A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT Networks
Internet of Things (IoT) networks are being widely deployed for a broad range of critical applications. Without effective security support, such a trend would open the doors to notable security challenges. Due to their inherent constrained characteristics, IoT networks are highly vulnerable to the a...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-09-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/13/18/10366 |
| _version_ | 1797581344984793088 |
|---|---|
| author | Mehdi Rouissat Mohammed Belkheir Ibrahim S. Alsukayti Allel Mokaddem |
| author_facet | Mehdi Rouissat Mohammed Belkheir Ibrahim S. Alsukayti Allel Mokaddem |
| author_sort | Mehdi Rouissat |
| collection | DOAJ |
| description | Internet of Things (IoT) networks are being widely deployed for a broad range of critical applications. Without effective security support, such a trend would open the doors to notable security challenges. Due to their inherent constrained characteristics, IoT networks are highly vulnerable to the adverse impacts of a wide scope of IoT attacks. Among these, flooding attacks would cause great damage given the limited computational and energy capacity of IoT devices. However, IETF-standardized IoT routing protocols, such as the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL), have no relevant security-provision mechanism. Different variants of the flooding attack can be easily initiated in RPL networks to exhaust network resources and degrade overall network performance. In this paper, a novel variant referred to as the Destination Information Object Flooding (DIOF) attack is introduced. The DIOF attack involves an internal malicious node disseminating falsified information to instigate excessive transmissions of DIO control messages. The results of the experimental evaluation demonstrated the significant adverse impact of DIOF attacks on control overhead and energy consumption, which increased by more than 500% and 210%, respectively. A reduction of more than 32% in Packet Delivery Ratio (PDR) and an increase of more than 192% in latency were also experienced. These were more evident in cases in which the malicious node was in close proximity to the sink node. To effectively address the DIOF attack, we propose a new lightweight approach based on a collaborative and distributed security scheme referred to as DIOF-Secure RPL (DSRPL). It provides an effective solution, enhancing RPL network resilience against DIOF attacks with only simple in-protocol modifications. As the experimental results indicated, DSRPL guaranteed responsive detection and mitigation of the DIOF attacks in a matter of a few seconds. Compared to RPL attack scenarios, it also succeeded in reducing network overhead and energy consumption by more than 80% while maintaining QoS performance at satisfactory levels. |
| first_indexed | 2024-03-10T23:04:06Z |
| format | Article |
| id | doaj.art-0167662fefc1492699f1b13ecc5c0fd8 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-10T23:04:06Z |
| publishDate | 2023-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-0167662fefc1492699f1b13ecc5c0fd82023-11-19T09:26:44ZengMDPI AGApplied Sciences2076-34172023-09-0113181036610.3390/app131810366A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT NetworksMehdi Rouissat0Mohammed Belkheir1Ibrahim S. Alsukayti2Allel Mokaddem3STIC Laboratory, Univeristy Center Nour Bachir El-Bayadh, University Aboubekr Belkaid, Tlemcen 13000, AlgeriaLIMA Laboratory, Univeristy Center Nour Bachir, El-Bayadh 32000, AlgeriaDepartment of Computer Science, College of Computer, Qassim University, Buraydah 51452, Saudi ArabiaLIMA Laboratory, Univeristy Center Nour Bachir, El-Bayadh 32000, AlgeriaInternet of Things (IoT) networks are being widely deployed for a broad range of critical applications. Without effective security support, such a trend would open the doors to notable security challenges. Due to their inherent constrained characteristics, IoT networks are highly vulnerable to the adverse impacts of a wide scope of IoT attacks. Among these, flooding attacks would cause great damage given the limited computational and energy capacity of IoT devices. However, IETF-standardized IoT routing protocols, such as the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL), have no relevant security-provision mechanism. Different variants of the flooding attack can be easily initiated in RPL networks to exhaust network resources and degrade overall network performance. In this paper, a novel variant referred to as the Destination Information Object Flooding (DIOF) attack is introduced. The DIOF attack involves an internal malicious node disseminating falsified information to instigate excessive transmissions of DIO control messages. The results of the experimental evaluation demonstrated the significant adverse impact of DIOF attacks on control overhead and energy consumption, which increased by more than 500% and 210%, respectively. A reduction of more than 32% in Packet Delivery Ratio (PDR) and an increase of more than 192% in latency were also experienced. These were more evident in cases in which the malicious node was in close proximity to the sink node. To effectively address the DIOF attack, we propose a new lightweight approach based on a collaborative and distributed security scheme referred to as DIOF-Secure RPL (DSRPL). It provides an effective solution, enhancing RPL network resilience against DIOF attacks with only simple in-protocol modifications. As the experimental results indicated, DSRPL guaranteed responsive detection and mitigation of the DIOF attacks in a matter of a few seconds. Compared to RPL attack scenarios, it also succeeded in reducing network overhead and energy consumption by more than 80% while maintaining QoS performance at satisfactory levels.https://www.mdpi.com/2076-3417/13/18/10366network securitywireless networksInternet of Things (IoT)energy efficiency |
| spellingShingle | Mehdi Rouissat Mohammed Belkheir Ibrahim S. Alsukayti Allel Mokaddem A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT Networks Applied Sciences network security wireless networks Internet of Things (IoT) energy efficiency |
| title | A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT Networks |
| title_full | A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT Networks |
| title_fullStr | A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT Networks |
| title_full_unstemmed | A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT Networks |
| title_short | A Lightweight Mitigation Approach against a New Inundation Attack in RPL-Based IoT Networks |
| title_sort | lightweight mitigation approach against a new inundation attack in rpl based iot networks |
| topic | network security wireless networks Internet of Things (IoT) energy efficiency |
| url | https://www.mdpi.com/2076-3417/13/18/10366 |
| work_keys_str_mv | AT mehdirouissat alightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks AT mohammedbelkheir alightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks AT ibrahimsalsukayti alightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks AT allelmokaddem alightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks AT mehdirouissat lightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks AT mohammedbelkheir lightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks AT ibrahimsalsukayti lightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks AT allelmokaddem lightweightmitigationapproachagainstanewinundationattackinrplbasediotnetworks |