Most IoT applications explore the Routing Protocol for Low-Power and Lossy Networks (RPL) as a routing protocol. Two important functions in RPL are DODAG construction using Objective Functions (OFs) and the Trickle algorithm.
An objective function, OF accounts for various node attributes and link cost metrics. However, from a security point of view, the RPL lacks integration of security-related metrics to avoid the attackers from DODAG construction, so it is vulnerable to routing attacks.
Adversarial activities and restricted resource availability make critical challenges in designing a reliable RPL protocol for IoT applications. Expansion of network size and trending services in IoT make a lot of issues in providing security protection.
For example, the attacker can compromise the smart IoT devices in the application to carry out several routing attacks, such as a Rank attack, HelloFlood attack, data eavesdropping, and so on.
Recently, several researchers have been involved in designing different ways to carry out a reliable and secure routing.
1. Trust-Based Security Scheme
2. Intrusion Detection System
3. Learning Models based Security Scheme
RPL Attacks in IoT
DODAG Inconsistency Attack:
• DODAG inconsistency attack manipulates the RPL IPv6 header options to force the legitimate nodes to drop packets.
• It tends to denial of service, and it increases the control overhead
• Through a DODAG inconsistency attack, a malicious node can modify all packets it forwards.
• Dropping attacks are Black and selectively forwarding Attack, Sink Hole Attack, Rank attack, Worm Hole Attack, and Version Number attack.
• The first two attacks continuously and selectively drop the received data packets.
• The sink-hole and Rank attacks use fake rank values, and the Version attack explores fake versions to modify the network structure and drop the packets.
• The worm-hole attack makes a tunnel between two malicious nodes, transmitting packets from one end to another.
• The flooding attackers send unlimited control messages such as DIO and DIS messages to the legitimate node over time. It tends to Denial of Service (DoS) and interrupts legitimate node communication.
• It consumes the resources of network nodes unnecessarily.
• Several attacks delay the packet transmission or make the data packets invaluable.
• Examples are Local Repair and DIO suppression attacks.
• They are launched by modifying the parameters in control messages, such as the rank number and version number.
• The theft attacks are mostly data confidentiality and integrity-related attacks.
• It attempts to trace the sensitive information from data communication initiated by legitimate nodes.
Trust Model for Dropping Attack Detection:
• A new centralized trust-based defense mechanism is designed to solve dropping attacks, such as selective forwarding in RPL.
• To detect the malicious nodes in the network and differentiate them from normal ones, the deviation from the DODAG structure and RPL network topology is considered.
• It avoids the use of third-party nodes and reduces unnecessary energy consumption.
• It accounts for the packet forward rate selection and bad-mouthing with children nodes selection for detecting the selectively forwarding attack.
Lightweight Trust based Model:
• The lightweight trust-based model estimates the trust value of nodes in terms of direct and indirect trust estimation. The direct trust is estimated using direct traffic observation, and the indirect trust is estimated by getting a recommendation from neighboring nodes.
• It explores the average received signal strength and the trust value in rank estimation and constructs a lightweight and secure DODAG structure for RPL communication.
• The lightweight trust-based model aims at protecting the network from DoS and Sybil attacks.
Control Layer Based Trust Model:
• The Control layer-based trust model considers the forwarding behavior of nodes to identify the malicious nodes.
• The complete control layer-based trust model improves the security of RPL with minimized energy consumption.
• It explores the subjective logic trust model for trust computation, and for a recommendation, an opinion triangle is used.
• It also predicts the relationship between the trust value and opinion spaces, and it can reduce the possibility of error in trust calculation.
• Successful packet delivery of nodes is considered for trust estimation and rank and Sybil attack identification.
• It combines both direct and recommended trust estimations. Both periodic and reactive trust update models are incorporated as per the network scenario.
• The SecTrust trustworthiness denotes the level of reliability of a node in communication with its directly connected neighbor. It is evaluated as a time-based successful packet exchange between nodes.
• The packet acknowledgments are used to confirm the successful packet delivery.
• It follows fuzzy threshold-based trust broadcast, i.e., broadcasting the identity of trustworthy nodes throughout the network.
Metric Routing Protocol for Detecting Untrustworthy Nodes for Packet Transmission:
• Routing metrics, such as PDR, hop count, and others, are used in the metric-based RPL secure routing protocol.
• The metrics are converted into game theory strategies, and identified malicious nodes are isolated from the network.
• It improves the efficiency of packet routing and energy consumption by the nodes for packet routing.
SoS-RPL Against Sink-Hole Attack:
• The SOS-RPL consists of two steps in sink-hole attack detection and providing secure and reliable communication over IoT.
• As per the distance-based routing decision, rate and rank values are provided to all the nodes.
• The malicious nodes can generate fake DIO messages to avoid being detected by the security scheme.
• Average packet transmission RREQ is used in the detection of such misbehaving nodes successfully.
Anomaly Based IDS Model:
• Anomaly-based IDS explores the game models, such as stochastic and evolutionary game models, to detect anomaly activities in RPL.
• It implements the evolutionary game model on clustered network topology and verifies the attacks successfully.
• By synchronizing the output of the stochastic game model, the legitimate players are differentiated from the malicious nodes.
•It can be extended using the learning models for further improvement in RPL security.
Specification Based IDS Model:
• The specifications denote all the legitimate protocol states and transitions with corresponding statistics.
• The specification-based IDS implements a set of rules, and each cluster head enables the IDS to monitor the nodes in its coverage.
• The specification-based IDS enables the nodes to store the sequences of RPL Information Object (DIO) and Information Solicitation (DIS) messages.
• Using such specifications, the cluster head nodes are involved in cross verification and identifying malicious activities.
Strainer-based intrusion detection:
• The blackhole attacks in RPL networks make them be involved in most routing paths by advertising a greater routing metric to neighboring nodes and selecting it as a preferred parent.
• Strainer-based IDS identifies the suspicious nodes by observing the rank value. The identities of suspected nodes are appended to the suspicious list.
• The Border router node is involved in analyzing the behavior of those nodes and isolates the confirmed malicious nodes from the network.
• The IDS is implemented on the sink node, and it is responsible for detecting and isolating the malicious nodes from the network.
• It helps in identifying the decreased rank attacks in non-storing RPL networks.
• It stores the actual rank value used in the current network scenario and compares it with the current ranks of parent nodes.
• A threshold value for parent switching is estimated under a normal environment. If a node crosses the threshold, the sink or root node marks it malicious.
• Another threshold-based IDS implements the Sequential Probability Ratio Test (SPRT) and an adaptive threshold.
• There are two modules such as network monitoring and decision making. The first module is implemented with the selected nodes, and the second one is implemented at the root node.
Random Forest-Based Sink Hole Detection in RPL:
• The RF-based Trust model incorporates machine learning and subjective logic for malicious packet classification and improving the RPL security.
• The trust model incorporates successful packet transmission routing metrics, delay, energy consumption, and honesty. By analyzing those metrics, the IDS helps identify the sinkhole attack in the IoT network.
• It either considers a direct or recommendation trust for the malicious node detection process. The identified sinkhole attackers are isolated from the network and secured RPL communication.
• Only a node invokes the RFTrust model when a satisfactory degree of the neighbor nodes is reduced more than the limit.
• Thus, it can mitigate additional overhead and energy consumption.
GRU Based RPL Security:
• Hello flooding attack is one of the main attacks that affect RPL performance. It mainly destructs an efficient RPL DODAG structure and consumes battery resources unnecessarily.
• The Gated Recurrent Unit, GRU, is used to design the RPL security scheme. It is preferred for resource-constrained IoT devices due to its simple structure.
• The memory consumption needed to execute the GRU is low due to using two gates only, such as reset and update; however, its speed is high in detecting malicious nodes.
MLP Based RPL Security:
• Multi-Layer Perceptron (MLP) is a feed-forward neural network that helps identify rank and hybrid attacks.
• It activates its three types of layers. Moreover, the hybrid attack can be classified into multiple labels.
• Compared to a single-layer perceptron, it incorporates multiple layers to learn both linear and non-linear models successfully.
• Using anomaly and signature-based features, MLP based scheme effectively identifies and labels the combined attacks of rank attack, flooding, and other routing layer attacks.
SVM for RPL Security:
• Support Vector Machine (SVM) is a supervised machine learning algorithm, and the RPL security provisioning scheme explores SVM to identify malicious activities using hyper-plane and n-dimensional space.
• The machine is learned using SVM with optimal packet features. Those features are identified using Principal Component Analysis (PCA), so the SVM-based RPL security can improve the performance of SVM.
• When the malicious classes are separated using margin, the SVM performs well in classification.
• The number of packet features in RPL dies not to affect the efficiency of RPL.
• It is highly suitable for resource-restricted devices in an IoT environment.
XGBoost for RPL Security:
• A machine learning-based framework is used to identify the new insider attack in RPL routing.
• A low complex machine learning algorithm, such as XGBoost, formulates a set of features by analyzing the network traffic information and builds the model for network behavior analysis.
Fuzzy Logic For RPL Security Provisioning:
• Local Repair attack on RPL is identified using fuzzy logic under IoT environments.
• The fuzzy logic method permits the security scheme to convert multiple input variables into one output and helps in differentiating the attacker nodes.
• The fuzzy logic performs fuzzification, fuzzy inference, aggregation, and defuzzification to classify the malicious nodes.
• It can handle the impact of incomplete trust estimation due to node mobility or packet drop since it also provides importance to the imcomplete measurement.
PSO based Deep learning Model for RPL Security:
• The RPL packets are collected under normal and malicious environments to create the RPL dataset.
• By analyzing the RPL dataset, the deep learning models can identify the malicious packets.
• The Particle Swarm Optimization (PSO) heuristic search approach tunes the hyper parameters used in deep learning models and improves the accuracy of malicious packet classification.
• The deep learning models are CNN, LSTM, GRU, and so on.
• The optimization scheme assists in detecting the near-optimal values of deep learning parameters cost-effectively.