Introducing Mobility Metrics in Trust-based
Security of Routing Protocol for Internet of Things
Syeda Mariam Muzammal
School of Computer Science and School of Computer Science and
Engineering
Taylor’s University
Subang Jaya, Malaysia
syedamariammuzammal@sd.taylors.ed raj akumar. murugesan@taylors.edu.my
u.my
2021 National Computing Colleges Conference (NCCC) | 978-1-7281-6719-0/20/$31.00 ©2021 IEEE | DOI: 10.1109/NCCC49330.2021.9428799
Abstract— Internet of Things (IoT) is flourishing in several
application areas, such as smart cities, smart factories, smart
homes, smart healthcare, etc. With the adoption of IoT in
critical scenarios, it is crucial to investigate its security aspects.
All the layers of IoT are vulnerable to severely disruptive
attacks. However, the attacks in IoT Network layer have a high
impact on communication between the connected objects.
Routing in most of the IoT networks is carried out by IPv6
Routing Protocol for Low-Power and Lossy Networks (RPL).
RPL-based IoT offers limited protection against routing
attacks. A trust-based approach for routing security is suitable
to be integrated with IoT systems due to the resource-
constrained nature of devices. This research proposes a trust-
based secure routing protocol to provide security against
packet dropping attacks in RPL-based IoT networks. IoT
networks are dynamic and consist of both static and mobile
nodes. Hence the chosen trust metrics in the proposed method
also include the mobility-based metrics for trust evaluation.
The proposed solution is integrated into RPL as a modified
objective function, and the results are compared with the
default RPL objective function, MRHOF. The analysis and
evaluation of the proposed protocol indicate its efficacy and
adaptability in a mobile IoT environment.
Keywords—Internet of Things, Trust, Mobility, RPL, Security
I. I n t r o d u c t io n
Due to the expansion of digital and technological
paradigm, billions of heterogeneous IoT devices have been
predicted by researchers for the upcoming years [1][2].
Additionally, there have been some attacks in previous years,
such as Mirai Botnet attacks [3] and various others [4][5][6],
that were made possible using the low-powered and
resource-constrained IoT devices. IoT networks are
vulnerable to several attacks. Most of the IoT applications
employ RPL routing protocol for routing. RPL routing
protocol is also prone to numerous disruptive attacks,
including Blackhole, Sinkhole, Wormhole, Rank, and
Version number modification attacks [7]. The packet
dropping attacks in RPL cause the unavailability of data and
resources. Such attacks need to be investigated to provide
secure communication among the connected nodes [8]. In
addition, it is crucial to provide a solution for the overall
security enhancement of IoT systems [9] to fulfil the
requirements of the security triad, that is, confidentiality,
integrity, and availability (CIA).
One of the important components of IoT is networking,
which facilitates communication and interconnectivity.
Particularly, routing holds a prominent place, which involves
building traffic routes for transmitting a packet from source
to destination. Moreover, the security issues are crucial in
networks, specifically routing, when billions of devices are
*Corresponding Author
978-1-7281-6719-0/20/$31.00 ©2021 IEEE
Authorized licensed use limited to: Carleton University. Downloaded on June 04,2021 at 20:48:41 UTC from IEEE Xplore. Restrictions apply.
*Raja Kumar Murugesan NZ Jhanjhi
School of Computer Science and
Engineering Engineering
Taylor’s University Taylor’s University
Subang Jaya, Malaysia Subang Jaya, Malaysia
noorzaman.jhanjhi@taylors. edu.my
connected with each other. The number of IoT-connected
devices is exponentially increasing, as predicted by Statista
[2], depicted in Fig. 1. Network security becomes
challenging when a packet is routed through heterogeneous
networks from resource-constrained devices to a server, over
the Internet. Hence, with the widespread IoT applications
involving routing via RPL, it is imperative to address the
related attacks. Out of several security solutions proposed for
secure routing, a trust-based approach possesses the
significance and viability for IoT networks and routing. A
robust security solution w ill enhance protection against
attacks and facilitate the overall widescale adoption of IoT
applications.
This research work proposes a trust-based approach for
routing security against packet dropping attacks in RPL. IoT
network is dynamic that includes both static and mobile
nodes. Therefore, the mobility-based metrics are combined
with the trust-based metrics to make the solution adaptable to
the mobile IoT environment. Simulation experiments are
conducted for evaluation of the proposed security solution
and performance comparison with the default RPL objective
function (OF), Minimum Rank with Hysteresis Objective
Function (m Rh OF).
The paper is organized as follows: Section II describes
the background of the considered problem domain and the
related work. Section III describes the materials and methods
for the proposed solution. Section IV presents the results and
discussions. Finally, Section V concludes the paper.
II. B a c k g r o und and Re l at ed Wo r k
This section describes the related work with respect to
the background of the problem under consideration. In
addition, trust-based approaches in the existing literature for
securing IoT networks and routing are summarized.
A typical IoT architecture is composed of five layers
[10]. These include the perception/ sensing layer, network/
transmission layer, middleware/ transport layer, application
layer, and data/ cloud services. IoT layers suffer from various
security attacks [11], including Node capturing, Denial of
Service [12], Fake node or Sybil attack [13], Replay attack
[14], Side-channel attack [15] and routing threats in the data
forwarding process [16]. Fig. 2 shows the classification of
IoT network layer attacks.
IoT network layer is composed of a layered protocol
stack [17]. It consists of various communication and
connectivity protocols. IPv6 over Low-Power Wireless
Personal Area Network (6LoWPAN) is introduced by
Internet Engineering Task Force (IETF) for wireless
connectivity between resource-constrained devices. RPL is
 30

2S.44

2019 2020* 2021* 2022* 2023* 2024* 2025* 2026* 2027* 2023' 2029* 2030*

Fig. 1. Number of IoT Connected Devices Worldwide, from Year 2019 to 2030 [2]

the routing protocol specified by IETF for Low-power and protocol, considering the direct and recommended trust
Lossy Networks (LLNs) [18]. RPL is vulnerable to several metrics for evaluation. Their proposed solution is promising
disruptive attacks. The packet dropping attacks are in detecting the attacks. However, the focus of the evaluation
considered among the most disruptive attacks affecting the is only on static topologies, such as smart home applications.
availability of data and resources in the network. Similarly, [29] proposed a trust-aware and cooperative
secure routing with an IDS-based attack detection
Several solutions for secure routing and networks have
mechanism. Likewise, CTrust-RPL [23] has been proposed
been proposed in the existing literature, including machine
as an energy-efficient trust-based method for IoT routing
learning, intrusion detection, intrusion prevention, trust-
security. In their approach, the trust evaluation is based on
based, cryptographic, and blockchain-based techniques the forwarding behavior of the nodes.
[19] [20] [21] [22] [23] [24] [25] [26]. Trust-based secure routing
solutions are feasible because of the easy implementation From a security perspective in an IoT environment, the
and deployment of low-powered but smart objects in IoT selection of trust metrics plays a crucial role. Most of the
ecosystems [27]. existing methods only cover static nodes, except for one
trust-based study, DCTM [30], that covers mobile nodes, but
In [28], the authors propose a trust-aware secure routing
it considers only sender nodes and not the sink nodes for
evaluation. In reality, IoT networks are dynamic that include
Credentials breaches both static as well as mobile nodes.
Phishine Site Attack
Data breaches
The proposed solution considers the mobility metrics for
Access Attack Advanced Persistent Attack trust computation to make the approach suitable for mobile
Data and Information Stealing IoT environments. In addition, the evaluation is done for
L/O j JJU O o A tta c K Flooding Attacks (target server)
static as well as mobile nodes in the network. Furthermore,
ro the results are compared with the default RPL objective
Weak Configuration
function, MRHOF.
Data Transit Attack Sybil Attacks
Hello Hood Attacks
III. M a t e r ia l s a n d Met h o d s f or Pr o po sed So l u t io n
Routine Attacks Greyhole
K Fig. 3 depicts the process flow and preliminary model of
Selective Forwarding
proposed trust-based solution for routing security in IoT. The
Sinkhole selected trust metrics include the success rate, energy level,
Network Intrusion
“ Wormhole historical observations, and recommended trust. In addition,
Blackhole we introduce mobility-based metrics for trust evaluation,
Man-in-the-Middle which include mobility of node, as well as the location and
Packet Sniffers
— Traffic Analysis Attacks I Port Scanning
link stability. The selected trust-based metrics have been
carefully chosen to make the solution adaptable to a mobile
IoT environment, including the mobile sink and sender nodes
RFID Signal Spoofing
Alteration & Spoofing in the network. The trust index is rated based on fuzzy
Rank Attack
judgment, and only the reliable nodes are selected for
Replay Attack routing, based on the trust threshold. The trust index is then
Rank Hash Chain Forgery' forwarded to the parent selection algorithm in the objective
function of the routing protocol, along with the rank and
ETX values.
Fig. 2. Attacks in IoT Network Layer

Authorized licensed use limited to: Carleton University. Downloaded on June 04,2021 at 20:48:41 UTC from IEEE Xplore. Restrictions apply.
 The packet dropping attack is detected via the calculated
trust index of the nodes as well as the success rate of the
nodes in the network. The trust calculation has been
simplified for less power consumption. A malicious list is
maintained for the untrusted nodes in the network. These
suspicious nodes are not forwarded for routing traffic in the
topology and thus are isolated from the network. In this way,
only the trustworthy nodes take part in the routing decisions
and data forwarding. Further details of the proposed model
can be found in our previous work [31]. In the next section,
we present the results analysis of the proposed solution.
Fig. 4. Comparison of Average Throughput (kbps)
Packet Loss Rate
o
Static Mobile Senders Mobile Sink
MRHOF Proposed OF
Fig. 5. Comparison of Packet Loss Rate (%)
Authorized licensed use limited to: Carleton University. Downloaded on June 04,2021 at 20:48:41 UTC from IEEE Xplore. Restrictions apply.
IV. Re s u l t s and D i s c u s s io n
ContikiOS/Cooja simulator has been used for the
simulation experiments. A topology of 30 nodes has been
generated with one sink node, twenty-six sender nodes, and
three attacker nodes in the network. For the mobile scenarios,
a ratio of 1:3 has been kept for mobile to static nodes. The
proposed solution is evaluated for three different scenarios,
including static nodes, mobile sender nodes, and mobile sink
node in the network. In addition, the network performance
has been evaluated in terms of throughput, packet loss rate,
average power consumption, and topology stability.
For the proposed solution, as indicated by Fig. 4,
throughput shows an increase of 2.18 kbps, 2.47 kbps, and
2.22 kbps than MRHOF, under static, mobile senders, and
mobile sink scenarios, respectively. Similarly, the packet loss
rate of the proposed oF is much less as compared to
MRHOF, that is, 16%, 17.9%, and 26.6%. Whereas MRHOF
exhibits a packet loss rate of more than 75% for all three
scenarios, as observed from Fig. 5.
The topology stability in the network is determined by
the frequency of node rank changes. The graphical
representation in Fig. 6 indicates that in MRHOF, nodes
frequently change their parents under the attack scenario.
Whereas with the proposed OF, the frequency of nodes rank
and parent change has reduced significantly. The average
power consumption of the proposed solution under packet
Fig. 6. Comparison of Frequency of Nodes Rank Change (Topology
Stability)
dropping attacks is 1.19 mW, 1.39 mW, and 1.55 mW, with
a difference of 0.04, 0.05, and 0.05, for static, mobile
senders, and mobile sink scenarios, respectively, as [1]
compared to MRHOF (Fig. 7). The small difference in power
consumption is due to the trust computations in proposed
OF, and frequent parent selection and rank computations in
MRHOF. Moreover, MRHOF does not possess a protection
mechanism and uses only the ETX metric for parent [2]
selection.
The graphical analysis for comparison of results indicates
that the proposed solution significantly outperforms
[3]
MRHOF. It is evident that the proposed solution's
performance is better in mobile scenarios, thus indicating the
importance of mobility metrics for a trust-based security
solution in loT.
[4]
[5]
[6]
[7]
[8]
Fig. 7. Comparison of Average Power Consumption (mW)
V. Co n c l u s io n a n d Fu t ur e Wo r k [9]
loT is flourishing in various application scenarios, thus
facilitating human lives from mundane tasks to the industrial,
agricultural, and transportation sectors. The security and [10]
privacy concerns are hindering the rapid growth of loT
paradigm. Thus, it is imperative to address the security
attacks, threats, and risks, for loT’s widescale adoption. loT [11]
network layer is the backbone of communication and
connectivity of smart objects in loT systems. Routing in
most loT applications is carried out by RPL routing protocol. [12]
RPL is prone to several attacks. The packet dropping attacks
are severely disruptive, obstructing the successful delivery of
information and disturbing the network topology. ln this [13]
research work, packet dropping attack is addressed by
proposing a trust-based secure routing protocol. Trust
metrics, including the mobility metrics, are selected. The
trust evaluation mechanism is embedded in RPL as part of [14]
the objective function for trustworthy parent selection. The
results indicate that our proposed solution performs better
than the default RPL objective function MRHOF.
[15]
ln the future work for this research, we plan to evaluate the
proposed trust model for other RPL attacks, including
colluding attacks. The performance evaluation w ill also be
extended to other parameters, such as end-to-end delays. [16]
Ac k n o w l e d g me n t
This research work is supported by Taylor’s University,
Malaysia, through its Taylor’s PhD Scholarship Programme.
[17]
Authorized licensed use limited to: Carleton University. Downloaded on June 04,2021 at 20:48:41 UTC from IEEE Xplore. Restrictions apply.
Re f e r en c es
L. Horwitz, “ lnternet of Things (loT) - The future of loT
miniguide: The burgeoning loT market continues - Cisco,” Cisco,
2019. [Online]. Available:
https://www.cisco.com/c/en/us/solutions/internet-of-
things/future-of-iot.html. [Accessed: 25-May-2020].
Statista, “Number of connected devices worldwide 2030 |
Statista,” Statista Research Department, 22-Jan-2021. [Online].
Available: https://www.statista.com/statistics/802690/worldwide-
connected-devices-by-access-technology/. [Accessed: 27-Jan-
2021].
Josh Fruhlinger, “ The Mirai botnet explained: How loT devices
almost brought down the internet | CSO Online,” CSO, 2018.
[Online]. Available:
https://www.csoonline.com/article/3258748/securi1y/the-mirai-
botnet-explained-how-teen-scammers-and-cctv-cameras-almost-
brought-down-the-internet.html. [Accessed: 01-Dec-2018].
A. J. Ferrante, “ Battening Down for the Rising Tide of loT
Risks,” ISSA J., vol. 15, no. 8, pp. 20-24, 2017.
ClSCO, “ Cisco’s Talos lntelligence Group Blog: New VPNFilter
malware targets at least 500K networking devices worldwide,”
CISCO, 2018. [Online]. Available:
https://blog.talosintelligence.com/2018/05/VPNFilter.html.
[Accessed: 16-Dec-2018].
C. Osborne, “ Over a dozen vulnerabilities uncovered in BMW
vehicles | ZDNet,” Zero Day, 2018. [Online]. Available:
https://www.zdnet.com/article/over-a-dozen-vulnerabilities-
uncovered-in-bmw-vehicles/. [Accessed: 17-Apr-2019].
Fatima-Tuz-Zahra, N. Z. Jhanjhi, S. N. Brohi, and N. A. Malik,
“ Proposing a Rank and Wormhole Attack Detection Framework
using Machine Learning,” in MACS 2019 - 13th International
Conference on Mathematics, Actuarial Science, Computer
Science and Statistics, Proceedings, 2019.
S. J. Hussain, M. lrfan, N. Z. Jhanjhi, K. Hussain, and M.
Humayun, “ Performance Enhancement in Wireless Body Area
Networks with Secure Communication,” Wirel. Pers. Commun.,
vol. 116, no. 1, pp. 1-22, Jan. 2021.
A. J. C. Sunder and A. Shanmugam, “ Jensen-Shannon
Divergence Based lndependent Component Analysis to Detect
and Prevent Black Hole Attacks in Healthcare WSN,” Wirel.
Pers. Commun., vol. 107, no. 4, pp. 1607-1623, Aug. 2019.
H. Mrabet, S. Belguith, A. Alhomoud, and A. Jemai, “ A Survey
of loT Security Based on a Layered Architecture of Sensing and
Data Analysis,” Sensors, vol. 20, no. 13, p. 3625, Jun. 2020.
M. El-hajj et al., “ A Survey of lnternet of Things (loT)
Authentication Schemes,” Sensors, vol. 19, no. 5, p. 1141, Mar.
2019.
M. Anirudh, S. A. Thileeban, and D. J. Nallathambi, “Use of
honeypots for mitigating DoS attacks targeted on loT networks,”
in 2017 International Conference on Computer, Communication
and Signal Processing (ICCCSP), 2017, pp. 1-4.
D. Evangelista, F. Mezghani, M. Nogueira, and A. Santos,
“ Evaluation of Sybil attack detection approaches in the lnternet
of Things content dissemination,” in 2016 Wireless Days (WD),
2016, pp. 1-6.
SeungJae Na, DongYeop Hwang, WoonSeob Shin, and Ki-
Hyung Kim, “ Scenario and countermeasure for replay attack
using join request messages in LoRaWAN,” in 2017
International Conference on Information Networking (ICOIN),
2017, pp. 718-720.
L. A. Tawalbeh and T. F. Somani, “ More secure lnternet of
Things using robust encryption algorithms against side channel
attacks,” in 2016 IEEE/ACS 13th International Conference o f
Computer Systems andApplications (AICCSA), 2016, pp. 1-6.
D. Airehrour, J. Gutierrez, and S. K. Ray, “ A Lightweight Trust
Design for loT Routing,” in 2016 IEEE 14th Intl Conf on
Dependable, Autonomic and Secure Computing, 14th Intl Conf
on Pervasive Intelligence and Computing, 2nd Intl Conf on Big
Data Intelligence and Computing and Cyber Science and
Technology Congress(DASC/PiCom/DataCom/CyberSciTech),
2016, pp. 552-557.
O. Bello, S. Zeadally, and M. Badra, “Network layer inter­
 operation of Device-to-Device communication technologies in
Internet of Things (loT),” Ad Hoc Networks, vol. 57, pp. 52-62,
Mar. 2017.
[18] T. Winter et al., “RFC 6550 - RPL: IPv 6 Routing Protocol for
Low-Power and Lossy Networks,” Mar. 2012.
[19] S. M. Muzammal, M. A. Shah, S. J. Zhang, and H. J. Yang,
“ Conceivable security risks and authentication techniques for
smart devices: A comparative evaluation of security practices,”
Int. J. Autom. Comput., vol. 13, no. 4, pp. 350-363, Aug. 2016.
[20] Z. A. Almusaylim, A. Alhumam, and N. Z. Jhanjhi, “ Proposing a
Secure RPL based lnternet of Things Routing Protocol: A
Review,” Ad Hoc Networks, vol. 101, p. 102096, Apr. 2020.
[21] S. M. Muzammal, R. K. Murugesan, and N. Z. Jhanjhi, “ A
Comprehensive Review on Secure Routing in lnternet of Things:
Mitigation Methods and Trust-based Approaches,” IEEE Internet
Things J., pp. 1-1, Oct. 2020.
[22] D. B.D. and F. Al-Turjman, “ A hybrid secure routing and
monitoring mechanism in loT-based wireless sensor networks,”
Ad Hoc Networks, vol. 97, p. 102022, Feb. 2020.
[23] T. ul Hassan, M. Asim, T. Baker, J. Hassan, and N. Tariq,
“ CTrust-RPL: A control layer-based trust mechanism for
supporting secure routing in routing protocol for low power and
lossy networks-based lnternet of Things applications,” Trans.
Emerg. Telecommun. Technol., p. e4224, Jan. 2021.
[24] S. M. Muzammal and R. K. Murugesan, “ A Study on Leveraging
Blockchain Technology for loT Security Enhancement,” in
Proceedings - 2018 4th International Conference on Advances in
Authorized licensed use limited to: Carleton University. Downloaded on June 04,2021 at 20:48:41 UTC from IEEE Xplore. Restrictions apply.
Computing, Communication and Automation, ICACCA 2018,
2018.
[25] X. Guo, H. Lin, Z. Li, and M. Peng, “ Deep-Reinforcement­
Learning-Based QoS-Aware Secure Routing for SDN-loT,” IEEE
Internet Things J., vol. 7, no. 7, pp. 6242-6251, Dec. 2019.
[26] G. Ramezan and C. Leung, “ A Blockchain-Based Contractual
Routing Protocol for the lnternet of Things Using Smart
Contracts,” Wirel. Commun. Mob. Comput., vol. 2018, pp. 1-14,
Nov. 2018.
[27] S. M. Muzammal et al., “ Counter measuring conceivable security
threats on smart healthcare devices,” IEEE Access, vol. 6, pp.
20722-20733, Apr. 2018.
[28] D. Airehrour, J. Gutierrez, and S. K. Ray, “ SecTrust-RPL: A
secure trust-aware RPL routing protocol for lnternet of Things,”
Futur. Gener. Comput. Syst., 2018.
[29] N. Djedjig, D. Tandjaoui, F. Medjek, and l. Romdhani, “ Trust­
aware and cooperative routing protocol for loT security,” J. Inf.
Secur. Appl., vol. 52, p. 102467, Jun. 2020.
[30] S. Y. Hashemi and F. Shams Aliee, “ Dynamic and
comprehensive trust model for loT and its integration into RPL,”
J. Supercomput., vol. 75, no. 7, pp. 3555-3584, Jul. 2019.
[31] S. M. Muzammal, R. K. Murugesan, N. Z. Jhanjhi, and L. T.
Jung, “ SMTrust: Proposing Trust-Based Secure Routing Protocol
for RPL Attacks for loT Applications,” in 2020 International
Conference on Computational Intelligence (ICCI), 2020, pp.
305-310.