a survey in privacy and security in internet of things iot

1

A SURVEY INPRIVACY & SECURITY IN INTERNET OF THINGS

Presented BySultan Basudan

[email protected] By

Dr. Xiaodong Lin

mailto:[email protected]

2

AGENDA What is Internet of Things ( IOT). Such IOT Technologies. IOT Architecture IOT Architecture Security Issues and requirements ( different viewpoints). RFID and WSN Security Issues and requirements IOT protocols Security in IOT communications protocols Lightweight security protocol 6LOWPAN and RPL ( Routing protocol for Low power and Lossy links ) issues and

requirements

3

WHAT IS IOT ?

• Collection of physical objects that are designed with built in wireless or wired connectivity, so they can be monitored, controlled and linked over the Internet via a mobile app or software that uses with another platform.

• An general example:

• An specific example :

4

THE INTERNET OF THINGS CONSISTS OF THREE MAIN COMPONENTS:

• The things (or assets) themselves.• The communication networks connecting them.• The computing systems that make use of the data flowing to and from

our things.

5

CHARACTERISTICS

- Pervasive (Ubiquitous) Embedded everywhere- HeterogeneousMany technologies interact each other- ScalabilityOrder of magnitude higher than current internet

6

HETEROGENEOUS NETWORK• A network connecting computers and other devices with

different operating systems and/or protocols• For instance, A wireless network which provides a service

through a wireless LAN and is able to maintain the service when switching to a cellular network is called a wireless heterogeneous network.

7

HOW DOES IOT WORK ?

8

ADVANTAGES

• Useful in many different categories including asset tracking and inventory control, shipping and location, security, individual tracking, and energy conservation.• Lower operating costs• Efficiency and lower operating expenses• Remotely control your world !• Providing accurate data • Decision making

9

DIFFERENCES BETWEEN IOT AND TRADITIONAL INTERNET

• Many IoT networks are deployed on low-power lossy networks (LLN).• LLNs are networks constrained by energy, memory, and

processing power.

• These aspects have not been considered for the standard Internet.

10

SUCH COMMUNICATION TECHNOLOGIES CAN IMPLEMENT THE CONCEPT OF INTERNET OF THINGS.

• Radio Frequency Identification (RFID).• Near Field Communication (NFC).• ZigBee.• Vehicle-to-Vehicle Communication (V2V).• WIFI.

11

MACHINE-TO-MACHINE COMMUNICATION (M2M)

• Central theme of IOT• Used for automated data transmission and measurement

between mechanical or electronic devices.• Allow both wireless and wired systems to communicate with

other devices.• Refers to the communications between computers,

embedded processors, smart sensors, actuators and mobile devices

12

WIRELESS SENSOR NETWORK (WSN)

• Compositions of independent nodes whose wireless communication takes place over limited frequency and bandwidth.

• Wireless sensor networks consist of large number of low power and low cost sensor nodes. • Each node collects information within its sensing range and then transmits data

to its neighboring nodes• The information gathered by all nodes then forwarded to the base station ( sink

node )

13

IOT ARCHITECTURE

14

IOT SECURITY ISSUES AND REQUIREMENTS

1- According to “Hui Suoa” Security features : Perceptual nodes (sensors) are short of computer power and limited storage capacity so unable to apply frequency hopping communication and public key encryption algorithm to security protection Security requirements • Use lightweight encryption technology

becomes important, which includes Lightweight cryptographic algorithm.

Network Layer

Perception Layer

Application Layer

Middleware Layer

15

2- Issues according to “Kai Zhao” :- Sensor nodes have many varieties and high heterogeneity.• Several common kinds of attack are:o Node Captureo Fake Node and Malicious Datao Denial of Service Attacko Timing Attacko Routing Threatso Replay Attacko SCA (Side Channel Attack)

Network Layer

Perception Layer

Application Layer

Middleware Layer


16

3- Issues according to “Weizhe Zhang”1). Physical capture: Many nodes are statically deployed in the area and can easily be captured by attackers and thus, are physically risky.2). Brute force attack: limited ability of resource storage in sensor node is the big issue to hacked by brute force attack. the attacker utilize his encryption algorithm experience in decode the encoded files and messages.3). Clone node: Attacker can easily copy the node because hardware structure of several perceptual nodes is simple.


Network Layer

Perception Layer

Application Layer

Middleware Layer

17

4). Impersonation: Authentication in the distributed environment is very difficult for the perceptual node, allowing for malicious nodes to use a fake identity for malicious or collusion attacks5). Routing attack: Intermediate nodes may be attacked during data forwarding and relay through nodes. 6). Denial of service (DoS) attack: Nodes can easily be trapped under DoS attack7). Node privacy leak: The attacker can passively or actively steal sensitive information in the node.


Network Layer

Perception Layer

Application Layer

Middleware Layer

18

• Solutions according to Weizhe Zhang , proposed a type of security architecture against security threats in IOT architectures.

Security module in the perceptual layer:1- Allow terminal identity authentication mechanism by the hash algorithm and asymmetric encryption algorithm.2- Hide terminal identity such as the group signature by certain anonymous algorithm.3-Preserve data secrecy by asymmetric encryption algorithm.


Network Layer

Perception Layer

Application Layer

Middleware Layer

19

1- According to “Hui Suoa” Security features • Man-in-the-Middle Attack and counterfeit attack still exist, a

large number of data sending cause congestion. Security requirements • Identity authentication is a kind of mechanism to prevent

the illegal Nodes• Need to establish data confidentiality and integrality

mechanism.

Network Layer

Perception Layer

Application Layer

Middleware Layer

IOT Security Issues and requirements

20

2- Issues according to “Kai Zhao” A. Traditional Security Problems. including illegal access networks, eavesdropping information, confidentiality damage, integrity damage, DoS attack, Man-in-the middle attack, virus invasion, exploit attacks.B. Compatibility problems. The existing Internet network security architecture is designed based on the perspective of person, and does not necessarily apply to communication between the machine.

Network Layer

Perception Layer

Application Layer

Middleware Layer


21

C. The Cluster Security Problems. Including network congestion, DoS attack, authentication problem, etc. IoT has a huge number of devices. If it uses the existing mode of authentication authenticate device, a large amount of data traffic will likely to block network.D. Privacy Disclosure. With the development of the information retrieval technology and social engineering, hackers can easily collect a large number of the particular user’s privacy information.

Network Layer

Perception Layer

Application Layer

Middleware Layer


22

2- Solutions according to “Kai Zhao” • Because of IoT node arrangement random, autonomic, unreliability of energy

limitation and communication, it leads to that IoT have no infrastructure and dynamic topology so The attacker can easily cause attacks.

• Security measures for that problem, Kai Zhao needs to set up the specific authentication cohesive mechanism, the end-to-end authentication and key agreement mechanism, PKI (Public Key Infrastructure), WPKI for wireless, Security routing, Intrusion detection, etc.

Network Layer

Perception Layer

Application Layer

Middleware Layer


23

3- Issues according to Weizhe Zhang • Malicious behaviours against right path topology

and forwarding data and DoS attack.


Network Layer

Perception Layer

Application Layer

Middleware Layer

24

3- Solutions according to Weizhe Zhang • The security in this layer fixes routing security

Problems in heterogeneous and integrating networks.

• Intrusion detection and security monitoring management platform are employed to detect and avoid any malicious incident.


Network Layer

Perception Layer

Application Layer

Middleware Layer

25

1- According to “Hui Suoa” Security features - Intelligent processing is limited for malicious information, so it is a challenge to improve the ability to recognize the malicious information. Security requirements - Needs a lot of the application security architecture such as cloud computing and secure multiparty computation

Network Layer

Perception Layer

Application Layer

Middleware Layer


26

2- Issues according to Weizhe Zhang 1). DoS attack: DOS or DDOS can destroy the service. 2). Non-permission to access:

Attackers can easily threaten security by denying permission to access the related service, if unreasonable access configuration, malicious intrusion, or trapping users with higher permissions into improper operation are present. 3). Data attacks:

Focused on attacks for data service such as attackers redo service requests, change data on request headers, and execute parts of data dictionary attacks.4). Session attacks:

the attacker could hijack the session state or redo sessions to catch illegal access when the service access can be showed as a request/respond ( conversation ).


Network Layer

Perception Layer

Application Layer

Middleware Layer

27

2- Solutions according to Weizhe Zhang

• Security module in the application and middleware layers :

The identity security of these layers focuses on identity identifiability and the cooperation authentication between multiple services.


Network Layer

Perception Layer

Application Layer

Middleware Layer

28

1- According to “Hui Suoa” Security features • Data sharing is that one of the characteristics of application

layer, which creating problems of data privacy, access control and disclosure of information.

security requirements • Authentication and key agreement across the

heterogeneous networks• User’s privacy protection.

Network Layer

Perception Layer

Application Layer

Middleware Layer


29

2- Issues according to “Kai Zhao” - Data Access Permissions, Identity Authentication- Data Protection and Recovery- The Ability of Dealing with Mass-data- The Application Layer Software Vulnerabilities• Xueguang Yang puts forward a design scheme of intelligent

household security system.• Antonio J. Jara gives some solutions that based on 6LoWPAN

(IPv6 over Low power WPAN) architecture


Network Layer

Perception Layer

Application Layer

Middleware Layer

30

2- Solutions according to “Kai Zhao” • Across Heterogeneous Network Authentication and Key Agreement:- Based on symmetric key cryptosystem, public key crypto-system (certificate or PKI), and certification transfer technology. • The Protection of the Private Information- It includes fingerprint technology, digital watermarking, anonymous authentication, threshold cryptography.


Network Layer

Perception Layer

Application Layer

Middleware Layer

31

IN A SUMMARY, SECURITY REQUIREMENTS

32

ATTACKS AND SECURITY ISSUES IN RFID TAGS

i. Unauthorized tag disabling (Attack on authenticity): According to Tuhin Borgohain • This attack leads to incapacitation of the RFID tag temporarily or permanently then

misinformation is coming by its EPC (Electronic Product Code) against unique numerical. this attack can be done remotely that attacker can tamper the tag behavior from away.

ii. Unauthorized tag cloning (Attack on integrity):• The capturing of the identification information (like its EPC) through the manipulation of the

tags by rogue readers falls under this category

iii. Unauthorized tag tracking (Attack on confidentiality):• Hustler readers can trace a tag that might reason in quitting of sensitive data such customer's

address. For instance, buying a product that has RFID tag that result that tag let attack chase you and in fact endangers their privacy.

33

iv. Replay attacks (Attack on availability):• An attacker copies a forwarded packet and later sends out the copies repeatedly and

continuously to the victim in order to exhaust the victim’s buffers or power supplies, or to base stations and access points in order to degrade network performance.• Some prominent security vulnerabilities of RFID technologies in this

category are:i. Reverse Engineeringii. Power Analysisiii. Eavesdropping iv. Man-in-the-middle attack v. Denial of Service (DoS) vi. Spoofing vii. Viruses viii. Tracking ix. Killing Tag Approach

34

• Because RFID and WSN are an important part of IoT perception layer, their security measures will be introduced respectively.• RFID Security Measures:A. Data Encryption:• it’s very necessary to encrypt the RFID signal using the

appropriate algorithm Xiaoni Wang, puts forward a kind of nonlinear key algorithm

B. The Based on IPSec Security Channel:• Two types of security mechanisms: authentication and

encryption so, Data encryption mechanisms prevent attacker from eavesdropping and tampering data during transmission, and encode data for ensuring data confidentiality.

SECURITY SOLUTIONS IN RFID TAGS

35

RFID Security Measures:C. Cryptography Technology Scheme:• Cryptography technology not only can realize the user

privacy protection, but also can protect the confidentiality, authenticity and integrity of the RFID system• Hash function, the random numbers mechanism, server

data search, the logic algorithm, and re encryption mechanism.

SECURITY SOLUTIONS IN RFID TAGS

36

Attacks on network availability (DOS) in WSN:• DoS attack on the physical layer IN WSN: According to Tuhin

Borgohain 1- Jamming: In this type of DoS attack occupies the communication channel between the nodes thus preventing them from communicating with each other.2- Node tampering: Physical tampering of the node to extract sensitive information is known as node tampering.

ATTACKS AND SECURITY ISSUES IN WSN

37

• DoS attack on the link layer IN WSN:1- Collision: This type of DoS attack can be initiated when two nodes simultaneously transmit packets of data on the same frequency channel. The collision of data packets results in small changes in the packet results in identification of the packet as a mismatch at the receiving end. This leads to discard of the affected data packet for re-transmission.2- Unfairness : is a repeated collision based attack. It can also be referred to as exhaustion based attacks.3- Battery Exhaustion: This type of DoS attack causes unusually high traffic in a channel making its accessibility very limited to the nodes.

38

• DoS attack on the Network layer IN WSN:1- Spoofing: replaying and misdirection of traffic.2- Hello flood attack: This attack causes high traffic in channels by congesting the channel with an unusually high number of useless messages. Here a single malicious node sends a useless message which is then replayed by the attacker to create a high traffic.3- Homing: In case of homing attack, a search is made in the traffic for cluster heads and key managers which have the capability to shut down the entire network. 4- Selective forwarding: A compromised node only sends a selected few nodes instead of all the nodes. This selection of the nodes is done on the basis of the requirement of the attacker to achieve his malicious objective and thus such nodes does not forward packets of data.

39

5- Sybil: In a Sybil attack, the attacker replicates a single node and presents it with multiple identities to the other nodes.

6- Wormhole: This DoS attack causes relocation of bits of data from its original position in the network. This relocation of data packet is carried out through tunneling of bits of data over a link of low latency.

7- Acknowledgement flooding: Acknowledgements are required at times in sensor networks when routing algorithms are used. In this DoS attack, a malicious node spoofs the Acknowledgements providing false information to the destined neighboring nodes

40

• DoS attack on the Transport layer IN WSN:

1- Flooding: It refers to deliberate congestion of communication channels through relay of unnecessary messages and high traffic.2- De-synchronization: In de-synchronization attack, fake messages are created at one or both endpoints requesting retransmissions for correction of non-existent error. This results in loss of energy in one or both the end-points in carrying out the spoofed instructions.

41

1- Key Management: - There are four main key distribution protocols: simple key distribution protocol, key pre distribution agreement, dynamic key management protocol, and hierarchical key management protocol.2- Secret Key Algorithms:- Geng Yang, puts forward the improved scheme of ECC (Elliptic Curves Cryptography) key management based on the lightweight. It has a wide attention of the key management research in WSN

Wireless Sensor Network Security SOLUTION

42

3- Security Routing Protocol- Perrig A, and Liu D. including SNEP (Secure Network Encryption

Protocol) protocol and μTESL (Micro Timed Efficient Streaming Loss-tolerant Authentication Protocol) protocol. SNEP protocol is used to implement the confidentiality, integrity, freshness and pointto- point authentication. μTESLA protocol is an efficient flow authentication protocal that based on time. It realizes point to multipoint broadcast authentication.

4- Intrusion Detection Technology:- IDS (Intrusion Detection System) can monitor the behavior of network nodes timely, and find the suspicious behavior of nodes.


43

5- Authentication and Access Control:* Authentication- The lightweight public key authentication technology- PSK (Pre Shared Key)- Random key pre-distribution authentication technology- UIsing auxiliary information authentication technology, based on

one-way hash functions authentication technology.* Access Control:- Access control mainly include based on asymmetric cryptosystem and based on symmetric cryptosystem.


44

IMPORTANT IOT PROTOCOLS

According to Shahid Raza, communication in the IoT can be classified into different layers:• 1- Application layer• 2- Transport layer • 3- Network layer• 4- Data link layer• 5- Physical layer

45

IMPORTANT IOT PROTOCOLS• Application layer** Constrained Application Protocol ( CoAP): - Subset of HTTP is being standardized as a web protocol for the IOT.- Web transferred protocol used with constrained nodes networks in the IOT.- Why HTTP ? * heavyweight** Message Queue Telemetry Transport (MQTT) :- Another Web transferred protocol used with M2M networks in the IOT

46

IMPORTANT IOT PROTOCOLS

• Transport layer :- TCP, HTTP - UDP , CoAP * lightweight

47

IMPORTANT IOT PROTOCOLS• Network layer:- Use Internet protocol (IP)- IPv4 ??- There is a report that estimates 50 billion devices and objects will be

connected to the Internet by 2020, So as IPv6 networks is the IP protocol for IOT communications.• So, Because IOT is ubiquities environment, it utilizes IPv6 that increases the

address size from 32 bits to 128 bits.• As IPv6 is also heavyweight, IETF has defined 6LOWPAN ( IP6 over Low

Power Wireless Personal Area Networks) to possibly used in resource constrained networks such as WSN.

48

IMPORTANT IOT PROTOCOLS• Data link and Physical layers:- Use IEEE 802.15.4 standard protocol for low-rate wireless personal area networks such as source constrained networks.- 6LoWPAN Networks use the IEEE 802.15.4 protocol as link

layer to enable transmission.

49

SECURITY IN IOT COMMUNICATIONS PROTOCOLS• Communication Security

• Yu et al propose E2E secure communication between WSNs and Internet. They use asymmetric cryptography for key management and authentication and delegate resource hungry operations to a gateway • Wander et al. compare two most well-know asymmetric algorithms, RSA and

Elliptic Curve Cryptography (ECC) , on sensor nodes and conclude that ECC is more efficient than RSA, and asymmetric cryptography is viable for constrained hardware.• Liu et al.and Chung et al. describe key distribution mechanisms that save scarce

bandwidth in resource constrained networks. These improvements make cryptographic mechanisms in the context of WSNs more viable

50

• IEEE 802.15.4 Security

• the ArchRock PhyNET that applies IPsec in tunnel mode between the border router and Internet hosts

• HIP DEX is another solution that can be used directly as a keying mechanism for a

MAC layer security protocol.

• Wood et al. also propose a solution to secure link-layer communication in TinyOS for IEEE 802.15.4-based WSN.

• Roman et al. proposed key management systems for sensor network in the context of the IOT that are applicable to link-layer security

• Shahid Raza also implements standardized 802.15.4 security for 6LoWPAN networks with hardware-aided crypto operations and show that it is viable to use 802.15.4 security in constrained environments, however, 802.15.4 security only protects communication between two neighboring devices.

51

• Transport Layer• Hong et al. proposed End-to-end security that can be provided by using Transport Layer

Security (TLS) , or by its old version SSL. TLS/SSL has been proposed as a security mechanism for the IoT. But Their evaluation shows that this security mechanism is indeed quite costly in terms of time and energy during full SSL handshake and a data packet transfer

• Foulagar et al. propose a TLS implementation for smart objects . However, this solution involves the border router to reduce cryptographic computational effort on smart objects and cannot be considered a full E2E solution.

• Brachmann et al propose TLS-DTLS mapping to protect the IoT. However, their solution

requires the presence of a trusted 6BR that break E2E security at the 6BR

• Kothmayr et al. investigate the use of DTLS in 6LoWPANs with a Trusted Platform Module (TPM) to get hardware support for the RSA algorithm. However, in addition to specialized hardware requirement, they have used DTLS as it is without using any compression method which would shorten the lifetime of the entire network due to the redundancy in transmitted data.

52

• Granjal et al. evaluate the use of DTLS as it is with CoAP for secure communication. They note that payload space scarcity would be problematic with applications that require larger payloads.

• Brachmann et al. provide an overview of state-of-the-art security solutions for a CoAP-based applications, and discuss the feasibility of DTSL, TLS, IPsec, or combination of these for E2E security and secure multicast communication. They assume pre-shared keys in their proposals due to resource-constrained

• Recently, Koeh et al. in an IETF draft discuss the implications of securing the IP-connected IoT with DTLS and propose an architecture for secure network access and management of unicast and multicast keys with extended DTLS

• Garcia et al. also propose and compare pre-shared based Host Identity Protocol (HIP) and DTLS as key management, secure network access, and secure communication protocols. They onclude that though HIP is efficient, it is not widely available in the current Internet;

• Because The above solutions either review the use of (D)TLS in the IoT or propose architectures that break E2E security, Shahid Raza reduces the overhead of DTLS in CoAP-based IoT by employing 6LoWPAN header compression mechanisms, and implement and evaluate it in an IoT setup on real hardware .The solution is DTLS standard complaint and ensures E2E security between CoAP

• Researchers are also investigating vulnerabilities in the DTLS protocol.• Nadhem et al. recently demonstrated successful attacks against the DTLS protocol .

53

• IPsec• Granjal et al. investigate the use of IPsec for 6LoWPAN .

However, they do not provide exact specifications of the required 6LoWPAN headers. • Shid Razas design, implement, and evaluate 6LoWPAN

compressed IPsec for the IoT, and quantitatively compare it with the 802.15.4 security .We propose to use IPsec in transport mode that enables E2E security between the communicating endpoints. We implement our compressed IPsec in the Contiki OS .• Jorge et al. has extended 6LoWPAN compressed IPsec and included

support for IPsec in tunnel mode. They have implemented and evaluated their proposal in TinyOS.

54

LIGHTWEIGHT PROTOCOLS##Lightweight IPsec• With 6LoWPAN header compression * the IPsec AH (Authenticated Header) header size is reduced from 24 bytes to 16 bytes. *the ESP (Encapsulating Security Payload) header size is reduced from 18 bytes to 14 bytes.

• This results in a lower number of bits being transmitted, more space for application data, and may avoid 6LoWPAN fragmentation.

• Contrary to the common belief that IPsec is too heavy for constrained devices, IPsec is faster than the IEEE 802.15.4 security as the number of hops grows or the data size increases• Because the compression mechanisms substantially reduce the data overhead on

fragmented traffic.• cryptographic operations are only performed at the end hosts, that is in Ipsec, not at

each hop as in the case of 802.15.4 security.

55

##Lightweight DTLS• CoAP is being standardized as a web protocol for the IoT• to make web protocol secure as CoAPs, secure transport layer

represent in Lightweight DTLS must be done.• Like IPsec, DTLS is designed for the conventional Internet and not for

the resource-constrained IoT.• The DTLS header compression is based on 6LoWPAN NHC ( Next

Header Compression ). Employing these compression mechanisms significantly reduces the DTLS header sizes and ultimately results in fast and energy efficient communication com- pared with plain DTLS. • The use of compressed DTLS makes CoAPs considerably lightweight

and a feasible security protocol for the IoT.

56

6LOWPAN

57

6LOWPAN • 6LoWPAN is novel IPv6 header compression protocol and allows constrained devices to connect to IPv6

networks.• Because limitation in constrained devices like battery powered, memory and processing capability etc. for

this a new network layer routing protocol is designed called RPL (Routing Protocol for low power Lossy network).

• RPL is light weight protocol and doesn't have the functionality like of traditional routing protocols so routing protocol may goes under attack.

• A. 6LoWPAN integrates IP-based infrastructures and WSNs by specifying how IPv6 packets are to be routed in constrained networks such as IEEE 802.15.4 networks

• the 6LoWPAN standard also defines fragmentation and reassembly of datagram ، Due to the limited payload size of the link layer in 6LoWPAN networks.

• The IEEE 802.15.4 frame size may exceed the Maximum Transmission Unit (MTU) size of 127 bytes for big application data, in that case additional fragment(s) are needed

• 6LoWPAN networks are connects to the Internet through the 6BR (6LoWPAN Border Router) that is analogous to a sink in a WSN. The 6BR preforms compression/decompression and fragmentation/assembly of IPv6 datagrams.

• RPL is also prone to a number of routing attacks aimed to disrupt the topology, so In the IoT, a 6BR is assumed to be always accessible.

58

6LOWPAN

59

RPL TOPOLOGY • RPL topology forms the DODAG (Destination Oriented Directed Acyclic Graph) tree, which contain only 1 root. The

root node is also called as the sink node. Nodes inform parents of their presence and reachability to descendants by sending a DAO (DODAG Information

Object) message Root node starts the formation of the topology by broadcasting the DIO (DODAG Information Object) messages. Nodes receiving the DIO message selects the parent to sender, with rank value calculated with respect to the

parents rank value and other parameters. The rank value may be depend on the distance from the root node, energy of link etc. The network owner can decide the rank value calculation parameters. The nodes continue to broadcast the DIO message and form the tree topology.

60

ATTACKS ON RPL TOPOLOGY

62

ATTACKS ON RPL TOPOLOGYSelective Forwarding Attack:The purpose of attack is to disrupt routing paths and filter any protocol. In RPL attacker could forward all RPL control messages and drop the rest of the traffic 1- Solution on this attack can be creating the disjoint path or dynamic path between parent and children.2- Other solution is by using encryption technique in which attacker will not able to identify the traffic flow3-According to Wallgren, Heartbeat protocol basically used for detection of the disruption in network topology but also can be used as defend against selective forwarding attack.4- According to Raza Shahid, IDS solution given the End to End packet loss adaptation algorithm for detection of selective forwarding attack.• RPL self-healing does not correct the topology " According to Wallgren"

63

Sinkhole Attack.Attacker node advertises beneficial path to attract many nearby nodes to route traffic through it. This attack does not disrupt the network operation but it can become very powerful when combined with another attacks.• Solutions:• 1- The IDS system give the solution to detect this attack According to

Raza Shahid• 2- According to "Weekly Kevin," defend against sinkhole attack

evaluated parent fail-over and a rank authentication technique. The rank authentication technique relies on one way hash

techniqueParent fail-over technique: uses UNS (unheard nodes set) field in DIO

message indicating that the nodes are in sinkhole compromised path.• RPL does not have the self- healing capacity against the sinkhole.

64

Sybil Attackmalicious node uses several identities on the same physical node.

Sybil attack on RPL is not evaluated yet in IOT.

Hello Flooding Attack

network node broadcast initial message as HELLO message. Attacker can introduce himself as neighbour node to many node by broadcasting Hello message with strong routing metrics and enter in network- In RPL, DIO messages refereed as Hello message,

which is used to advertise information about DODAG

*solution: 1- This attack can be mitigated by using the link-layer metric as a parameter in the selection of the default route. If it fail to receive link-layer acknowledgements then different route is chosen.2- using the geographical distance, node shouldnot select the nodes which are beyond their transmission range.

65

Wormhole Attack:The main purpose of this attack is Disrupt the network topology and traffic flow.

Solution: According to "Khan Faraz", Wormhole attack can be prevented using the construction of Markle tree authentication .-In RPL the tree construction starts from rootto leaf nodes and Markle tree construction starts from leaf node to root.

Clone ID Attack AttackerAttacker node clones the identity of other node to gain access to traffic destined to victim node or through victim node.

* Solution: 1- This attack can be minimized by using tracking number of instances of each identity and this could able to detect cloned identities. If geographical location of the nodes with their identity stored at 6BR, using this we can identify the original node and cloned/malicious node.2- Other distributed technique is by using distributed hash table (DHT).

66

Denial of Service Attack: • Denial of service or Distributed denial

of service attack is attempt to make resources unavailable to its intended user.

• In RPL this attack can be bring using the IPv6 UDP packet flooding.

Solution: According to Kasinathan, IDS system in proposed the framework for detection of DOS attack in 6LoWPAN.

Alteration and Spoofing Attack:Rank attack: By changing Rank value, an attacker can attract child node for selecting as parents or improve some other metric, and can attract large traffic going toward the root. Solution: According to Dvir Amit, To defend Rank attack VeRA (Version number and Rank Authentication) a new security service for preventing the misbehaving node from decreasing Rank values for attack purpose.

67

DIS (DODAG Information Solicitation) AttackIn this attack malicious nodes periodically sends the DIS messages to its neighbours. When the DIS messages broadcast by attacker, the receiver nodes upon receiving DIS message reset the DIO timer assuming something went wrong with the topology around it.

68

ATTACKS ON RPL 6LOWPAN• In resource constrained devices, the maximum MTU size is 127 bytes only, however

IPv6 minimum MTU size is 1280 bytes due to this the fragmentation is done.• 6LoWPAN does not support any kind of authentication mechanism this lead to

fragmentation attack. A. Fragmentation Attack:

Attacker may put his own fragments in fragmentation chain as there is no authentication mechanism at receiver side for checking that received fragment is not a spoofed or duplicated fragment.*Solution: According to Hummen, René, et al. propose two mechanisms, split buffer approach and content chaining scheme.1- The content chaining scheme uses cryptography to verify that received fragments belong to the same packet or not, on a per-fragment basis2- Attacker can attack on the receiver buffer allocation as the receiver waits for all fragments to receive for reassembly, so According to Hummen, René, et al Split buffer schema promote direct competition between original senders and an attacker for reassembly buffer resources.

69

B. Authentication Attack:

• 6LoWPAN does not authenticate the node before joining the network. Due to this any attacker node can easily joins the network.

• Solution:

• According to Oliveira, Luis ML, et al, To authenticate the nodes author presents a mechanism that can be used to control the nodes that have access 6LoWPAN network.

• This method is based on administrative approval, which controls the third party nodes from using the network to communicate with regular nodes.

• The border router contains the list of nodes in the network with their layer 2 address. Using this address the presence of node is determined. And authorized to only those nodes which are in the list.

70

C. Confidentiality Attack:

Various attacks including eavesdropping, man in middle, spoofing kinds of attacks etc.Solution:

• Providing confidentiality or encryption mechanism in 6LoWPAN, According to Raza, Shahid, et al, provide the End-to-End (E2E) secure communication between IP enabled sensor networks and the traditional Internet.

• According to Sherburne, Matthew, examined implementation of Moving Target IPv6 Defense (MT6D) in 6LoWPAN. The MT6D is basically designed to defend against network attacks.

D. Security threats from internet side:

As 6LoWPAN is directly connected to the unsecured internet can undergo attacks from internet.Solution:

• According to Raza, Shahid, For avoiding such attack, the firewall could be installed on 6BR to control the malicious packets from internet.

71

RPL, NETWORK LAYER ATTACKS HAVE BEEN NOT EVALUATED YET 1) Internet Smurf attack: Internet Smurf attack takes place by spoofing the victim node address and echo message to other node. This could lead the flooding to victim node. If attack exists the defense for this

attack, detection of attack using IDS solution can be a research challenge.

2) Homing attack: - By traffic analysis, attacker can identify the important node for attack being performed. - Attack can be interested in knowing root node or nodes which are direct child of root node. By exploiting these nodes attacker can bring attack on RPL with more concentration. The defense mechanism and

detection of this attack using IDS or cryptographic solution could be a research challenge.

72

RPL, NETWORK LAYER ATTACKS HAVE BEEN NOT EVALUATED YET 3) Wormhole attack detection: - The IDS detection technique for

wormhole attack and other prevention/detection technique could be a research area.

4) Blackhole attack detection: - However the detection and prevention mechanism is not evaluated for RPL environment. IDS solution for detecting the Blackhole attack could be a research area.

5) Sybil and Clone ID attack detection:- Both Sybil and Clone ID attack has not been evaluated against the network parameter in RPL. This there is a requirement for the light weight

detection and prevention mechanism for these attacks. Existing IDS solutions can be extended for detection of this attack.

73

RPL, NETWORK LAYER ATTACKS HAVE BEEN NOT EVALUATED YET 6) Sinkhole attack detection:- The traditional sinkhole attack detection mechanism can be optimized for RPL network. IDS solution for detecting this

attack on 6LoWPAN network could be a research area.

8) RPL based attack:- The IDS based solution for

detecting local repair attack, neighbour attack, DIS and version attack could be a research challenge.

7) Resource exhausting attack: - Resource constrained nodes in RPL can exhaust the resource if they have too many missions to do. The attacker can perform this attack using reprogramming node, to start activities such as broadcasting, sending control messages without reason. There is need of mechanism which controls this

types of attack and prevent the nodes from getting out of resources by load balancing.

74

IPV6 AND IPV4 CAN "WORK SIMULTANEOUSLY" THROUGH THE USE OF TUNNELLING.

75

Sultan BasudanPhD student

University of Ontario Institute of Technology

Thank You