upstream node observe the behavior of downstream node to calculate this opinion. Therefore, the opinion and behavior are calculated as follows (Khanam, Saleem, and Pathan 2012): RESULTS If (P NAck > t m ) and/or (LR vi v i+1 > t l ) then malicious behavior is spotted. If (P NAck < t m ) and/or (LR vi v i+1 < t l )then normal behavior is spotted. In order to find out the utilities of the Player_1 and Player_2 using probability analysis we may substitute the energy spent and the points earned by source and destination nodes based on the mathematical equations. By substituting values to Pt sa = 0.3, E sd = 0.7, E sa = 0.05, Pt d = 1, it is expectted the utility of Player_1 will reduce and Player_2 increase which indicates that the packets drop probability increases. Based on the detection phase of the algorithm, we can analyze the following possible cases: Scenario 1: If P NAck v i v i 1 > t m and LR vi v i+1 > t l. In this scenario, the intermediate node may drop the packet and both downstream and upstream nodes will monitor the intermediate node if it is misbehaving or not based on the monitoring and loss-rate threshold. Both upstream and downstream node suspect the intermediate node as attacker. Scenario 2: If P NAck v i v i 1 < t m and LR vi v i+1 > t l. If the value of monitoring threshold is higher than NACK and loss-rate threshold lower than link loss-rate, it is expected that downstream node might suspect the intermediate node is malicious but upstream node may not be able to suspect the intermediate node. Scenario 3: If P NAck v i v i 1 > t m and LR vi v i+1 < t l. In this scenario, probability of NACK is higher than t m value and t l value is higher, thus based on the algorithm the upstream node suspect the intermediate node as the attacker. However, the downstream node may not suspect it as a attacker. Scenario 4: If P NAck < t v i v i 1 m and LR vi v i+1 < t l. In this case, neither downstream nor upstream node suspects the intermediate node is an attacker. CONCLUSION The IoT has gained enormous attention recently and become a rapid growing technology used in different applications such as smart home, industry, medical healthcare, agriculture and many more. However, IoT is susceptible to various security attacks. In this paper, we focused on selective forwarding attack and have presented a noncooperative zero-sum game theoretic method to detect malicious attackers in IoT networks and to spot malicious activity of a node. A hop-by-hop acknowledgment algorithm is introduced to detect the attacker based on monitoring threshold and lossrate threshold values. Subsequently, for evaluation of our proposed algorithm, Cooja Page 6

7 An efficient detection of selective forwarding attacks in heterogeneous IoT Networks network simulator will be used to verify whether the algorithm can efficiently detect the malicious attacker in the IoT heterogeneous network REFERENCES Alpcan, Tansu, and T. Basar An Intrusion Detection Game with Limited Observations. Proc. 12th International Symposium on Dynamic Games and Applications 1: 1 3. Kasinathan, Prabhakaran, Claudio Pastrone, Maurizio A. Spirito, and Mark Vinkovits Denial-of-Service Detection in 6LoWPAN Based Internet of Things. International Conference on Wireless and Mobile Computing, Networking and Communications: Khanam, Shapla, Habibullah Yusuf Saleem, and Al-sakib Khan Pathan An Efficient Detection Model of Selective Forwarding. : Kodialam, Murali Kodialam Murali, and T.V. Lakshman Detecting Network Intrusions via Sampling: A Game Theoretic Approach. IEEE INFOCOM Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428) 3(C): Kumar, Vinay, and Sudarshan Tiwari Routing in IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN): A Survey. Journal of Computer Networks and Communications Li, Shancang, Li Da Xu, and Shanshan Zhao The Internet of Things: A Survey. Information Systems Frontiers 17(2): Mohammad Masoud Javidi Game Theory Approaches for Improving Intrusion Detection in MANETs. Scientific Research and Essays 6(31): Pathan, A.-S.K., W.M. Abduallah, S. Khanam, and H.Y. Saleem A Pay-and-Stay Model for Tackling Intruders in Hybrid Wireless Mesh Networks. Simulation 89(5): Pongle, Pavan, and Gurunath Chavan A Survey: Attacks on RPL and 6LoWPAN in IoT International Conference on Pervasive Computing: Advance Communication Technology and Application for Society, ICPC (c): 0 5. Raza, Shahid et al Lithe: Lightweight Secure CoAP for the Internet of Things. IEEE Sensors Journal 13(10): Raza, Shahid, Linus Wallgren, and Thiemo Voigt SVELTE: Real-Time Intrusion Detection in the Internet of Things. Ad Hoc Networks 11(8): Shahid Raza, Simon Duquennoy, Tony Chung, Dogan Yazar Thiemo Voigt and Utz Roedig. Securing Communication in 6LoWPAN with Compressed IPsec. s11.pdf. Shila, Devu Manikantan, and Tricha Anjali A Game Theoretic Approach to Gray Hole Attacks in Wireless Mesh Networks. IEEE Military Communications Conference (MILCOM): 1 7. Shin, Sangbae, Su Weidong, and Jinsung Cho A Game Theory Model to Support QoS in Overlapped WBAN Environment. Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication - ICUIMC Page 7

8 Shapla Khanam, Ismail Ahmedy, Mohd Yamani Idris 12: 1.. Wallgren, Linus, Shahid Raza, and Thiemo Voigt Routing Attacks and Countermeasures in the RPL-Based Internet of Things. International Journal of Distributed Sensor Networks Yan, Zheng, Peng Zhang, and Athanasios V. Vasilakos A Survey on Trust Management for Internet of Things. Journal of Network and Computer Applications 42: Page 8