CRA-RPL: A Novel Lightweight Challenge-Response Authentication-based Technique for Securing RPL Against Dropped DAO Attacks

Journal Pre-proof

CRA-RPL: A Novel Lightweight Challenge-Response

Authentication-based Technique for Securing RPL Against Dropped
DAO Attacks

Shefali Goel, Abhishek Verma, Vinod Kumar Jain

PII: S0167-4048(23)00256-0
DOI: https://doi.org/10.1016/j.cose.2023.103346
Reference: COSE 103346

To appear in: Computers & Security

Received date: 18 November 2022

Revised date: 19 April 2023
Accepted date: 14 June 2023

Please cite this article as: Shefali Goel, Abhishek Verma, Vinod Kumar Jain, CRA-RPL: A Novel
Lightweight Challenge-Response Authentication-based Technique for Securing RPL Against Dropped
DAO Attacks, Computers & Security (2023), doi: https://doi.org/10.1016/j.cose.2023.103346

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition
of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of
record. This version will undergo additional copyediting, typesetting and review before it is published
in its final form, but we are providing this version to give early visibility of the article. Please note that,
during the production process, errors may be discovered which could affect the content, and all legal
disclaimers that apply to the journal pertain.

© 2023 Published by Elsevier Ltd.

Manuscript Click here to view linked References

1
Highlights
2
3
4
5 CRA-RPL: A Novel Lightweight Challenge-Response Authentication-based Technique for Secur-
6 ing RPL Against Dropped DAO Attacks
7 Shefali Goel, Abhishek Verma,Vinod Kumar Jain
8
9
10 • Implementation and analysis of DDAO attack in the non-storing mode of Contiki-NG operating system.
11
12 • Design and implementation of a lightweight defense technique (CRA-RPL) to address DDAO attack in RPL.
13
14 • Performance analysis of the proposed defense technique to show its effectiveness in detection and mitigation of DDAO
15 attack in both static and mobile scenarios.
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Highlights
CRA-RPL: A Novel Lightweight Challenge-Response Authentication-based Technique for Secur-
ing RPL Against Dropped DAO Attacks
Shefali Goel, Abhishek Verma,Vinod Kumar Jain

• Implementation and analysis of DDAO attack in the non-storing mode of Contiki-NG operating system.
• Design and implementation of a lightweight defense technique (CRA-RPL) to address DDAO attack in RPL.

• Performance analysis of the proposed defense technique to show its effectiveness in detection and mitigation of DDAO
attack in both static and mobile scenarios.
CRA-RPL: A Novel Lightweight Challenge-Response
Authentication-based Technique for Securing RPL Against Dropped
DAO Attacks
Shefali Goela,1 , Abhishek Vermaa,∗,2 and Vinod Kumar Jaina,3
a organization=Computer Science & Engineering Discipline, PDPM Indian Institute of Information Technology, Design and Manufacturing,
addressline=Jabalpur, city=Madhya Pradesh, postcode=482005, country=India

ARTICLE INFO ABSTRACT

Keywords: IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) is one of the most prominent
Internet of Things networking technologies currently fueling the drastic growth of the Internet of Things (IoT) market.
LLN As 6LoWPAN runs on resource-constrained devices like ultra-low powered micro-controllers and
DDAO radio transceivers, therefore use of traditional routing protocols is not recommended. To solve the
RPL problem of achieving energy-efficient routing in 6LoWPAN, Routing Protocol for Low-power and
IETF Lossy Networks (RPL) is specified by IETF. Although RPL gives many benefits to 6LoWPAN, but
Challenge-Response the research fraternity has raised many concerns regarding its security. One such security issue is the
Dropped Destination Advertisement Object (DDAO) attack. In a DDAO attack, an attacker exploits
the standard DAO forwarding technique of RPL to perform the attack without getting noticed. Using
multiple experiments, we have observed that the key network performance parameters are severely af-
fected by the DDAO attack. In this view, this paper proposes a novel lightweight Challenge-Response
Authentication-based technique for securing RPL against DDAO attacks. The key idea of CRA-RPL
is to use a modified version of control messages by incorporating challenge-response pair for authen-
ticating DAO-ACK messages. CRA-RPL is implemented on a widely used Contiki-NG embedded
operating system and validated on Cooja Simulator. Performance of CRA-RPL is compared with
ContikiRPL (i.e., standard RPL implementation). The experimental findings indicate that CRA-RPL
effectively identifies and counteracts DDAO attacks in static and mobile environments without dev-
astatingly affecting the resource-constrained nodes.

1. Introduction range of resource-constrained devices are available in the

The Internet of Things (IoT) is an evolving technology
that comprises billions of embedded devices that can col-
lect, transmit, and exchange data in real-time for collabora-
tive decision-making. IoT applications are helping humans
and industries to carry out daily tasks or processes easily. IoT
is growing drastically because of its utility in various areas.
It is one of the founding technology for Cyber-Physical Sys-
tems, and Industry 4.0. According to a McKinsey Global In-
stitute report, the financial impact of IoT on the global econ-
omy could range from 3.9 to 11.1 trillion by the end of 2025
[10]. IoT enables the communication between devices oper-
ating at remote locations using IPv6 addressing [27]. There
are many IoT applications that demand low-power consum-
ing infrastructure with IPv6 support. This kind of demand
is fulfilled by IPv6 over Low-Power Wireless Personal Area
Networks (6LoWPAN). The devices in 6LoWPAN are resource-
constrained in terms of processing capability, main mem-
ory, storage, battery capacity, and communication capabil-
ity [24]. In addition, the communication links are lossy in
nature and support small bandwidth. The main advantage
of resource-constrained devices is that they operate on very
low-voltage and have very small energy consumption, which
makes them operate for even several years [19]. A wide
21pcso08@iiitdmj.ac.in (S. Goel); abhiverma@iiitdmj.ac.in (.A.
Verma); vkjain@iiitdmj.ac.in (V.K. Jain)
ORCID (s): 0000-0002-9021-7769 (S. Goel); 0000-0001-6687-4809 (.A.
Verma); 0000-0002-5725-4998 (V.K. Jain)
market, commonly termed as ultra-low powered micro-controllers
(e.g., MSP430F2252, ATmega168P, ARM Cortex-M3). These
ultra-low powered micro-controllers are equipped with IEEE
802.15.4 compliant low-power radio micro-controllers (e.g.,
CC2652, CC2650, CC1310, CC2630, CC2538) and transceivers
operating at ISM 2.4 GHz or Sub-1 GHz frequency band.
6LoWPAN is used in numerous real-world applications, such
as smart grid systems, smart homes, healthcare, and smart
transportation, as shown in Figure 1.
Routing plays an essential role in facilitating data trans-
mission between network components. The same concept
also applies to IoT applications [21]. From the IoT point
of view, routing is responsible for delivery of critical in-
formation from one endpoint to another. In wireless net-
works, routing has been achieved using state-of-the-art rout-
ing protocols like Adhoc On-Demand Distance Vector, Dy-
namic Source Routing, and Open Shortest Path First [30].
But such protocols are not suitable for 6LoWPAN due to
device and network characteristics [35]. Over the past few
years, achieving energy-efficient routing in 6LoWPAN has
remained a significant research issue [2]. To address chal-
lenges, Internet Engineering Task Force (IETF) introduced
Routing Protocol for Low power and Lossy Networks (RPL)
[36]. RPL is currently a “Proposed Standard" and its specifi-
cations are presented in RFC 6550. It must be noted that RPL
is still in its development stage, and there are many issues in
its specification [22, 11]. RPL has several various charac-

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 1 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

Table 1
List of Abbreviations
APPLICATION LAYER Abbreviations Definition
Desktop
6LoWPAN IPv6 over Low-Power Wireless Personal
Area Networks
IoT Internet of Things
NETWORK LAYER
AODV Adhoc On-Demand Distance Vector
DSR mobile Source Routing
OSPF Open Shortest Path First
PERCEPTION LAYER
IETF Internet Engineering Task Force
Sensor Actuator RPL Routing Protocol for Low power and
Lossy Networks
Figure 1: Architecture view of IoT DDAO Dropped Destination Advertisement Ob-
ject
OF Objective Functions
teristics, including the ability to control the transmission of CPS Cyber-Physical Systems
control messages by dynamically changing the packet trans- IIOT Industrial Internet of Things
mission time using trickle algorithm [32], routing metrics DODAG Destination Oriented Directed Acyclic
and Objective Functions (OFs) to support dynamic connec-
Graph
tions [6].
DIS DODAG Information Solicitation
DIO DODAG Information Object
All these characteristics make RPL appropriate for a wide DAO Destination Advertisement Object
range of 6LoWPAN-based IoT applications.[23]. However, DAO-ACK Destination Advertisement Object-
it is vulnerable to several cyberattacks which compromise Acknowledgment
users’ security and privacy [7, 37]. One such common cy- MC Metric Container
berattack in 6LoWPAN is termed as routing attack (insider ETX Expected Transmission Count
or outsider). In a routing attack, the routing protocol is ex- MRHOF Minimum Rank with Hysteresis Objec-
ploited to perform attacks on legitimate nodes [8]. Such tive Function
attacks may significantly affect the overall network perfor-
mance [33]. This paper aims to explore the DDAO attack,
one of the newly identified routing attacks against 6LoWPAN-
1.1. Contributions
In brief, the major contributions of this paper are men-
based IoT. DDAO attack exploits the RPL’s inability to ver-
tioned below.
ify the forwarding nature of nodes. This inability is basi-
cally a vulnerability in RPL, which may be exploited by the • Implementation and analysis of DDAO attack in the
attacker to drop the control messages sent by child nodes non-storing mode of Contiki-NG operating system.
to register themselves with the server or gateway node [31].
This paper shows that a DDAO attack induces a drastic de- • Design and implementation of a lightweight defense
crease in the packet delivery ratio of the network. Because technique (CRA-RPL) to address DDAO attack in RPL.
many critical IoT applications like healthcare, industrial and
• Performance analysis of the proposed defense tech-
power industries, environmental early warning, etc., demand
nique to show its effectiveness in detection and mit-
the packet delivery ratio of the network to be significantly
igation of DDAO attack in both static and mobile sce-
good, in such cases, packet loss cannot be tolerated. There-
narios.
fore, the packet delivery ratio of 6LoWPAN needs to be re-
stored in attack scenarios. To address the DDAO attack in 1.2. Organization of the paper
RPL, we have proposed a challenge-response based authen- Further, the paper is organized in the following man-
tication technique (CRA-RPL) capable of detection and mit- ner. Section 2 provides an overview of RPL and discusses
igation. Major advantages of the proposed CRA-RPL tech- DDAO attack. Then, Section 3 focuses on the literature in
nique include: (1) it detects the attack with 100% accuracy; the concerned area. Section 4 discusses system and adver-
(2) it mitigates the attack and improves the network’s packet sary frameworks. Further, our proposed CRA-RPL tech-
delivery ratio up to 102% in static, and upto 66% in the mo- nique is presented and explained in Section 5. Section 6 de-
bile scenario; (3) it does not impose significant overhead on scribes the experimental details and discusses the key find-
the network performance parameters; (4) it is a lightweight ings in terms of various prominent network performance met-
technique and does not induce significant overhead on resource- rics. Lastly, Section 7 summarises and concludes the paper.
constrained nodes; (5) CRA-RPL can be easily deployed in
any other embedded operating system which supports RPL,
e.g., OpenWSN, RIOT, TinyOS, LiteOS, etc. 2. Background
2.1. Overview of the RPL protocol
RPL is a network layer protocol and operates on top of
IEEE 802.15.4 PHY/MAC layer [36, 35]. It is based on the

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 2 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN
concept of distance vectors and source routing. RPL forms
a network of logically interlinked devices (i.e., nodes) us-
ing mesh and tree topology. RPL organizes the devices into
a special tree-like structure, which is known as a Destina-
tion Oriented Directed Acyclic Graph (DODAG) [27]. In
DODAG, all the nodes are rooted towards one node called
the root node. A network may contain multiple DODAG to
satisfy the fault tolerance of the network [11]. As shown
in Figure 2, the root node (gateway) in DODAG serves as
an interface between sensor nodes and the Internet. Each
DODAG is identified by its RPL instance ID and the corre-
sponding DODAG ID. RPL uses four types of control mes-
sages to build and maintain the topology: “DODAG Infor-
mation Solicitation" (DIS), “DODAG Information Object"
(DIO), “Destination Advertisement Object" (DAO), and “Des-
tination Advertisement Object Acknowledgement" (DAO-
ACK). A new node can join an existing network by send-
ing a DIS message and requesting DIO messages contain-
ing essential information such as the DODAG Instance ID,
DODAG ID, rank, version number, and DAG metric con-
tainer (MC) [6, 11, 36]. Nodes collect frequently transmitted
DIO messages from their neighbors to maintain and update
the topology from time to time. After gathering all essen-
tial information from the received DIO packet, a node adds
the sender to its neighbor table list [1]. The selection of the
parent node is based on the rank value concept. The rank
value of a node in RPL is a numerical representation of its
position w.r.t. the root node. A lower rank value indicates
that the node is closer to the root, while a higher rank value
indicates the opposite [36]. The node having a lower rank
among all neighbors is chosen as the preferred parent. The
key idea behind using the rank concept is to detect and avoid
routing loops, build parent-child relationships, and provide
a mechanism for nodes to differentiate among themselves.
An Objective Function (OF) is employed to select the pre-
ferred parent [17]. OF describes the method for choosing the
best routes in DODAG and determining rank using routing
metrics. Depending on the application’s requirements, RPL
may implement various OF. Some examples of OF are ETX
(Expected Transmission Count) Objective Function, Mini-
mum Rank with Hysteresis Objective Function (MRHOF),
and Objective Function Zero (OF0) [13, 14]. After identi-
fying the best route, a DAO control message is sent to the
root via the optimal path. If the ACK message is enabled,
the DAO-ACK message is sent using unicast propagation to
notify the corresponding sender node that the DAO message
has been received at the root. RPL has two modes of oper-
ation: Storing and Non-storing [36]. In Storing mode, each
node keeps its record of the downward routing table, which
the network uses for traffic control. In Non-storing, all traffic
is routed through the root node to the destination node.
2.2. Dropped Destination Advertisement Object
Attack (DDAO)
RPL uses DAO control messages to configure downward
routing from the DODAG root node to the child (i.e., leaf or
router) nodes. In the non-storing mode of RPL, the child
S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier
node must register itself at the root node after successfully
joining the DODAG and establishing a parent-child relation-
ship. A child node registers itself at root node by sending a
DAO control message through its preferred parent node. In
response to the DAO control message, the root node sends
back the DAO-ACK control message to the corresponding
child node. In RPL, there are two operating modes namely
storing and non-storing. In storing mode of RPL, the DAO
message is unicast by the child node to the preferred par-
ent node (which is selected by the OF). Upon receiving a
DAO from child, the parent node unicasts a DAO-ACK in
response. However, in non-storing mode, the child node
unicasts a DAO packet destined to the root through its pre-
ferred parent node. All the intermediate nodes append their
IP address in the DAO header and forward the message to
their corresponding parent until message is delivered to root.
Root node responds to DAO originator node with a DAO-
ACK message. This normal DAO processing and forwarding
mechanism of RPL may be exploited by the attacker node to
perform DDAO attack. A legitimate node may be captured
and reprogrammed to perform such an attack. This is pos-
sible in scenarios where nodes are physically accessible by
intruders or attackers. If we consider the case of attack in
storing mode, an attacker node upon receiving the child’s
DAO drops the packet and responds with fake DAO-ACK.
Whereas, in case of non-storing DDAO attack, an attacker
drops the child’s DAO and responds to DAO originator with
fake DAO-ACK containing a spoofed source IP address of
DODAG root which it learns from multicast DIO messages.
DDAO attack is introduced in Sheibani et al. [31]. This pa-
per primarily focuses on the non-storing mode of RPL due
to its applicability in wide range of 6LoWPAN-based criti-
cal IoT applications, simplicity and reliability. Non-storing
mode based DDAO attack scenario is depicted in Figure 3.
First, we will go through the RPL’s normal DAO processing
and forwarding. Node G unicast the DAO to its preferred
parent Node C. Then, Node C forwards the DAO packet to
Node A. Node A forwards the DAO packet to the root node
R. Upon receiving the DAO, the root node R responds with a
unicast DAO-ACK to the DAO originator node through the
same path. Source routing is used to make sure that DAO-
ACK reaches to the DAO originator or sender node. Now,
using the same example, we will understand how the DDAO
attack works. As shown in Figure 3, the child Node H and I
unicast the DAO packet to the root node R through its pre-
ferred parent Node E. Assume Node E is an attacker. Upon
receiving DAO from childs H and I, the attacker Node E dis-
cards the DAO packet and responds with a fake DAO-ACK
containing the IP address of the root node as the source IP.
The child Node H and I consider the received DAO-ACK
packet as a legitimate response by the root node and assume
that they have been registered at the DODAG root. Then,
Node H and I start sending data packets toward the root,
which are dropped by an attacker, which ultimately causes
the network to have a low packet delivery ratio.
Page 3 of 20
 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

Low-power and Lossy

Network Border
R Router(LBR)
DODAG- 1 R R R
R DODAG- 2
R
Rank=1 Rank=2 DODAG- 4
Rank value
R P Q
C increases
Rank=2 DIO R
Rank=3
Rank=2 B M S T
3
A H 2

U V
Rank=3
D Rank=4 4 5
F DODAG- 3
Rank=3
E G DIS

Rank=3 R DODAG- 5
Rank=4
Non-Storing
I DAO- R Mode
Rank value J N
ACK
decreases

W 6 7
O X
DAO-
Rank is calculate by ACK
Objective Function (OF) DAO L DAO
Y Z 8 9

Storing Mode

(1).pdf
Figure 2: Overview of RPL

Packet sent by DAO-ACK

R
Rank=1
to minimize the memory overhead associated with storing
the addresses as unique entries. The major limitations of
legitimate node

liteSAD are the overhead induced by the Bloom filter itself

Packet sent by attacker
node

and the collision issue when the number of sensor nodes in-
A B Rank=2
Root Node

creases in the RPL network. Sahay et al. [29] proposed a

Network partitioning attack against RPL in an IoT environ-
Client Node DAO-ACK

ment. Verma et al. [34] proposed a solution named Secure-

D E F Rank=3

Attacker Node

RPL for preventing RPL against DIS attacks. Secure-RPL

uses RPL parameters and puts thresholds on them to iden-
tify attackers, block them and store them in a table. The
G H I J Rank=4

major limitation of Secure-RPL is that it cannot identify the

DAO DAO DAO

Figure 3: DDAO Attack Sybil attacker. It is established that the RPL-MRC technique
given by Medjek et al. [20] overcomes this problem. Re-
sponse Delay and Timer Readjustment are two complement-
3. Related Work ing mitigation strategies. In terms of control packet overhead
and power consumption, RPL-MRC enhances RPL perfor-
Bang et al. [6] proposed an objective Function named mance. ArÄśÅ§ et al. [3] proposed Elimination and Shield
Echelon Metric Based Objective Function (EMBOFâĂŞRPL) defense technique. This technique provides security against
for identifying rank attack. The receiver validates the au- version number attack. A trust-based extension of RPL was
thenticity of the received rank, when the sender multicast introduced by Airehrour et al. in [3] to mitigate rank and
the DIO packet before calculating its rank. It is confirmed Sybil attacks called SecTrust-RPL. The simulation results
through simulations that EMBOF-RPL performs better than have been implemented on a testbed. Ghaleb et al. [12]Âă
ContikiRPL. Sahay et al. [28] proposed a technique called addressed DAO insider attacks by restricting the number of
Enhanced RPL (ERPL) to mitigate the worst parent attack in DAO messages forwarded per destination. The proposed so-
RPL. ERPL uses the existing RPL standard and modifies the lution, named SecRPL, uses a threshold parameter and a
DIO control packet that populates the candidate neighbor set DAO counter that monitors the number of DAO received
using rank value. The candidate parent set is optimized using from child nodes. Sheibani et al. [31] proposed a detection
rank as a metric to create an optimal parent set, ensuring that approach against Dropped DAO (DDAO) attack. For mon-
the nodes only select the parent from this set. Cong Pu. et itoring the packet forwarding behavior of nodes, the author
al. [26] proposed a lightweight security solution named lite- used a technique known as a watchdog timer. The work of
SAD for addressing Sybil attack in RPL. The authors gave Sheibani et al. [31] is limited to the detection part, and de-
each node a special identification using a physical unclon- tails about mitigation are not presented in the paper. In addi-
able function (PUF), and that information was recorded in tion, their approach relies on a watchdog timer which forces
an array. liteSAD utilizes a Bloom filter rather of an array nodes to remain active for 500ms after every DAO trans-

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 4 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

Table 2 6LBR
Comparison of security solutions suggested in the literature L1 L2
with our proposed solution
N1
Authors Defense Mobility Mitigation N2

Mechanism Support of DDAO L3

Attack L4 L5

Bang et al. [6] EMBOF Yes No N3

N4 N5
Sahay et al. [28] ERPL No No
Cong Pu. et liteSAD No No
L6
al.[26]
N6
Sahay et al. [29] Enhanced RPL No No
Medjek et al. [[20] RPL-MRC Yes No
Verma et al. [34] Secure-RPL Yes No Figure 4: System Model
Ariehrour et al. [3] SecTrust-RPL No No
ArÄśÅ§ et al. [4] Elimination No No
and Shield
technique • In general, the root node, also known as the 6LoW-
Ghaleb et al. SecRPL No No PAN Border Router (6LBR), is resourceful.
[12]Âă
Sheibani et al. Watchdog No No • For experimentation, the homogeneous nodes are con-
[31] timer sidered, which send the DAO control message to the
Our proposed ap- CRA-RPL Yes Yes root node for route registration and maintenance.
proach
• The DAO and DAO-ACK messages of standard RPL
are modified to include the proposed technique’s logic.
mission. This monitoring mechanism increases the power We have termed the modified version of the control
consumption of the resource-constrained nodes because nor- message as 𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 and 𝐷𝐴𝑂 − 𝐴𝐶𝐾𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 .
mal radio duty cycling is not followed by the nodes. Apart • The row number of each sensor node 𝑖 (𝑅𝑁𝑖 ) is taken
from this, When compared to static scenarios, RPL performs by using the last octet of the IPv6 address of a partic-
poorly in the case of Packet Delivery Ratio inÂămobility ular node 𝑖 as shown in Figure 5.
scenarios, especially at larger packet rates [5]. Because the
location of sensor nodes fluctuates over time in mobility en- • The sensor node 𝑖 knows the prime number (𝜌) and its
vironments. The major limitation of most of the solutions row number (𝑅𝑁𝑖 ). The 6LBR knows the row num-
present in the literature is that they have not considered node ber (𝑅𝑁𝑖 ) of all sensor nodes at the time of PSCM
mobility, which is one of the essential characteristics of IoT creation.
applications[15]. In this paper, we have focused on the de-
sign, implementation, and analysis of a technique named CRA- 4.2. Adversary Model
RPL to detect and mitigate DDAO attack in both static and The attacker in the simulated IoT scenario is considered
mobile networks [18]. The proposed CRA-RPL was theo- to have the following characteristics.
retically compared to the existing literature is presented in
• In the experiments, the network topology includes sev-
Table 2.
eral attacker nodes, which is represented as 𝑁𝑀𝑎𝑙𝑖𝑐𝑖𝑜𝑢𝑠 .
It is assumed that the malicious user is able to cap-
4. System and Adversary Models ture the legitimate node and reprogram it to perform
The system and adversary models that have been con- to behave abnormally or perform the intended mali-
sidered in this work are illustrated in this section. Table 3 cious action. [6, 16, 9].
defines the symbols that we have used in the proposed tech-
• The attacker node does not follow normal RPL opera-
nique.
tions as it is configured to send DAO messages without
following the trickle timer of RPL.
4.1. System model
The system model is described below: • We assume that the attacker node is already a parent of
several child nodes. The child node sends 𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑
• As shown in Figure 4, the IoT network taken into con-
to the 6LBR for the purpose of route registration through
sideration that consists of a set 𝑁 = {𝑁1 , 𝑁2 , 𝑁3 ,...,
the preferred parent. The parent node drops 𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑
𝑁𝑛 } of 𝑛 nodes. These nodes are IoT sensor nodes or
and sends a fake 𝐷𝐴𝑂 − 𝐴𝐶𝐾𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 using the IPv6
client nodes that are resource-constrained. The edges
address of the 6LBR.
or links which are used to connect the sensor nodes
represent as 𝐿 = {𝐿1 , 𝐿2 , 𝐿3 , ...., 𝐿𝑛 } over the DODAG • The primary goal of the 𝑁𝑀𝑎𝑙𝑖𝑐𝑖𝑜𝑢𝑠 is to disrupt the
𝐺 = {𝑁, 𝐿} [6]. DAO forwarding technique of the standard RPL and

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 5 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

Last Octet
Table 3 IPv6 addresses

Symbols and Definitions 3fe8:1:1:1:0:5f3a:000b:0001 0001

3fe8:1:1:1:0:5f3a:000b:0002 0002
Symbol Definition
3fe8:1:1:1:0:5f3a:000b:0003 0003
𝑁𝑀𝑎𝑙𝑖𝑐𝑖𝑜𝑢𝑠 Malicious node.
6LoWPAN Border
𝜌 Prime number. Router
3fe8:1:1:1:0:5f3a:000b:0004 0004

𝛼 Number of rows in matrix. 3fe8:1:1:1:0:5f3a:000b:0005 0005

𝛽 Number of columns in matrix. 3fe8:1:1:1:0:5f3a:000b:0006 0006

𝑀𝛼×𝛽 Prime Sequence Code Matrix.

𝑁𝑜𝑑𝑒𝑚𝑎𝑥 Maximum number of nodes in the
network.
𝜒 Challenge value.
𝛾 Computed response.
𝜓 Received response.
𝑅𝑁𝑖 Row number of sensor node i.
𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 Modified version of DAO packet.
𝐷𝐴𝑂 − 𝐴𝐶𝐾𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 Modified version of DAO-ACK
packet.
Figure 5: PSCM matrix
 ← [1, … , 𝑁𝑜𝑑𝑒𝑚𝑎𝑥 ]
N𝑏𝑙𝑎𝑐𝑘𝑙𝑖𝑠𝑡 Number of Blacklisted nodes.

 ← [1, … , 𝑁𝑜𝑑𝑒𝑚𝑎𝑥 ]
Preferred parent list
Blacklist table
ℵ𝑖 ← [<𝑏𝑙𝑠𝑟𝑐𝑖𝑝 >], Structure of a blacklisted node in
𝑖 = 1,. . . , 𝑁𝑜𝑑𝑒𝑚𝑎𝑥 the blacklist table. Where 𝑏𝑙𝑠𝑟𝑐𝑖𝑝
shows the IP address of the black-
listed node.
sender𝑖𝑝 IP address of DAO sender.
advertise a fake DAO-ACK message [31], which af-
fects the network parameters.
5.1. Formation of Prime Sequence Codes at root
node
A matrix consisting of unique sequence numbers is called
the Prime Sequence Code Matrix where elements in a row 𝛼
and a column 𝛽 are distinct i.e. (𝛼, 𝛽) [25].
The following steps are taken into consideration for the gen-
eration of PSCM:
• Select a prime number 𝜌.
• The element of the matrix on the 𝛼th row and the 𝛽th
column is based on the following eq. 1.

𝑚(𝛼, 𝛽) = (𝛼×(𝛽 −1)) 𝑚𝑜𝑑 𝜌, ∀ 1 ≤ 𝛼 < 𝜌 𝑎𝑛𝑑 1 ≤ 𝛽 ≤ 𝜌

5. Proposed Solution
The current specification of RPL does not contain any
mechanism for verification and validation of the DAO-ACK
control message. We propose a novel technique that over-
comes this drawback of the standard RPL. CRA-RPL is based
on the distributed detection strategy. The algorithm of our
defense technique is presented in Algorithm 1. In the pro-
posed technique, the sender sends the 𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 packet
to the root node through its preferred parent, and the root re-
sponds with 𝐷𝐴𝑂 − 𝐴𝐶𝐾𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 . The modified version of
the DAO and DAO-ACK control message is achieved by in-
jecting the Challenge and Response values in the RESERVED
field as illustrated in Figure 6. The challenge specifies the
random value less than the number of sensor node which
encapsulated in the DAO message unicast by the child to
the root node through the preferred parent node. The Re-
sponse specifies the valid value for the corresponding chal-
lenge, encapsulated in the DAO-ACK message unicast by the
root node to the child node for authenticating the DAO-ACK
message. For the generation of Challenge-Response pair, a
unique sequence number is generated at the root node which
is known as Prime Sequence Codes [25] is introduced in sec-
tion 5.1. The symbols and definitions used in the proposed
approach are mentioned in Table 3.
(1)
As shown in Figure 5 the element ‘4’ on (3,7) exists only
in row 3 and column 7. Moreover, a PSCM only comprises
a sequence of two distinct neighboring components. For ex-
ample, on the 6th row of the PSCM, the elements “6-5" exists
only once. A Unique Sequence Code is used in this paper to
describe the sequence of two adjacent items. The PSCM ma-
trix shown in Figure 5 is an example with the prime number
(𝜌) 7 which is created with the help of eq. 1. The consider-
ation of prime number is done using eq. 2.
5.2. Acknowledgment Authentication by
Challenge-Response
For detecting the fake DAO-ACK message in a DDAO
attack, CRA-RPL is used as shown in Figure 6. The main
aim of CRA-RPL is to authenticate fake DAO-ACK message
using the Challenge-Response pair concept.
1. Generation of PSCM at root node: PSCM is gener-
ated at the root node with an appropriate prime num-
ber 𝜌, which is greater than the number of sensor nodes
by using eq. 2.

𝜌 > 𝑁𝑜𝑑𝑒𝑚𝑎𝑥 (2)

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 6 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

(1).pdf
Response of sender Response of receiver

Calculate
Calculate
respective
respective
response Challenge Computed Received
response Calculate Calculate
response
respective response
respective
response response

DAO-ACK
Reserved
K D Flags Reserved DAOSequence No
Sender RPLInstanceID Reserved
RPLInstanceID K D Flags Challenge DAOSequence Validate response Malicious control
Challenge
packet

DODAGID

Yes

Options
Options

Legitimate control
Modified DAO packet
control packet

Calculate
Calculate
respective
respective
response
response

RPLInstanceID D Reserved DAOSequence Status

Response

DODAGID
Receiver DAO packet
Challenge
Reserved
Reserved
Options

Modified DAO-ACK
control packet

Figure 6: Proposed framework of CRA-RPL

2. A child node transmits DAO with a random chal-
lenge: The DAO control packet of the RPL protocol
is modified by inserting the challenge (𝜒) value in the
RESERVED field, which is termed as a modified ver-
sion of DAO (𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 ) illustrated in Figure 6 by
using eq. 3.
𝜒 <𝜌
The child node arbitrarily chooses a number less than
𝜌 as a challenge value (𝜒) while sending a DAO mes-
sage to the root node through its preferred parent.
(a) The child node also computes the right response
(𝛾) for the respective 𝜒 value as illustrated in
Figure 6 by using eq. 4.
𝛾 = (𝜒 + 𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 ) 𝑚𝑜𝑑 𝜌
3. DAO-ACK replied by the root with computed re-
sponse: After receiving the DAO, the root node com-
putes the response (𝜓) value for the respective chal-
lenge (𝜒) value sent by the sender node (sender𝑖𝑝 ) by
using eq. 5. For this purpose, it fetches the row num-
ber of the sender node (𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 ) from the PSCM
present at the root node by using the last octet of the
sender address as shown in Figure 5.
packet at the root node, the root node extracts the challenge
𝜓 = (𝜒 + 𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 ) 𝑚𝑜𝑑 𝜌 (5) (𝜒) value and calculates the response (𝜓) value by using eq.
4. DAO-ACK packet authentication is done by the sender𝑖𝑝5. :
On receiving the DAO-ACK. The only intended recip-
ient who informed about the 𝜌, 𝜒, and row number
of the sender 𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 can calculate the correct re-
sponse value. For validation purposes, if the received
response (𝜓) is calculated using eq. 4 matches the
computed response (𝛾) calculated by using eq. 5. The
sender (sender𝑖𝑝 ) is satisfied that the DAO-ACK con-
trol packet sent by the designated (root) node and the
transmission have been completed successfully. Oth-
erwise, the sender placed the node ID (𝑏𝑙𝑠𝑟𝑐𝑖𝑝 ) in the
blacklist table () by using eq. 6.
(3)
 ← 𝑏𝑙𝑠𝑟𝑐𝑖𝑝 ,
(6)
∀ ≤ 𝑁𝑜𝑑𝑒𝑚𝑎𝑥
Example: There is assumed to be a topology in which
there exists a root node and five sensor nodes. According to
step 1, The PSCM is generated at the root using eq. 1 and
the prime number (𝜌) ‘7’ taken by using eq. 2. According
(4) to step 2, when the sensor node ID 3 sends a DAO control
packet to the root node, it adds ‘6’as a challenge (𝜒) value
by using eq. 3 ACK authentication with a response value.
Using eq. 4, the sensor node calculates the correct response
(𝛾).
𝛾 = (6 + 3) 𝑚𝑜𝑑 7
𝛾 =2
According to step 3, upon receiving the DAO control
𝜓 = (6 + 3) 𝑚𝑜𝑑 7
𝜓 =2

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 7 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

5.3. Mitigation Technique
Our proposed approach is novel because the existing work
[31] did not authenticate the Acknowledgment packet against
the DDAO attack. Mitigation can be done in two ways to ad-
dress the DDAO attack.
• The row number of sender node (𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 ) retrieved
from the first column of PSCM (𝑀𝛼×1 ) stored at the
root node.
• Calculate the received response (𝜓) value.

• Local Repair: The sender node (sender𝑖𝑝 ) detects the • Encapsulate the 𝜓 value in the RESERVED field of
fake DAO-ACK control packet and places the 𝑏𝑙𝑠𝑟𝑐𝑖𝑝 in the modified version of DAO-ACK (𝐷𝐴𝑂−𝐴𝐶𝐾𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 )
message.
the blacklist table (). Afterward, the sender (sender𝑖𝑝 )
calls the local repair mechanism. When the local re- The On_DAO-ACK_Receive procedure of Algorithm 1 is
pair mechanism invokes, more control messages are responsible for performing the following functions:
generated for topology maintenance. In this mecha-
nism, when the DIO message unicast/multicast by the • Extract the received response (𝜓) value from the RE-
𝑏𝑙𝑠𝑟𝑐𝑖𝑝 , then the message is discarded by the receiver SERVED field.
node. The limitations of using this technique are: (1)
• Compare both the response i.e., calculated response
it increases the overhead by generating more control
(𝛾) and received response (𝜓).
messages; (2) The local repair mechanism incurs the
local repair attack on the network. • If the response is similar, then it confirms that the DAO-
ACK message is genuinely sent by the root node and
• Isolation of Attacker node from Preferred Parent
continues the standard RPL mechanism.
list: After the detection of fake DAO-ACK message
by the sender node (sender𝑖𝑝 ), the sender placed 𝑏𝑙𝑠𝑟𝑐𝑖𝑝 • If the response is not the same, then we place the sender
in the blacklist table (). The sender node removes the IP (𝑏𝑙𝑠𝑟𝑐𝑖𝑝 ) in the blacklist table () and remove the en-
𝑏𝑙𝑠𝑟𝑐𝑖𝑝 from the preferred parent list (). The benefit try of 𝑏𝑙𝑠𝑟𝑐𝑖𝑝 from the preferred parent list () to block
of using this technique is that it does not significantly further communications.
induce any overhead on the network and mitigates the
attack.
Algorithm 1 Pseudocode of CRA-RPL
5.4. Description of CRA-RPL 1: procedure INITIALIZATION
The Algorithm 1 presents the pseudocode of CRA-RPL. 2:  ← [1, … , 𝑁𝑜𝑑𝑒𝑚𝑎𝑥 ]
The code is incorporated in the DAO processing method of 3:  ← [1, … , 𝑁𝑜𝑑𝑒𝑚𝑎𝑥 ]
𝑟𝑝𝑙 − 𝑖𝑐𝑚𝑝6.𝑐 file. DAO control message is responsible for 4: 𝑚(𝛼, 𝛽) = (𝛼 ×(𝛽 −1)) 𝑚𝑜𝑑 𝜌, ∀ 1 ≤ 𝛼 < 𝜌 & 1 ≤ 𝛽 ≤ 𝜌 …
by using eq. 1
route registration at the root node and for topology mainte-
5: end procedure
nance. CRA-RPL is executed whenever the sender unicasts 6: procedure AT_C LIENT_NODE(On_DAO_Send)
a DAO message to the root node through the preferred par- 7: Reserved_field ← ← 𝜒
ent for route registration and maintenance. 8: 𝛾 = (𝜒 + 𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 ) 𝑚𝑜𝑑 𝜌 ⋯ by eq. 4
The following tasks are carried out by the Initialization pro- 9: Send 𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 to preferred parent
cedure in Algorithm 1: 10: end procedure
11: procedure AT_ROOT_NODE(On_DAO_Receive)
• Initialization of preferred parent list and blacklist ta- 12: 𝜒← ← Reserved_field
ble. 13: 𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 ← ← 𝑀𝛼×1
14: 𝜓 = (𝜒 + 𝑅𝑁𝑠𝑒𝑛𝑑𝑒𝑟 ) 𝑚𝑜𝑑 𝜌 ⋯ by eq. 5
• Initialization of PSCM at the root node. 15: Reserved_field ← ← 𝜓
16: Send 𝐷𝐴𝑂 − 𝐴𝐶𝐾𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 to sender
The On_DAO_Send procedure of Algorithm 1 is responsible
17: end procedure
for performing the following functions: 18: procedure AT_C LIENT_NODE(On_DAO-ACK_Receive)
• When the modified version of DAO (𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 ) 19: 𝜓← ← Reserved_field
20: if (𝛾 equals 𝜓) then
packet unicast, the sender encapsulate Challenge (𝜒)
21: return
value in the RESERVED field. 22: else
• The DAO sender also computes the actual response 23: ←
Remove 𝑏𝑙𝑠𝑟𝑐𝑖𝑝 from 
← 𝑏𝑙𝑠𝑟𝑐𝑖𝑝
24:
(𝛾) value for the corresponding Challenge (𝜒).
25: end if
The On_DAO_Receive procedure of Algorithm 1 is respon- 26: end procedure
sible for performing the following functions:
• When 𝐷𝐴𝑂𝑚𝑜𝑑𝑖𝑓 𝑖𝑒𝑑 packet received by the root, Re-
trieve the challenge ((𝜒)) value from the RESERVED
field.

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 8 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

6. Simulation and Performance Evaluation Table 4

EXPERIMENTAL SETTINGS
6.1. Simulation Setup
We evaluate the performance of the proposed CRA-RPL
Parameters Values
technique in Contiki-NG. The Zolertia 1 (Z1) platform serves
Simulator Cooja on Contiki-NG
Radio Model Unit Disk Graph
as a 6LoWPAN node in this paper. CRA-RPL technique is Medium (UDGM)
implemented by altering the existing operating system files Topology Dimension 200𝑚 × 200𝑚
of Cooja Simulator. The details of simulation parameters are simulation time 1800𝑠
discussed in Table 4. For statistically accurate experimental Objective function Minimum Rank with Hysteresis
results, 10 independent replications using various random Objective Function(MRHOF)
seeds were carried out for each scenario. We have used the Node type Z1 mote
average values of the collected results and their errors at 95% Transmission range 50𝑚
confidence interval to prevent any biased findings. Number of server node 1
Number of client nodes Up to 28
6.2. Performance Metrics Number of attacker nodes 1, 2, 3
To examine the effect of a DDAO attack on RPL and
Data packet size 30 𝑏𝑦𝑡𝑒𝑠
evaluate the performance of the proposed approach in a static
and mobile network scenario, we have selected Packet De- 6.2.4. Packet Loss Ratio (PLR)
livery Ratio (PDR), Average End-to-End Delay (AE2ED), It indicates the ratio of data packets not received at the
Control Packet Overhead (CPO), Average Power Consump- root node to data packets sent by client nodes.
tion (APC), and Packet Loss Ratio (PLR). These performance
metrics are defined as: 𝑆𝑟𝑒𝑐𝑒𝑖𝑒𝑣𝑒𝑑
𝑃 𝐿𝑅 = 1 − ∑𝑁 (10)
6.2.1. Packet Delivery Ratio (PDR) 𝑖=1 𝑆𝑠𝑒𝑛𝑡𝑖

The ratio of the total number of data packets obtained at
the root node to the total number of data packets transmitted
by the client nodes.
𝑆𝑟𝑒𝑐𝑒𝑖𝑒𝑣𝑒𝑑
𝑃 𝐷𝑅 = ∑𝑁 (7)
𝑖=1 𝑆𝑠𝑒𝑛𝑡𝑖
where 𝑆𝑟𝑒𝑐𝑒𝑖𝑒𝑣𝑒𝑑 and 𝑆𝑠𝑒𝑛𝑡𝑖 denote the total number of data
packets received at the root node and the total number of data
packets sent by the non-root node i respectively.
where 𝑆𝑟𝑒𝑐𝑒𝑖𝑒𝑣𝑒𝑑 and 𝑆𝑠𝑒𝑛𝑡𝑖 denote the total number of data
packets received at the root node and the total number of data
packets sent by the non-root node i respectively.
6.2.5. Average Power Consumption (APC)
It is defined as the average of the total power consumed
by each non-root node over a given amount of time. Equa-
tions 11 and 12 represent energy and power, respectively.
𝐸𝑛𝑒𝑟𝑔𝑦(𝑚𝐽 ) = (𝑇 𝑋 + 𝑅𝑋 + 𝐶𝑃 𝑈 + 𝐿𝑃 𝑀) (11)

6.2.2. Average End-to-End Delay (AE2ED) Where TX represents the transmission, RX represents the
The average time required for each sensor node to trans- receiving, LPM represents the low power mode, and CPU
mit data packets is successfully reached at the root node. represents CPU time [35].
𝐸𝑛𝑒𝑟𝑔𝑦
∑𝑁 𝑃 𝑜𝑤𝑒𝑟(𝑚𝑊 ) = (12)
𝑖=1 𝑆𝑟𝑒𝑐𝑒𝑖𝑣𝑒𝑑𝑖
𝐴𝐸2𝐸𝐷 = (8) 𝑇 𝑠𝑡
where 𝑇 𝑠𝑡 represents the total simulation time in seconds.
𝑆𝑁

where 𝑆𝑟𝑒𝑐𝑒𝑖𝑣𝑒𝑑𝑖 represents the total number of received pack-

ets by each sensor node i and 𝑆𝑁 represents the time delay 6.3. Network Performance
of the data packet. This paper validates our proposed technique in both static
and mobile scenarios. For comparison, we have considered
6.2.3. Control Packet Overhead (CPO) three cases including 𝑅𝑃 𝐿, 𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 , and 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 ,
It is defined as the sum of control packets (DIS, DIO, Where, 𝑅𝑃 𝐿 denotes the standard RPL without any defense
DAO, DAO-ACK) generated by all sensor nodes in the net- mechanisms, 𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 denotes the standard RPL that
work. is being attacked, and 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 denotes the secure ver-
sion RPL that is being attacked and includes our defense so-
𝑁
∑ lution in legitimate nodes. All three cases have been evalu-
𝐶𝑃 𝑂 = 𝑆𝑠𝑒𝑛𝑡𝑖 (𝐷𝐼𝑆)+(𝐷𝐼𝑂)+(𝐷𝐴𝑂)+(𝐷𝐴𝑂−𝐴𝐶𝐾) (9) ated in terms of PDR, AE2ED, APC, CPO, and PLR metrics.
𝑖=1

where 𝑆𝑠𝑒𝑛𝑡𝑖 represents the sensor node i generates control

6.3.1. Analysis on Packet Delivery Ratio
packets. One of the key conditions for IoT networks is the avail-
ability of application data from sensor nodes to the gateway.
Thus, PDR analysis is an essential metric to evaluate the per-
formance of networks. Figure 7a, 7b, 8a 8b show the PDR

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 9 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN
1.00
0.75
Packet Delivery Ratio
0.50
0.25
0.00
1 2
Number of Attacker
(a) Packet delivery ratio (nodes=18)
Figure 7: Packet delivery ratio in static scenario
values obtained with the different numbers of attackers in
a static and mobile scenario in both limited and dense net-
work. To evaluate the impact of a DDAO attack on an IoT
network, we have presented standard RPL (𝑅𝑃 𝐿). In stan-
dard RPL, we noted that the sensor nodes are legitimate.
It has been observed that the DDAO attack in non-storing
mode (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ) degrades the network PDR when
compared with the standard RPL’s PDR as shown in Fig-
ure 7a, 7b, 8a and 8b. When we discuss the static scenario,
the standard RPL shows the average value of PDR approx.
to 1 in both limited and dense network, and in the case of
a DDAO attack, the PDR values reduce to values between
0.48 to 0.45 in limited network and 0.40 to 0.27 in a dense
network with the different numbers of attackers . In the mo-
bile scenario of topology, the standard RPL shows the av-
erage PDR value approx. to 0.51 in limited network and
0.44 in dense network, but when we observe the scenario
of a DDAO attack, the average value of PDR degrades from
0.43 to 0.35 in limited network and 0.38 to 0.33 in dense
network. By observing both scenarios, the attack has a high
impact on the standard RPL protocol in static compared to
mobile because, in the mobile scenario, the sensor nodes are
mobile in nature. When the sensor nodes change their po-
sition, the parent list of the sensor node also change, which
causes less impact on the attacker because when the attacker
node becomes a parent of the child nodes, the DDAO attack
happens. As seen in Figure 7a, 7b, 8a and 8b, our proposed
approach 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 increased the PDR up to 102% in
static and up to 66% in mobile scenario in the limted net-
work and up to 270% in static and up to 64% in mobile sce-
nario in the dense network as it authenticates DAO-ACK and
detects fake DAO-ACK sent by an attacker. Afterward, the
sender (sender𝑖𝑝 ) isolates the attacker node. For applications
in which data delivery is important, like healthcare, such a
drop in PDR values is unacceptable. Therefore, DDAO at-
tacks must be addressed carefully for smooth functioning in
S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier
RPL
RPL
RPL
RPL Under Attack
Under Attack
CRA-RPL
CRA-RPL
1.00
0.75
Packet Delivery Ratio
0.50
0.25
0.00
3 1 2 3
Number of Attacker
(b) Packet delivery ratio (nodes=28)
such applications.
6.3.2. Analysis on Average End-to-End Delay
We determine the average end-to-end delay by using eq.
8. Figure 9a, 9b, 10a and 10b shows the impact of AE2ED
on 𝑅𝑃 𝐿, 𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 , 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 in static and mo-
bile scenario in both limited and dense network. The AE2ED
of the standard RPL (𝑅𝑃 𝐿) in the static scenario is approx.
to 0.20 in limited network and 0.24 in dense network, and
in the case of the DDAO attack (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ), the val-
ues approx. to 0.21 in limited network and values range
from 0.29 to 0.24 achieved in the dense network. In the mo-
bile topology of the network, the AE2ED of the standard
RPL (𝑅𝑃 𝐿) approx. to 0.14 in both limited and dense net-
work, and in case of the DDAO attack (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ),
the AE2ED values are in between 0.14 to 0.16 in limited
network and 0.11 to 0.12 in the dense network. The AE2ED
values slightly decrease in mobility because the source and
destination nodes are near when the sensor node moves. As
shown in Figure 7a, 9b, 10a and 10b, the DDAO attack
(𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ) has a slight impact on the delay of the net-
work because the attacker drops the DAO control message
of its descendants and sent fake DAO-ACK packet. It has
been observed that our proposed technique 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿
slightly increases the delay on the network in a static and
mobile scenario in both limited and dense network because
of the selection of routes that is not optimal when we call
mitigation technique to restore the network’s PDR.
6.3.3. Analysis on Control Packet Overhead
Figure 11a, 11b, 12a and 12b show the Control packet
overhead (CPO) with a different number of attackers in a
static and mobile scenario in both limited and dense network.
The number of control packets is calculated by using eq. 9.
In standard RPL (𝑅𝑃 𝐿), the number of control packets gen-
erated is approx. to 1838 in limited and 2175 in the dense
Page 10 of 20
 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

1.0 1.0

RPL

RPL
Under Attack
RPL
0.8 0.8
CRA-RPL
RPL
Under Attack

CRA-RPL
Packet Delivery Ratio

Packet Delivery Ratio

0.6 0.6

0.4 0.4

0.2 0.2

0.0 0.0

1 2 3 1 2 3

Number of Attacker Number of Attacker

(a) Packet delivery ratio (nodes=18) (b) Packet delivery ratio (nodes=28)

Figure 8: Packet delivery ratio in mobile scenario

0.5 0.5

RPL

RPL
Under Attack RPL
Average End-to-End Delay (Seconds)

Average End-to-End Delay (Seconds)

0.4 CRA-RPL 0.4 RPL

Under Attack

CRA-RPL

0.3 0.3

0.2 0.2

0.1 0.1

0.0 0.0

1 2 3 1 2 3

Number of Attacker Number of Attacker

(a) Average End-to-End delay (nodes=18) (b) Average End-to-End delay (nodes=28)

Figure 9: Average End-to-End delay in static scenario

network, and in case of DDAO attack (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ), the
number of control packets is in the range of 1204 to 1427
in limited network and 1350 to 1574 in the dense network.
As compared to the standard RPL (𝑅𝑃 𝐿), the DDAO attack
(𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ) reduces the number of control packets be-
cause the attacker node does not forward the DAO packets to
the root node in the static scenario. But when we observed
the mobile scenario, the number of control packets generated
approx. to 3240 in limited and 4439 in the dense network,
and in case of a DDAO attack (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ), the at-
tacker generates more number of control packets that are re-
solved by our proposed technique 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 but slight
increases when we compare with standard RPL (𝑅𝑃 𝐿). When
we remove the attacker node from the parent list, more con-
trol packets are generated for parent selection and topology
maintenance. It has been observed that the mobile scenario
of standard RPL increases by 1402 in limited network and by
2264 in the dense network compared with the static nature
due to the mobile nature of the node because when the posi-
tion of the sensor node change, the number of control packets
are generated for topology creation and maintenance.
6.3.4. Analysis on Packet Loss Ratio
In this paper, We calculate the packet loss ratio by us-
ing eq. 10. As we have seen, Figure 13a, 13b, 14a and 14b
show the PLR on 𝑅𝑃 𝐿, 𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 , 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 in
a static and mobile scenario in both limited and dense net-
work. As we need less packet loss for critical IoT applica-
tions. In standard RPL (𝑅𝑃 𝐿) of static scenario, the PLR
values approx to 0 in both limited and dense network, and
in case of a DDAO attack (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ), the PLR value
range between 0.52 to 0.54 in limited network and 0.60 to

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 11 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

RPL
RPL
RPL
0.25 Under Attack
RPL
Under Attack
CRA-RPL
0.35
CRA-RPL
Average End-to-End Delay (Seconds)

Average End-to-End Delay (Seconds)

0.30
0.20

0.25

0.15
0.20

0.15

0.10

0.10

0.05 0.05

1 2 3 1 2 3

Number of Attacker Number of Attacker

(a) Average End-to-End delay (nodes=18) (b) Average End-to-End delay (nodes=28)

Figure 10: Average End-to-End delay in mobile scenario

RPL

4000 RPL
Under Attack 4000 RPL

RPL
CRA-RPL Under Attack

CRA-RPL
3500 3500
Control Packet Overhead

Control Packet Overhead

3000 3000

2500 2500

2000 2000

1500 1500

1000 1000

1 2 3 1 2 3
Number of Attacker Number of Attacker

(a) Control packet overhead (nodes=18) (b) Control packet overhead (nodes=28)

Figure 11: Control packet overhead in static scenario

0.73, which clearly says that more number of packet loss work.
due to the attacker. As seen in Figure 13a and 13b, our
proposed approach 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 reduces the number of 6.3.5. Analysis on Average Power Consumption
packets being loose (0.02 to 0.12) in limited network and RPL is frequently used because it offers LLNs with energy-
(0.00 to 0.01) in the dense network as it isolates the attacker efficient routing. Therefore, it is essential to analyze the
nodes by identifying the fake DAO-ACK message unicast power consumption of nodes before implementing a new se-
by the attacker. In the mobile scenario of the network, the curity solution. We calculate APC by using eq. 12. Fig-
PLR values of the standard RPL (𝑅𝑃 𝐿) are approximately ure 15a, 15b, 16a and 16b represents the impact of APC
0.49 in limited network and 0.57 in the dense network due to on 𝑅𝑃 𝐿, 𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 , 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 in a static and
the movable nature of sensor nodes, the packets being more mobile scenario in both limited and dense network with the
loose compared to the static scenario. In the case of the different number of attackers. In standard RPL (𝑅𝑃 𝐿), the
DDAO attack (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ), the attacker increases the average power consumed is approx. to 4.08mW in limited
PLR values range between 0.57 to 0.68 in limited network network and 4.08mW in the dense network, and in case of
and 0.62 to 0.67 in the dense network. Our proposed tech- DDAO attack (𝑅𝑃 𝐿𝑈 𝑛𝑑𝑒𝑟 𝐴𝑡𝑡𝑎𝑐𝑘 ), the APC values varies be-
nique (𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 ) improves the degeneration of packets tween 4.08 to 4.77(mW) in limited network and 2.10 to 2.30
range between 0.46 to 0.52 in both limited and dense net- (mW) in the dense network. According to the Figure 15a of

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 12 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

RPL
6000 RPL
Under Attack
RPL
CRA-RPL
RPL
6000 Under Attack

CRA-RPL
Control Packet Overhead

Control Packet Overhead

5000

5000

4000
4000

3000 3000

1 2 3 1 2 3
Number of Attacker Number of Attacker

(a) Control packet overhead (nodes=18) (b) Control packet overhead (nodes=28)

Figure 12: Control packet overhead in mobile scenario

Table 5
Efficiency Parameters
Number of Attacker TPR FNR FPR TNR Precision Recall Accuracy Fooling
rate
Number of nodes: 18
0 - - 0 1 - - 1 -
1 1 0 0 1 1 1 1 0
2 1 0 0 1 1 1 1 0
3 1 0 0 1 1 1 1 0
Number of nodes: 28
0 - - 0 1 - - 1 -
1 1 0 0 1 1 1 1 0
2 1 0 0 1 1 1 1 0
3 1 0 0 1 1 1 1 0

limited network, 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 increases the APC between
4.12 to 6.22(mW) due to generation of more control packets
for topology maintenance and the Figure 15b0, 𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿
consumes the APC between 2.10 to 2.27(mW) in the dense
network. In the mobile scenario of the RPL network as shown
in Figure 16a, the standard RPL (𝑅𝑃 𝐿) consumes average
power 4.77mW in limited network and 2.37mW in the dense
network, and in the case of our proposed technique
(𝑅𝑃 𝐿𝐶𝑅𝐴−𝑅𝑃 𝐿 ) consume average power in the range of 4.08
to 4.76(mW) in limited network and 2.23 to 2.31(mW) in the
dense network .
6.4. Detection strategy using CRA-RPL
This subsection describes the metrics depicted in Table 5
obtained experimentally by implementing our proposed so-
lution to detect fake DAO-ACK message. We employ the
metrics TPR, FNR, FNR, TNR, Precision, Recall Accuracy,
and Fooling Rate to estimate the results. Table 5 indicates
the confusion matrix for the various number of nodes ob-
tained experimentally using the simulation setup.
The Table 5 shows the predicted accuracy of the proposed
solution for the random topology in the network of 200𝑚 ×
200𝑚 area network. The results demonstrate that the our
proposed solution offers 100% accuracy for the limited and
dense network scenario. The fooling rate is a ratio of black-
listed parents as a trustworthy parents during DDAO attack
over the total number of attacker nodes present in the net-
work. The fooling rate in both network scenario achieved as
0 also we have a high TPR and TNR but a low FPR and FNR,
that represent, our proposed solution detect fake DAO-ACK
message accurately unicast by the attacker node. By using
detection, we have incorporating mitigation technique to im-
prove network performance. Hence accessing the proposed
approach validate the optimality of CRA-RPL in both lim-
ited and dense network.
6.5. Analysis on Memory Overhead
It is not encouraged to use resource-intensive security so-
lutions in RPL protocol. Therefore lightweight security so-
lutions are developed to make a resource-efficient network.
This paper investigated the CRA-RPL implementation im-
pact in terms of RAM and ROM consumption using the msp-

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 13 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

RPL
RPL
RPL
1.0 Under Attack 1.0
RPL
Under Attack
CRA-RPL
CRA-RPL

0.8 0.8
Packet Loss Ratio

Packet Loss Ratio

0.6 0.6

0.4 0.4

0.2 0.2

0.0 0.0

1 2 3 1 2 3

Number of Attacker Number of Attacker

(a) Packet loss ratio (nodes=18) (b) Packet loss ratio (nodes=28)

Figure 13: Packet loss ratio in static scenario

1.0 1.0
RPL

RPL RPL
Under Attack

RPL CRA-RPL
Under Attack

CRA-RPL
0.8 0.8
Packet Loss Ratio

Packet Loss Ratio

0.6 0.6

0.4 0.4

0.2 0.2

1 2 3 1 2 3

Number of Attacker Number of Attacker

(a) Packet loss ratio (nodes=18) (b) Packet loss ratio (nodes=28)

Figure 14: Packet loss ratio in mobile scenario

430 size tool. Table 6 shows the comparison of RAM and Table 6
ROM requirement of 𝑀𝑜𝑡𝑒𝑅𝑃 𝐿 (Contiki-NG firmware with Memory Requirements
RPL implemented), 𝑀𝑜𝑡𝑒𝐶𝑅𝐴−𝑅𝑃 𝐿 (Contiki-NG firmware
with CRA-RPL implemented). It has been noted that the File RAM (Bytes) ROM
RAM and ROM needed for our proposed solution have in- (Bytes)
creased by 1%. The maximum capacity of standard Z1 Mote Contiki-NG RPL 6418 53185
is approximately 92𝐾𝐵. Therefore, our proposed technique Contiki-NG CRA-RPL 6418(+𝟕𝟔) 53185
is appropriate for Z1 motes without introducing significant (+𝟏𝟎𝟏𝟖)
overhead. CRA-RPL is a lightweight solution that is appro-
priate for networks that are resource constrained in nature.
mise network security. One newly developed attack against
RPL protocol is known as a DDAO attack. Using multiple
experiments, we have shown that a DDAO attack can neg-
7. Conclusion and Future Scope atively impact the network performance in terms of packet
As per RFC 6550, RPL is still developing and has sev- delivery ratio, which is not desirable. This paper introduces
eral vulnerabilities that an attacker may exploit to compro- a novel and effective technique named CRA-RPL for detect-

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 14 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN

RPL

RPL
Under Attack 6.0

CRA-RPL RPL
7 RPL
Under Attack
Average Power Consumption (mW)

Average Power Consumption (mW)

CRA-RPL

4.5

5 3.0

4
1.5

3
0.0

1 2 3 1 2 3

Number of Attacker Number of Attacker

(a) Average power consumption (nodes=18) (b) Average power consumption (nodes=28)

Figure 15: Average power consumption in static scenario

6.0
RPL
RPL
RPL
Under Attack
RPL
Under Attack
CRA-RPL
Average Power Consumption (mW)

Average Power Consumption (mW)

6.0 CRA-RPL

4.5

4.5
3.0

3.0 1.5

0.0
1.5

1 2 3 1 2 3

Number of Attacker Number of Attacker

(a) Average power consumption (nodes=18) (b) Average power consumption (nodes=28)

Figure 16: Average power consumption in mobile scenario

ing and mitigating DDAO attacks. CRA-RPL technique in- ple simulation scenarios with a variable number of attacker
volves challenge-response-based acknowledgment authenti- nodes. In the future, we aim to extend CRA-RPL to mitigate
cation to identify the attacker’s fake or malformed DAO- other routing attacks as well.
ACK control messages and prevents legitimate nodes from
forwarding any further messages to the attacker node. Ma-
jor benefits of the CRA-RPL technique include: (1) attack CRediT authorship contribution statement
detection with 100% accuracy; (2) mitigates the attack and Shefali Goel: Conceptualization, Methodology, Valida-
improves the network’s PDR up to 102% in static, and 66% tion, Investigation, Writing - Original Draft, Software. Ab-
in the mobile scenario; (3) do not significantly affect criti- hishek Verma: Conceptualization, Resources, Validation,
cal network performance parameters; (4) do not induce sig- Visualization, Data curation, Writing - Original Draft, Su-
nificant overhead on resource-constrained nodes; (5) it can pervision. Vinod Kumar Jain: Formal analysis, Valida-
be easily deployed in any other embedded operating system tion, Supervision.
which supports RPL. We improved the existing RPL imple-
mentation of Contiki-NG to incorporate the attack detection
and mitigation logic of CRA-RPL. We tested the effective-
ness of CRA-RPL by performing experiments over multi-

S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier Page 15 of 20

 Lightweight Mitigation of Dropped DAO Attack in RPL-based 6LoWPAN
Declaration of competing interest
The authors declare that they have no known competing
financial interests or personal relationships that could have
appeared to influence the work reported in this paper.
References
[1] A. Almusaylim, Z., Jhanjhi, N., Alhumam, A., 2020. Detection and
Mitigation of RPL Rank and Version Number Attacks in the Internet
of Things: SRPL-RPL. Sensors 20.
[2] Airehrour, D., Gutierrez, J., Ray, S.K., 2016. Secure routing for in-
ternet of things: A survey. Journal of Network and Computer Appli-
cations 66, 198–213.
[3] Airehrour, D., Gutierrez, J.A., Ray, S.K., 2019. SecTrust-RPL: A
secure trust-aware RPL routing protocol for Internet of Things. Future
Generation Computer Systems 93, 860–876.
[4] Arış, A., Yalçın, S.B.Ö., Oktuğ, S.F., 2019. New lightweight mitiga-
tion techniques for RPL version number attacks. Ad Hoc Networks
85, 81–91.
[5] Arvan, E., Dehkordi, M.K.H., Jalili, S., 2022. Secured location-aware
mobility-enabled rpl. Journal of Network and Computer Applications
, 103516.
[6] Bang, A.O., Rao, U.P., 2022. EMBOF-RPL: Improved RPL for early
detection and isolation of rank attack in RPL-based internet of things.
Peer-to-Peer Networking and Applications 15, 642–665.
[7] Butun, I., Österberg, P., Song, H., 2019. Security of the Internet of
Things: Vulnerabilities, attacks, and countermeasures. IEEE Com-
munications Surveys & Tutorials 22, 616–644.
[8] Cakir, S., Toklu, S., Yalcin, N., 2020. Rpl attack detection and preven-
tion in the internet of things networks using a gru based deep learning.
IEEE Access 8, 183678–183689.
[9] Challa, S., Wazid, M., Das, A.K., Kumar, N., Reddy, A.G., Yoon, E.J.,
Yoo, K.Y., 2017. Secure signature-based authenticated key establish-
ment scheme for future iot applications. Ieee Access 5, 3028–3043.
[10] Espinoza, H., Kling, G., McGroarty, F., O’Mahony, M., Ziouvelou,
X., 2020. Estimating the impact of the Internet of Things on produc-
tivity in Europe. Heliyon 6, e03935.
[11] Gaddour, O., Koubâa, A., 2012. RPL in a nutshell: A survey. Com-
puter Networks 56, 3163–3178.
[12] Ghaleb, B., Al-Dubai, A., Ekonomou, E., Qasem, M., Romdhani, I.,
Mackenzie, L., 2018. Addressing the DAO insider attack in RPLâĂŹs
Internet of Things networks. IEEE Communications Letters 23, 68–
71.
[13] Gnawali, O., Levis, P., 2010. The ETX objective function for RPL.
draft-gnawali-roll-etxof-01 .
[14] Gnawali, O., Levis, P., 2012. The minimum rank with hysteresis ob-
jective function. RFC 6719 , 13.
[15] Ibrahimy, S., Lamaazi, H., Benamar, N., 2020. Rpl assessment us-
ing the rank attack in static and mobile environments, in: 2020 Inter-
national Conference on Innovation and Intelligence for Informatics,
Computing and Technologies (3ICT), IEEE. pp. 1–6.
[16] Kaliyar, P., Jaballah, W.B., Conti, M., Lal, C., 2020. Lidl: localization
with early detection of sybil and wormhole attacks in iot networks.
Computers & Security 94, 101849.
[17] Kiran, U., 2022. Ids to detect worst parent selection attack in rpl-based
iot network, in: 2022 14th International Conference on COMmunica-
tion Systems & NETworkS (COMSNETS), IEEE. pp. 769–773.
[18] Lamaazi, H., Benamar, N., Jara, A.J., 2018. Rpl-based networks in
static and mobile environment: A performance assessment analysis.
Journal of King Saud University-Computer and Information Sciences
30, 320–333.
[19] Mayzaud, A., Badonnel, R., Chrisment, I., 2016. A Taxonomy of
Attacks in RPL-based Internet of Things. International Journal of
Network Security 18, 459–473.
[20] Medjek, F., Tandjaoui, D., Djedjig, N., Romdhani, I., 2021. Multicast
DIS attack mitigation in RPL-based IoT-LLNs. Journal of Informa-
tion Security and Applications 61, 102939.
S. Goel, A. Verma, V.K. Jain: Preprint submitted to Elsevier
[21] Murali, S., Jamalipour, A., 2020. A Lightweight Intrusion Detection
for Sybil Attack Under Mobile RPL in the Internet of Things. IEEE
Internet of Things Journal 7, 379–388.
[22] Musaddiq, A., Zikria, Y.B., Kim, S.W., et al., 2020. Routing proto-
col for low-power and lossy networks for heterogeneous traffic net-
work. EURASIP Journal on Wireless Communications and Network-
ing 2020, 1–23.
[23] Muzammal, S.M., Murugesan, R.K., Jhanjhi, N., 2020. A comprehen-
sive review on secure routing in internet of things: Mitigation meth-
ods and trust-based approaches. IEEE Internet of Things Journal 8,
4186–4210.
[24] Napiah, M.N., Bin Idris, M.Y.I., Ramli, R., Ahmedy, I., 2018. Com-
pression Header Analyzer Intrusion Detection System (CHA - IDS)
for 6LoWPAN Communication Protocol. IEEE Access 6, 16623–
16638.
[25] Park, M.H., 2012. Challenge-response based ACK message authen-
tication. Electronics letters 48, 1021–1023.
[26] Pu, C., Choo, K.K.R., 2022. Lightweight Sybil attack detection in IoT
based on bloom filter and physical unclonable function. Computers
& Security 113, 102541.
[27] Safaei, B., Monazzah, A.M.H., Ejlali, A., 2021. ELITE: An Elab-
orated Cross-Layer RPL Objective Function to Achieve Energy Effi-
ciency in Internet-of-Things Devices. IEEE Internet of Things Journal
8, 1169–1182.
[28] Sahay, R., Geethakumari, G., Mitra, B., 2022a. Mitigating the worst
parent attack in RPL based internet of things. Cluster Computing 25,
1303–1320.
[29] Sahay, R., Geethakumari, G., Mitra, B., 2022b. Partitioning Attacks
Against RPL in the Internet of Things Environment, in: Edge Analyt-
ics. Springer, pp. 115–127.
[30] Sharma, G., Grover, J., Verma, A., 2023. Performance evaluation of
mobile RPL-based IoT networks under version number attack. Com-
puter Communications 197, 12–22.
[31] Sheibani, M., Barekatein, B., Arvan, E., 2022. A lightweight dis-
tributed detection algorithm for DDAO attack on RPL routing pro-
tocol in Internet of Things. Pervasive and Mobile Computing 80,
101525.
[32] Vasseur, J., Agarwal, N., Hui, J., Shelby, Z., Bertrand, P., Chauvenet,
C., 2011. RPL: The IP routing protocol designed for low power and
lossy networks. Internet Protocol for Smart Objects (IPSO) Alliance
36.
[33] Verma, A., Ranga, V., 2020a. CoSec-RPL: detection of copycat at-
tacks in RPL based 6LoWPANs using outlier analysis. Telecommu-
nication Systems 75, 43–61.
[34] Verma, A., Ranga, V., 2020b. Mitigation of DIS flooding attacks in
RPL-based 6LoWPAN networks. Transactions on emerging telecom-
munications technologies 31, e3802.
[35] Verma, A., Ranga, V., 2020c. Security of RPL based 6LoWPAN Net-
works in the Internet of Things: A Review. IEEE Sensors Journal 20,
5666–5690.
[36] Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., Levis, P., Pis-
ter, K., Struik, R., Vasseur, J.P., Alexander, R., 2012. RPL: IPv6 rout-
ing protocol for low-power and lossy networks. Technical Report.
[37] Zarpelão, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.,
2017. A survey of intrusion detection in internet of things. Journal of
Network and Computer Applications 84, 25–37.
Page 16 of 20
Biographical Sketch

Shefali Goel
Shefali Goel received the B.Tech. degree from the IPS College of
Technology and Management, Gwalior, Madhya Pradesh, India, in 2018,
and the M.Tech. degree from the Madhav Institute of Technology and
Science, Gwalior, Madhya Pradesh, India, in 2020. She is currently pursuing
the Ph.D. degree in computer science and engineering discipline from the
PDPM Indian Institute of Information Technology, Design and
Manufacturing, Jabalpur, Madhya Pradesh, India. Her research interests include IoT, Network
Security, and Intrusion Detection.

Dr. Abhishek Verma

Dr. Abhishek Verma is an Assistant Professor in the Department of Computer
Science & Engineering at IIIT Jabalpur, India. He obtained Ph.D. degree (2020)
in the Internet of Things security from the National Institute of Technology
Kurukshetra, Haryana, India. He completed his B.Tech degree (2014) in
Computer Science & Engineering from Uttar Pradesh Technical University,
India, and M.Tech degree (2016) in Computer Engineering from the National
Institute of Technology Kurukshetra, India. He has more than six years of experience in
research and teaching. He has published more than 16 research articles in international journals
and conferences of high repute. He is an editorial board member of Research Reports on
Computer Science (RRCS) and active review board member of various reputed journals,
including IEEE, Springer, Wiley, and Elsevier. His current areas of interest include Information
Security, Intrusion Detection, and the Internet of Things.

Dr. Vinod Kumar Jain

Vinod Kumar Jain is an assistant professor with the Department of Computer
Science and Engineering, Pandit Dwarka Prasad Mishra-Indian Institute of
Information Technology, Design and Manufacturing, Jabalpur, India. He
received his Ph.D. degree from Atal Bihari Vajpayee-Indian Institute of
Information Technology and Management, Gwalior, India, in 2013. He has
published many research articles in international journals and conferences of
high repute. He is senior member of IEEE and active reviewer of many IEEE, Elsevier, ACM,
Springer journals. His research interests include indoor localization, energy-efficient routing
protocols for wireless sensor networks, vehicular ad hoc networks, and the Internet of Things.
eclaration of Interest Statement

Declaration of interests

☒ The authors declare that they have no known competing financial interests or personal relationships
that could have appeared to influence the work reported in this paper.

☐The authors declare the following financial interests/personal relationships which may be considered
as potential competing interests:
Credit Author Statement

CRediT authorship contribution statement

Shefali Goel: Conceptualization, Methodology, Validation, Investigation, Writing -
Original Draft, Software. Abhishek Verma: Conceptualization, Resources, Validation,
Visualization, Data curation, Writing - Original Draft, Supervision.
Vinod Kumar Jain: Formal analysis, Validation, Supervision.