Zorlu Ortamlarda RPL Saldırılarının Etkisinin Değerlendirilmesi: Evrim Destekli Bir Çalışma
Yıl 2024,
ERKEN GÖRÜNÜM, 1 - 1
Özlem Ceviz
,
Selim Yilmaz
Öz
IoT destekli akıllı teknolojilerin günlük yaşamımıza entegrasyonu birçok açıdan sayısız fayda sağlasa da bu teknolojiyi mümkün kılan IoT ağları için tasarlanan protokollerin günümüzde çok sayıda güvenlik açığı sergilemesi, beraberinde güvenlik endişelerini de getirmiştir. Bu protokollerden biri, heterojen cihazlar arasında yönlendirmeyi sağlamak için IoT ağlarda sıklıkla kullanılan RPL (IPv6 Routing Protocol for Low Power Lossy Networks) protokolüdür. RPL bugüne kadar önemli eksiklikler sergilemiş ve çeşitli saldırıların hedefi haline gelmiştir. RPL saldırılarının performansını değerlendirmek, IoT ağının etkili bir şekilde güvenliğini sağlamak önemli bir görevdir. Performans analizi literatürde çok sayıda çalışılmasına rağmen tamamı 'insan yapımı' saldırı ortamlarına dayanmaktadır. Buna karşılık, bu çalışma performans değerlendirmesi için ulaşılabilecek en güçlü saldırı ortamlarını dikkate almaktadır. Bu tür ortamları elde etmek için genetik algoritmanın kullanımı bu çalışmada araştırılmıştır. Bulgular, saldırının etkisinin, saldırganların ağdaki konumundan ve yoğunluğundan büyük ölçüde etkilendiğini ortaya koymaktadır.
Etik Beyan
Bu makalenin yazarları çalışmalarında kullandıkları materyal ve yöntemlerin etik kurul izni ve/veya yasal-özel bir izin gerektirmediğini beyan ederler.
Destekleyen Kurum
Türkiye Bilimsel ve Teknolojik Araştırma Kurumu (TÜBİTAK)
Teşekkür
Bu çalışma Türkiye Bilimsel ve Teknolojik Araştırma Kurumu (TÜBİTAK-122E331) tarafından finanse edilmektedir. Desteğinden dolayı TÜBİTAK'a teşekkür ederiz.
Kaynakça
- [1] Shah S. H. and Yaqoob I., “A survey: Internet of Things (IOT) technologies, applications and challenges”, 4th IEEE International Conference on Smart Energy Grid Engineering, 381-385, (2016).
- [2] Balaji S., Nathani K., and Santhakumar R., “IoT Technology, Applications and Challenges: A Contemporary Survey”, Wireless Personal Communications, 108(1): 363-388, (2019).
- [3] Columbus L., “Roundup of the Internet of Things Forecasts and Market Estimates”, Forbes Tech, (2016).
- [4] Winter T. and Thubert P., “RPL: IPv6 Routing Protocol for Low power and Lossy Networks”, IETF Internet-Draft, (2010).
- [5] Holland J.H., “Adaptation in natural and artificial systems : an introductory analysis with applications to biology, control, and artificial intelligence”, MIT Press, (1992).
- [6] Kim H.S., Ko J., Culler D.E., and Paek J., “Challenging the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL): A Survey”, IEEE Communications Surveys and Tutorials, 19(4): 2502-2525, (2017).
- [7] Almusaylim Z.A., Jhanjhi N.Z., and Alhumam A., “Detection and mitigation of RPL rank and version number attacks in the internet of things: SRPL-RP”, Sensors, 20(21), (2020).
- [8] Mayzaud A., Sehgal A., Badonnel R., Chrisment I., and Schönwälder J., “A study of RPL DODAG version attacks”, Lecture Notes in Computer Science, 92-104, (2014).
- [9] Mayzaud A., Badonnel R., and Chrisment I., “A taxonomy of attacks in RPL-based internet of things”, International Journal of Network Security, 18(3): 459-473, (2016).
- [10] Katoch S., Chauhan S.S., and Kumar V., “A review on genetic algorithm: past, present, and future”, Multimed Tools Appl, 80(5): 8091–8126, (2021).
- [11] Bütün İ., “Security Implications of Underlying Network Technologies on Industrial Internet of Things”, Politeknik Dergisi, 25(1): 223–229, (2022).
- [12] Taş O. and Kiani F., “Nesnelerin İnterneti (IoT) ve Kablosuz Algılayıcı Ağların Güvenliğine Yapılan Saldırıların Tespit Edilmesi ve Önlenmesi”, Politeknik Dergisi, 24(1): 219–235, (2021).
- [13] Calp M.H. and Bütüner R., “Makine Öğrenimi Algoritmaları Kullanılarak IoT Tabanlı Ağ Cihazlarına Yönelik Siber Saldırıların Tespiti”, Journal of Polytechnic, (2023).
- [14] Le A., Loo J., Lasebae A., Vinel A., Chen Y., and Chai M., “The impact of rank attack on network topology of routing protocol for low-power and lossy networks”, IEEE Sens J, 13(10): 3685-3692, (2013).
- [15] Bang A. and Rao U.P., “Impact Analysis of Rank Attack on RPL-Based 6LoWPAN Networks in Internet of Things and Aftermaths”, Arab J Sci Eng, 48(2): 2489–2505, (2023).
- [16] Ghaleb B., Al-Dubai A., Hussain A., Ahmad J., Romdhani I., and Jaroucheh Z., “Resolving the Decreased Rank Attack in RPL’s IoT Networks”, (2023).
- [17] Rai K.K. and Asawa K., “Impact analysis of rank attack with spoofed IP on routing in 6LoWPAN network”, 2017 10th International Conference on Contemporary Computing, (2018).
- [18] Rehman A., Khan M.M., Lodhi M.A., and Hussain F.B., “Rank attack using objective function in RPL for low power and lossy networks”, 2016 International Conference on Industrial Informatics and Computer Systems, (2016).
- [19] Ambarkar S.S. and Shekokar N., “Impact Analysis of RPL Attacks on 6Lo WPAN based Internet of Things network”, 7th IEEE International Conference on Electronics, Computing and Communication Technologies, (2021).
- [20] Aris A., Oktug S.F., and Berna S., “RPL version number attacks: In-depth study”, 2016 IEEE/IFIP Network Operations and Management Symposium, 776-779, (2016).
- [21] Aris A. and Oktug S.F., “Analysis of the RPL Version Number Attack with Multiple Attackers”, International Conference on Cyber Situational Awareness, Data Analytics and Assessment,1-8, (2020).
- [22] Sharma G., Grover J., and Verma A., “Performance evaluation of mobile RPL-based IoT networks under version number attack”, Comput Commun, 197: 12-22, (2023).
- [23] Bokka R. and Sadasivam T., “DIS flooding attack Impact on the Performance of RPL Based Internet of Things Networks: Analysis”, 1017-1022, Proceedings of the 2nd International Conference on Electronics and Sustainable Communication Systems, (2021).
- [24] Rajasekar V.R. and Rajkumar S., “A Study on Impact of DIS flooding Attack on RPL-based 6LowPAN Network”, Microprocess Microsyst, 94, (2022).
- [25] Pu C., “Mitigating DAO inconsistency attack in RPL-based low power and lossy networks”, 8th Annual Computing and Communication Workshop and Conference, 570-574, (2018).
- [26] Hkiri A., Karmani M., and MacHhout M., “The Routing Protocol for low power and lossy networks (RPL) under Attack: Simulation and Analysis”, 5th International Conference on Advanced Systems and Emergent Technologies, 143-148, (2022).
- [27] Dogan C., Yilmaz S., and Sen S., “Analysis of RPL Objective Functions with Security Perspective”, Proceedings of the 11th International Conference on Sensor Networks, 71-80, (2022).
- [28] Alsukayti I.S. and Alreshoodi M., “RPL-Based IoT Networks under Simple and Complex Routing Security Attacks: An Experimental Study”, Applied Sciences, 13(8), (2023).
- [29] Österlind F., Dunkels A., Eriksson J., Finne N., and Voigt T., “Cross-level sensor network simulation with COOJA,” Conference on Local Computer Networks, 641-648, (2006).
- [30] www.contiki-os.org, “Contiki-OS”, (2024).
- [31] Bandekar A., Kotian A., and Javaid A.Y., “Comparative analysis of simulation and real-world energy consumption for battery-life estimation of low-power IoT (Internet of Things) deployment in varying environmental conditions using Zolertia Z1 motes”, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 137–148, (2017).
Assessing the Impact of RPL Attacks in Challenging Environments: An Evolution-assisted Study
Yıl 2024,
ERKEN GÖRÜNÜM, 1 - 1
Özlem Ceviz
,
Selim Yilmaz
Öz
The integration of IoT-enabled smart technologies into our daily lives offers numerous benefits in many ways; however, it has also given rise well-founded security concerns since the protocols designed for IoT networks, enabling this technology, exhibit numerous vulnerabilities today. One such protocol is the IPv6 Routing Protocol for Low Power Lossy Networks (RPL) which is frequently used in IoT networks to enable routing between the heterogeneous devices. RPL has exhibited significant shortcomings and has become a target for various attacks up to now. Evaluating the performance of RPL attacks is a non-trivial task for securing IoT network effectively. Although performance analysis studies are numerous in literature, all of them rely on ‘human-crafted’ attack environments. In contrast, this study considers the most challenging malicious environments achievable for performance evaluation. To achieve such environments, the use of genetic algorithm is explored in this study. The findings reveal that the impact of the attack is greatly influenced by the position as well as the density of the attackers in the network.
Etik Beyan
The authors of this article declare that the materials and methods used in this study do not require ethical committee permission and/or legal-special permission
Destekleyen Kurum
Scientific and Technological Research Council of Turkey (TUBITAK)
Teşekkür
This study is funded by the Scientific and Technological Research Council of Turkey (TUBITAK-122E331). We would like to thank TUBITAK for its support.
Kaynakça
- [1] Shah S. H. and Yaqoob I., “A survey: Internet of Things (IOT) technologies, applications and challenges”, 4th IEEE International Conference on Smart Energy Grid Engineering, 381-385, (2016).
- [2] Balaji S., Nathani K., and Santhakumar R., “IoT Technology, Applications and Challenges: A Contemporary Survey”, Wireless Personal Communications, 108(1): 363-388, (2019).
- [3] Columbus L., “Roundup of the Internet of Things Forecasts and Market Estimates”, Forbes Tech, (2016).
- [4] Winter T. and Thubert P., “RPL: IPv6 Routing Protocol for Low power and Lossy Networks”, IETF Internet-Draft, (2010).
- [5] Holland J.H., “Adaptation in natural and artificial systems : an introductory analysis with applications to biology, control, and artificial intelligence”, MIT Press, (1992).
- [6] Kim H.S., Ko J., Culler D.E., and Paek J., “Challenging the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL): A Survey”, IEEE Communications Surveys and Tutorials, 19(4): 2502-2525, (2017).
- [7] Almusaylim Z.A., Jhanjhi N.Z., and Alhumam A., “Detection and mitigation of RPL rank and version number attacks in the internet of things: SRPL-RP”, Sensors, 20(21), (2020).
- [8] Mayzaud A., Sehgal A., Badonnel R., Chrisment I., and Schönwälder J., “A study of RPL DODAG version attacks”, Lecture Notes in Computer Science, 92-104, (2014).
- [9] Mayzaud A., Badonnel R., and Chrisment I., “A taxonomy of attacks in RPL-based internet of things”, International Journal of Network Security, 18(3): 459-473, (2016).
- [10] Katoch S., Chauhan S.S., and Kumar V., “A review on genetic algorithm: past, present, and future”, Multimed Tools Appl, 80(5): 8091–8126, (2021).
- [11] Bütün İ., “Security Implications of Underlying Network Technologies on Industrial Internet of Things”, Politeknik Dergisi, 25(1): 223–229, (2022).
- [12] Taş O. and Kiani F., “Nesnelerin İnterneti (IoT) ve Kablosuz Algılayıcı Ağların Güvenliğine Yapılan Saldırıların Tespit Edilmesi ve Önlenmesi”, Politeknik Dergisi, 24(1): 219–235, (2021).
- [13] Calp M.H. and Bütüner R., “Makine Öğrenimi Algoritmaları Kullanılarak IoT Tabanlı Ağ Cihazlarına Yönelik Siber Saldırıların Tespiti”, Journal of Polytechnic, (2023).
- [14] Le A., Loo J., Lasebae A., Vinel A., Chen Y., and Chai M., “The impact of rank attack on network topology of routing protocol for low-power and lossy networks”, IEEE Sens J, 13(10): 3685-3692, (2013).
- [15] Bang A. and Rao U.P., “Impact Analysis of Rank Attack on RPL-Based 6LoWPAN Networks in Internet of Things and Aftermaths”, Arab J Sci Eng, 48(2): 2489–2505, (2023).
- [16] Ghaleb B., Al-Dubai A., Hussain A., Ahmad J., Romdhani I., and Jaroucheh Z., “Resolving the Decreased Rank Attack in RPL’s IoT Networks”, (2023).
- [17] Rai K.K. and Asawa K., “Impact analysis of rank attack with spoofed IP on routing in 6LoWPAN network”, 2017 10th International Conference on Contemporary Computing, (2018).
- [18] Rehman A., Khan M.M., Lodhi M.A., and Hussain F.B., “Rank attack using objective function in RPL for low power and lossy networks”, 2016 International Conference on Industrial Informatics and Computer Systems, (2016).
- [19] Ambarkar S.S. and Shekokar N., “Impact Analysis of RPL Attacks on 6Lo WPAN based Internet of Things network”, 7th IEEE International Conference on Electronics, Computing and Communication Technologies, (2021).
- [20] Aris A., Oktug S.F., and Berna S., “RPL version number attacks: In-depth study”, 2016 IEEE/IFIP Network Operations and Management Symposium, 776-779, (2016).
- [21] Aris A. and Oktug S.F., “Analysis of the RPL Version Number Attack with Multiple Attackers”, International Conference on Cyber Situational Awareness, Data Analytics and Assessment,1-8, (2020).
- [22] Sharma G., Grover J., and Verma A., “Performance evaluation of mobile RPL-based IoT networks under version number attack”, Comput Commun, 197: 12-22, (2023).
- [23] Bokka R. and Sadasivam T., “DIS flooding attack Impact on the Performance of RPL Based Internet of Things Networks: Analysis”, 1017-1022, Proceedings of the 2nd International Conference on Electronics and Sustainable Communication Systems, (2021).
- [24] Rajasekar V.R. and Rajkumar S., “A Study on Impact of DIS flooding Attack on RPL-based 6LowPAN Network”, Microprocess Microsyst, 94, (2022).
- [25] Pu C., “Mitigating DAO inconsistency attack in RPL-based low power and lossy networks”, 8th Annual Computing and Communication Workshop and Conference, 570-574, (2018).
- [26] Hkiri A., Karmani M., and MacHhout M., “The Routing Protocol for low power and lossy networks (RPL) under Attack: Simulation and Analysis”, 5th International Conference on Advanced Systems and Emergent Technologies, 143-148, (2022).
- [27] Dogan C., Yilmaz S., and Sen S., “Analysis of RPL Objective Functions with Security Perspective”, Proceedings of the 11th International Conference on Sensor Networks, 71-80, (2022).
- [28] Alsukayti I.S. and Alreshoodi M., “RPL-Based IoT Networks under Simple and Complex Routing Security Attacks: An Experimental Study”, Applied Sciences, 13(8), (2023).
- [29] Österlind F., Dunkels A., Eriksson J., Finne N., and Voigt T., “Cross-level sensor network simulation with COOJA,” Conference on Local Computer Networks, 641-648, (2006).
- [30] www.contiki-os.org, “Contiki-OS”, (2024).
- [31] Bandekar A., Kotian A., and Javaid A.Y., “Comparative analysis of simulation and real-world energy consumption for battery-life estimation of low-power IoT (Internet of Things) deployment in varying environmental conditions using Zolertia Z1 motes”, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 137–148, (2017).