Abstract
The Internet Engineering Task Force (IETF) has defined routing protocols for low power and lossy networks (RPL) for constrained devices. RPL constructs DODAGs (destination oriented directed acyclic graphs), to optimize routing. RPL ensures acyclic topology with the DODAG version number. However, the control message’s DODAG version number is not authenticated. So, RPL is vulnerable to network resource attack known as DODAG Version Number (DVN) attack. DVN attack creates a packet delay, packet loss, cyclic topology, etc., in the network. This paper proposes a method for detecting DODAG version number attacks. Several existing schemes to defend against the DVN, such as cryptographic techniques, trust-based, threshold-based and mitigation are computationally intensive or require protocol modification. DVN does not change the packet format or sequence of packets, but can still perform attacks and hence fall under the category of stealthy attacks, which are difficult to detect using traditional intrusion detection system’s (IDS). Discrete-event system (DES) based IDS have been applied in the literature for stealthy attacks that achieve low overhead, low false alarm rate, etc. However, the construction of DES-based IDS for network protocol may lead to errors, as modelling is manual. The resulting IDS, therefore, is unable to guarantee its correctness. This paper proposes linear temporal logic (LTL) based DES paradigm to detect DVN. LTL-based paradigm facilitates formal verification of the DES-based IDS, and hence the correctness of the scheme is ascertained. The proposed technique is simulated using the Contiki cooja simulator. When the percentage of spiteful nodes in the network increases, the true positive rate, and packet delivery rate drops, while the false positive rate and control message overhead increase. The memory requirement for sending the packets and verifying the nodes is minimal. The LTL-based IDS has been formally verified using NuSMV to ensure the correctness of the framework.
Similar content being viewed by others
Data Availibility Statement
Data cannot be made available for reasons.
References
http://www.eecs.harvard.edu/konrad/projects/shimmer/references/tmote-sky-datasheet.pdf. MoteivCorporation,Tmote Sky: Datasheet
Nusmv[online]. http://www.nusmv.fbk.eu
Almusaylim, A.Z., Jhanjhi, N., Alhumam, A.: Detection and mitigation of RPL rank and version number attacks in the Internet of Things: Srpl-rp. Sensors (2020). https://doi.org/10.3390/s20215997
Agarwal, M., Biswas, S., Nandi, S.: Discrete event system framework for fault diagnosis with measurement inconsistency: case study of rogue DHCP attack. IEEE/CAA J. Automatica Sinica 6(3), 789–806 (2019). https://doi.org/10.1109/JAS.2017.7510379
Ahmed, F., Ko, Y.: A distributed and cooperative verification mechanism to defend against dodag version number attack in RPL. In: Proceedings of the 6th international joint conference on pervasive and embedded computing and communication systems—PEC, (PECCS 2016), pp. 55–62 (2016). https://doi.org/10.5220/0005930000550062
Alexander, R., Brandt, A., Vasseur, J., Hui, J., Pister, K., Thubert, P., Levis, P., Struik, R., Kelsey, R., Winter, T.: RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550 (2012). DOI: https://doi.org/10.17487/RFC6550.https://www.rfc-editor.org/info/rfc6550
Ammar, M., Russello, G., Crispo, B.: Internet of things: a survey on the security of IoT frameworks. J. Inf. Secur. Appl. 38, 8–27 (2018). https://doi.org/10.1016/j.jisa.2017.11.002
Arş, A., örs Yalç, S.B., Oktuğ, S.F.: New lightweight mitigation techniques for RPL version number attacks. Ad Hoc Netw 85: 81–91 (2019). DOI: https://doi.org/10.1016/j.adhoc.2018.10.022.
Aufner, P.: The IoT security gap: a look down into the valley between threat models and their implementation. Int. J. Inf. Secur. 19, 3–14 (2020). https://doi.org/10.1007/s10207-019-00445-y
Babun, L., Denney, K., Celik, Z.B., McDaniel, P., Uluagac, A.S.: A survey on IoT platforms: communication, security, and privacy perspectives. Comput. Netw. 192, 108040 (2021). https://doi.org/10.1016/j.comnet.2021.108040
Chugh, K., Lasebae, A., Loo, J.: Case study of a black hole attack on 6lowpan-rpl. In: SECURE 2012, Sixth international conference emerging secure information, system technology, pp. 157–162 (2012)
de Souza, C.A., Westphall, C.B., Machado, R.B., Sobral, J.B.M., dos Santos Vieira, G.: Hybrid approach to intrusion detection in fog-based IoT environments. Comput. Netw. 180, 107417 (2020). https://doi.org/10.1016/j.comnet.2020.107417
Deng, H., Li, W., Agrawal, D.: Routing security in wireless Ad hoc networks. IEEE Commun. Mag. 40(10), 70–75 (2002). https://doi.org/10.1109/MCOM.2002.1039859
Djedjig, N., Tandjaoui, D., Medjek, F., Romdhani, I.: Trust-aware and cooperative routing protocol for IOT security. J. Inf. Secur. Appl. 52, 102467 (2020). https://doi.org/10.1016/j.jisa.2020.102467
Dvir, A., Holczer, T., Buttyan, L.: Vera—version number and rank authentication in RPL. In: 2011 IEEE Eighth international conference on mobile Ad-Hoc and sensor systems, pp. 709–714 (2011)
Edmund, J., Clarke, M., Grumberg, O., Kroening, D., Peled, D., Veith, H.: Model Checking. MIT Press Cambridge, MA, USA (1999)
El Ksimi, A., Leghris, C.: A new ipv6 security approach for a local network. In: Khoukhi, F., Bahaj, M., Ezziyyani, M. (eds.) Smart Data and Computational Intelligence, pp. 17–26. Springer, Cham (2019)
Ferraris, D., Fernandez-Gago, C.: Trustapis: a trust requirements elicitation method for IoT. Int. J. Inf. Secur. 19, 111–127 (2020). https://doi.org/10.1007/s10207-019-00438-x
Hofer-Schmitz, K., Stojanović, B.: Towards formal verification of IoT protocols: a review. Comput. Netw. 174, 107233 (2020). https://doi.org/10.1016/j.comnet.2020.107233
Hubballi, N., Biswas, S., Roopa, S., Ratti, R., Nandi, S.: Lan attack detection using discrete event systems. ISA Trans. 50(1), 119–130 (2011). https://doi.org/10.1016/j.isatra.2010.08.003
Hubballi, N., Tripathi, N.: An event based technique for detecting spoofed ip packets. J. Inf. Secur. Appl. 35, 32–43 (2017). https://doi.org/10.1016/j.jisa.2017.04.001
Jiang, S., Kumar, R.: Failure diagnosis of discrete-event systems with linear-time temporal logic specifications. IEEE Trans. Automat. Control 49(6), 934–945 (2004). https://doi.org/10.1109/TAC.2004.829616
Kilincer, I.F., Ertam, F., Sengur, A.: Machine learning methods for cyber security intrusion detection: datasets and comparative study. Comput. Netw. 188, 107840 (2021). https://doi.org/10.1016/j.comnet.2021.107840
Mayzaud, A., Badonnel, R., Chrisment, I.: A taxonomy of attacks in RPL-based Internet of Things. Int. J. Netw. Secur. 18(3), 459–473 (2016). https://doi.org/10.6633/IJNS.201605.18(3).07
Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., Schönwälder, J.: Mitigation of topological inconsistency attacks in RPL based low power lossy networks. Int. J. Netw. Manag. (2015). https://doi.org/10.1002/nem.1898
Medjek, F., Tandjaoui, D., Djedjig, N., Romdhani, I.: Multicast dis attack mitigation in RPL-based IoT-LLNS. J. Inf. Secur. Appl. 61, 102939 (2021). https://doi.org/10.1016/j.jisa.2021.102939
Mitra, M., Banerjee, P., Barbhuiya, F.A., Biswas, S., Nandi, S.: Ids for ARP spoofing using ltl based discrete event system framework. Netw. Sci. 2, 114–134 (2013). https://doi.org/10.1007/s13119-013-0019-1
Montenegro, G., Hui, J., Culler, D., Kushalnagar, N.: Transmission of IPv6 packets over IEEE 802.15.4 networks. RFC 4944 (2007). https://doi.org/10.17487/RFC4944.https://www.rfc-editor.org/info/rfc4944
Pnueli, A.: The temporal logic of programs. In: 18th annual symposium on foundations of computer science (sfcs 1977), pp. 46–57 (1977)
Raza, S., Wallgren, L., Voigt, T.: Svelte: real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 11(8), 2661–2674 (2013). https://doi.org/10.1016/j.adhoc.2013.04.014
Rosa, L., Cruz, T., de Freitas, M.B., Quitério, P., Henriques, J., Caldeira, F., Monteiro, E., Simões, P.: Intrusion and anomaly detection for the next-generation of industrial automation and control systems. Future Gener. Comput. Syst. 119, 50–67 (2021). https://doi.org/10.1016/j.future.2021.01.033
Sampath, M., Sengupta, R., Lafortune, S., Sinnamohideen, K., Teneketzis, D.: Diagnosability of discrete-event systems. IEEE Trans. Automat. Control 40(9), 1555–1575 (1995). https://doi.org/10.1109/9.412626
Seth, A.D., Biswas, S., Dhar, A.K.: De-authentication attack detection using discrete event systems in 802.11 wi-fi networks. In: 2019 IEEE international conference on advanced networks and telecommunications systems (ANTS), pp. 1–6 (2019). https://doi.org/10.1109/ANTS47819.2019.9118100
Simoglou, G., Violettas, G., Petridou, S., Mamatas, L.: Intrusion detection systems for RPL security: a comparative analysis. Comput. Secur. 104, 102219 (2021). https://doi.org/10.1016/j.cose.2021.102219
Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., Richardson, M.: A security threat analysis for the routing protocol for low-power and lossy networks (RPLs). RFC 7416 (2015). https://doi.org/10.17487/RFC7416
Ziegler, S., Crettaz, C., Ladid, L., Krco, S., Pokric, B., Skarmeta, A.F., Jara, A., Kastner, W., Jung, M.: Iot6 - moving to an ipv6-based future IoT. Future Internet LNCS 7858, 161–172 (2013)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All author declares that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Seth, A.D., Biswas, S. & Dhar, A.K. LDES: detector design for version number attack detection using linear temporal logic based on discrete event system. Int. J. Inf. Secur. 22, 961–985 (2023). https://doi.org/10.1007/s10207-023-00665-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00665-3