Advertisement

Resilient against spoofing in 6LoWPAN networks by temporary-private IPv6 addresses

  • Monali MavaniEmail author
  • Krishna Asawa
Article

Abstract

An attacker can disrupt the network operations in the 6LoWPANs by spoofing the IPv6 address while evading the detection. Despite many existing spoofing prevention techniques, spoofing threat still persists. Thus, it becomes necessary to devise a method which can offer resilience against spoofing by reducing the attack disruption time. This study aims at reducing IPv6 spoofing attack disruption time in 6LoWPANs. Hence, it provides the resiliency against IPv6 spoofing threat. The time complexity analysis of the attack tree for the spoofing attack is performed to analyze the attack disruption time. The analytical results show that attack disruption window is directly proportional to the lifetime of the node addresses. The lower lifetime of node addresses ensure the reduction of the attack disruption window. Thus, the use of temporary node addresses can be a solution for reducing the spoofing attack disruption window. Node’s IPv6 address can be changed periodically to dissociate a node from its permanent identity. Hence, an attacker has to re-perform the attack to gain significant benefits. Corrupted routing table as a result of spoofing attack and its countermeasure is simulated in Cooja running Contiki operating system. The length of the attack window depends upon the periodicity of the address change. The higher frequency of address change decreases the attack disruption time with an increase in the communication cost. Simulations have been performed to compare the optimum value of address change periodicity concerning the communication cost for two private addressing schemes proposed in the literature.

Keywords

IPv6 spoofing 6LoWPAN Time-To-Live Attack disruption window Privacy addressing 

Notes

References

  1. 1.
    Airehrour D, Gutierrez J, Ray SK (2016) Secure routing for internet of things: a survey. J Netw Comput Appl 66:198–213CrossRefGoogle Scholar
  2. 2.
    Aura T (2005) Cryptographically Generated Addresses (CGA). RFC 3972 (Proposed Standard). http://www.ietf.org/rfc/rfc3972.txt. Updated by RFCs 4581, 4982
  3. 3.
    Badonnel AR, Mayzaud IC (2017) A distributed monitoring strategy for detecting version number attacks in rpl-based networks. IEEE Trans Netw Serv Manag 14(2):472–486.  https://doi.org/10.1109/TNSM.2017.2705290 CrossRefGoogle Scholar
  4. 4.
    Barbir A, Murphy SL, Yang Y (2006) Generic Threats to Routing Protocols. Tech. Rep. 4593.  https://doi.org/10.17487/RFC4593. https://rfc-editor.org/rfc/rfc4593.txt
  5. 5.
    Camtepe SA, Yener B (2007) Modeling and detection of complex attacks. In: 2007 Third international conference on security and privacy in communications networks and the workshops - securecomm 2007, pp 234–243.  https://doi.org/10.1109/SECCOM.2007.4550338
  6. 6.
    Choi J, In Y, Park C, Seok S, Seo H, Kim H (2018) Secure iot framework and 2d architecture for end-to-end security. J Supercomput 74(8):3521–3535.  https://doi.org/10.1007/s11227-016-1684-0 CrossRefGoogle Scholar
  7. 7.
    Chze PLR, Leong KS (2014) A secure multi-hop routing for iot communication. In: 2014 IEEE World forum on internet of things (WF-iot), pp 428–432.  https://doi.org/10.1109/WF-IoT.2014.6803204
  8. 8.
    Dunkels A, Grȯnvall B, Voigt T (2004) Contiki - A lightweight and flexible operating system for tiny networked sensors. In: Proceedings - conference on local computer networks, LCN, pp 455–462.  https://doi.org/10.1109/LCN.2004.38
  9. 9.
    Ghosh U, Datta R (2011) A secure dynamic ip configuration scheme for mobile ad hoc networks. Ad Hoc Netw 9(7):1327–1342.  https://doi.org/10.1016/j.adhoc.2011.02.008 CrossRefGoogle Scholar
  10. 10.
    Gomez C, Kim E, Kaspar D, Bormann C (2012) Problem statement and requirements for IPv6 over low-power wireless personal area network (6LoWPAN) routing. RFC 6606, RFC Editor. https://tools.ietf.org/pdf/rfc6606.pdf
  11. 11.
    Granjal J, Monteiro E, Silva JS (2010) Enabling network-layer security on ipv6 wireless sensor networks. In: 2010 IEEE Global telecommunications conference GLOBECOM 2010, pp 1–6.  https://doi.org/10.1109/GLOCOM.2010.5684293
  12. 12.
    Granjal J, Monteiro E, Silva JS (2015) Security for the internet of things: a survey of existing protocols and open research issues. IEEE Commun Surv Tutorials 17(3):1294–1312.  https://doi.org/10.1109/COMST.2015.2388550 CrossRefGoogle Scholar
  13. 13.
    Granjal J, Monteiro E, Silva JS (2015) Security in the integration of low-power wireless sensor networks with the internet: a survey. Ad Hoc Netw 24:264–287CrossRefGoogle Scholar
  14. 14.
    Gu T, Mohapatra P (2018) Bf-iot: Securing the iot networks via fingerprinting-based device authentication. In: 2018 IEEE 15Th international conference on mobile ad hoc and sensor systems (MASS), pp 254–262.  https://doi.org/10.1109/MASS.2018.00047
  15. 15.
    Halcu I, Stamatescu G, Sgarciu V (2015) Enabling security on 6lowpan / ipv6 wireless sensor networks. In: 2015 7Th international conference on electronics, computers and artificial intelligence (ECAI), pp SSS–29–SSS–32.  https://doi.org/10.1109/ECAI.2015.7301201
  16. 16.
    Hennebert C, Santos JD (2014) Security protocols and privacy issues into 6loWPAN stack: a synthesis. IEEE Internet J 1(5):384–398.  https://doi.org/10.1109/JIOT.2014.2359538 CrossRefGoogle Scholar
  17. 17.
    Hossain M, Karim Y, Hasan R (2018) Secupan: a security scheme to mitigate fragmentation-based network attacks in 6lowpan. In: Proceedings of the eighth ACM conference on data and application security and privacy. ACM, pp 307–318Google Scholar
  18. 18.
    IEEE: Ieee 802.15.4 standard (2007) [Online] https://standards.ieee.org/about/get/802/802.15.html
  19. 19.
    Ikram M, Chowdhury AH, Zafar B, Cha HS, Kim K, Yoo SW, Kim D (2009) A simple lightweight authentic bootstrapping protocol for ipv6-based low rate wireless personal area networks (6lowpans). In: Proceedings of the 2009 international conference on wireless communications and mobile computing: connecting the world wirelessly, IWCMC ’09. ACM, New York, pp 937–941.  https://doi.org/10.1145/1582379.1582583
  20. 20.
    Jara AJ, Marin L, Skarmeta AF, Singh D, Bakul G, Kim D (2011) Mobility modeling and security validation of a mobility management scheme based on ecc for ip-based wireless sensor networks (6lowpan). In: 2011 Fifth international conference on innovative mobile and internet services in ubiquitous computing. IEEE, pp 491–496Google Scholar
  21. 21.
    Krentz KF, Rafiee H, Meinel C (2013) 6lowpan security: Adding compromise resilience to the 802.15.4 security sublayer. In: Proceedings of the international workshop on adaptive security, ASPI ’13. ACM, New York, pp 1:1–1:10.  https://doi.org/10.1145/2523501.2523502
  22. 22.
    Kushalnagar N, Montenegro G, Schumacher C (2007) Rfc 4919: Ipv6 over low-power wireless personal area networks (6lowpans): overview, assumptions, problem statement, and goals. IETF 31:45–75Google Scholar
  23. 23.
    Liu A, Ning P (2008) Tinyecc: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th international conference on information processing in sensor networks, IPSN ’08. IEEE Computer Society, Washington, pp 245–256.  https://doi.org/10.1109/IPSN.2008.47
  24. 24.
    Mavani M, Asawa K (2017) Modeling and analyses of ip spoofing attack in 6lowpan network. Comput Secur 70:95–110CrossRefGoogle Scholar
  25. 25.
    Mavani M, Asawa K (2018) Privacy enabled disjoint and dynamic address auto-configuration protocol for 6lowpan. Ad Hoc Netw 79:72–86.  https://doi.org/10.1016/j.adhoc.2018.06.010. http://www.sciencedirect.com/science/article/pii/S1570870518303627 CrossRefGoogle Scholar
  26. 26.
    Mayzaud A, Badonnel R, Chrisment I (2016) A taxonomy of attacks in rpl-based internet of things. Int J Netw Secur 18(3):459–473Google Scholar
  27. 27.
    Mishra A, Dixit A (2018) Resolving threats in iot: Id spoofing to ddos. In: 2018 9Th international conference on computing, communication and networking technologies (ICCCNT), pp 1–7.  https://doi.org/10.1109/ICCCNT.2018.8493729
  28. 28.
    Mavani M, Asawa K (2017) Privacy preserving ipv6 address auto-configuration for internet of things. In: Intelligent communication and computational technologies. Springer, pp 577–584Google Scholar
  29. 29.
    Nikravan M, Movaghar A, Hosseinzadeh M (2019) A lightweight signcryption scheme for defense against fragment duplication attack in the 6lowpan networks. Peer-to-Peer Netw Appl 12(1):209–226.  https://doi.org/10.1007/s12083-018-0659-8 CrossRefGoogle Scholar
  30. 30.
    Oliveira LML, Rodrigues JJPC, Neto C, De sousa AF (2013) Network admission control solution for 6LoWPAN networks. Proceedings - 7th international conference on innovative mobile and internet services in ubiquitous computing, IMIS 2013, pp 472–477.  https://doi.org/10.1109/IMIS.2013.85
  31. 31.
    Osterlind F, Dunkels A, Eriksson J, Finne N, Voigt T (2006) Cross-level sensor network simulation with cooja. In: Proceedings 2006 31st IEEE conference on Local computer networks. IEEE, pp 641–648Google Scholar
  32. 32.
    Park S, Kim K, Haddad W, Chakrabarti S, Laganier J (2011) Ipv6 over low power wpan security analysis. IETF. ID draft-daniel-610wpan-security-analysis-05. Retrieved 10 May 2016Google Scholar
  33. 33.
    Pongle P, Chavan G (2015) A survey: attacks on rpl and 6lowpan in iot. In: 2015 International conference on pervasive computing (ICPC), pp 1–6.  https://doi.org/10.1109/PERVASIVE.2015.7087034
  34. 34.
    Qiu Y, Ma M (2015) An authentication and key establishment scheme to enhance security for m2m in 6lowpans. In: 2015 IEEE International conference on communication workshop (ICCW), pp 2671–2676.  https://doi.org/10.1109/ICCW.2015.7247582
  35. 35.
    Sarikaya B, Thubert P (2016) Address protected neighbor discovery for low-power and lossy networks. Internet-Draft draft-sarikaya-6lo-ap-nd-02, IETF Secretariat. http://www.ietf.org/internet-drafts/draft-sarikaya-6lo-ap-nd-02.txt
  36. 36.
    Shelby C, Nordmark B (2012) Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs). RFC 6775, RFC Editor. http://www.rfc-editor.org/rfc/rfc6775.txt
  37. 37.
  38. 38.
    Vasseur JP, Dunkels A (2010) Interconnecting smart objects with ip: The next internet. Morgan Kaufmann, San MateoGoogle Scholar
  39. 39.
    Wang X, Mu Y (2015) Addressing and privacy support for 6lowpan. IEEE Sens J 15(9):5193–5201.  https://doi.org/10.1109/JSEN.2015.2438002 CrossRefGoogle Scholar
  40. 40.
    Wilhelm M, Martinovic I, Uzun E, Schmitt JB (2010) Sudoku: Secure and usable deployment of keys on wireless sensors. In: 2010 6Th IEEE workshop on secure network protocols, pp 1–6.  https://doi.org/10.1109/NPSEC.2010.5634458
  41. 41.
    Winter T, Brandt H (2012) RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. RFC 6550, RFC Editor. http://www.rfc-editor.org/rfc/rfc6550.txt
  42. 42.
    Xiong K, Zhang Y, Zhang Z, Wang S, Zhong Z (2014) Pa-nemo: Proxy mobile ipv6-aided network mobility management scheme for 6lowpan. Elektron Elektrotechn 20(3):98–103Google Scholar
  43. 43.
    Yu H, He J (2012) Trust-based mutual authentication for bootstrapping in 6lowpan. JCM 7(8):634–642CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Jaypee Institute of Information TechnologyNoidaIndia

Personalised recommendations