Professional Documents
Culture Documents
PII: S0140-3664(22)00402-9
DOI: https://doi.org/10.1016/j.comcom.2022.10.014
Reference: COMCOM 7312
Please cite this article as: G. Sharma, J. Grover and A. Verma, Performance evaluation of mobile
RPL-based IoT networks under version number attack, Computer Communications (2022), doi:
https://doi.org/10.1016/j.comcom.2022.10.014.
This is a PDF file of an article that has undergone enhancements after acceptance, such as the
addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive
version of record. This version will undergo additional copyediting, typesetting and review before it
is published in its final form, but we are providing this version to give early visibility of the article.
Please note that, during the production process, errors may be discovered which could affect the
content, and all legal disclaimers that apply to the journal pertain.
Highlights
Performance Evaluation of Mobile RPL-based IoT networks under Version Number Attack
Girish Sharma,Jyoti Grover,Abhishek Verma
of
• Attacks in RPL based IoT. Why version attack?
• Analysis of version attack in mobile IoT.
• Performance evaluation using different metrics like Packet Delivery Ratio, Average End-to-End Delay, Power
pro
Consumption.
• Keywords: IoT, RPL, Version Attack, Security, 6LoWPAN, IPv6, PDR
re-
lP
rna
Jou
Journal Pre-proof
of
a Malaviya National Institute of Technology, Jaipur JLN Marg, 302017, Rajasthan, India
a Manipal University Jaipur, Jaipur Dehmi Kalan, 303007, Rajasthan, India
b Malaviya National Institute of Technology, JLN Marg, Jaipur 302017, Rajasthan, India
c Indian Institute of Information Technology, Design and Manufacturing, Jabalpur, Airport Road, 482005, Madhya Pradesh, India
pro
ARTICLE INFO Abstract
Keywords: The Internet of Things (IoT) has a vital role in communication and has many cross-platform applica-
IoT tions which generate a massive volume of data. IoT interconnects various devices from small to big
RPL without the direct intervention of humans. The resource-constrained environment poses a significant
Version Attack problem in IoT applications, and it is challenging to develop secure applications. The Internet
Security community endeavours to cope with such challenges by developing different internet protocols. IETF
6LoWPAN ROLL working group standardised a mechanism called IPv6 over Low-Power Wireless Personal Area
IPv6 Networks (6LoWPAN) to carry IPv6 packets over IEEE 802.15.4. 6LoWPAN which supports the
PDR constrained environment uses the Routing Protocol for Low Power and Lossy Networks (RPL) as a
routing protocol. It is essential to secure such applications since the malicious attacker can breach
re-
the privacy and security of humans through a small device. Traditional security mechanisms are not
prominent in a resource-constrained context. Version attack is one of the most common attacks in RPL
based 6LoWPAN. The network becomes unstable due to the version attack, which results in a Denial
of Service attack. The integrity of the version number is not provided by RPL specifications, leading
to threats for IoT applications. The impact of a version number attack on an RPL-based network is
demonstrated in this study. The implications on the constrained network when the nodes are mobile
is the main objective of this paper. In many IoT applications nodes move and it is vital to address the
impact of mobility in a constrained environment. This paper investigates the network’s performance
in terms of packet delivery, delay, and power consumption in RPL based IoT when there is version
attack. Version attacks must be prevented as quickly as possible since they have the potential to
lP
significantly disrupt mobile networks. The main contribution of this research is a performance metric-
based analysis of mobile RPL-based IoT networks under attack.
sustain in low power and lossy networks [32]. The resource- layer to optimize IPv6 packets in resource-constrained net-
constrained in terms of power, energy and memory is a big works. Because of the overhead involved, traditional rout-
challenge for the developer to make efficient and secure ing techniques such as Adhoc On-Demand Distance Vector
IoT applications. Devices could communicate in multiple (AODV), Open Shortest Path First (OSPF), and Dynamic
ways, and there should be a secure way for transferring
Source Routing (DSR) are not recommended in constrained
the data [10] to the high end machines or the sinks. This
networks [60].
proliferation of data demands fast perspective analysis and RPL, which was proposed by Internet Engineering Task
decisions for real-world applications. Force (IETF) ROLL group, provided a lightweight routing
There are many resource-constrained devices deployed solution for smart IP devices in 6LoWPAN [63]. Many IoT
in the in IoT applications which demands lightweight, se- resource-constrained applications like agriculture, remote
Jou
of
Area Network. 4. The authors found that despite devices mobility being
IoT Internet of Things an important feature of the IoT, it has received remark-
RPL Routing Protocol for Low Power and
ably little attention in the research on RPL networks.
The study considers the mobility of the nodes in the
Lossy Networks
network.
AODV Adhoc On-Demand Distance Vector
pro
OSPF Open Shortest Path First
DSR Dynamic Source Routing 5. To examine the effect of attacks on devices and net-
IETF Internet Engineering Task Force works, most researchers have adopted a small network
DODAG Destination Oriented Direction Acyclic scenario. We increased the number of experimental
Graph nodes to 50 and examined various performance met-
DIO Destination information object rics using Contiki Cooja.
Analyzing IoT efficiency in a resource-constrained context
DIS DODAG Information Solicitation
DAO Destination Advertisement Object
MRHOF Minimum Rank with Hysteresis Objective
is the aim of this study. This research helps in figuring
Function out how the system reacts in dynamic network scenarios.
OF0 Objective Function Zero This will be useful for developing a network of endangered
animal species and for military applications. Security is a
VA
VAM re-
Version Attack with static sensor node
Version Attack with mobile sensor node top concern for these kinds of applications because they are
so crucial. IoT 4.0 is a growing industry, and it is a new
revolution, this increases the scope of our contribution. We
need to address attacks on IoT and their consequences on the
not only through communication medium but also through network.
small devices [15, 60]. In a research by Eyal Itkin et al. The remaining paper is organized as follows: Section 2
infected a network using a Fax Machine [18]. 6LoWPAN presents the details of RPL protocol and version number
is also not secure, and attackers try to exploit it too which
lP
attack. The related work and the security methods devised
could have drastic implication in lossy networks. This paper by different researchers specifically for RPL based attacks
focuses on the routing attacks specifically version number is summarized in section 3. Further, Section 4 shows the
attack in RPL based 6LoWPAN. RPL has its own set of metrics used for the performance analysis. Section 5 depicts
attacks based on network topology, traffic and resource the impact of the version attack with static and mobile nodes.
based. Due to the ad-hoc nature of IoT, detecting routing Section 6 discusses the impact of the version attack and why
attacks in RPL-based 6LoWPAN is extremely difficult. In it is important to detect and Section 7 concludes the paper
RPL based 6LoWPAN attacker tries to flood the network with some insights of implementation and future research
rna
impact analysis of version number attacks on the RPL based Routing protocol for Low Power and Lossy Networks
6LoWPAN where the nodes are static and mobile. This in short RPL was designed to deal with lossy networks
attack is implemented by modifying the control message which suffers from communication delay and constrained
packet and muticasting the modified packet in the network resources. RPL has become very useful protocol in re-
which is explained in the section 2.2. Table 1 shows the source constrained environments like agriculture, remote
abbreviations used in this paper. areas monitoring, military applications and many more [3].
RPL was designed to perform energy-efficient routing
1.1. Contributions in 6LoWPAN, which suffers from the lossy link, delay and
This research contributes the following: varying convergence of the networks. Fig. 1 shows embed-
1. The analysis of version attack in RPL based 6LoW- ding of RPL which is the distance vector routing algorithm
PAN while considering the mobility of the sensor with adaptation layer 6LoWPAN.
nodes.
of
resolves count to infinity problem. When nodes receive DIO
messages with a higher version number, they can raise their
rank. The “Trickle timer" is used for limiting the control
message and the timer is increased or decreased depending
on whether the DODAG is stable or inconsistent [56].
pro
Figure 1: IoT Network Architecture with Adaptation Layer
2.2. Version Attack
RPL which was primarily suggested for the low power
RPL forms a loop-free topology based on Destination and lossy networks maintains the DODAG which comprises
Oriented Directed Acyclic Graph (DODAG) and specifies of the RPLInstanceD, DODAGID. DODAGID is a unqiue
routes between the nodes as shown in Fig. 2. The destination identifier for the DODAG root. When the network is formed
node of the DODAG is known as border router or sink. each DODAG has a unique Version which shows the current
RPLInstanceID, DODAGID, and DODAGVersion are used iteration of the DODAG and this number increments over
to identify a DODAG. RPL characteristics include auto- the time when the root forms a new version of the DODAG
configuration, self-healing, loop avoidance and detection, to reconfigure the network when there are lots of incon-
sinks.
re-
link quality, establishing node rank and support for multiple sistencies occur. This global repairs happens when there is
no parent for the node, links broken or the timer triggers
for the repair to maintain the integrity of the network. To
maintain the network topology, RPL uses different control
messages DIO (DODAG Information Object, DIS(DODAG
Information Solicitation) , DAO (Destination Advertisement
Object), DAO-ACK(DAO Acknowledgement) and depend-
ing on the objective function sensors select the parent node
lP
and this forms the optimal path to the root node[1].
The root node is responsible to increment the version
number but if there is an attacker in the network then it could
increment the version number when it receives the DIO
message and the attacker sends the modified DIO message in
the network which enforces the DODAG reconfiguration and
re-computation. This makes inconsistency in the network
since most of the time root generates the control messages to
rna
of
3. Related Work
This section 3 discusses recent research that has shown
the impact and analysis in terms of packet delivery ratio,
end to end delay, power consumption specifically for version
attack. The latest study by Ahmet Arış et al. showed in their
paper [8] impact of multiple attackers on the performance
pro
of the network by taking into account different metrics
like PDR, attacker position, average delay, average power
consumption. Their paper showed that multiple attackers
Figure 3: Version Attack by multicasting DIO only affect the packet delivery ratio and the attack adversely
affects the network if the malicious node is closer to the root
node.
number of attackers and adequately positioning the attack- We start our discussion with the paper by Congu Pu et.
ers [34]. It is vital to address this attack as it is very easy to al [42] who used the Gini Index model to mitigate the Sybil
implement and adversely affects the network. attack. This technique uses Gini impurity to detect the DIS
This research takes internal node as an adversary node
re-
that participates in the creation of the network topology.
After the topology has been established, the node will begin
attacking once the network has stabilised. We analysed the
attack in different scenarios taking the attacker node at
attacker nodes, and the control message impurity increase
when there is a Sybil attack. The defence mechanism dis-
cards the DAO messages if it exceeds the threshold limit.
Although this solution is capable of identifying Sybil Attack
but not able to identify the attacker node.
different hops i.e. at one hop, two hop or hop from the sink par Sharma et. al [51] have proposed a technique for
node which provides extensive results that we have shown simulating attacks for generating the dataset for multiple
through different graphs. attacks. They generated a dataset for Version attack, Hello
The attack model shown in Fig. 3 is implemented as
lP
Flood attack, and decreased rank attack and identified 58
shown in Algorithm 1. features to apply the machine learning algorithm to classify
attacks. Sarumathi et. al [36] have proposed an IDS system
Algorithm 1 Version Attack for Sybil attack using the Artificial Bee Colony (ABC) in-
1: 𝑁𝑜𝑑𝑒𝑁 , 𝑁𝑜𝑑𝑒𝐴 , 𝑉 𝑒𝑟𝑁𝑢𝑚 ⊳ Legitimate, Attacker spired algorithm when the nodes are mobile. The IDS system
Node, Version Number counts the number of control messages in the stipulated
2: procedure Version Attack period and calculates the timestamp between the message;
3: Time 𝑡 the 𝑁𝑜𝑑𝑒𝐴 joins network ⊳ Attacker Node if it exceeds, the flag is set to check whether the event is
rna
of
Anomaly) Control charts) to detect the network anomalies.
2. Kasinathan Signature Based To detect DoS attacks using Suricata open source IDS. No performance study
et al. [24] (DEMO) Uses Frequency Agility Manager to operate in different of the IDS. No mobility
2013 channels. considered.
3. Raza et al. Anomaly Based Detects Spoofed Informatio, Sinkhole and Selective Do not consider mobility
[45] 2013 (SVELTE) forwarding attacks. Based on Mapper, Analyzer and of nodes.
pro
Detector. Nodes sends the RPL information to Gateway.
Involves network graph inconsistency in IDS. Provides
less computational overhead
4. Zhang et al. Specification Detects routing choice intrusion. Uses FSM for moni- Only homogeneous
[64] 2015 Based toring nodes to implement normal and malicious states. nodes are considered.
Detects attack if any node sends DIO message with
lower ETX value.
5. Pongle and Anomaly Based Detects Wormhole attacks. Uses node’s and neighbor’s Lot of computation
Chavan [41] information to detect attack. Uses RSSI to detect at- and communication
2015 tacker nodes. overhead
6. Surendar Specification To detect Sinkhole attack in RPL. Cluster head acts Considers only homoge-
7.
and Uma-
makeswari
[54] 2016
Le et al. [29]
Based (InDReS)
Specification
re-
as monitoring node and counts the packet drops of the
adjacent nodes. Compare the ranks of the neighboring
nodes with the threshold value and detects the malicious
node.
Lacks in implementation and performance analysis.
neous nodes
No mobility considered.
2011, Based Extends works in their next paper by proposing EFSM
Le et al. [30] which detects Rank, Local Repair, DIS, Sinkhole at-
2016 tacks. EFSM created using Integer Linear Program-
lP
ming. By generating RPL trace files shows the legiti-
mate states with transitions
8. Lai [28] 2016 Specification Detects Wormhole attacks. Uses hop count to find rank PDR, E2ED, Power con-
Based metric and sees any node having unacceptable rank. sumption not analyzed.
Make DIO message is considered malicious if rank
increases the threshold.
9. Mayzaud Anomaly Based Detects DODAG inconsistency attacks. Two types of Considers only single at-
et al. [33] node: monitoring and monitored. Monitoring nodes tacker. Uses high order
2016 collect data and detects attacks in distributes manner. devices which adds cost
rna
overhead.
10. Mayzaud Anomaly Based Extends previous work by detecting Version attack. Col- Only one attacker is as-
et al. [31] laboration of monitoring nodes to transfer information sumed
2016 using multi instance network.
11. Mayzaud Anomaly Based Extends previous work by allowing monitoring nodes to No mobility considered.
et al. [34] send information to the root about who changed the Ver-
2017 sion number called Local Assessment. The Localization
algorithm deployed on the sink detects the attacker.
12. Mayzaud Anomaly Based To detect Selective Forwarding attack. Uses two Implementation
et al. [34] types of nodes: Gateway (Centralized node), overhead. No mobility
Jou
14. Bostani and Hybrid IDS Detects Sinkhole, Selective forwarding and Wormhole Not suitable for the en-
Sheikhan attacks. Specification module deployed on the router ergy constrained envi-
[12] 2017 nodes analyze their child nodes and sends the informa- ronment.
tion to the Gateway. Gateway uses anomaly approach
uses the Optimum path Forest Clustering on the incom-
of
ing packets from the router nodes.
15. Napiah et al. Signature Based Detects HELLO flood, Sinkhole and Wormhole attacks. Technique require high
[38] 2018 (CHA-IDS) Extracts the header data to detect attacks. Apply ML end machine. No mobil-
algorithms. ity considered.
16. Ioulianou Signature Based Detects DIS and Version Number attacks. Uses IDS Framework is not vali-
et al. [23] routers and IDS detectors(Sends malicious info to dated. No mobility con-
pro
2018 routers). sidered.
17. Shafique Specification Detects rank attack. Uses the node current rank, parent Accuracy decreases with
et al. [49] Based (SBIDS) rank, previous rank for detecting the malicious node by mobile nodes. Considers
2018 using the DAO message. mobile nodes.
18. Verma and Anomaly based Uses the dataset CIDDS-001 and apply K-Means and No real time solution.
Ranga [57] KNN ML techniques.
2018
19. Kfoury et al. Signature Based Detects Sinkhole, Version Number and HELLO flood- Lot of implementation
[25] 2019 (SOMIDS) ing attacks. Perform clustering of traffic classes using overhead. No mobility
Pcap files. Data aggregation on DIS, DAO, DIO, rank, considered.
20. Verma
Ranga
2019
and
[58]
Anomaly based
re-
version number change and mote power.
DetectsSinkhole, Blackhole, Sybil, Clone ID, Selective
Forwarding, Hello Flooding and Local Repair attacks
on RPL using NIDDS17 dataset. It uses ensemble clas-
sifiers.
Approach does not con-
sider mobility of nodes
21. Abhishek and Anomaly based Uses the datasets CIDDS-001, UNSW-NB15, and NSL- No real time solution. No
Virender [2] KDD to detect the attack DoS attack. Implements sev- mobility considered
2020 eral ML algorithms and measures the performance in
terms of accuracy, FPR, AUC etc.
lP
22 Pu [42] 2020 Gini Index Model EThis technique uses Gini impurity to detect the DIS at- Unable to identify the at-
tacker nodes, and the control message impurity increase tacker node
when there is a Sybil attack.
23. Agiollo et al. Hybrid IDS Uses dataset RADAR to detect around 14 routing at- No real time solution.
[3] 2021 tacks using NetSim. Anomaly part detects the malicious
node since it knows how node behaves when there is no
attacker. It uses AutoRegressive Integrated Moving Av-
erage (ARIMA) model. Signature part sees the specific
rna
[48] 2022 Drop per terminal (PDPT) metrics as input to the fuzzy is Jamming attack. Does
system. Defuzzified output provides the percentage of not find the attacker
jamming of a node. node. Mobility is not
addressed
26 Kiran [26] Anomaly based Extension to SVELTE. DWA-IDS uses the Nmapper Mobility is not addressed
2022 and IDS module.
27 Sharma et al. Behaviour Based Analysis and mitigation of blackhole attack using sus- Do not consider mobile
[50] 2022 pect identification and verification. nodes. Only accuracy
metrics.
28 This Paper Analysis of Ver- Analysis of version attack in mobile and static environ- Considers mobile nodes.
sion Attack ment. Very useful in healthcare, military and species- Intensive analysis
tracking applications through metrics PDR,
AE2ED, Energy.
how far the attacker node is and similar results when the Table 3
nodes are moving. Simulation Parameters
In this continuation Anthéa Mayzaud et al. [34] proposed
a distributed mechanism based on RPL to detect the version Parameters Value
attack and found that the average FPR rate decreases with the
of
Simulator Cooja (Contiki 3.0)
increase in monitoring node [34]. In the paper Ahmet Arıs et Simulation Time 1800 Seconds
al. [9]a lightweight mitigation technique for identifying the DODAG Root Rank 1
Version attack. In this mitigation technique, they proposed Scenario Dimension 200 * 200 𝑚2
that version number change could not be reflected by the Number of Sensor Nodes 10, 20,30,40,50
nodes which have a lower rank. Another more generalized Gateway Nodes 1
mitigation technique proposed irrespective of the attacker’s
pro
Mote Type Z1
position is based on the neighbours with better rank claiming Transport Layer Protocol UDP
the version number change. There proposed approach does RaDIO Medium Unit Disk Graph Medium
not consider the mobility of nodes where topology dynami- PHY and MAC Layer IEEE 802.15.4
cally changes. Transmission Range 50 m
A distributed approach is proposed by Ahmed et al. [4] Number of Attacker nodes 10% , 20%, 30%
to mitigate the version attack for the dense networks in RPL. Number of Mobile nodes 50%
The node that receives the changed version number sends
Speed of Node 1 to 2 m/sec
verification procedures to nodes 2-hop far away from it.
Data Packet Size 30 bytes
Cooperatively, all the nodes involved in the detection process
Data packet sending interval 60secs
re-
send their version number to the source. Collectively, it
decides to change or not to change the version number.
Osman et al. [39] proposed a machine learning based
version attack in RPL using Gradient Boosted Machines.
The approach generates the data-sets by simulating the sce-
There are many critical applications of IoT that run
over resource-constrained networks and need lightweight,
secure, scalable, and mobility supported solutions to main-
narios with and without attackers in Contiki cooja and tain user’s security and privacy [27, 46, 47]. 6LoWPAN is
generating the .pcap files. After pre-processing the data, one such example that run over resource-constrained devices
the Gradient Boosted Machines (GBM) is applied to know or nodes [10, 35]. In most of the proposed solutions, we
lP
whether the data is malicious or benign. could see that there is a lack of analysis where the nodes are
In his dissertation by Raoof [44] discusses mitigation mobile. But in today’s world, IoT consists of mobile nodes.
of different attacks in RPL based networks. The proposed These mobile nodes may drastically impact the network’s
approach is based on trust-based solutions using Chained performance in a constrained environment. This paper takes
Secure Mode (CSM) without mobility in the network. In a set of mobile nodes and multiple attackers and evaluates
the paper [7] by A. Arul Anitha discusses mitigation of performance using parameters like Packet delivery ratio,
version attack by comparing the version number with the Delay and power consumption.
root node’s version. If there is a mismatch, it invokes the
rna
detect and mitigate version number attacks and other RPL rebuild the operating system with better algorithms.
specific attacks using behaviour based and anomaly-based Table 3 depicts the simulation parameters on which
approaches. Some researchers also proposed cryptography the network behaviour analysis is carried out. Experimental
based, trust-based solutions but these solutions are not results show that there is significant impact of mobility in
prominent in the resource limited networks. Some of the IDS 6LoWPAN networks. This study which aims to analyze the
proposed by the researchers is summarized in the Tab. 2. But network behaviour when there are attackers in the network
most of the solutions do not include the mobility of nodes in have the following objectives
the network. This paper focuses on version number attack
by considering nodes’ mobility and shows the efficiency 1. Performance analysis using parameters such as Packet
metrics by varying the number of attacker nodes. Delivery Ratio, End to End Delay, Power Consump-
tion etc. in non attacking mode
2. Impact of Version Attack on the PDR, Delay and were modified to implement the version attack primarily the
Power Consumption rpl-icmp6.c file. The experiments were done using different
3. Analysis of network with mobility and Version attack number of nodes.
which is the main objective of this paper. The Zoletia Z1 mote, which we used to build the IoT,
contains 92KB of ROM and 8KB of RAM [65]. The version
of
All the simulations were carried out for 15 minutes so attack we have implemented fits comfortably inside the
that real impact on the network could be traced. We assume capabilities of the Z1 mote. In order to function, this im-
that 50% of the nodes are mobile and rest are static. We plementation makes changes to the files used by the Contiki
therefore thoroughly examined a hybrid network. We also OS. We build a network with both good legitimate and
assume that attacker node is static which compromises the malicious nodes. Increasing the percentage of malicious
nodes sitting around it. nodes illustrates the implications. The findings are described
pro
in greater detail in Sections 5.1 5.2 5.3. These findings
4.1. Performance Evaluation Parameters demonstrate a significant effect on Packet delivery Ratio,
This simulation uses the metrics such as Packet Delivery Average End-to-End Delay, and Power Consumption as the
Ratio, Power Consumption and End to End delay to see the number of attacker nodes increases.
impact of mobility with version attack on the performance.
Formulae for these metrics is explained as below. 5.1. Result Analysis: Packet Delivery Ratio
Figure 4 shows the average PDR when all nodes are
• Packet Delivery Ratio is calculated as: static w.r.t varying the number of nodes. The impact of the
𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑃 𝑎𝑐𝑘𝑒𝑡𝑠 𝑅𝑒𝑐𝑒𝑖𝑣𝑒𝑑 𝑎𝑡 𝑆𝑖𝑛𝑘 attack can be seen clearly when the percentage of attacker
node increases, the PDR goes down drastically. This also
𝑃 𝐷𝑅 =
𝑁
∑
𝑖=1
re-
𝑃 𝑎𝑐𝑘𝑒𝑡𝑠_𝑆𝑒𝑛𝑡_𝐵𝑦_𝑁𝑜𝑑𝑒𝑖
This depicts the ratio of the time taken by each closer to the root node, it will change the version number and
successfully delivered packet to the Gateway to the forcefully lets the root node to reconfigure the network. The
number of packets without considering the unsuccess- mobility of the nodes itself could reduce the PDR. Figure 5
rna
ful packets. shows that mobility with the attacker node reduces the PDR
significantly and the graph also reflects the increase in the
PDR in certain cases for e.g. when N=40 there is increase
• Power Consumption in PDR which is due to random moves of the nodes and
sometimes it is quite possible that while moving if the nodes
𝐸𝑛𝑒𝑟𝑔𝑦𝑐 = (𝐶𝐶𝑃 𝑈 + 𝐶𝐿𝑃 𝑀 + 𝐶𝑇 𝑋 + 𝐶𝑅𝑋 ) 𝑚𝐽 (1) are closer to the root then they will be surely able to deliver
packets to the root node. Apart from this, it also depends on
the random scattering of the nodes and distance from the root
𝐸𝑛𝑒𝑟𝑔𝑦𝑐 node.
𝑃 𝑜𝑤𝑒𝑟 = 𝑚𝑊 (2) The above result analysis is satisfied by the Fig. 6. This
Jou
𝑇 𝑜𝑡𝑎𝑙𝑡𝑖𝑚𝑒
histogram depicts the PDR by combining the results of the
The power consumption is calculated for different static and mobile scenarios. There is a significant drop in the
states of the node i.e. radio is on/off, micro-controller PDR when the nodes are moving. In the figure the abbrevia-
is receiving or transmitting signals or micro-controller tions VA and VAM are for Version Attack with Static Nodes
is in low power mode and Version Attack with Mobile Nodes respectively.
of
pro
Figure 4: Packet Delivery Ratio: Static Nodes
re-
lP
Figure 5: Packet Delivery Ratio: 50% of the Mobile Nodes
of
pro
Figure 7: Average End to End Delay: Static Nodes
re-
Figure 8: Average End to End Delay: Mobile Nodes
lP
6. Discussions drops significantly when nodes are mobile and its impact
will depend on the attacker position of the attacker as well.
The results that we achieved experimentally in these
End to end delay is very high when the nodes are mobile
scenarios shows that mobility results in lot of consumption
and the figures shows that at it is quite large at 1-hop with
of resources in terms of power, number of hops to reach the the increase in number of attackers. Similarly we can also
destination for the packets (delay). The nodes were moved conclude for power consumption which increase with the
using the random waypoint model [11]. The purpose of this mobility of nodes. This paper tries to show the intensive
rna
of
pro
Figure 10: Average Power Consumption: Mobile Nodes
References
[1] Zahrah A Almusaylim, NZ Jhanjhi, and Abdulaziz Alhumam. De-
tection and mitigation of rpl rank and version number attacks in the
internet of things: Srpl-rp. Sensors, 20(21):5997, 2020.
[2] Verma Abhishek and Ranga Virender. Machine learning based
Jou
[7] A Arul Anitha and L Arockiam. Venadet: Version number attack [27] Aparna Kumari, Sudeep Tanwar, Sudhanshu Tyagi, Neeraj Kumar,
detection for rpl based internet of things. Solid State Technology, 64 Reza M Parizi, and Kim-Kwang Raymond Choo. Fog data analytics:
(2):2225–2237, 2021. A taxonomy and process model. Journal of Network and Computer
[8] Ahmet Arış and Sema F Oktuğ. Analysis of the rpl version number Applications, 128:90–104, 2019.
attack with multiple attackers. In 2020 International Conference [28] Gu-Hsin Lai. Detection of wormhole attacks on ipv6 mobility-based
wireless sensor network. EURASIP Journal on Wireless Communi-
of
on Cyber Situational Awareness, Data Analytics and Assessment
(CyberSA), pages 1–8. IEEE, 2020. cations and Networking, 2016(1):1–11, 2016.
[9] Ahmet Arış, Sıddıka Berna Örs Yalçın, and Sema F Oktuğ. New [29] Anhtuan Le, Jonathan Loo, Yuan Luo, and Aboubaker Lasebae.
lightweight mitigation techniques for rpl version number attacks. Ad Specification-based ids for securing rpl from topology attacks. In
Hoc Networks, 85:81–91, 2019. 2011 IFIP Wireless Days (WD), pages 1–3. IEEE, 2011.
[10] Ankur O Bang, Udai Pratap Rao, Pallavi Kaliyar, and Mauro Conti. [30] Anhtuan Le, Jonathan Loo, Kok Keong Chai, and Mahdi Aiash. A
Assessment of Routing Attacks and Mitigation Techniques with RPL specification-based ids for detecting attacks on rpl-based network
pro
Control Messages: A Survey. ACM Computing Surveys (CSUR), 55 topology. Information, 7(2):25, 2016.
(2):1–36, 2022. [31] Anthéa Mayzaud, Rémi Badonnel, and Isabelle Chrisment. Detecting
[11] Christian Bettstetter, Hannes Hartenstein, and Xavier Pérez-Costa. version number attacks in rpl-based networks using a distributed
Stochastic properties of the random waypoint mobility model. Wire- monitoring architecture. In 2016 12th International Conference on
less networks, 10(5):555–567, 2004. Network and Service Management (CNSM), pages 127–135. IEEE,
[12] Hamid Bostani and Mansour Sheikhan. Hybrid of anomaly-based 2016.
and specification-based ids for internet of things using unsupervised [32] Anthea Mayzaud, Remi Badonnel, and Isabelle Chrisment. A Taxon-
opf based on mapreduce approach. Computer Communications, 98: omy of Attacks in RPL-based Internet of Thing. International Journal
52–71, 2017. of Network Security, 18(3):459–473, 2016.
[13] Ismail Butun, Patrik Österberg, and Houbing Song. Security of [33] Anthéa Mayzaud, Anuj Sehgal, Rémi Badonnel, Isabelle Chrisment,
the internet of things: Vulnerabilities, attacks, and countermeasures. and Jürgen Schönwälder. Using the rpl protocol for supporting passive
IEEE Communications Surveys & Tutorials, 22(1):616–644, 2019. monitoring in the internet of things. In NOMS 2016-2016 IEEE/IFIP
[15] CISOMAG.
you feel less secure.
re-
[14] Erdem Canbalaban and Sevil Sen. A cross-layer intrusion detection
system for RPL-based Internet of Things. In International Conference
on Ad-Hoc Networks and Wireless, pages 214–227. Springer, 2020.
10 iot security incidents that make
https://cisomag.eccouncil.org/
10-iot-security-incidents-that-make-you-feel-less-secure/.
Network Operations and Management Symposium, pages 366–374.
IEEE, 2016.
[34] Anthéa Mayzaud, Rémi Badonnel, and Isabelle Chrisment. A dis-
tributed monitoring strategy for detecting version number attacks in
rpl-based networks. IEEE Transactions on Network and Service
Management, 14(2):472–486, 2017.
Accessed: 2020-01-10. [35] Geoff Mulligan. The 6lowpan architecture. In Proceedings of the 4th
[16] Adam Dunkels, Bjorn Gronvall, and Thiemo Voigt. Contiki-a workshop on Embedded networked sensors, pages 78–82, 2007.
lightweight and flexible operating system for tiny networked sensors. [36] Sarumathi Murali and Abbas Jamalipour. A lightweight intrusion
In 29th annual IEEE international conference on local computer detection for sybil attack under mobile rpl in the internet of things.
lP
networks, pages 455–462. IEEE, 2004. IEEE Internet of Things Journal, 7(1):379–388, 2019.
[17] Amit Dvir, Levente Buttyan, et al. Vera-version number and rank [37] Syeda M Muzammal, Raja Kumar Murugesan, and NZ Jhanjhi. A
authentication in rpl. In 2011 IEEE Eighth International Conference comprehensive review on secure routing in internet of things: Miti-
on Mobile Ad-Hoc and Sensor Systems, pages 709–714. IEEE, 2011. gation methods and trust-based approaches. IEEE Internet of Things
[18] Yannay Livneh Eyal Itkin and Yaniv Balmas. Faxploit: Sending Journal, 2020.
fax back to the dark ages. https://research.checkpoint.com/2018/ [38] Mohamad Nazrin Napiah, Mohd Yamani Idna Bin Idris, Roziana
sending-fax-back-to-the-dark-ages/. Accessed: 2018-08-12. Ramli, and Ismail Ahmedy. Compression header analyzer intru-
[19] Olfa Gaddour and Anis Koubâa. RPL in a nutshell: A survey. sion detection system (cha-ids) for 6lowpan communication protocol.
Computer Networks, 56(14):3163 – 3178, 2012. ISSN 1389-1286. IEEE Access, 6:16623–16638, 2018.
rna
[20] Ghada Glissa, Abderrezak Rachedi, and Aref Meddeb. A secure rout- [39] Musa Osman, Jingsha He, Fawaz Mahiuob Mohammed Mokbal,
ing protocol based on rpl for internet of things. In 2016 IEEE Global Nafei Zhu, and Sirajuddin Qureshi. Ml-lgbm: A machine learning
Communications Conference (GLOBECOM), pages 1–7. IEEE, 2016. model based on light gradient boosting machine for the detection of
[21] Gnawali and Levis. The minimum rank with hysteresis objective version number attacks in rpl-based networks. IEEE Access, 2021.
function (MRHOF). IETF, CA, USA, RFC, 6719, 2012. [40] Fredrik Österlind. A sensor network simulator for the Contiki OS.
[22] O Gnawali and P Levis. The ETX Objective Function for RPL,” draft- Swedish Institute of Computer Science, 2006.
gnawali-roll-etxof-01. URL https://tools. ietf. org/html/draft-gnawali- [41] Pavan Pongle and Gurunath Chavan. Real time intrusion and worm-
roll-etxof-00, 2010. hole attack detection in internet of things. International Journal of
[23] Philokypros Ioulianou, Vasileios Vasilakis, Ioannis Moscholios, and Computer Applications, 121(9), 2015.
Michael Logothetis. A signature-based intrusion detection system for [42] Cong Pu. Sybil attack in RPL-based internet of things: analysis and
the internet of things. Information and Communication Technology defenses. IEEE Internet of Things Journal, 7(6):4937–4949, 2020.
Jou
Form, 2018. [43] Ahmed Raoof, Ashraf Matrawy, and Chung-Horng Lung. Routing
[24] Prabhakaran Kasinathan, Gianfranco Costamagna, Hussein Khaleel, attacks and mitigation methods for rpl-based internet of things. IEEE
Claudio Pastrone, and Maurizio A Spirito. An ids framework for Communications Surveys & Tutorials, 21(2):1582–1606, 2018.
internet of things empowered by 6lowpan. In Proceedings of the 2013 [44] Ahmed Mohammed Raoof. Secure Routing and Forwarding in RPL-
ACM SIGSAC conference on Computer & communications security, based Internet of Things: Challenges and Solutions. PhD thesis,
pages 1337–1340, 2013. Carleton University, 2021.
[25] Elie Kfoury, Julien Saab, Paul Younes, and Roger Achkar. A self [45] Shahid Raza, Linus Wallgren, and Thiemo Voigt. Svelte: Real-time
organizing map intrusion detection system for rpl protocol attacks. intrusion detection in the internet of things. Ad hoc networks, 11(8):
International Journal of Interdisciplinary Telecommunications and 2661–2674, 2013.
Networking (IJITN), 11(1):30–43, 2019. [46] Sandip Roy, Santanu Chatterjee, Ashok Kumar Das, Samiran Chat-
[26] Usha Kiran. IDS To Detect Worst Parent Selection Attack In RPL- topadhyay, Neeraj Kumar, and Athanasios V Vasilakos. On the design
Based IoT Network. In 2022 14th International Conference on of provably secure lightweight remote user authentication scheme for
COMmunication Systems & NETworkS (COMSNETS), pages 769– mobile cloud computing services. IEEE Access, 5:25808–25825,
773. IEEE, 2022. 2017.
[47] Sandip Roy, Ashok Kumar Das, Santanu Chatterjee, Neeraj Kumar,
Samiran Chattopadhyay, and Joel JPC Rodrigues. Provably secure
fine-grained data access control over multiple cloud servers in mobile
cloud computing based healthcare applications. IEEE Transactions
on Industrial Informatics, 15(1):457–468, 2018.
[48] Michael Savva, Iacovos Ioannou, and Vasos Vassiliou. Fuzzy-logic
of
based ids for detecting jamming attacks in wireless mesh iot networks.
arXiv preprint arXiv:2205.03797, 2022.
[49] Usman Shafique, Abid Khan, Abdur Rehman, Faisal Bashir, and
Masoom Alam. Detection of rank attack in routing protocol for low
power and lossy networks. Annals of Telecommunications, 73(7):
429–438, 2018.
pro
[50] Deepak Kumar Sharma, Sanjay K Dhurandher, Shubham Kumaram,
Koyel Datta Gupta, and Pradip Kumar Sharma. Mitigation of black
hole attacks in 6lowpan rpl-based wireless sensor network for cyber
physical systems. Computer Communications, 189:182–192, 2022.
[51] Mridula Sharma, Haytham Elmiligi, Fayez Gebali, and Abhishek
Verma. Simulating attacks for rpl and generating multi-class dataset
for supervised machine learning. In 2019 IEEE 10th Annual Informa-
tion Technology, Electronics and Mobile Communication Conference
(IEMCON), pages 0020–0026. IEEE, 2019.
[52] Dharmini Shreenivas, Shahid Raza, and Thiemo Voigt. Intrusion
detection in the rpl-connected 6lowpan networks. In Proceedings
of the 3rd ACM international workshop on IoT privacy, trust, and
security, pages 31–38, 2017.
[62] Isam Wadhaj, Baraq Ghaleb, Craig Thomson, Ahmed Al-Dubai, and
William J Buchanan. Mitigation mechanisms against the dao attack
on the routing protocol for low power and lossy networks (rpl). IEEE
Access, 8:43665–43675, 2020.
[63] Tim Winter, Pascal Thubert, Anders Brandt, Jonathan W Hui, Richard
Kelsey, Philip Levis, Kris Pister, Rene Struik, Jean-Philippe Vasseur,
Roger K Alexander, et al. RPL: IPv6 Routing Protocol for Low-Power
and Lossy Networks. rfc, 6550:1–157, 2012.
[64] Lan Zhang, Gang Feng, and Shuang Qin. Intrusion detection system
for rpl from routing choice intrusion. In 2015 IEEE International
Conference on Communication Workshop (ICCW), pages 2652–2658.
IEEE, 2015.
[65] Zoletria. Z1 Datasheet. URL http://zolertia.sourceforge.net/wiki/
images/e/e8/Z1_RevC_Datasheet.pdf.
Author Statement
of
Girish Sharma: Conceptualization, Methodology, Writing- Original draf
preparation, Sofware Jyoti Grover: Data curation, Writing- Reviewing and
Editing, Abhishek Verma: Visualization, Investigation, Supervision, Writing-
pro
Reviewing and Editing
re-
lP
rna
Jou
Journal Pre-proof
Declaration of interests
☐ The authors declare that they have no known competing financial interests or personal relationships
of
that could have appeared to influence the work reported in this paper.
pro
re-
lP
rna
Jou