See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/357159537

MICE-RPL: Proposing a Mobility, Congestion and Energy Aware Trust Based RPL
Protocol and a Distributed Intrusion Detection System (IDS) to Counter Against
Packet Dropping Attacks

Preprint · December 2021

DOI: 10.13140/RG.2.2.12593.51046

CITATIONS READS

0 149

1 author:

Faisal A. Garba
Ahmadu Bello University
25 PUBLICATIONS   6 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

MIRAI BOTNET NETWORK FORENSIC ANALYSIS TOOL (MB-NFAT) View project

DEVELOPMENT OF AN OPTIMAL END-TO-END SHORT MESSAGE SERVICE (SMS) ENCRYPTION SCHEME FOR MOBILE DEVICES View project

All content following this page was uploaded by Faisal A. Garba on 18 December 2021.

The user has requested enhancement of the downloaded file.

 MICE-RPL: PROPOSING A MOBILITY, CONGESTION AND ENERGY AWARE

TRUST BASED RPL PROTOCOL AND A DISTRIBUTED INTRUSION DETECTION

SYSTEM (IDS) TO COUNTER AGAINST PACKET DROPPING ATTACKS

Faisal A. Garba,

PhD Scholar,

Department of Computer Science,

Ahmadu Bello University, Zaria.

alifa2try@gmail.com.

https://orcid.org/0000-0001-6157-4209

Abstract

The “Routing Protocol for Low Power and Lossy Networks” (RPL) is the only standard routing
protocol in IoT networks that is used for the monitoring of the environment, healthcare, smart
home and several other IoT applications. RPL is bedeviled by a lot of insider attacks that
include: version number attack, rank attack, DIS transmission attack, high powered DIO
transmission attack, Sybil, Clone ID attack, Blackhole, Sinkhole, Wormhole attack, redundant
local repair attack and Selective Forwarding (Greyhole) attack. Such attacks ruin the topology
and cause massive control overhead which stands in the way of reliable packet delivery and
diminishes battery lifetime. In Blackhole attack, a malicious node drops all data packets
transmitted to it for forwarding. Sinkhole attack is similar to a Blackhole attack with the
exception that in Sinkhole attack, the malicious node facilitates the attack by advertising a better
routing metrics to attract neighboring nodes to select it as their preferred parent. In Selective
Forwarding attack (also called Greyhole attack), the attacking node forwards packets selectively.
A number of studies have attempted to address Blackhole, Sinkhole and Selective Forwarding
attacks but without consideration for other factors that could results in packet loss such as
mobility, congestion and energy level of the IoT nodes aside from maliciousness. This has
resulted in the punishing of benign nodes mistaken as malicious ones. The attacks in IoT reduces
the wide spread and acceptance of the IoT on a global scale hence if discovered early, could help
IoT designers, manufacturers and research communities to tackle the attacks. The rapid
discovery of these attacks that occurs in the course of transmission of data packets is therefore
very important. This paper proposes a Mobility, Congestion and Energy Aware RPL (MICE-
RPL) Protocol. MICE-RPL is made up of calculation of rank based on trust that includes node’s
residual energy (to address selfish nodes), node’s weight (a metric that considers node’s children
and grandchildren for load balancing) and Received Signal Strength Indicator (RSSI) (for mobile
nodes to pick parents that are within their range). MICE-RPL is coupled with a distributed
Intrusion Detection System (IDS) that selects a child node called guardian node for every sub-
tree to monitor the parent node for packet dropping and On-Off attacks.

Keywords: IoT, RPL, Blackhole, Sinkhole, Greyhole

Introduction

The interconnection of common objects called ‘things’ that are bundled with sensors, software

and other technologies in order to interconnect and exchange data with other objects, devices and

systems over the Internet is referred to as Internet of Things (IoT). These common objects

include everyday household items such as light bulb, thermostat, smartphone, personal computer

etc to complex industrial devices. Any object can be connected to the IoT using IPv6 (Wallgren

et al., 2013). The objects in the IoT sense the physical environment and/or the host devices and

send out this data to users or other devices over the Internet (Ramasamy and Kadry, 2021; Raoof

et al., 2018). In the year 2025 the number of IoT devices is predicted to attain up to 22 billion

(Oracle, 2021). The utopian dream where anything can communicate is made possible with IoT.

Hence, IoT should be regarded as part of the global Internet (Bahashwan et al., 2021). IoT forms

a network of constrained devices called Internet Protocol version 6 (IPv6) Low Power Wireless

Personal Area Network (6LoWPAN) or an IP-connected Wireless Sensor Networks (WSN) that

is joined to the regular Internet using 6LoWPAN Border Routers (6BR) (Wallgren et al., 2013).
The device with a little amount of power, memory and processing facility that have to manage on

state, code space and processing cycles making the optimization of energy and network

bandwidth usage a great concern in all its design is referred to as a constrained device. Although

there is no single IoT architecture that is agreed on collectively, the most common architecture

that is in use is the 3-layer architecture as seen in Figure 1 (Upadhyay and Upadhyay, 2021).

Figure 1: IoT 3-layered Architecture

Two sub-layers: routing layer and the encapsulation layer makes up the network layer. The

transmission of packets from source to destination is handled by the routing layer. The

encapsulation layer handles the creation of packets. Routing for Low Power and Lossy Networks

(RPL), Cognitive RPL (CORPL), Channel Aware Routing Protocol (CARP) are the routing

protocols used in the routing layer. A routing protocol manages the transmission of packets from

one node to another. To avoid congestion and get the highest throughput in constrained devices,

routing protocols selects the best routing path (Shahdad et al., 2019). The encapsulation layer

uses 6LoWPAN, The Internet Engineering Task Force (IETF) IPv6 over the Time Slotted

Channel Hopping (TSCH) mode of IEEE802.15.4e (6TiSCH), IPv6 Over Networks of Resource

Constrained Nodes (6Lo), IPv6 over G.9959 and IPv6 over Bluetooth Low Energy protocols
(Upadhyay and Upadhyay, 2021). Communication technologies used for IoT are classified into

long range communication technologies (cellular network, Long Range Wide Area Network

(LoRaWAN) and SigFox Technology) and short range communication technologies

(6LoWPAN, ZigBee Technology, Bluetooth Technology, Near Field Communication (NFC),

Radio Frequency Identification (RFID) and Z-Wave) (Bahashwan et al., 2021). The important

protocol for communication over IoT networks is the 6LoWPAN. 6LoWPAN is a milestone

protocol that joins low-power devices to the IP world. 6LoWPAN network (Kushalnagar et al.,

2007) is a Wireless Sensor Network (WSN) that uses compressed IPv6 protocol for networking

and IEEE 802.15.4 as a data-link and physical layer protocol. This combination provided a new

dimension in the design of LoWPANs as it facilitates for a full interoperability with the Internet

(Gaddour and Koubâa, 2012). 6LoWPAN enables network connectivity for IPv6 packets over an

IP-based facility such as the Internet (Wang, 2018). This is done through the border router which

is also known as the sink node in an IoT network. 6LoWPAN can also be seen as a network

adaptation layer that allows vertical communications between Medium Access Control (MAC)

layer and the Network layer (Wang, 2018). Inexpensive nodes, small packet size, low bandwidth,

embedded battery source, hidden location for nodes, low reliability in nodes and use of star or

mesh topology are some of the features of LoWPAN networks (Vaziri and Haghighat, 2020).

6LoWPAN is also called Low-Power and Lossy Network (LLN). One of the key topics in

6LoWPAN networks worth investigating is routing (Gaddour and Koubâa, 2012).

 Figure 2: (a) 6LoWPAN protocol stack, compared to (b) Internet’s five layers (Raoof et al.,

2018)

RPL is the single actual standard routing protocol in IoT networks. RPL is used in environmental

monitoring, healthcare, smart home and several other IoT applications (Agiollo et al., 2021).

RPL is a distance vector source routing protocol. Distance vector means routing protocol that

uses distance or hop count as its primary metric for determining the best forwarding path.

Distance-vector routing protocols measure the distance by the number of routers a packet has to

pass, one router counts as one hop. Source routing, also called path addressing, enables a sender

of a packet to partially or completely specify the route the packet takes through the network.

Source-based routing directs traffic to a specific destination based on the source IP address or a

combination of the source and destination IP addresses. RPL is targeted towards collection-based

networks where nodes from time to time transmit data to collection point as well as point-to-

multi-point traffic from the central point to the devices inside LLN. Point-to-point traffic is also

supported in RPL. RPL is based on the topological notion of Directed Acyclic Graphs (DAGs).

The DAG specifies a tree-like structure that makes clear the default route between nodes in the
LLN. The DAG structure however, is more than a tree since a node can associate to more than

one parent nodes in the DAG in comparison to conventional trees where a single parent is

permitted to a node (Gaddour and Koubâa, 2012). In RPL, the nodes are ordered as a set of

Destination Oriented Directed Acyclic Graph (DODAG) (Thulasiraman and Wang, 2019). Most

popular destination nodes (i.e. sinks) or those providing a default route to the Internet (i.e.

gateways) acts as roots of the DAGs. A single root node and multiple sensor nodes support each

DODAG. The architecture of DODAG is known by four key parameters: DODAG ID, DODAG

version number, RPL instance ID and rank. Each DODAG has an identifier known as a DODAG

ID, which is represented by the IPv6 address of the root node (Wang, 2018). A network may

comprised of one or multiple DODAGs which form together an RPL instance identified by a

unique ID called RPLInstance ID. A network may run several RPL instances but those instances

are logically independent. A node may have a membership in several RPL instances but must

only be a member of one DODAG within each instance (Gaddour and Koubâa, 2012). A node’s

rank determines its position in a DODAG. It is an integer that correspond to the position of a

node within the DODAG (Gaddour and Koubâa, 2012). The rank of each node represents it’s

relative position to the root node in the DODAG tree (Wang, 2018). The rank strictly increases

in the downstream direction of the DAG and strictly decreases in the upstream direction. That is

nodes on top of the hierarchy are given smaller ranks than those in the bottom and the smallest

rank is given to the DODAG root (Gaddour and Koubâa, 2012) as seen in Figure 3.
 Figure 3: A RPL network with three DODAGs in two instances (Gaddour and Koubâa, 2012).

The rank is employed in RPL to avoid and spot routing loops and allows nodes to differentiate

between their parents and siblings in the DODAG (Gaddour and Koubâa, 2012). The root node

also called the sink node has the lowest rank of 1. The sink node is generally the link border

router (gateway) which joins the LLN to IPv6 network (external world or Internet) (Winter et al.,

2012; Gaddour and Koubâa, 2012). The root node is responsible to launch the construction of a

DODAG. The root node correspond to a collection point in the network. The root node has the

capacity to generate a new DODAG that trickles downward to leaf nodes (Gaddour and Koubâa,

2012). Leaf nodes are nodes that do not have any child. The further away a node is from the root

node the more its rank increases. Siblings are nodes with the same rank. Parent node is a node

with a lower rank that joins with a node or nodes with lower ranks within its neighborhood. The

node with the higher rank is it’s child node. All upward routing to the sink node is handled by

having each node on the route forward traffic through a preferred parent. Hence, all nodes in

RPL with the exception of leaf nodes are referred to as routers. A router in this situation means a
device that can forward and generate traffic. A router in RPL does not have the ability to

generate a new DAG but associate to an existing one. Host in RPL refers to a node that is

capable of creating data traffic but is not able to forward traffic (Gaddour and Koubâa, 2012).

Leaf node is therefore also called a host. Every node finds a stable set of parents on the routes

towards the DODAG root and associates to a preferred parent which is selected based on an

objective function (OF) in the construction process of a network topology (Gaddour and Koubâa,

2012). The rank feature is very used when determining a preferred parent. The rank is computed

based on the specified OF for each RPL instance (Winter et al., 2012). An OF is a criteria that

aims to optimize the routing paths in a network (Thubert, 2012). OF is used by RPL to finds the

best route towards the root node (Ji et al., 2018). The OF specifies how RPL nodes transforms

one or multiple metrics into ranks and how to select and optimize routes in a DODAG. OF

computes rank based routing metrics such as – delay, link quality, connectivity etc. It spells out

routing constraints and optimization objectives. Objective Function Zero (OF0) RFC6552 and

The Minimum Rank with a Hysteresis Objective Function (MRHOF) RFC6719 are the two OFs

for RPL specified by IETF Routing Over Low Power and Lossy (ROLL) workgroup. To elect

the best parent and path, OF0 uses the ‘minimum hop counts’ metric (Sharma and Jayavignesh,

2015). MRHOF uses the Expected Transmission Count (ETX) metric to construct paths and

graphs (Tall et al., 2019). MRHOF works better in scalable networks (Sharma and Jayavignesh,

2015) made up of static nodes while OF0 works better with non-stationary nodes (Lamaazi et al.,

2017). Security definitions in RPL were not well elaborated in the RPL RFC 6550 specifications,

at first (Winter et al., 2012). RPL has three basic security modes:

i. Unsecured: RPL control messages are sent without any further security mechanisms in

this mode.
 ii. Pre-installed: In this mode, nodes connecting to a RPL instance have pre-installed keys

that enable them to process and generate secured RPL messages.

iii. Authenticated: In authenticated mode, nodes have preinstalled keys as in pre-installed

mode, but these preinstalled keys may only be used to join a RPL instance as a leaf.

A broad security framework for routing over LLNs that is based on previous routing security

protocols was proposed by IETF ROLL working group in Tsao et al., (2012) and adapted to

fulfill the LLN’s constraints and requirements. The RPL security services proposed in Winter et

al., (2012) and Tsao et al., (2012) do not address all possible attacks and remain exposed to some

threats that may compromise RPL security such as broadcasting fake messages by a

compromised internal node. Gaddour and Koubâa (2012) emphasized security in RPL still

deserves further investigations. The core areas for improvement in RPL are energy efficiency,

mobility, reliability, congestion and security (Kharrufa et al., 2019). RPL is exposed to internal

attacks: version number attack, rank attack, DIS transmission attack, high powered DIO

transmission attack, Sybil/clone ID attack, Sinkhole/Wormhole attack, redundant local repair

attack and selective forwarding attack (Le et al., 2013; Mayzaud et al., 2016; Mayzaud et al.,

2014; Medjek et al., 2015; Rghioui et al., 2014). In Blackhole and Sinkhole attacks, a malicious

node drops all data packets it has received for forwarding (Pongle and Chavan, 2015; Xing et al.,

2010). So basically a Blackhole attack is similar to a Sinkhole attack the only difference is that in

Sinkhole attack, the malicious node posed as a node with a better rank to lure neighboring nodes

to elect it as parent (Wallgren et al., 2013). So in essence Sinkhole is a combination of Blackhole

and rank decrease attack. In Selective Forwarding Attack (SFA) (also called Greyhole attack),

malicious nodes selectively forwards packet (Karlof and Wagner, 2003). For instance, an
attacker could transmit all RPL control messages and drop the rest of the traffic (Wallgren et al.,

2013). There are several types of SFA found in the literature:

SFA-I: In this first type of SFA a malicious node selectively transmits packets to conduct Denial

of Service (DoS) attacks. We would give additional name to SFA-I as Selective Victim SFA,

since it selects victim node or group of nodes to victimize.

SFA-II: In this second type of selective-forwarding attack called Neglect and Greed (Yang et al.,

2018), the malicious node still participate in the exchange of lower level protocols (control

messages such as DIS, DIO, DAO and DAO-ACK) and may even acknowledge the reception of

the packets to the sender but it do not forward data packets (Khan et al., 2011).

SFA-III: In this third type of SFA the malicious node forwards the messages to the wrong path,

creating unfaithful routing information in the network (Khan et al., 2011).

SFA-IV: In this type of SFA malicious node delay packets passing through them creating

confused routing information between sensor nodes.

In neighbor attack, the attacker broadcast DIO packets it receives from nodes of lower rank

without adding information about itself. The nodes upon receiving the DIO believes the DIO is

from their new next neighbor. The original sender of the DIO may have a good rank value and

the victim node may elects it as it’s preferred parent even though it is out of it’s range thereby

disrupting the routing path (Raoof et al., 2018). Neerugatti and Reddy, (2020), Lahbib et al.,

(2020), Ribera et al., (2020), Hassan et al., (2021) and Muzammal et al., (2021) have proposed

solutions to Blackhole, Sinkhole and SFA-II. These research works have attempted to address

Blackhole, Sinkhole and SFA-II without considering that packet loss and dropping could be due

to other reasons such as mobility, congestion and energy level of a node (which may leads to
selfishness) apart from maliciousness. Packet drop and loss are not necessarily indications of a

maliciousness. Packet could be dropped as a result of node related issue (maliciousness or

selfishness), congestion or mobility related issue (Khan et al., 2017). There is therefore a need to

have a more accurate scheme that could detect Blackhole, Sinkhole and SFA-II attacks with

considerations for – mobility, load balancing and energy level that is simple and appropriate for

the resource constrained nodes in the LLN. This paper proposes a Mobility, Congestion and

Energy Aware RPL (MICE-RPL) Protocol. MICE-RPL proposed an OF that incorporate trust,

node’s residual energy (to deal with selfish nodes), node’s weight (a metric that considers node’s

children and grandchildren for load balancing) and Received Signal Strength Indicator (RSSI) (to

assist mobile nodes in selecting parents that are within their range. The use of RSSI would also

mitigate neighbor attack in both static and mobile nodes. Since nodes can now determine the

nodes that are exactly within their range for selection as parents.

Related Works

A method based on packet drop rate (PDR) to detect SFA was proposed by Neerugatti and

Reddy (2020). A PDR value is computed for every node in the network. A PDR may be

negative, zero or positive. A node is detected as a malicious node if its PDR value is anything

other than zero. This according to Neerugatti and Reddy (2020) is an indication that of a

Blackhole or SFA an the respected node is removed from the DODAG.

A trust based scheme called LT-RPL to diminish packet dropping attacks was proposed in Lahbib

et al., (2017) and enhanced in Lahbib et al., (2020). In LT-RPL, trust is a relationship derived

from direct observations and interactions referred to as direct trust and recommendations

exchanged between neighboring nodes referred to as indirect trust. LT-RPL is made of four
phases: information gathering, trust composition, trust database and trust application. LT-RPL

considers four dimensions: Quality of Service (QoS) dimension, energy awareness dimension,

reputation dimension and security dimension. Trust computation involves using node ID,

neighbour ID, Residual Energy (RE) percentage, Packet Forwading Rate (PFR) value, Expected

Transmission Count (ETX) value, Packet Reception Ratio (PRR) value, Packet Error Rate (PER)

value, transmission delay as well as the entity time. Node related trust and link related trust is

computed for each node. Node related trust is computed using both direct and indirect trust.

Direct trust is computed using node cooperativeness and node competence. Packet Forwarding

Ratio (PFR) is used to calculated node cooperativeness. In LT-RPL, competence is node’s

capability to carry out its routing tasks and to assess it, Remaining Energy (RE) percentage is

utilized. Recommended trust is computed from the reputation information gotten from trust

recommenders. Trust recommenders are nodes selected based on a credibility factor to avoid

malicious recommenders. The aim of link trust computation is to reinforce the routing DAG

establishment and maintenance process through the use of quality and performance of the

varying links joining the participating entities. Quality is measured using ETX and Packet

Reception Ratio (PRR). Performance is computed based on the Packet Error Rate (PER) and

transmission delay.

Ribera et al., (2020) proposed a technique based on the modification to the Lightweight

Hearbeat Protocol (LHP) proposed by Wallgren et al., (2013) to detect a packet dropping

attacks particularly SFA-II. LHP works by sending ICMPv6 echo requests from a dedicated node

to the rest of the nodes in the network. If a response is not received, this indicates a Blackhole

attack. To detect SFA-II attack in LHP, IPSec with Encapsulating Security Payload (ESP) have

to be enabled so that the malicious node cannot differentiate between normal traffic and ICMPv6
echo and response messages. Ribera et al., (2020) improved LHP by employing User Datagram

Protocol (UDP) based heartbeat messages. UDP is used in RPL for transmitting data for IoT

devices to the gateway, hence a UDP packet is more likely to be dropped by a malicious SFA-II

node. The use of the UDP packets leads to a faster and more accurate detection compared to

ICMPv6 based heartbeat messages. This way both SFA-II and Blackhole attacks are detected.

Hassan et al., (2021) proposed a control layer based trust mechanism for supporting secure

routing in RPL. The proposed scheme is split into three layers: device layer, sink layer and

control layer. The scheme assessed the trust of nodes based on their forwarding behaviour. To

save computational space, storage and energy resources at the node level, complex trust related

computations are moved to a higher layer referred to as the controller. The proposed scheme uses

subjective logic trust model which considers uncertainty in terms of opinion.

Muzammal et al., (2021) implemented an earlier work SMTrust proposed in Muzammal et al.,

(2020). SMTrust aim is to provide security against packet dropping attacks in RPL based IoT

networks. The proposed solution is integrated into the standard RPL as a modified OF and the

results are compared with the RPL’s OF0 and MRHOF. The selected trust metrics used in

SMTrust include: successful transactions of node (direct trust), energy level, historical

observations and recommended trust, mobility of nodes, location and link stability. Trust index

rated based on fuzzy judgement and only the reliable nodes are elected for routing based on the

trust threshold. The trust index is then transmitted to the parent selection algorithm in the

objective function of the routing protocol along with the rank and ETX values. The packet

dropping attack is detected via the calculated trust trust index of the nodes as well as the success

rate of the nodes in the network.

Table 1: Summary of Reviewed Literature on Solutions to Blackhole and SFA-II in RPL

Protocol

Ref Metrics Attacks Research Strength

Considered Gaps/Improvements

Neerugatti and Packet Drop Blackhole and Packet drop rate is

Reddy (2020) Rate (PDR) Greyhole does not guarantee a

maliciousness. Packet

drop could be due to

many causes such as

congested parent

node, mobility or

node with an

exhausted battery.

Lahbib et al., Residual Energy Blackhole attack No consideration for A very good

(2020) (RE), Packet mobile nodes. No scheme that

Forwarding Rate consideration for does not only

(PFR), Expected congestion/load considers

Transmission balancing. security

Count (ETX), (against

Packet packet drop

Reception Ratio attacks) but

(PRR), Packet also Quality

Error Rate of service

 (PER), (QoS). A very

transmission good method

delay and entity of computing

time. trust that

considers

both direct

and indirect

trust.

Ribera et al., Packet drop Blackhole and No consideration for With

(2020) Greyhole mobility. The scheme improvements

does not discriminate the scheme

between malicious will be very

packet dropping and good in

node with an detecting

exhausted battery or Blackhole

congested buffer. and SFA-II

attacks.

Hassan et al., Packet Blackhole attack Not every packet

(2021) forwarding. drop and forwarding

delay are as a result

of misbehaviour.

Packet loss could be

due to node related

 issue, congestion

related or mobility

related issue (Khan et

al., 2017). The need

for a dedicated high

end node for trust

computation at the

control layer adds

more complexity to

the scheme.

Muzammal et Muzammal et al.,

al., (2021) (2021) didn’t show

how the trust ranking

index is obtained

from the trust metrics

aggregated. The

scheme tackles only

packet dropping

attacks. The scheme

did not consider

mobility.

Highlight of Research Limitations and Established Need for Further Research

The proposed research works that addresses Blackhole, Sinkhole and SFA-II attacks (Neerugatti

and Reddy, (2020), Lahbib et al., (2020), Ribera et al., (2020), Hassan et al., (2021) and

Muzammal et al., (2021)) have lots of limitations. Packet loss in a network could be due many

factors. Mobility is one factor for a packet loss in heterogenous RPL network consisting of both

mobile and static nodes. RPL has a low adaptability to dynamic networks since it cannot

differentiate between mobile and static nodes (Korbi et al., 2012). The RPL standard does not

consider the provision of robust paths, as mobile nodes may be used in the routing path causing

frequent path disconnections (Bouaziz et al., 2019). For instance, if a mobile parent leaves the

network, that may lead to sudden packet loss in the network since child nodes may not be aware

that their preferred parent has moved away (Pancaroglu and Sen, 2021). All the nodes in this

sub-tree have now lost path to the root node and the RPL has take charge and fix this issue. RPL

will attempt to fix this issue using the local repair mechanism which may triggers the global

repair mechanism leading to the creation of a new DODAG with a new version number. Extra

energy and delay is incurred as a result of global repair. As more mobile nodes increases in the

DODAG, this situation becomes frequent which consequently leads to an increase in routing

overhead, end-to-end delay, energy consumption and reduces PDR (Cyriac and Durai, 2021).

RPL was initially meant for static topologies (Vidhya and Mathi, 2018). Although RPL was not

aimed at mobile nodes, real life applications however, may consists of mobile nodes (Korbi et

al., 2012). Many important applications of IoT in clinical or industrial environments however,

involve mobile nodes (Ko et al., 2010; Park et al., 2010; Park et al., 2017). These applications

require a hybrid multi-hop network that comprise of both static backbone nodes (routers) and

mobile nodes (e.g. medical staffs and patients in hospital, robots and machines in a factory) (Kim

et al., 2017). The Trickle Timer also do not help matters with regards to mobile nodes. The
Trickle Timer gives offers a slow response to a swift changing mobile network or even a zero

response (Korbi et al., 2012). One of the main reasons behind increased energy consumption,

delay and decreased reliability in LLNs is congestion (Al-Kashoash et al., 2018). IoT devices

suffers severe congestion issue leading to a packet loss and delay in the absence of the right load

balancing mechanism (Wang et al., 2020). There is no efficient load balancing routing

mechanism in RPL that guarantee a balanced distribution of traffic among respective nodes and

at the same time reduce the overhead (Ghaleb et al., 2018). There is a need for RPL to enable a

fair traffic load amongst nodes to ensure a balanced energy usage (Kim et al., 2017). Poorly

implemented load balancing results to a herding effect/flocking effect a situation where the

network suffers topological instability caused by sets of nodes continuously switching preferred

parent in a bid to achieve load balancing (Kim et al., 2015; Hadaya and Alaba, 2021). Load-

imbalanced network leads to increased energy consumption (Pancaroglu and Sen, 2021) in

overloaded parents nodes. This may leads to selfishness amongst overloaded parents with a

depleted battery. A selfish node is a node with a depleted battery that refuses to forward packets

for other nodes so as to preserve its energy (Airehrour et al., 2018; Lahbib et al., 2017). A selfish

node is also known as a non-cooperative node (Glissa et al., 2016). The scheme proposed by

Neerugatti and Reddy (2020) and Hassan et al., (2021) can lead to the persecution of benign

nodes since it considers every packet drop as an indication of maliciousness. In addition Hassan

et al., (2021) introduces the need for a dedicated high end node to compute trust calculation

thereby making the scheme unnecessarily complex. Lahbib et al., (2020) would lead to the

herding effect and parent node selfishness since there is no measure to ensure load balancing and

in the end destabilizes the network. As a result of lack inherent mechanism in the standard RPL

that addresses mobility, energy level and load balancing, the centralized IDS scheme proposed
by Ribera et al., (2020) will not accurately detect packet dropping attacks. Ribera et al., (2020)

scheme will detect a mobile parent node and overloaded parent node as malicious node. Packet

loss could be due to node related issue, congestion related or mobility related issue (Khan et al.,

2017). In Muzamal et al., (2021) it was not clear how the trust ranking index is obtained from

the trust metrics aggregated even though the metrics include battery level (energy) and mobility.

There was no attempt to enable any mechanism that ensures load balancing which would make

the scheme susceptible to herding effect.

From the reviewed works it could be deduced that there is research gap that creates the need for

RPL scheme that accurately tackles packet dropping attacks with consideratation for mobility,

load balancing and energy level that is simple and appropriate for the resource constrained nodes

in the LLN. The reviewed literature also concentrated on SFA-II neglecting SFA-I, SFA-III and

SFA-IV. There is also therefore a need for security schemes that will deal with SFA-I, SFA-III

and SFA-IV types of SFA. Ribera et al., (2020) appears to be very good candidate with

improvements made to it. However, Ribera et al., (2020) is also susceptible to single point of

failure vulnerability (Autkar et al., 2015; Baroutis and Younis, 2017; Conti et al., 2017; Denzel

and Ryan, 2018; Haider et al., 2020; Kaur, 2019; Kohno et al., 2009; Sha, 2010; Shahare and

Chavhan, 2014; Tani et al., 2017; Tanuja, 2015; Tariq et al., 2021;) since the IDS is only placed

at the border router (root node/sink node). Once the IDS on the border router is maliciously

tampered with, the whole IDS scheme will break. Distributed detection method is better where

the task of detection is distributed amongst nodes. In addition the scheme is silent on mobile

nodes and a selfish node (Karkazis et al., 2012). A mobile parent node will end up being

punished by the Ribera et al., (2020) scheme as a malicious node. A mobile node should never

be selected as a parent in the first place (Lalani et al., 2020). A mobile node selected as parent
can move away from the vicinity of its children and will be regarded as a malicious node with

Ribera et al., (2020) scheme. A mobile node should be left as a leaf node and prevented from

sending out a DIO message (Gara et al., 2015). Node’s buffer congestion resulting from large

number of children or nodes sending data at a high data transmission rate which in turn leads to

packet drop has not been considered by Ribera et al., (2020). Routers are configured for best-

effort packet forwarding. The router receives and forwards all packets. The packet is queued if

the router cannot process the packet immediately. The packet is dropped if the queue is full.

Packets are normally processed on a first-come, first-served basis. If more packets are queued up

and router’s buffer size is not able to process the packets then those packets are dropped (Reetika

and Saini, 2014). Router’s buffer size should be three times greater than the total nodes in

environment (Reetika and Saini, 2014). Therefore, an OF that incorporates consideration for

mobility, congestion and node’s residual energy level can be introduced into Ribera et al., (2020)

for accurate detection of malicious nodes and makes the Ribera et al., (2020) more effective.

There is also the need to address the single point of failure vulnerability in the Ribera et al.,

(2020) scheme.

The Proposed Scheme: MICE-RPL

MICE-RPL consists of two phases. The first phase involves designing a mobility, congestion and

energy aware trust-based OF. The second phase involves the placement of a distributed IDS

scheme to check for SFA-II and also On-Off attack (OA). The proposed OF alone can help to

mitigate Blackhole, Sinkhole, SFA-II in RPL but might be susceptible to OA attack. In OA

attack a malicious node threatens the IoT trust security scheme through nodes performing good

and bad behaviors randomly, to avoid being rated as malicious (Caminha et al., 2018). An OA

attacker can also behave differently with different neighbors to achieve conflicting trust opinions
of the same node. This kind of attack is hard to detect using traditional trust management

schemes (Guo et al., 2016). An OA attacker can evade through the trust based OF and later

unleash packet dropping attacks (Blackhole, Sinkhole and SFA) on the nodes in the DODAG.

Phase I

This phase proposed a mobility, congestion and energy aware trust-based OF. The OF is

composed of trust value of a node, RSSI and node’s weight. Mobility is addressed through the

use of RSSI. This would enable a mobile child node select a parent within its vicinity. In the

DODAG construction of MICE-RPL also mobile nodes would not be permitted to transmit a

DIO packet so that they don’t get selected as parent node. The energy level of a node is part of

the metric in trust computation. Congestion is addressed through node’s weight metric which is

an aggregation of a node’s children and grandchildren to ensure load balancing in MICE-RPL.

Trust Value Computation

Lahbib et al., (2020) method of computing trust is adopted in this work to compute trust. Lahbib

et al., (2020) proposes a trust computation method that reduces the selection of malicious parent

node and at the same time preserve Quality of Service (QoS). In addition the trust computation

method also considers energy level of node which is of particular interest to this study. The term

trust expresses the relationship between two entities: a trustor and a trustee. A trustor is the node

making attempts to join the DODAG or update its preferred parent. The trustee is the node

evaluated for election as the preferred parent. The relationship between trust and trustee is

derived from direct trust (direct observation) and recommended trust (recommendations). The

trust relationship between two nodes x and y at a time t is represented as:

Trust(x→y)t.
 T(x →y)t = w1 ∗ NT(x→y)t + w2 ∗ LT (x→ y)t

Where T(x →y)t represents the value of trust the node x has for its candidate parent y at time t

and it is narrowed to a continuous range from 0 to 1, where 0 denotes complete distrust and 1

denotes absolute trust. It is the aggregation of node trust (NT) and link trust (LT). The weight

factors w1 and w2 are assigned to NT(x → y)t and LT(x→y)t respectively where w1 + w2 = 1; 0

≤ w1 ≤ 1 and 0 ≤ w2 ≤ 1.

NT is the aggregation of node’s direct trust NT(x→y)td and third parties’ recommended trust

NT(x→y)tr represented thus:

NT(x→y)t = wd ∗ NT(x→y)td + wr∗NT (x →y)tr

Where wd and wr are the weights assigned to the direct and the indirect trust respectively. The

computation of the direct trust involves both node’s cooperativeness and competence.

NT(x →y)td = NT(x → y)tcoop∗ NT(x→y)tcomp

where NT(x → y)t coop

denotes the cooperativeness level assessed during the time interval [0..t]

and computed using the packet forwarding ratio (PFR), while NT(x →y)tcomp represents the

degree of the node’s ability to carry out its tasks within the routing process and it is computed

based on the remaining energy (RE) percentage.

To diminish the effect of malicious recommenders this study will adopt SecTrust’s (Airehrour et

al., 2018) method of computing recommended trust thus:

NT (x →y)tr = NT(x→z) * NT(z→y)

The aim of computing link trust is to strengthen the DODAG establishment and repair process by

taking into consideration quality and performance of the various links joining the nodes so as to

effectively fulfill QoS constraints. Link trust is computed thus:

LT(x → y)t = LT (x→ y)t qual ∗ LT (x→y)t perf

where LT(x→y)tqual represents the conviction that the connecting link is good enough to fulfill

the QoS constraints. It is computed from ETX and packet reception ratio (PRR) as the guarantors

of quality between the trustor node and the trustee node. LT (x →y)tper f depicts the performance

of the link based on Packet Error Rate (PER) and transmission delay.

Node Weight Calculation

The congestion consideration aspect of MICE-RPL is achieved by computing a node’s weight.

Node’s weight represents the number of children and grandchildren node it has on its subtree. An

algorithm from Sanou et al., (2021) is adopted to compute the potential parent node’s weight.

Algorithm 1
Start
Each child node on parent p subtree:
If not a leaf node:
Send DAO packet with with its x number of children to the parent p
Parent node increment's its weight counter with x + 1.
At the expiration of the Trickle Timer:
Parent node p decreases its weight by the number of children node that have not
transmitted packets at the elapsed time.
Stop
The preferred parent of a node is selected based on a modified rank computation. The node with

the highest computed rank is selected as a preferred parent. The rank is computed as an

aggregation of the node’s trust value, node’s RSSI value and node’s inverse weigh thus:

rank = nodeTrust + nodeRSSI + nodeWeightinverse

NodeTrust and nodeRSSI are values to be maximized while nodeWeight is a value to be

minimized. In additive approach combined metrics must be minimizable or maximizable

(Hassani et al., 2021c). Thus, we change the nodeWeight value to −nodeWeight (called

nodeWeight inverse) in order to keep the isotonicity of the OF.

Phase II

The proposed OF proposed in Phase I will effectively diminish the chances of selecting

Blackhole, Sinkhole and SFA-II malicious node as parent node using the packet forwarding

behavior monitoring. Nodes in RPL operating in promiscuous mode can overhear their

neighbour packet transmissions. The number of packets a node can successfully transmit on

behalf of the requesting node represents the actual reflection of the reliability of the node. This

represents the node’s packet forwarding behavior used in the trust value computation. However a

malicious node might excel in the rest of the metrics used in the trust value computation. OA can

also successfully evade the trust computation process and eventually get selected as a preferred

parent to unleash packet dropping attacks on the children on its subtree. For these reasons we

propose a Distributed Intrusion Detection System (DIDS) to address these concerns and serve as

a multi-layer security measure against packet dropping attacks. DIDS is based on enhancement

to Ribera et al. (2020) to address Single Point of Failure (SPF) posed by Ribera et al. (2020).
 Figure 4: MICE-RPL DIDS
In the proposed DIDS (Figure 4), a node amongst the children is selected as a guardian node.

The guardian node is elected based on the OF proposed in phase I. The child node with the

highest rank is elected as the guardian node. If there is a tie, then any of the children is randomly

selected. In a single child parent scenario, the child by default becomes the guardian node. After

a time interval k, the guarding node sends a UDP request packet to the parent node. The guarding

node keeps a counter to track the number of UDP requests sent to the parent node. After a certain

threshold and no UDP response is received, the guarding node declares the parent node as a

malicious node. UDP is commonly used for delivering data for IoT devices to the sink node.

Therefore, such UDP messages would be more likely to be dropped by a malicious node as part

of a SFA-II. Blackhole by default drop any kind of packet nevertheless so it will be detected with

DIDS by default.

Enhanced MICE-RPL

The DIDS proposed in MICE-RPL as an improvement to the work of Ribera et al. (2020) might

be susceptible to bad mouthing attack (BMA) and ballot stuffing attack (BSA). BMA and BSA
are a form of collaborative attacks to the trust system to damage the reputation of and

discriminate against benign nodes and to boost the reputation of malicious nodes (Guo et al.,

2016). We imagine a scenario where OA attacker was able to successfully pass the guarding

node selection process of MICE-RPL. In that situations to two types of attacks are possible to the

MICE-RPL: bad-mouthing and ballot stuffing attacks. To counter BMA and BSA this study

propose an enhanced MICE-RPL (ENMICE-RPL) through an idea we called Who will guard the

guard? (“Quis custodiet ipsos custodes ?"). Who will guard the guard primarily consists of

electing an extra child node through the proposed OF in MICE-RPL refer to as verifying node

(Figure 5) elected to verify the claim of the guarding node. The verifying node will go through

the same procedure of sending UDP request packet and accepting UDP response packet from the

preferred parent. A guarding node caught guilty of BMA or BSA is blacklisted as a malicious

attacker and removed from the network.

Single Child Parent

For a single child parent, BSA won’t have any effect, since the sole child node will end up the

one that will be affected. To verify against bad-mouth attack however, the study propose the use

of the root node or any other node within the vicinity of the sub-DODAG to help verify against

the claim of the sole guard node.

 Figure 5: ENMICE-RPL

ENMICE-RPL will incur additional overhead in the form extra verification step performed by

the verifying node but it will help to check against BMA and BSA that MICE-RPL is exposed to.

Conclusion and Future Work

In this study we have proposed a trust based mobility, congestion and energy aware RPL (MICE-

RPL) protocol for accurate mitigation of packet dropping attacks (Blackhole, Sinkhole and SFA-

II). MICE-RPL can also check against neighbor attack and OA packet dropping attack. MICE-

RPL might be susceptible to BMA and BSA and to provide solution against that ENMICE-RPL

was proposed. ENMICE-RPL will incur additional overhead but help check against BMA and

BSA that MICE-RPL is exposed to. As a future work MICE-RPL and ENMICE-RPL will both
be simulated using Cooja simulator and evaluated against related works. A testbed

implementation will also be carried out to validate the proposal.

N.B.: This is a conceptual paper extracted from the author’s PhD thesis proposal at Ahmadu

Bello University, Zaria, working with Prof. S. B. Junaidu, Prof. A. A. Obiniyi and Prof. A. M.

Ibrahim as thesis advisors who will eventually be added to the paper after they have reviewed the

work.

References

Agiollo, A., Conti, M., Kaliyar, P., Lin, T.-N., & Pajola, L. (2021). DETONAR: Detection of
Routing Attacks in RPL-Based IoT. IEEE Transactions on Network and Service Management ,
1178 - 1190.

Airehrour, D., Gutierrez, J. A., & Ray, S. K. (2018). SecTrust-RPL: A Secure Trust-Aware RPL
Routing Protocol for Internet of Things. Future Generation Computer Systems .
Al-Kashoash, H. A., Hassena, F., Kharrufa, H., & Kemp, A. H. (2018). Analytical modelling of
congestion for 6LoWPAN networks. ICT Express .

Autkar, S. V., Dhage, M. R., & Bholane, S. P. (2015). A Survey on Distributed Techniques for
Detection of Node Clones in Wireless Sensor Networks. 2015 International Conference on
Pervasive Computing (ICPC). Pune, India : IEEE.

Bahashwan, A. A., Anbar, M., Abdullah, N., Al-Hadhrami, T., & Hanshi, S. M. (2021). Review
on Common IoT Communication Technologies for Both Long-Range Network (LPWAN) and
Short-Range Network. Advances on Smart and Soft Computing. Advances in Intelligent Systems
and Computing. Springer, Singapore.

Baroutis, N., & Younis, M. (2017). Load-conscious Maximization of Base-station Location

Privacy in Wireless Sensor Networks. Computer Networks .

Bouaziz, M., Rachedi, A., Belghith, A., Berbineau, M., & Al Ahmadi, S. (2019). EMA-RPL:
Energy and mobility aware routing for the Internet of Mobile Things. Future Generation
Computer Systems , 247-258.

Caminha, J., Perkusich, A., & Perkusich, M. (2018). A Smart Trust Management Method to
Detect On-Off Attacks in the Internet of Things. Security and Communication Networks , 2-10.
Conti, M., Kaliyar, P., & Lal, C. (2017). REMI: A Reliable and Secure Multicast Routing
Protocol for IoT Networks. ACM .

Cyriac, R., & Durai, M. A. (2021). MEQA-RPL: A Mobility Energy and Queue Aware Routing
Protocol for Mobile Nodes in Internet of Things. Preprint .

Denzel, M., & Ryan, M. D. (2018). Malware Tolerant (Mesh-)Networks. Cryptology and
Network Security , 133–153.

Gaddour, O., & Koubâa, A. (2012). RPL in a nutshell: A survey. Computer Networks , 3165-
3178.

Gara, F., Saad, L. B., Ayed, R. B., & Tourancheau, B. (2015). RPL protocol adapted for
healthcare and medical applications. 2015 International Wireless Communications and Mobile
Computing Conference (IWCMC). Dubrovnik, Croatia: IEEE.

Ghaleb, B., Al-Dubai, A., Ekonomou, E., & Gharib, W. (2018). A New Load-Balancing Aware
Objective Function for RPL's IoT Networks. 2018 IEEE 20th International Conference on High
Performance Computing and Communications; IEEE 16th International Conference on Smart
City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS).
Exeter, UK: IEEE.

Glissa, G., Rachedi, A., & Meddeb, A. (2016). A secure routing protocol based on RPL for
Internet of Things. 2016 IEEE Global Communications Conference (GLOBECOM). Washington,
DC, USA : IEEE.

Guo, J., Chen, I.-R., & Tsai, J. J. (2016). A Survey of Trust Computation Models for Service
Management in Internet of Things Systems. Computer Communications .
Hadaya, N. N., & Alaba, S. A. (2021). Improved RPL Protocol for Low-Power and Lossy
Network for IoT Environment. SN Computer Science .

Haider, Z., Jamal, T., Asam, M., Butt, S., & Ajaz, A. (2020). Mitigation of Wireless Body Area
Networks Challenges Using Cooperation. International Journal of Security and Its Applications ,
15-30.

Hassan, T., Asim, M., Baker, T., Hassan, J., & Tariq, N. (2021). CTrust-RPL: A control layer-
based trust mechanism for supporting secure routing in routing protocol for low power and lossy
networks-based Internet of Things applications. Trans Emerging Tel Tech , 1-20.

Hassani, A. E., Sahel, A., & Badri, A. (2021). IRH-OF: A New Objective Function for RPL
Routing Protocol in IoT Applications. Wireless Personal Communications , 673–689.
Ji, C., Koutsiamanis, R.-A., Montavont, N., Chatzimisios, P., Dujovne, D., & Papadopoulos, G.
Z. (2018). TAOF: Traffic Aware Objective Function for RPL-based Networks. 2018 Global
Information Infrastructure and Networking Symposium (GIIS). Thessaloniki, Greece : IEEE.

Kaur, J. (2019). An Ultimate Approach of Mitigating Attacks in RPL Based Low Power Lossy
Networks. arXiv .

Karkazis, P., Leligou, H. C., Trakadas, P., & Velivassaki, T. H. (2012). Design of primary and
composite routing metrics for RPL-Compliant Wireless Sensor Networks. 2012 International
Conference on Telecommunications and Multimedia (TEMU) (pp. 13-18). IEEE.

Khan, M. S., Midi, D., Khan, M. I., & Bertino, E. (2017). Fine-Grained Analysis of Packet Loss
in MANETs. IEEE Access , 7798 - 7807.

Khan, W. Z., Xiang, Y., Aalsalem, M. Y., & Arshad, Q. (2011). Comprehensive Study of
Selective Forwarding Attack in Wireless Sensor Networks. I.J. Computer Network and
Information Security , 1-10.

Kharrufa, H., Al-Kashoash, H. A., & Kemp, A. H. (2019). RPL-Based Routing Protocols in IoT
Applications: A Review. IEEE Sensors Journal , 5952 - 5967.

Kim, H.-S., Ko, J., Culler, D. E., & Paek, J. (2017). Challenging the IPv6 Routing Protocol for
Low-Power and Lossy Networks (RPL): A Survey. IEEE Communications Surveys & Tutorials (
Volume: 19, Issue: 4, Fourthquarter 2017) , 2502 - 2525.

Kim, H.-S., Paek, J., & Bahk, S. (2015). QU-RPL: Queue utilization based RPL for load
balancing in large scale industrial applications. 2015 12th Annual IEEE International Conference
on Sensing, Communication, and Networking (SECON). Seattle, WA, USA: IEEE.

Ko, J., Lu, C., Srivastava, M. B., Stankovic, J. A., Terzis, A., & Welsh, M. (2010). Wireless
Sensor Networksfor Healthcare. Proceedings of the IEEE , 1947-1960.

Kohno, E., Ohta, T., & Kakuda, Y. (2009). Secure decentralized data transfer against node
capture attacks for wireless sensor networks. 2009 International Symposium on Autonomous
Decentralized Systems. Athens, Greece : IEEE.

Korbi, I. E., Brahim, M. B., Adjih, C., & Saidane, L. A. (2012). Mobility Enhanced RPL for
Wireless Sensor Networks. 2012 Third International Conference on The Network of the Future
(NOF). Tunis, Tunisia : IEEE

Kushalnagar, N., Montenegro, G., & Schumacher, C. (2007). RFC:4919, IPv6 over Low-Power
Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statements
and Goals. Network Working Group .
Lalani, S. R., Salehi, A. A., Taghizadeh, H., Safaei, B., Monazzah, A. M., & Ejlali, A. (2020).
REFER: A Reliable and Energy-Efficient RPL for Mobile IoT Applications. 2020 CSI/CPSSI
International Symposium on Real-Time and Embedded Systems and Technologies (RTEST).

Lahbib, A., Toumi, K., Elleuch, S., Laouiti, A., & Martin, S. (2017). Link reliable and trust
aware RPL routing protocol for Internet of Things. 2017 IEEE 16th International Symposium on
Network Computing and Applications (NCA). Cambridge, MA, USA : IEEE.

Lahbib, A., Toumi, K., Laouiti, A., & Martin, S. (2020). Trustbased Routing Metric for RPL
Routing Protocol in the Internet of Things. International Journal on AdHoc Networking Systems
(IJANS) , 1-17.

Le, A., Loo, J., Luo, Y., & Lasebae, A. (2013). The impacts of internal threats towards Routing
Protocol for Low power and lossy network performance. 2013 IEEE Symposium on Computers
and Communications (ISCC). Split, Croatia: IEEE.

Lamaazi, H., Benamar, N., & Jara, A. (2017). Study of the Impact of Designed Objective
Function on the RPL-Based Routing Protocol. Advances in Ubiquitous Networking 2 .

Mayzaud, A., Badonnel, R., & Chrisment, I. (2016). A Taxonomy of Attacks in RPL-based
Internet of Things. International Journal of Network Security , 59 - 473.

Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., & Schönwälder, J. (2014). A Study of
RPL DODAG Version Attacks. AIMS 2014: Monitoring and Securing Virtualized Networks and
Services. Brno, Czech Republic: Springer, Berlin, Heidelberg.

Medjek, F., Tandjaoui, D., Abdmeziem, M. R., & Djedjig, N. (2015). Analytical evaluation of
the impacts of Sybil attacks against RPL under mobility. 2015 12th International Symposium on
Programming and Systems (ISPS). Algiers, Algeria: IEEE.

Muzammal, S. M., Murugesan, R. K., & Jhanjhi, N. Z. (2021). Introducing Mobility Metrics in
Trust-based Security of Routing Protocol for Internet of Things. 2021 National Computing
Colleges Conference (NCCC). Taif, Saudi Arabia : IEEE.

Muzammal, S. M., Murugesan, R. K., Jhanjhi, N. Z., & Jung, L. T. (2020). SMTrust: Proposing
Trust-Based Secure Routing Protocol for RPL Attacks for IoT Applications. 2020 International
Conference on Computational Intelligence (ICCI) (pp. 305-310). Bandar Seri Iskandar,
Malaysia: IEEE.

Neerugatti, V., & Reddy, R. M. (2020). Artificial Intelligence-Based Technique for Detection of
Selective Forwarding Attack in RPL-Based Internet of Things Networks. Emerging Research in
Data Engineering Systems and Computer Communications , 67-77.
Karlof, C., & Wagner, D. (2003). Secure routing in wireless sensor networks: attacks and
countermeasures. Proceedings of the First IEEE International Workshop on Sensor Network
Protocols and Applications, 2003. Anchorage, AK, USA : IEEE.

Lahbib, A., Toumi, K., Elleuch, S., Laouiti, A., & Martin, S. (2017). Link reliable and trust
aware RPL routing protocol for Internet of Things. 2017 IEEE 16th International Symposium on
Network Computing and Applications (NCA). Cambridge, MA, USA : IEEE.

Oracle. (2021). What is IoT? Retrieved December 5, 2021, from Oracle:

https://www.oracle.com/internet-of-things/what-is-iot/

Pancaroglu, D., & Sen, S. (2021). Load balancing for RPL-based Internet of Things: A review.
Ad Hoc Networks .

Park, J., Nam, W., Choi, J., Kim, T., Yoon, D., Lee, S., et al. (2017). Glasses for the Third Eye:
Improving the Quality of Clinical Data Analysis with Motion Sensor-based Data Filtering.
SenSys ’17. Delft, Netherlands: ACM.

Park, P., Fischione, C., Bonivento, A., Johansson, K. H., & Sangiovanni-Vincent, A. (2010).
Breath: An Adaptive Protocol for Industrial Control Applications Using Wireless Sensor
Networks. IEEE Transactions on Mobile Computing , 821 - 838.

Pongle, P., & Chavan, G. (2015). A survey: Attacks on RPL and 6LoWPAN in IoT. 2015
International Conference on Pervasive Computing (ICPC). Pune, India: IEEE.

Ramasamy, L. K., & Kadry, S. (2021). Internet of things (IoT). In L. K. Ramasamy, & S. Kadry,
Blockchain in the Industrial Internet of Things (pp. 1-16). IOP Publishing Ltd.

Raoof, A., Matrawy, A., & Lung, C.-H. (2018). Routing Attacks and Mitigation Methods for
RPL-Based Internet of Things. IEEE Communications Surveys & Tutorials , 1582 - 1606.

Reetika, & Saini, P. (2014). Impact of Router’s Buffer Size on Packet Loss Due to Congestion in
TCP. International Journal of Engineering Research & Technology (IJERT) .

Rghioui, A., Khannous, A., & Bouhorma, M. (2014). Denial-of-Service attacks on 6LoWPAN-
RPL Networks: Threats and an Intrusion Detection System Proposition. Journal of Advanced
Computer Science and Technology , 143-153.

Ribera, E. G., Alvarez, B. M., Samuel, C., Ioulianou, P. P., & Vassilakis, V. G. (2020).
Heartbeat-Based Detection of Blackhole and Greyhole Attacks in RPL Networks. 2020 12th
International Symposium on Communication Systems, Networks and Digital Signal Processing
(CSNDSP). Porto, Portugal : IEEE.

Sanou, D. A., Yel´emou, T., Tall, H., & Boulou, M. (2021). Taking into Account Children
Accurate Weights During Parent Selection Process in RPL to Extend WSN Lifetime. ICWMC
2021 : The Seventeenth International Conference on Wireless and Mobile Communications, (pp.
60-64).

Sha, Z., Lu, J.-L., Li, X., & Wu, M.-Y. (2010). An Anti-Detection Moving Strategy for Mobile
Sink. 2010 IEEE Global Telecommunications Conference GLOBECOM 2010. Miami, FL, USA:
IEEE.

Shahare, P. C., & Chavhan, N. A. (2014). An Approach to Secure Sink Node's Location Privacy
in Wireless Sensor Networks. 2014 Fourth International Conference on Communication Systems
and Network Technologies (pp. 748-751). Bhopal, India : IEEE.

Shahdad, S. Y., Khan, M., Sultana, H., Hussain, M. A., & Bilfaqih, S. M. (2019). Routing
Protocols for Constraint Devices in an Internet of Things Network. International Conference on
Communication and Signal Processing. India.

Sharma, R., & Jayavignesh, T. (2015). Quantitative Analysis and Evaluation of RPL with
Various Objective Functions for 6LoWPAN. Indian Journal of Science and Technology .

Tall, H., Chalhoub, G., Hakem, N., & Misson, M. (2019). Load balancing routing with queue
overflow prediction for WSNs. Wireless Networks , 229-239.

Tani, R., Aoi, K., Kohno, E., & Kakuda, Y. (2017). An Adaptability-Enhanced Routing Method
for Multiple Gateway-Based Wireless Sensor Networks Using Secure Dispersed Data Transfer.
2017 IEEE 37th International Conference on Distributed Computing Systems Workshops
(ICDCSW). Atlanta, GA, USA : IEEE.

Tanuja, R., Arudi, S. P., Manjula, S. H., Venugopal, K. R., & Patnaik, L. M. (2015). TKP: Three
level key pre-distribution with mobile sinks for wireless sensor networks. 2015 IEEE
International Conference on Signal Processing, Informatics, Communication and Energy
Systems (SPICES). Kozhikode, India : IEEE.

Tariq, N., Asim, M., Khan, F. A., Baker, T., Khalid, U., & Derhab, A. (2021). A Blockchain-
Based Multi-Mobile Code-Driven Trust Mechanism for Detecting Internal Attacks in Internet of
Things. Sensors , 1-27.

Thubert, P. (2012). RFC: 6552, Objective Function Zero for the Routing Protocol for Low Power
and Lossy Networks (RPL). Internet Engineering Task Force (IETF).

Thulasiraman, P., & Wang, Y. (2019). A Lightweight Trust-Based Security Architecture for RPL
in Mobile IoT Networks. 2019 16th IEEE Annual Consumer Communications & Networking
Conference (CCNC). Las Vegas, NV, USA : IEEE.

Tsao, T., Alexander, R. K., Dohler, M., Daza, V., & Lozano, A. (2012). A Security Framework
for Routing over Low Power and Lossy Networks. IETF.
 Upadhyay, P., & Upadhyay, D. (2021). Internet of things - A Survey. International Journal of
Scientific Research in Computer Science, Engineering and Information Technology , 417-438.

Vaziri, B. B., & Haghighat, A. T. (2020). Brad-OF: An Enhanced Energy-Aware Method for
Parent Selection and Congestion Avoidance in RPL Protocol. Wireless Personal
Communications .

Vidhya, S. S., & Mathi, S. (2018). Investigation of Next Generation Internet Protocol Mobility-
Assisted Solutions for Low Power and Lossy Networks. Procedia Computer Science , 349-359.

Xing, K., Srinivasan, ,. S., Rivera, J. M., Li, J., & Cheng, X. (2010). Attacks and
Countermeasures in Sensor Networks: Survey. In S. C. Huang, D. MacCallum, & D.-Z. Du,
Network Security (pp. 251-272). Springer.

Wallgren, L., Raza, S., & Voigt, T. (2013). Routing Attacks and Countermeasures in the RPL-
Based Internet of Things. International Journal of Distributed Sensor Networks .

Wang, F., Babulak, E., & Tang, Y. (2020). SL-RPL: Stability-Aware Load Balancing for RPL.
Transactions on Machine Learning and Data Mining , 27 - 39.

Wang, Y. (2018). Secure routing protocol over mobile Internet of Things wireless sensor
networks. California, USA: Calhoun: The NPS Institutional Archive.
Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., Levis, P., et al. (2012). RFC: 6550, RPL:
IPv6 Routing Protocol for Low-Power and Lossy Networks. Internet Engineering Task Force
(IETF).

Yang, W., Wang, Y., Lai, Z., Wan, Y., & Cheng, Z. (2018). Security Vulnerabilities and
Countermeasures in the RPL-Based Internet of Things. 2018 International Conference on Cyber-
Enabled Distributed Computing and Knowledge Discovery (CyberC). Zhengzhou, China : IEEE.

View publication stats