Analysis and Enhancement of RPL under Packet Drop Attacks

Similar documents
Study of RPL DODAG Version Attacks

RPL: Routing for IoT. Bardh Prenkaj Dept. of Computer Science. Internet of Things A.A

Routing over Low Power and Lossy Networks

Lesson 4 RPL and 6LoWPAN Protocols. Chapter-4 L04: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

An Algorithm for Timely Transmission of Solicitation Messages in RPL for Energy-Efficient Node Mobility

RPL- Routing over Low Power and Lossy Networks

Routing Protocol for LLN (RPL) Configuration Guide, Cisco IOS Release 15M&T

Principles of Wireless Sensor Networks

Enhancing Routing Protocol for Low Power and Lossy Networks

Wireless Sensor Networks, energy efficiency and path recovery

Mobile Communications

Design and Analysis of Routing Protocol for IPv6 Wireless Sensor Networks

Cisco Systems, Inc. October Performance Evaluation of the Routing Protocol for Low-Power and Lossy Networks (RPL)

INTERNATIONAL JOURNAL OF COMMUNICATIONS Volume 12, Performance comparative analysis of LOADing-CTP and RPL routing protocols for LLNs

ns-3 RPL module: IPv6 Routing Protocol for Low power and Lossy Networks

Wireless Sensor Networks Module 2: Routing

RIP Configuration. RIP Overview. Operation of RIP. Introduction. RIP routing table. RIP timers

Optimizing Routing Protocol for Low power and Lossy Network (RPL) Objective Function for Mobile Low-Power Wireless Networks

Internet Engineering Task Force (IETF) Category: Standards Track. September The Minimum Rank with Hysteresis Objective Function

arxiv: v1 [cs.ni] 8 Jun 2016

A Comparative Performance Study of the Routing Protocols RPL, LOADng and LOADng-CTP with Bidirectional Traffic for AMI Scenario

Sleep/Wake Aware Local Monitoring (SLAM)

Resource Aware Routing Protocol in Heterogeneous Wireless Machine-to-Machine Networks

Homework #4. Due: December 2, 4PM. CWND (#pkts)

Internet Engineering Task Force (IETF) Request for Comments: ISSN: March 2012

IoT Roadmap in the IETF. Ines Robles

Routing in the Internet of Things (IoT) Rolland Vida Convergent Networks and Services

ContikiRPL and TinyRPL: Happy Together. JeongGil Ko Joakim Eriksson Nicolas Tsiftes Stephen Dawson-Haggerty Andreas Terzis Adam Dunkels David Culler

Research Article Detection and Prevention of Selective Forwarding-Based Denial-of-Service Attacks in WSNs

Wireless Mesh Networks

Politecnico di Milano Advanced Network Technologies Laboratory. 6LowPAN

A Performance Evaluation of RPL in Contiki

MULTI-CONSTRAINTS ADAPTIVE LINK QUALITY INDEX BASED MOBILE-RPL ROUTING PROTOCOL FOR LOW POWER LOSSY NETWORKS

Computer Science 461 Midterm Exam March 14, :00-10:50am

Advanced Networking: Routing & Switching 2 Chapter 7

The P2P-RPL Routing Protocol for IPv6 Sensor Networks: Testbed Experiments

Multi DODAGs in RPL for Reliable Smart City IoT

ICS 351: Today's plan. OSPF BGP Routing in general routing protocol comparison encapsulation network dynamics

The information in this document is based on Cisco IOS Software Release 15.4 version.

CS 268: Computer Networking. Taking Advantage of Broadcast

This is a repository copy of Dynamic RPL for Multi-hop Routing in IoT Applications.

Quantitative Analysis and Evaluation of RPL with Various Objective Functions for 6LoWPAN

On-Demand Multicast Routing in Ad Hoc Networks with Unidirectional Links

On Demand secure routing protocol resilient to Byzantine failures

3. Evaluation of Selected Tree and Mesh based Routing Protocols

CHAPTER 4. The main aim of this chapter is to discuss the simulation procedure followed in

Chapter 55 Elimination of Black Hole and False Data Injection Attacks in Wireless Sensor Networks

Fairness Example: high priority for nearby stations Optimality Efficiency overhead

Study of Multipoint-to-Point and Broadcast Tra c Performance in the IPv6 Routing Protocol for Low Power and Lossy Networks

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols. Broch et al Presented by Brian Card

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

Iden%fying Defunct DAGs in RPL dra7- goyal- roll- defunct- dags- 00. Mukul Goyal University of Wisconsin Milwaukee

Secure routing in IoT networks with SISLOF

COMP3331/9331 XXXX Computer Networks and Applications Final Examination (SAMPLE SOLUTIONS)

Load Balancing Metric Based Routing Protocol for Low Power and Lossy Networks (lbrpl)

Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs

Distributed Denial of Service (DDoS)

II. Principles of Computer Communications Network and Transport Layer

CMPE150 Midterm Solutions

Comprehensive Performance Analysis of RPL Objective Functions in IoT Networks.

MLD. MLDv1 (defined in RFC 2710), which is derived from IGMPv2. MLDv2 (defined in RFC 3810), which is derived from IGMPv3.

Operation Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

OSPF Commands on Cisco IOS XR Software

Performance Evaluation of Routing Protocols in Lossy Links for Smart Building Networks

IPv6 Neighbor Discovery

Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies

Conference Paper. Cyber-OF: An Adaptive Cyber-Physical Objective Function for Smart Cities Applications

Performance Analysis of AODV using HTTP traffic under Black Hole Attack in MANET

DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM

Routing in Ad Hoc Wireless Networks PROF. MICHAEL TSAI / DR. KATE LIN 2014/05/14

IPv6 PIM. Based on the forwarding mechanism, IPv6 PIM falls into two modes:

Comparative Study of RPL-Enabled Optimized Broadcast in Wireless Sensor Networks

Listen and Whisper: Security Mechanisms for BGP

Network Working Group

Performance Evaluation of Mesh - Based Multicast Routing Protocols in MANET s

Examination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk SOLUTIONS

Trickle-F: fair broadcast suppression to improve energy-efficient route formation with the RPL routing protocol

LECTURE 9. Ad hoc Networks and Routing

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Request for Comments: 5015 Category: Standards Track T. Speakman Cisco L. Vicisano Digital Fountain October 2007

Opportunistic RPL for Reliable AMI Mesh Networks

Optimized Neighbor Discovery for 6LoWPANs: Implementation and Performance Evaluation

IP Multicast Technology Overview

Link-State Routing OSPF

A COMPARISON OF REACTIVE ROUTING PROTOCOLS DSR, AODV AND TORA IN MANET

set active-probe (PfR)

IoT with Multihop Connectivity

Impact of IEEE MAC Packet Size on Performance of Wireless Sensor Networks

Lecture 12: Link-state Routing. Lecture 12 Overview. Router Tasks. CSE 123: Computer Networks Chris Kanich. Routing overview

ICS 351: Today's plan. distance-vector routing game link-state routing OSPF

CS 344/444 Computer Network Fundamentals Final Exam Solutions Spring 2007

Outline. CS5984 Mobile Computing

A Comprehensive Evaluation of RPL under Mobility

TDC DoS Protection Service Description and Special Terms

A Critical Evaluation of the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL)

Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks

DualMOP-RPL: Supporting Multiple Modes of Downward Routing in a Single RPL Network

Introduction to IPv6. IPv6 addresses

Routing Protocols in Internet of Things. Charlie Perkins December 15, 2015 with a few slides originated by Pascal

Transcription:

Analysis and Enhancement of RPL under Packet Drop Attacks Binbin Chen, Yuan Li, Daisuke Mashima Advanced Digital Sciences Center COMSNETS 2018, Jan 3 7, Bangalore, India 1

RPL and AMI RFC6550: RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks, 2012 RFC8036: Applicability Statement for the Routing Protocol for Low-Power and Lossy Networks (RPL) in Advanced Metering Infrastructure (AMI) Networks, 2017 2

RPL and AMI RPL offers desirable networking features for AMI Support a very large number (several thousands) of nodes Provide high reliability in the presence of time varying connectivity Optimize for multipoint-to-point traffic Security concerns in AMI application Besides billing, AMI supports other critical applications, e.g., grid state monitoring, demand response, etc. In 2015 Ukraine power grid attacks, the attackers launch a telephone denial-of-service attack against customer call centers to prevent the reporting of the outage RFC7416: A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs), 2015 3

Overview of Our Work A close examination of the interplay between RPL s desirable networking features and security concerns Focus on packet drop attacks, which need more than pure cryptographic countermeasures (e.g., as those discussed in RFC8180: Minimal ipv6 over the tsch mode of ieee 802.15.4e (6tisch) configuration, 2017) Our findings: Externally-induced black hole attack: In ContikiRPL implementation, an external jammer can continuously drop packets forwarded via a targeted router without triggering any rerouting, even when link-layer security mechanisms are in place The design and evaluation of several countermeasures 4

Outline Motivations RPL Design & Implementation Externally-induced black hole attack Countermeasures Evaluations 5

RPL Basics Destination Oriented Directed Acyclic Graph (DODAG) Each node has a rank that represents its relative position to the root Rank can be computed in different ways, e.g., using ETX (Expected Transmission Count) metric Key control messages: DODAG Information Object (DIO) Destination Advertisement Object (DAO) DODAG Information Solicitation (DIS) At the end of DODAG construction, each node has a default upward route to the DODAG root. 6

Trickle Algorithm RPL controls the routing update overhead using a Tricklebased timer RFC6206: The Trickle Algorithm, 2011 How it works: Starting with I = I min In each interval, it resets a consistency counter c to 0 and sets waiting time t to a random value in the range of [I/2,I) Upon hearing a consistent transmission, it increments the counter c. At time t, it transmits DIO if c < threshold k Value of I doubles after each interval until it reaches I max. However, if a node receives an inconsistent transmission (e.g., detection of a loop), it resets I to I min and starts a new interval to speed up the response. 7

ContikiRPL Implementation Some key parameters used in ContikiRPL Unicast-DIO-based Neighobr Probing Mechanism in ContikiRPL 8

Outline Motivations RPL Design & Implementation Externally-induced black hole attack Countermeasures Evaluations 9

Threat Model Attackers cannot compromise nodes and get their keys Link-layer security mechanisms are in place Attackers can jam in a responsive manner System settings: Multi-point-to-point traffic with UDP and local retransmissions No (timely) end-to-end feedback mechanism, or such mechanism does not influence routing decisions RPL adopts no defense mechanism proposed earlier, e.g.: Use multiple routes simultaneously Randomly switching among multiple routes Overhear neighbors transmissions These mechanisms can incur high overhead & complexity 10

A Naïve Attacker Makes Local Impact If the jammer jams continuously, node C (and other nearby nodes) cannot send / receive anything, but other nodes will route their traffic away from C 11

Externally-induced Blackhole Attack A more sophisticated jammer can: Interfere with all outgoing data and routing packets from the targeted router and make sure they cannot be received by the neighbors Do not interfere with any incoming packets to the targeted router, nor the MAClayer ACK frames corresponding to those incoming packets 12

Externally-induced Blackhole Attack Causes Global & Sustained Impact In ContikiRPL implementation: Such an attack can continuously drop packets forwarded via a targeted router (router C here) without triggering any rerouting This is true, even when linklayer security mechanisms are in place and the jammer has no access to the secret keys 13

Outline Motivations RPL Design & Implementation Externally-induced black hole attack Countermeasures Evaluations 14

Design of Countermeasures 15

Measure 1: Active Solicitation of Routing Update by Children If no routing update is received from its parent for a given duration, a child node will send a unicast DIS packet to the parent to solicit for an update Even when the child can send data reliably to its parent The unicast DIS packet will trigger the reset of the Trickle timer at the parent, which will send out its DIO within the shortest interval (i.e., 4s) Key parameter: the timeout interval Trickle algorithm suppress DIO updates (for 17 mins or more in ContikiRPL) when the network is stable A shorter timeout interval reduces detection delay but incurs higher overhead 16

Measure 2: Anomaly detection & Selfdisconnection at the Targeted Router How does a router recognize an attack: It cannot forward packets out But it keeps receiving data packets from children nodes (implying that it cannot send routing updates to children) To avoid cross-layer coordination, a simple way for a router to withdraw itself from the network is to shutdown its network interface No more link-layer ACK will be sent out to the children 17

Measure 2: Devil in the Details Stage 1: The targeted router s rank increases (it tries other parents during this period) Stage 2: Detection of loop (as some child continues to forward to the targeted router), which triggers the router to send DIO RPL deliberately does not consider a single inconsistency along a path as a critical error (see RFC 6550), hence it does not reset the Trickle timer under this setting Since the targeted router could be the only inconsistency in a path under our attack, we need to reset the Trickle timer upon a single inconsistency To reduce false positive, the router further checks its link ETX value 18

Measure 2: Devil in the Details, Continued Stage 3: Wait for DAO from children (should arrive in 6s) DIO / DAO may get lost, so the targeted router waits for a few repeated failures before entering self-disconnection Stage 4: Upon the self-disconnection of the router, the children stops receiving link-layer ACK After a few packet forwarding failure, the children will switch to alternative parents The link to the targeted router is marked with low quality This helps delay the children from switching back to the targeted router, after the attack is paused 19

Measure 3: Delay the Switching-back For measure 2, a concrete implementation of measure 3 is to let the targeted router stay longer in self-disconnected mode Measure 1 & 2 Measure 3 20

Outline Motivations RPL Design & Implementation Externally-induced black hole attack Countermeasures Evaluations 21

Setup ContikiRPL, evaluated using the companion Cooja simulator Two key metrics: packet loss rate & routing overhead 50 Tmote Sky nodes, over a 280m 150m rectangle area 22

Evaluation Results Measure 1 Measure 1 helps, but only to a certain degree Costly to reduce timeout interval for a child to solicit a routing update A child switches back to the targeted router shortly after attack stops 23

Evaluation Results Measure 2 & 3 Measure 2 is more effective, and measure 3 can further help The targeted router can detect the attack fast and reliably Once the router shuts down, It only takes a few data transmission for the child to detect and switch It takes longer for the child to switch back 24

Conclusion & Future Work Summary: We show that an existing (and carefully optimized) RPL implementation allows an external jammer to continuously drop packets without triggering rerouting We propose and analyze several countermeasures Take-away messages: The need to think from an adversarial perspective The need for building-security-in Future work: Variants of threat models: mobile attacker, multiple colluding attackers, optimized packet drop strategies More thorough evaluations 25

THANK YOU! Contact: binbin.chen@adsc.com.sg 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback