Battery Drain Denial-of-Service Attacks and Defenses in the Internet of Things

• Autorzy: Ioulianou Philokypros P. , Vassilakis Vassilios G. , Logothetis Michael D.

Identyfikatory

DOI

10.26636/jtit.2019.131919

• Języki publikacji: EN

Abstrakty

EN

IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is a popular routing protocol used in wireless sensor networks and in the Internet of Things (IoT). RPL was standardized by the IETF in 2012 and has been designed for devices with limited resources and capabilities. Open-source RPL implementations are supported by popular IoT operating systems (OS), such as ContikiOS and TinyOS. In this work, we investigate the possibility of battery drain Denial-of-Service (DoS) attacks in the RPL implementation of ContikiOS. In particular, we use the popular Cooja simulator and implement two types of DoS attacks, particularly version number modification and “Hello” flooding. We demonstrate the impact of these attacks on the power consumption of IoT devices. Finally, we discuss potential defenses relying on distributed intrusion detection modules.

Słowa kluczowe

EN

battery drain; ContikiOS; Cooja simulator; denial-of-service; intrusion detection; IoT; RPL

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2019
• Tom: nr 2
• Strony: 37--45
• Opis fizyczny: Bibliogr. 36 poz., rys., tab.

Twórcy

autor

Ioulianou Philokypros P.

• Department of Computer Science, University of York, York, United Kingdom

autor

Vassilakis Vassilios G.

• Department of Computer Science, University of York, York, United Kingdom

autor

Logothetis Michael D.

• Department of Electrical & Computer Engineering, University of Patras, Patras, Greece

Bibliografia

• [1] V. G. Vassilakis, I. D. Moscholios, J. S. Vardakas, and M. D. Logothetis, “On the digital certificate management in advanced metering infrastructure networks”, in Proc. IEICE Inform. and Commun. Technol. Forum ICTF, Poznań, Poland, 2017.
• [2] B. A. Alohali and V. G. Vassilakis, “Secure and energy-efficient multicast routing in smart grids”, in Proc. 10th IEEE Int. Conf. on Intell. Sensors, Sensor Netw. and Inform. Process. ISSNIP, Singapore, 2015 (doi: 10.1109/ISSNIP.2015.7106929).
• [3] T. Winter et al., “RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks”, RFC 6550, IETF, March 2012.
• [4] Contiki: The Open Source OS for the Internet of Things [Online]. Available: http://www.contiki-os.org/ (accessed: 2019.01.14).
• [5] TinyOS: An OS for Embedded, Wireless Devices [Online]. Available: https://github.com/tinyos/tinyos-main (accessed: 2019.01.14).
• [6] Gemalto. The State of Internet of Things Security [Online]. Available: http://www2.gemalto.com/iot/index.html (accessed: 2019.01.14).
• [7] M. Nawir, A. Amir, N. Yaakob, and O. B. Lynn, “Internet of Things (IoT): Taxonomy of security attacks”, in Proc. 3rd Int. Conf. on Elec. Design ICED, Phuket, Thailand, 2016, pp. 321–326 (doi: 10.1109/ICED.2016.7804660).
• [8] Symantec Security Response, Mirai: What you need to know about the botnet behind recent major DDoS attacks, Oct. 2016 [Online]. Available: https://www.symantec.com/connect/blogs/mirai-whatyou-need-know-about-botnet-behind-recent-major-ddos-attacks
• [9] T. Easton, “Chalubo botnet wants to DDoS from your server or IoT device”, Oct. 2018 [Online]. Available: https://news.sophos.com/ en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-serveror-iot-device
• [10] C. Pu and T. Song, “Hatchetman attack: A denial of service attack against routing in low power and lossy networks”, in 5th IEEE Int. Conf. on Cyber Secur. and Cloud Comput. CSCloud and 4th IEEE Int. Conf. on Edge Comput. and Scalable Cloud EdgeCom, Shanghai, China, 2018, pp. 12–17 (doi: 10.1109/CSCloud/EdgeCom.2018.00012).
• [11] P. Kasinathan, C. Pastrone, M. A. Spirito, and M. Vinkovits, “Denialof-service detection in 6LoWPAN based Internet of Things”, in Proc. 9th IEEE Int. Conf. on Wirel. and Mobile Comput., Netw. and Commun. WiMob, Lyon, France, 2013, pp. 600–607 (doi: 10.1109/WiMOB.2013.6673419).
• [12] L. Wallgren, S. Raza, and T. Voigt, “Routing attacks and countermeasures in the RPL-based Internet of Things”, Int. J. of Distrib. Sensor Netw., vol. 9, no. 8, pp. 1–11, 2013 (doi: 10.1155/2013/794326).
• [13] A. Mayzaud, R. Badonnel, and I. Chrisment, “A taxonomy of attacks in RPL-based Internet of Things”, Int. J. of Netw. Secur., vol. 18, no. 3, pp. 459–473, 2016 (doi: 10.6633/IJNS.201605.18(3).07).
• [14] H.-S. Kim, J. Ko, D. E. Culler, and J. Paek, “Challenging the IPv6 routing protocol for low-power and lossy networks (RPL): A survey”, IEEE Commun. Surveys & Tutor., vol. 19, no. 4, pp. 2502–2525, 2017 (doi: 10.1109/COMST.2017.2751617).
• [15] P. P. Ioulianou, V. G. Vassilakis, I. D. Moscholios, and M. D. Logothetis, “A signature-based intrusion detection system for the Internet of Things”, in Proc. IEICE Inform. and Commun. Technol. Forum ICTF, Graz, Austria, 2018.
• [16] N. Tsiftes, J. Eriksson, and A. Dunkels, “Low-power wireless IPv6 routing with ContikiRPL”, in Proc. 9th ACM/IEEE Int. Conf. on Inform. Process. in Sensor Netw., Stockholm, Sweden, 2010, pp. 406–407 (doi: 10.1145/1791212.1791277).
• [17] A. Dvir, T. Holczer, and L. Buttyan, “VeRA-version number and rank authentication in RPL”, in Proc. IEEE 8th Int. Conf. on Mob. Ad-hoc and Sensor Syst. MASS 2011, Valencia, Spain, 2011, pp. 709–714 (doi: 10.1109/MASS.2011.76).
• [18] A. Mayzaud, A. Sehgal, R. Badonnel, I. Chrisment, and J. Schon- ¨ walder ¨ , “A study of RPL DODAG version attacks”, in Proc. IFIP Int. Conf. on Autonomous Infrastruc., Manag. and Secur., Brno, Czech Republic, 2014, pp. 92–104 (doi: 10.1007/978-3-662-43862-6 12).
• [19] F. Osterlind et al., “Cross-level sensor network simulation with Cooja”, in Proc. 31st IEEE Int. Conf. on Local Comp. Netw., Tampa, FL, USA, 2006, pp. 641–648 (doi: 10.1109/LCN.2006.322172).
• [20] “The Internet of Things Reference Model”, Cisco, 2014 [Online]. Available: http://cdn.iotwf.com/resources/71/IoT Reference Model White Paper June 4 2014.pdf
• [21] Y. Yang et al., “A survey on security and privacy issues in Internetof-Things”, IEEE Internet of Things J., vol. 4. no. 5, pp. 1250–1258, 2017 (doi: 10.1109/JIOT.2017.2694844).
• [22] F. Ayotunde Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, “Internet of Things security: A survey”, J. of Network and Comp. Appl., vol. 88, pp. 10–28, 2017 (doi: 10.1016/j.jnca.2017.04.002).
• [23] B. B. Zarpelao, ˜ R. S. Miani, C. T. Kawakani, and S. C. de Alvarenga, “A survey of intrusion detection in Internet of Things”, J. of Network and Comp. Appl., vol. 84, pp. 25–37, 2017 (doi: 10.1016/j.jnca.2017.02.009).
• [24] D. Midi, A. Rullo, A. Mudgerikar, and E. Bertino. “Kalis – a system for knowledge-driven adaptable intrusion detection for the Internet of Things”, in Proc. IEEE 37th Int. Conf. on Distrib. Comput. Syst. ICDCS 2017, Atlanta, GA, USA, 2017, pp. 656–666 (doi: 10.1109/ICDCS.2017.104).
• [25] OpenWRT: a Linux OS for Embedded Devices [Online]. Available: https://openwrt.org (accessed: 2019.01.14).
• [26] M. Roesch et al., “Snort: Lightweight intrusion detection for networks”, in Proc. of the 13th USENIX Conf. on System Admin. LISA’99, Seattle, WA, USA, 1999, vol. 99, pp. 229–238.
• [27] S. Raza, L. Wallgren, and T. Voigt, “SVELTE: real-time intrusion detection in the Internet of Things”, Ad Hoc Netw., vol. 11. no. 8, pp. 2661–2674, 2013 (doi: 10.1016/j.adhoc.2013.04.014).
• [28] T. Matsunaga, K. Toyoda, and I. Sasase, “Low false alarm rate RPL network monitoring system by considering timing inconstancy between the rank measurements”, in Proc. 11th Int. Symp. on Wirel. Commun. Syst. ISWCS 2014, Barcelona, Spain, 2014, pp. 427–431 (doi: 10.1109/ISWCS.2014.6933391).
• [29] A. Dunkels, B. Gronvall, and T. Voigt, “Contiki – a lightweight and flexible operating system for tiny networked sensors”, in Proc. 29th IEEE Int. Conf. on Local Comp. Netw., Tampa, FL, USA, 2004, pp. 455–462 (doi: 10.1109/LCN.2004.38).
• [30] E. Baccelli, M. Philipp, and M. Goyal, “The P2P-RPL routing protocol for IPv6 sensor networks: Testbed experiments”, in Proc. 19th Int. Conf. on Software, Telecommun. and Comp. Netw. SoftCOM 2011, Split, Croatia, 2011, pp. 656–666 [Online]. Available: https://hal.archives-ouvertes.fr/hal-00651603/document
• [31] J. Polastre, R. Szewczyk, and D. Culler, “Telos: enabling ultra-low power wireless research”, in Proc. 4th Int. Symp. on Inform. Process. in Sensor Netw., Boise, ID, USA, 2005, pp. 364–369 (doi: 10.1109/IPSN.2005.1440950).
• [32] B. A. Alohali, V. G. Vassilakis, I. D. Moscholios, and M. D. Logothetis, “A secure scheme for group communication of wireless IoT devices”, in Proc. 11th IEEE/IET Int. Symp. on Commun. Syst., Netw., and Digit. Sig. Process. CSNDSP 2018, Budapest, Hungary, 2018 (doi: 10.1109/CSNDSP.2018.8471871).
• [33] S. Khattak, N. R. Ramay, K. R. Khan, A. A Syed, and S. Ali Khayam, “A taxonomy of botnet behavior, detection, and defense”, IEEE Commun. Surveys & Tutor., vol. 16, no. 2, pp. 898–924, 2014 (doi: 10.1109/SURV.2013.091213.00134).
• [34] P. Pongle and G. Chavan, “A survey: attacks on RPL and 6LoWPAN in IoT”, in Proc. Int. Conf. on Pervasive Comput. ICPC 2015, Pune, India, 2015 (doi: 10.1109/PERVASIVE.2015.7087034).
• [35] P. Perazzo, C. Vallati, G. Anastasi, and G. Dini, “DIO suppression attack against routing in the Internet of Things”, IEEE Commun. Lett., vol. 21, no. 11, pp. 2524–2527, 2017 (doi: 10.1109/LCOMM.2017.2738629).
• [36] A. Rghioui, A. Khannous, and M. Bouhorma, “Denial-of-service attacks on 6LoWPAN-RPL networks: threats and an intrusion detection system proposition”, J. of Adv. Comp. Sci. & Technol., vol. 3, no. 2, pp. 143–153, 2014 (doi: 10.14419/jacst.v3i2.3321).

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2019).