Rémi Badonnel

A Taxonomy of Attacks in RPL-based Internet of Things

The growing interest for the Internet of Things is contributing to the large-scale deployment of Low power and Lossy Networks (LLN). These networks support communications amongst objects from the real world, such as home automation devices and embedded sensors, and their interconnection to the Internet. An open standard routing protocol, called RPL, has been specified by the IETF in order to address the specific properties and constraints of these networks. However, this protocol is exposed to a large variety of attacks. Their consequences can be quite significant in terms of network performance and resources. In this paper, we propose to establish a taxonomy of the attacks against this protocol, considering three main categories including attacks targeting network resources, attacks modifying the network topology and attacks related to network traffic. We describe these attacks, analyze and compare their properties, discuss existing counter-measures and their usage from a risk management perspective.

A Study of RPL DODAG Version Attacks

The IETF designed the Routing Protocol for Low power and Lossy Networks (RPL) as a candidate for use in constrained networks. Keeping in mind the different requirements of such networks, the protocol was designed to support multiple routing topologies, called DODAGs, constructed using different objective functions, so as to optimize routing based on divergent metrics. A DODAG versioning system is incorporated into RPL in order to ensure that the topology does not become stale and that loops are not formed over time. However, an attacker can exploit this versioning system to gain an advantage in the topology and also acquire children that would be forced to route packets via this node. In this paper we present a study of possible attacks that exploit the DODAG version system. The impact on overhead, delivery ratio, end-to-end delay, rank inconsistencies and loops is studied.

Mitigation of topological inconsistency attacks in RPL-based low-power lossy networks

Summary The RPL is a routing protocol for low-power and lossy networks. A malicious node can manipulate header options used by RPL to create topological inconsistencies, thereby causing denial of service attacks, reducing channel availability, increasing control message overhead, and increasing energy consumption at the targeted node and its neighborhood. RPL overcomes these topological inconsistencies via a fixed threshold, upon reaching which all subsequent packets with erroneous header options are ignored. However, this threshold value is arbitrarily chosen, and the performance can be improved by taking into account network characteristics. To address this, we present a mitigation strategy that allows nodes to dynamically adapt against a topological inconsistency attack based on the current network conditions. Results from our experiments show that our approach outperforms the fixed threshold and mitigates these attacks without significant overhead. Copyright

Addressing DODAG inconsistency attacks in RPL networks

RPL is a routing protocol for low-power and lossy constrained node networks. A malicious node can manipulate header options used by RPL to track DODAG inconsistencies, thereby causing denial of service attacks, increased control message overhead, and black-holes at the targeted node. RPL counteracts DODAG inconsistencies by using a fixed threshold, upon reaching which all subsequent packets with erroneous header options are ignored. However, the fixed threshold is arbitrary and does not resolve the black-hole issue either. To address this we present a mitigation strategy that allows nodes to dynamically adapt against a DODAG inconsistency attack. We also present the forced black-hole attack problem and a solution that can be used to mitigate it. Results from our experiments show that our proposed approach mitigates these attacks without any significant overhead.

Automated runtime risk management for voice over IP networks and services

Voice over IP (VoIP) has become a major paradigm for providing telephony services at a lower cost and with a higher flexibility. VoIP infrastructures are however exposed to multiple security issues both inherited from the IP layer and specific to the application layer. In the meantime, protection mechanisms are available but may seriously impact on the continuity and quality of such critical services. We propose in this paper an automated risk management schema for continuously adapting VoIP equipment exposure by activating security safeguards in a dynamic and progressive manner. We describe the architecture supporting our solution, the considered risk model taking into account VoIP properties and the algorithms for restricting and relaxing the risk level of the VoIP service at runtime. The benefits and limits of our solution are evaluated through an implementation prototype and an extensive set of experimental results in the case scenario of SPIT attacks.

Outsourcing Mobile Security in the Cloud

In order to prevent attacks against smartphones and tablets, dedicated security applications are deployed on the mobile devices themselves. However, these applications may have a significant impact on the device resources. Users may be tempted to uninstall or disable them with the objective of increasing battery lifetime and avoiding configuration operations and updates. In this paper, we propose a new approach for outsourcing mobile security functions as cloud-based services. The outsourced functions are dynamically activated, configured and composed using software-defined networking and virtualization capabilities. We detail also preliminary results and point out future research efforts.

Using the RPL protocol for supporting passive monitoring in the Internet of Things

Most devices deployed in the Internet of Things (IoT) are expected to suffer from resource constraints. Using specialized tools on such devices for monitoring IoT networks would take away precious resources that could otherwise be dedicated towards their primary task. In many IoT applications such as Advanced Metering Infrastructure (AMI) networks, higher order devices are expected to form the backbone infrastructure, to which the constrained nodes would connect. It would, as such, make sense to exploit the capabilities of these higher order devices to perform network monitoring tasks. We propose in this paper a distributed monitoring architecture that takes benefits from specificities of the IoT routing protocol RPL to passively monitor events and network flows without having impact upon the resource constrained nodes. We describe the underlying mechanisms of this architecture, quantify its performances through a set of experiments using the Cooja environment. We also evaluate its benefits and limits through a use case scenario dedicated to anomaly detection.

Monitoring and security for the internet of things

The concept of Internet of Things involves the deployment of Low power and Lossy Networks (LLN) allowing communications amongst pervasive devices such as embedded sensors. A dedicated routing protocol called RPL has been designed to consider the constraints of these LLN networks. However, the RPL protocol remains exposed to many security attacks that can be very costly in time and energy. In this paper, we propose to exploit risk management methods and techniques to evaluate the potentiality of attacks and to dynamically reduce the exposure of the RPL protocol while minimizing resources consumption.

A Distributed Monitoring Strategy for Detecting Version Number Attacks in RPL-Based Networks

The Internet of Things is characterized by the large-scale deployment of low power and lossy networks (LLN), interconnecting pervasive objects. The routing protocol for LLN (RPL) protocol has been standardized by IETF to enable a lightweight and robust routing in these constrained networks. A versioning mechanism is incorporated into RPL in order to maintain an optimized topology. However, an attacker can exploit this mechanism to significantly damage the network and reduce its lifetime. After analyzing and comparing existing work, we propose in this paper a monitoring strategy with dedicated algorithms for detecting such attacks and identifying the involved malicious nodes. The performance of this solution is evaluated through extensive experiments, and its scalability is quantified with the support of a monitoring node placement optimization method.

A Software-Defined Security Strategy for Supporting Autonomic Security Enforcement in Distributed Cloud

We propose in this paper a software-defined security framework, for supporting the enforcement of security policies in distributed cloud environments. These ones require security mechanisms able to cape with their multi-tenancy and multi-cloud properties. This framework relies on the autonomic paradigm to dynamically configure and adjust these mechanisms to distributed cloud constraints, and exploit the software-defined logic to express and propagate security policies to the considered cloud resources. The proposed framework is evaluated through a set of validation scenarios corresponding to a realistic use cases including cloud resource allocation/deallocation, cloud resource state change, and dynamic access control.