Content area
Full text
Abstract-IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is a popular routing protocol used in wireless sensor networks and in the Internet of Things (IoT). RPL was standardized by the IETF in 2012 and has been designed for devices with limited resources and capabilities. Open-source RPL implementations are supported by popular IoT operating systems (OS), such as ContikiOS and TinyOS. In this work, we investigate the possibility of battery drain Denial-of-Service (DoS) attacks in the RPL implementation of ContikiOS. In particular, we use the popular Cooja simulator and implement two types of DoS attacks, particularly version number modification and "Hello" flooding. We demonstrate the impact of these attacks on the power consumption of IoT devices. Finally, we discuss potential defenses relying on distributed intrusion detection modules.
Keywords-battery drain, ContikiOS, Cooja simulator, denialof-service, intrusion detection, IoT, RPL.
1.Introduction
The Internet of Things (IoT) has found numerous applications in different domains, such as home automation, industrial control, health monitoring, intelligent transportation, and smart grid [1], [2]. IoT devices usually have limited resources, low computational power, small batteries, as well as limited memory and storage. Nevertheless, IoT devices are able to collect data, exchange small pieces of data through the Internet or directly with other devices, and perform lightweight computations.
Many IoT networks rely on the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) [3]. In 2012, the Internet Engineering Task Force (IETF) standardized RPL, which has been designed for resource-constrained devices. Open-source RPL implementations are supported by wellknown IoT operating systems (OS), such as ContikiOS [4] and TinyOS [5].
Nowadays, many security approaches and cryptographic mechanisms exist for securing traditional networks. However, oftentimes these measures cannot be applied to IoT devices due to their limited capabilities mentioned above. As a result, many IoT devices are equipped with weak or no security measures [6] and become targets of cyberattacks. Such attacks have multiplied over the past years [7]. Recent examples of cyberattacks include the Mirai botnet [8] and its evolution, Chalubo botnet [9], which exploited the default/weak passwords or OS vulnerabilities in more than 100,000 IoT devices (such as IP cameras and home routers) and launched Distributed Denial of Service (DDoS) attacks affecting multiple targets. Such incidents suggest that IoT devices offer weak security and...