[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

LDES: detector design for version number attack detection using linear temporal logic based on discrete event system

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The Internet Engineering Task Force (IETF) has defined routing protocols for low power and lossy networks (RPL) for constrained devices. RPL constructs DODAGs (destination oriented directed acyclic graphs), to optimize routing. RPL ensures acyclic topology with the DODAG version number. However, the control message’s DODAG version number is not authenticated. So, RPL is vulnerable to network resource attack known as DODAG Version Number (DVN) attack. DVN attack creates a packet delay, packet loss, cyclic topology, etc., in the network. This paper proposes a method for detecting DODAG version number attacks. Several existing schemes to defend against the DVN, such as cryptographic techniques, trust-based, threshold-based and mitigation are computationally intensive or require protocol modification. DVN does not change the packet format or sequence of packets, but can still perform attacks and hence fall under the category of stealthy attacks, which are difficult to detect using traditional intrusion detection system’s (IDS). Discrete-event system (DES) based IDS have been applied in the literature for stealthy attacks that achieve low overhead, low false alarm rate, etc. However, the construction of DES-based IDS for network protocol may lead to errors, as modelling is manual. The resulting IDS, therefore, is unable to guarantee its correctness. This paper proposes linear temporal logic (LTL) based DES paradigm to detect DVN. LTL-based paradigm facilitates formal verification of the DES-based IDS, and hence the correctness of the scheme is ascertained. The proposed technique is simulated using the Contiki cooja simulator. When the percentage of spiteful nodes in the network increases, the true positive rate, and packet delivery rate drops, while the false positive rate and control message overhead increase. The memory requirement for sending the packets and verifying the nodes is minimal. The LTL-based IDS has been formally verified using NuSMV to ensure the correctness of the framework.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25

Similar content being viewed by others

Data Availibility Statement

Data cannot be made available for reasons.

References

  1. http://www.eecs.harvard.edu/konrad/projects/shimmer/references/tmote-sky-datasheet.pdf. MoteivCorporation,Tmote Sky: Datasheet

  2. Nusmv[online]. http://www.nusmv.fbk.eu

  3. Almusaylim, A.Z., Jhanjhi, N., Alhumam, A.: Detection and mitigation of RPL rank and version number attacks in the Internet of Things: Srpl-rp. Sensors (2020). https://doi.org/10.3390/s20215997

    Article  Google Scholar 

  4. Agarwal, M., Biswas, S., Nandi, S.: Discrete event system framework for fault diagnosis with measurement inconsistency: case study of rogue DHCP attack. IEEE/CAA J. Automatica Sinica 6(3), 789–806 (2019). https://doi.org/10.1109/JAS.2017.7510379

    Article  MathSciNet  Google Scholar 

  5. Ahmed, F., Ko, Y.: A distributed and cooperative verification mechanism to defend against dodag version number attack in RPL. In: Proceedings of the 6th international joint conference on pervasive and embedded computing and communication systems—PEC, (PECCS 2016), pp. 55–62 (2016). https://doi.org/10.5220/0005930000550062

  6. Alexander, R., Brandt, A., Vasseur, J., Hui, J., Pister, K., Thubert, P., Levis, P., Struik, R., Kelsey, R., Winter, T.: RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550 (2012). DOI: https://doi.org/10.17487/RFC6550.https://www.rfc-editor.org/info/rfc6550

  7. Ammar, M., Russello, G., Crispo, B.: Internet of things: a survey on the security of IoT frameworks. J. Inf. Secur. Appl. 38, 8–27 (2018). https://doi.org/10.1016/j.jisa.2017.11.002

    Article  Google Scholar 

  8. Arş, A., örs Yalç, S.B., Oktuğ, S.F.: New lightweight mitigation techniques for RPL version number attacks. Ad Hoc Netw 85: 81–91 (2019). DOI: https://doi.org/10.1016/j.adhoc.2018.10.022.

  9. Aufner, P.: The IoT security gap: a look down into the valley between threat models and their implementation. Int. J. Inf. Secur. 19, 3–14 (2020). https://doi.org/10.1007/s10207-019-00445-y

    Article  Google Scholar 

  10. Babun, L., Denney, K., Celik, Z.B., McDaniel, P., Uluagac, A.S.: A survey on IoT platforms: communication, security, and privacy perspectives. Comput. Netw. 192, 108040 (2021). https://doi.org/10.1016/j.comnet.2021.108040

    Article  Google Scholar 

  11. Chugh, K., Lasebae, A., Loo, J.: Case study of a black hole attack on 6lowpan-rpl. In: SECURE 2012, Sixth international conference emerging secure information, system technology, pp. 157–162 (2012)

  12. de Souza, C.A., Westphall, C.B., Machado, R.B., Sobral, J.B.M., dos Santos Vieira, G.: Hybrid approach to intrusion detection in fog-based IoT environments. Comput. Netw. 180, 107417 (2020). https://doi.org/10.1016/j.comnet.2020.107417

  13. Deng, H., Li, W., Agrawal, D.: Routing security in wireless Ad hoc networks. IEEE Commun. Mag. 40(10), 70–75 (2002). https://doi.org/10.1109/MCOM.2002.1039859

    Article  Google Scholar 

  14. Djedjig, N., Tandjaoui, D., Medjek, F., Romdhani, I.: Trust-aware and cooperative routing protocol for IOT security. J. Inf. Secur. Appl. 52, 102467 (2020). https://doi.org/10.1016/j.jisa.2020.102467

    Article  Google Scholar 

  15. Dvir, A., Holczer, T., Buttyan, L.: Vera—version number and rank authentication in RPL. In: 2011 IEEE Eighth international conference on mobile Ad-Hoc and sensor systems, pp. 709–714 (2011)

  16. Edmund, J., Clarke, M., Grumberg, O., Kroening, D., Peled, D., Veith, H.: Model Checking. MIT Press Cambridge, MA, USA (1999)

    MATH  Google Scholar 

  17. El Ksimi, A., Leghris, C.: A new ipv6 security approach for a local network. In: Khoukhi, F., Bahaj, M., Ezziyyani, M. (eds.) Smart Data and Computational Intelligence, pp. 17–26. Springer, Cham (2019)

    Chapter  Google Scholar 

  18. Ferraris, D., Fernandez-Gago, C.: Trustapis: a trust requirements elicitation method for IoT. Int. J. Inf. Secur. 19, 111–127 (2020). https://doi.org/10.1007/s10207-019-00438-x

    Article  Google Scholar 

  19. Hofer-Schmitz, K., Stojanović, B.: Towards formal verification of IoT protocols: a review. Comput. Netw. 174, 107233 (2020). https://doi.org/10.1016/j.comnet.2020.107233

    Article  Google Scholar 

  20. Hubballi, N., Biswas, S., Roopa, S., Ratti, R., Nandi, S.: Lan attack detection using discrete event systems. ISA Trans. 50(1), 119–130 (2011). https://doi.org/10.1016/j.isatra.2010.08.003

    Article  Google Scholar 

  21. Hubballi, N., Tripathi, N.: An event based technique for detecting spoofed ip packets. J. Inf. Secur. Appl. 35, 32–43 (2017). https://doi.org/10.1016/j.jisa.2017.04.001

    Article  Google Scholar 

  22. Jiang, S., Kumar, R.: Failure diagnosis of discrete-event systems with linear-time temporal logic specifications. IEEE Trans. Automat. Control 49(6), 934–945 (2004). https://doi.org/10.1109/TAC.2004.829616

    Article  MathSciNet  MATH  Google Scholar 

  23. Kilincer, I.F., Ertam, F., Sengur, A.: Machine learning methods for cyber security intrusion detection: datasets and comparative study. Comput. Netw. 188, 107840 (2021). https://doi.org/10.1016/j.comnet.2021.107840

    Article  Google Scholar 

  24. Mayzaud, A., Badonnel, R., Chrisment, I.: A taxonomy of attacks in RPL-based Internet of Things. Int. J. Netw. Secur. 18(3), 459–473 (2016). https://doi.org/10.6633/IJNS.201605.18(3).07

    Article  Google Scholar 

  25. Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., Schönwälder, J.: Mitigation of topological inconsistency attacks in RPL based low power lossy networks. Int. J. Netw. Manag. (2015). https://doi.org/10.1002/nem.1898

    Article  Google Scholar 

  26. Medjek, F., Tandjaoui, D., Djedjig, N., Romdhani, I.: Multicast dis attack mitigation in RPL-based IoT-LLNS. J. Inf. Secur. Appl. 61, 102939 (2021). https://doi.org/10.1016/j.jisa.2021.102939

    Article  Google Scholar 

  27. Mitra, M., Banerjee, P., Barbhuiya, F.A., Biswas, S., Nandi, S.: Ids for ARP spoofing using ltl based discrete event system framework. Netw. Sci. 2, 114–134 (2013). https://doi.org/10.1007/s13119-013-0019-1

    Article  Google Scholar 

  28. Montenegro, G., Hui, J., Culler, D., Kushalnagar, N.: Transmission of IPv6 packets over IEEE 802.15.4 networks. RFC 4944 (2007). https://doi.org/10.17487/RFC4944.https://www.rfc-editor.org/info/rfc4944

  29. Pnueli, A.: The temporal logic of programs. In: 18th annual symposium on foundations of computer science (sfcs 1977), pp. 46–57 (1977)

  30. Raza, S., Wallgren, L., Voigt, T.: Svelte: real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 11(8), 2661–2674 (2013). https://doi.org/10.1016/j.adhoc.2013.04.014

    Article  Google Scholar 

  31. Rosa, L., Cruz, T., de Freitas, M.B., Quitério, P., Henriques, J., Caldeira, F., Monteiro, E., Simões, P.: Intrusion and anomaly detection for the next-generation of industrial automation and control systems. Future Gener. Comput. Syst. 119, 50–67 (2021). https://doi.org/10.1016/j.future.2021.01.033

    Article  Google Scholar 

  32. Sampath, M., Sengupta, R., Lafortune, S., Sinnamohideen, K., Teneketzis, D.: Diagnosability of discrete-event systems. IEEE Trans. Automat. Control 40(9), 1555–1575 (1995). https://doi.org/10.1109/9.412626

    Article  MathSciNet  MATH  Google Scholar 

  33. Seth, A.D., Biswas, S., Dhar, A.K.: De-authentication attack detection using discrete event systems in 802.11 wi-fi networks. In: 2019 IEEE international conference on advanced networks and telecommunications systems (ANTS), pp. 1–6 (2019). https://doi.org/10.1109/ANTS47819.2019.9118100

  34. Simoglou, G., Violettas, G., Petridou, S., Mamatas, L.: Intrusion detection systems for RPL security: a comparative analysis. Comput. Secur. 104, 102219 (2021). https://doi.org/10.1016/j.cose.2021.102219

  35. Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., Richardson, M.: A security threat analysis for the routing protocol for low-power and lossy networks (RPLs). RFC 7416 (2015). https://doi.org/10.17487/RFC7416

  36. Ziegler, S., Crettaz, C., Ladid, L., Krco, S., Pokric, B., Skarmeta, A.F., Jara, A., Kastner, W., Jung, M.: Iot6 - moving to an ipv6-based future IoT. Future Internet LNCS 7858, 161–172 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Abhay Deep Seth.

Ethics declarations

Conflict of interest

All author declares that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Seth, A.D., Biswas, S. & Dhar, A.K. LDES: detector design for version number attack detection using linear temporal logic based on discrete event system. Int. J. Inf. Secur. 22, 961–985 (2023). https://doi.org/10.1007/s10207-023-00665-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00665-3

Keywords

Navigation