Available online at www.sciencedirect.

com
Available online at www.sciencedirect.com
Available online at www.sciencedirect.com

ScienceDirect
Procedia Computer Science 00 (2019) 000–000
Procedia
Procedia Computer
Computer Science
Science 18400 (2019)
(2021) 000–000
929–934 www.elsevier.com/locate/procedia
www.elsevier.com/locate/procedia

The 6th International Workshop on Recent advances on Internet of Things: Technology and
The 6th International Workshop on Recent advances
Application on Internet of Things: Technology and
Approaches
Application Approaches
March 23 - 26, 2021, Warsaw, Poland
March 23 - 26, 2021, Warsaw, Poland
6MID:Mircochain
6MID:Mircochain based
based Intrusion
Intrusion Detection
Detection for
for 6LoWPAN
6LoWPAN based
based
IoT networks
IoT networks
Himanshu B. Patel*, Devesh C. Jinwala
Himanshu B. Patel*, Devesh C. Jinwala
Computer Engineering Department, S.V. National Institute of Technology- Surat, Surat, Gujrat - 395007, India
Computer Engineering Department, S.V. National Institute of Technology- Surat, Surat, Gujrat - 395007, India

Abstract
Abstract
A blockchain is a decentralized, distributed, and often public, digital ledger system consisting of records called blocks, used to
A blockchain
record is a decentralized,
transactions distributed,soand
across many computers thatoften public, digital
any involved ledger system
block cannot consisting
be altered of records
retroactively, called
without blocks, used
the alteration to
of all
record transactions
subsequent blocks. Inacross many Blockchain
literature, computers so that any
is used as a involved
medium toblock cannot
achieve bebetween
trust altered retroactively, withoutautonomous
nodes in distributed the alteration of all
systems
subsequent blocks.
like the Internet ofInThings(IoT).
literature, Blockchain is used as a medium
In IoT, resource-scarce, to achieve
economical trust between
sensing devices nodes in distributed
are deployed autonomous
in large systems
to gain accuracy.
like the Internet of Things(IoT). In IoT, resource-scarce, economical sensing devices are deployed in large
Routing Protocol for Low Power and lossy network (RPL) is defined as the de-facto standard for large-scale deployment. Due to gain accuracy.
Routing Protocol
to wireless for Low Power
communication and lossy
and resource network deployment,
constriend (RPL) is defined
mediumas the
RPLde-facto standardtofor
is susceptible large-scale
many deployment.
DOS attacks. Due
This paper
to wireless
presents communication
a space-efficient and resource
blockchain constriend
architecture viz.deployment,
6MID using medium RPL6MID
Microchain. is susceptible
augmentstoRPL
many DOS attacks. This
to accommodate paper
distributed
presentswithin
ledger a space-efficient blockchain6LoWPAN
resource-constrained architecturedevices
viz. 6MID
and using
can beMicrochain. 6MID
used to detect augmentsattack.
Blackhole RPL to Weaccommodate
also present distributed
a security
ledger
analysiswithin
of theresource-constrained
proposed framework 6LoWPAN
in the contextdevices
of IoTand can be used to detect Blackhole attack. We also present a security
networks.
analysis of the proposed framework in the context of IoT networks.
c 2021

© 2020 The
The Authors.
Authors. Published
Published by
by Elsevier
Elsevier B.V.
B.V.
c 2020an

This The Authors. Published by Elsevier B.V.
This is
is an open
open access
access article
article under
under the
the CC
CC BY-NC-ND
BY-NC-ND license
license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
(http://creativecommons.org/licenses/by-nc-nd/4.0/)
This is an open
Peer-review access
under article under
responsibility of the
the CC BY-NC-ND
Conference license
Program
responsibility of the Conference Program (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Chairs.
Chairs.
Peer-review under responsibility of the Conference Program Chairs.
Keywords: IoT; RPL; Blockchain; Attack-mitigation; certificate-less cryptography; Blackhole; Intrusion detection.
Keywords: IoT; RPL; Blockchain; Attack-mitigation; certificate-less cryptography; Blackhole; Intrusion detection.

IPv6 over Low -Power Wireless Personal Area Networks (6LoWPAN), defined by Internet Engineering Task Force
IPv6 over
(IETF), Lowresource-constrained
enables -Power Wireless Personal Area
devices Networkswith
to connect (6LoWPAN),
the Internet defined by Internet
via IPv6 Engineering
protocol. 6LoWPANTask Force
networks
(IETF), enables resource-constrained devices to connect with the Internet via IPv6 protocol. 6LoWPAN
play an essential role in the real world deployment of the Internet of Things (IoT) [14]. Large numbers of IoT de- networks
play
vicesan essential
form role innetworks.
6LoWPAN the real world
Thoughdeployment
6LoWPANofnetworks
the Internet
are aofsmall
Things (IoT)of[14].
subset Large
the vast IoTnumbers
domain,ofthey
IoThave
de-
vices form 6LoWPAN networks. Though 6LoWPAN networks are a small subset of the vast IoT domain,
their significant position. They are ubiquitously deployable, which reduces human intervention in the deployment of they have
their significant
safety-critical position.
and They applications
time-critical are ubiquitously deployable,
[3]. Figure which
1 shows somereduces human
real-world intervention
deployment in the deployment
scenarios of 6LoWPAN of
safety-critical and time-critical
networks in different IoT domains.applications [3]. Figure 1 shows some real-world deployment scenarios of 6LoWPAN
networks in different IoT domains.
∗ Corresponding author. Tel.: +91-992-571-5472.
∗ Corresponding
E-mail address:author. Tel.: +91-992-571-5472.
hims247@gmail.com
E-mail address: hims247@gmail.com

1877-0509  c 2020 The Authors. Published by Elsevier B.V.

1877-0509
This c 2020

is an open Thearticle
access Authors. Published
under by Elsevier B.V.
the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
1877-0509
Peer-review ©under
2021
This is an open Thearticle
access Authors. Published
under
responsibility of by Elsevier
the Conference
the CC BY-NC-ND B.V.
license
Program (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Chairs.
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the Conference Program Chairs.
Peer-review under responsibility of the Conference Program Chairs.
10.1016/j.procs.2021.04.023
930 Himanshu B. Patel et al. / Procedia Computer Science 184 (2021) 929–934
2 H.B.Patel et al. / Procedia Computer Science 00 (2019) 000–000

Fig. 1. 6LoWPAN based IoT infrastructure

To maintain routing in such large-scale IoT deployment with resource-constrained devices, Internet Engineering
Taskforce (IETF) has defined IPv6 Routing Protocol for Low power, and lossy network (RPL) [2]. RPL creates opti-
mized Destination-oriented Directed Acyclic Graph(DODAG) rooted at 6BR [21]. Due to the wireless communication
link and resources constrained nature of involved devices, RPL is susceptible to many Denial of Service (DoS) attacks.
In a system like IoT, where accuracy tightly depends upon periodic sensor readings, packet dropping DOS attacks such
as blackhole and selective forwarding are more severe.
To mitigate Blackhole attack, cryptographic mechanisms are shown in [20], [7], [10], [9]. Statistical analysis meth-
ods are also applied on collected traffic patterns to detect blackhole attack [17], [16]. The cryptographic and statistical
methods in the contex of 6LoWPAN networks consume more energy and computational power. In [19], a light-weight
heartbeat protocol and a light-weight Intrusion Detection System (IDS) is shown in [13]. In both approaches, 6BR is
periodically receiving network state information from nodes to detect the attacker. Overhearing-based mechanisms,
in which every node runs into promiscuous mode and captures every packet from its neighboring nodes and analyze
their behavior, are shown in [5], [1], [18], [8], [6], [11],
Mechanisms mentioned above rely on the individual devices’ data collected at 6BR, and nodes are considered a
tamper-proof device. Hence, the detection mechanism’s accuracy may not be guaranteed in the absence of a trusted
third party. Also, a Sybil attacker may multiply the number of compromised nodes in the network by merely mis-
behaving with a different identity [19]. In the same context, Blockchain has also proven its applicability in forming
trust without using the third party and can assist in route formation, and maintenance [4], [15], [12], [22]. But, the
Blockchain system shown in literature are defined over mobile-like smart devices so their computational and storage
demand is too high and can not be accommodated by 6LoWPAN based devices.
In this paper we have proposed a microchain architecture that requires fewer resources and provides blockchain-
like trust management between the Border router and sensing devices. In our proposed architecture microchain is
created with specific data related to routing information and persist for limited period of time. Proposed architecture
is connected with external blockchain to store temporal microchain within them allow further analysis of combined
data for attack detection.

1. Theoretical Background

1.1. RPL

Figure 2 shows DODAG fromation process in RPL. Each node in netrwork has IP adress and rank value. A node
with less rank value will have highre probabilty to be chosen as a parent. 6BR node always start DODAG formation
process and as shown in figure ramining nodes will join as per RPL specification [20].

1.2. Blackhole attack on RPL

As per the RPL protocol specifications, each non-leaf node has to forward all data packets it receives to DODAG
root. In contrast, control packets flow in both directions. Control packets verify the presence of each node in the
 Himanshu B. Patel et al. / Procedia Computer Science 184 (2021) 929–934 931
H.B.Patel et al. / Procedia Computer Science 00 (2019) 000–000 3

Fig. 2. RPL DODAG formation [11]

network. Hence, to be a part of the DODAG, an attacker node has to forward control packets and maintain promising
position in network. Figure 3 shows 6LoWPAN network in which an attacker is having IPv6 address A::4 and is parent
over nodes A::8 and A::10. This attacker here can drop all the data packets from both the nodes to exhibit Blackhole
attack.

Fig. 3. Blackhole Attack in RPL

1.3. Blockchain Based Routing

This section shows the Blockchain-based routing mechanism proposed in the litrature. In [12], the authors propose
a Blockchain-based Contractual Routing (BCR) protocol for the IoT. A public ledger system is used to decentralize
the BCR protocol. BCR uses Ethereum blockchain and solidity language to create and execute a smart contract with
the AODV routing protocol. Every participating node has to be in the smart contract agreement and has to forward
packets to the destination, failing to which may blacklist them from the route for a predefined period. A blockchain-
based secure and efficient Border Gateway Protocol (BGP) named RouteChain is shown in [15], which mitigates the
BGP hijacking attack in Autonomous Systems (ASes). MARS ia a blockchain-based reputation system that acts as
ab overlay on the top of existing MANET routing protocol (AODV and OLSR) [4].The authors in MARS introduce
the idea of monetizing routing protocol based on a public ledger. MARS’ main goal is to keep a publicly verifiable
record of reputation information for MANET (high-end mobile devices) nodes. It stores the reputation information
in the form of reputation points in a blockchain-based public ledger. In MARS, the node verifies the intermediate
node’s reputation points from BC before forwarding the packet. A blockchain-based routing mechanism is shown in
[22] for Wireless Sensor Networks (WSNs). In this scheme, every packet is represented by different tokens based
on their type. Every node in the network receives a γ reward for the successful delivery of tokens (or associated
packets). The reinforcement learning mechanism is executed on blockchain at Gateway nodes choose next hop for
packet delivery based on γ it possesses. Hence, a malicious node exhibiting blackhole will have a lower value of γ
and will be eliminated from the packet forwarding task.

2. 6MID architecture

Figure 4 shows basic Microchain architecture.It shows that Microchain is situated above the network layer and has
its counterpart at the 6BR node. 6BR itself is connected to the global blockchain. Basic functionality provided by
Microchain are as follows.

• Key generation at BR node and DIO packet creation

932 Himanshu B. Patel et al. / Procedia Computer Science 184 (2021) 929–934
4 H.B.Patel et al. / Procedia Computer Science 00 (2019) 000–000

Fig. 4. Microchain Architecture

– Step 1: BR node choose generator G and creates a random value d as a private key.
– Step 2: BR calculate Public key as Q = dG and random seed value sd.
– Step 3: BR generates DIO packet add Q and sd to it and sign DIO with its private key.
DIO message contains two kind s of field one that remains unchanged (e.g., DODAGID, VERSION NUMBER,
MOP) and second that are replaced by nodes before broadcasting or unicasting them (e.g., rank value). For our
approach, the Border router adds its public key and seed value with the unchangeable part and sign that part.
Any user can verify the integrity of that part with the use of a public key. All the nodes in the network upon
receiving DIO packet stores the public key of Border router and use seed value to generate their public and
private key.
• Key generation at normal nodes and public key registration
– Step 1: Node fetches generator G and seed value sd from DIO packet.
– Step 2: Node generates random value r = (sd, ID, tr) and calculats its its public key d and calculate its
Public key as Q = dG. Here tr is random value generated by node.
– Step 3: Node chooses its parent based on RPL specifications and objective function and and generate DIS
packet with its public key and signature on it.
– Step 4: Node also send DIO packet containing its rank value to other nodes and if node is Validator then
it also set relevant field in DIO packet.
As per RPL specifications, DIO and DIS packets always flow in the network to maintain optimized routes. With
DIS packets, the BR node maintains a table about all the nodes and all paths between them. We also store the
public key of all nodes along with these details at the BR node for our operations, which are further used to
verify the node’s identity.
• Transactionn and Microblock Generation.
In Figure 5, we show the data structure of the transaction packet generated by a node. The transaction packet
consists of an TID, DODAG Version Number, ID1, ID2, received, or sent packet count between ID1 and ID2,
and the public key of the sender denoted by ID1. The packet is signed by the sender using its private key. Once
this transaction gets approved, it is updated in the microchain ledger sequence diagram for the same is shown
in figure 6. TID is 32 bit so total 4294967296 transaction can be accommodate for single node during period of

Fig. 5. Transaction Packet Format

DODAG version. DODAG version number, ID1 and TID uniquely identify the transaction in global blockchain.
For every new version of DODAG, TID starts from zero. Every node periodically sends the transaction packet
via microchain module to its counterpart in all the 6BRs in the network. 6BR will verify all the transactions and
add microblock containing transactions to the microchain.
 Himanshu B. Patel et al. / Procedia Computer Science 184 (2021) 929–934 933
H.B.Patel et al. / Procedia Computer Science 00 (2019) 000–000 5

Fig. 7. Block Format

Fig. 6. Sequence diagram for Block generation

2.1. Token Based Routing and Blockchain operations

Blockchain structure is shown in figure 7, as we have used 32-bits hash value that needs 16 bytes to store a block
header, which is a plausible solution for 6LoWPAN devices. Upon receiving the block, nodes do the following steps:

• Step 1: Node verifies the block.

• Step 2: Read all the transactions from the block and records the packet forwarding nature of its neighboring
nodes.
• Step 3: Stores block header in the Blockchain.
• Step 4: Scan neighbor table for anomalies if any neighbor is not forwarding any packets, then add it to blacklist,
and if that node is its parent, then perform the local repair.
• Step 5: After a reasonable amount of time, if a node doesn’t receive any of its transactions in the block; a node
performs local repair and changes its parent node.

3. Security Performance and Analysis

Integrity, availability, and non-repudiation are basic security requirements that ensure safety and service quality in
any network. In this section, we analyze the security of the 6MID framework.

• Integrity. Usually, integrity includes data integrity and message integrity. Data integrity refers to that unautho-
rized users and devices can not access and modify the data stored at the Microchain node. 6MID framework
achieve this purpose as 6BR node works as a block generator and calculates PoW hash. Message integrity refers
to that the messages transmitted by the IoT node can not be tampered with illegally in the interaction process.
The certificate less cryptography ensures communication security within microchain modules.
• Availability. 6MID uses microchain as a distributed ledger, which is always available to all the nodes.
• Non-Repudiation. 6MID is based on digital signature scheme wich uses private key to sign transaction and
public key to verify them.
• Sybil Attack. In6MID, each ordinary node has a unique IP address, which is also mapped with unique public
kay at the 6BR. Attackers to fake nodes in the network can’t communicate with other nodes.
• Denial of Service. 6MID is designed to detect packet blackhole attack in 6LoWPAN networks. Since the mes-
sage transfer count between nodes is stored in the microchain, the malicious node behavior will easily be verified
by checking into the ledger. Also, transaction packets are broadcasted and uniquely identified and verified at
block generator verification, and block generation will not be affected by attacks except a reasonable number of
nodes are compromised.
 934 Himanshu B. Patel et al. / Procedia Computer Science 184 (2021) 929–934
6 H.B.Patel et al. / Procedia Computer Science 00 (2019) 000–000

4. Conclusion

This paper has shown microchain architecture, which provides immutable ledger and transaction verification within
the 6LOWPAN network. We show how Blackhole can be detected in the system using a distributed ledger. We also
present a microblock data structure, which is computationally secure within the 6LoWPAN network. With 32-bit hash
value, the block header becomes 16 bytes in size, so to store a chain of 400 nodes in minimum mode, only 6.4 kb
memory is required. And for the scenario which we have considered, 400 nodes are more than enough for storing
data for a single version of DODAG as every version of DODAG new microchain is created and the old chain will be
uploaded to Global Blockchain.

References

[1] Airehrour, D., Gutierrez, J., Ray, S.K., 2016. Securing rpl routing protocol from blackhole attacks using a trust-based mechanism, in: Telecom-
munication Networks and Applications Conference (ITNAC), 2016 26th International, IEEE. pp. 115–120.
[2] Ancillotti, E., Bruno, R., Conti, M., 2013. The role of the rpl routing protocol for smart grid communications. IEEE Communications Magazine
51, 75–83.
[3] Atzori, L., Iera, A., Morabito, G., 2010. The internet of things: A survey. Computer networks 54, 2787–2805.
[4] David, B., Dowsley, R., Larangeira, M., 2019. Mars: Monetized ad-hoc routing system .
[5] Djedjig, N., Tandjaoui, D., Medjek, F., 2015. Trust-based rpl for the internet of things, in: 2015 IEEE Symposium on Computers and Commu-
nication (ISCC), IEEE. pp. 962–967.
[6] Djedjig, N., Tandjaoui, D., Medjek, F., Romdhani, I., 2017. New trust metric for the rpl routing protocol, in: Information and Communication
Systems (ICICS), 2017 8th International Conference on, IEEE. pp. 328–335.
[7] Glissa, G., Rachedi, A., Meddeb, A., 2016. A secure routing protocol based on rpl for internet of things, in: 2016 IEEE Global Communications
Conference (GLOBECOM), pp. 1–7.
[8] Khan, Z.A., Herrmann, P., 2017. A trust based distributed intrusion detection mechanism for internet of things, in: Advanced Information
Networking and Applications (AINA), 2017 IEEE 31st International Conference on, IEEE. pp. 1169–1176.
[9] Luangoudom, S., Tran, D., Nguyen, T., Tran, H.A., Nguyen, G., Ha, Q.T., 2020. svblock: mitigating black hole attack in low-power and lossy
networks. International Journal of Sensor Networks 32, 77–86.
[10] Neerugatti, V., Reddy, A.R.M., 2020. Artificial intelligence-based technique for detection of selective forwarding attack in rpl-based internet
of things networks, in: Emerging Research in Data Engineering Systems and Computer Communications. Springer, pp. 67–77.
[11] Patel, H.B., Jinwala, D.C., 2019. Blackhole detection in 6lowpan based internet of things: An anomaly based approach, in: TENCON 2019 -
2019 IEEE Region 10 Conference (TENCON), pp. 947–954. doi:10.1109/TENCON.2019.8929491.
[12] Ramezan, G., Leung, C., 2018. A blockchain-based contractual routing protocol for the internet of things using smart contracts. Wireless
Communications and Mobile Computing 2018.
[13] Raza, S., Wallgren, L., Voigt, T., 2013. SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks 11, 2661–2674.
[14] Riaz, R., Kim, K.H., Ahmed, H., 2009. Security analysis survey and framework design for IP connected LoWPANs, in: Autonfomous Decen-
tralized Systems, 2009. ISADS ’09. International Symposium on, pp. 1–6.
[15] Saad, M., Anwar, A., Ahmad, A., Alasmary, H., Yuksel, M., Mohaisen, A., 2019. Routechain: Towards blockchain-based secure and efficient
bgp routing, in: 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), IEEE. pp. 210–218.
[16] Sahay, R., Geethakumari, G., Mitra, B., Goyal, N., 2019. Investigating packet dropping attacks in rpl-dodag in iot, in: 2019 IEEE 5th Interna-
tional Conference for Convergence in Technology (I2CT), IEEE. pp. 1–5.
[17] Sedjelmaci, H., Senouci, S.M., Taleb, T., 2017. An accurate security game for low-resource iot devices. IEEE Transactions on Vehicular
Technology 66, 9381–9393.
[18] Surendar, M., Umamakeswari, A., 2016. Indres: An intrusion detection and response system for internet of things with 6lowpan, in: 2016
International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 1903–1908.
[19] Wallgren, L., Raza, S., Voigt, T., 2013. Routing attacks and countermeasures in the rpl-based internet of things. International Journal of
Distributed Sensor Networks 9, 794326.
[20] Weekly, K., Pister, K., 2012. Evaluating sinkhole defense techniques in rpl networks, in: Network Protocols (ICNP), 2012 20th IEEE Interna-
tional Conference on, IEEE. pp. 1–6.
[21] Winter, T., Thubert, P., Clausen, T., Hui, J., Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, J., Alexander, R., 2012. Rpl: Ipv6 routing
protocol for low power and lossy networks, rfc 6550. IETF ROLL WG, Tech. Rep .
[22] Yang, J., He, S., Xu, Y., Chen, L., Ren, J., 2019. A trusted routing scheme using blockchain and reinforcement learning for wireless sensor
networks. Sensors 19, 970.