BE-RPL: Balanced-load and Energy-efficient RPL

Internet of Things (IoT) empowers imaginative applications and permits new services when mobile nodes are included. For IoT-enabled low-power and lossy networks (LLN), the Routing Protocol for Low-power and Lossy Networks (RPL) has become an established standard routing protocol. Mobility under standard RPL remains a difficult issue as it causes continuous path disturbance, energy loss, and increases the end-to-end delay in the network. In this unique circumstance, a Balanced-load and Energy-efficient RPL (BE-RPL) is proposed. It is a routing technique that is both energy-efficient and mobility-aware. It responds quicker to link breakage through received signal strength-based mobility monitoring and selecting a new preferred parent reactively. The proposed system also implements load balancing among stationary nodes for leaf node allocation. Static nodes with more leaf nodes are restricted from participating in the election for a new preferred parent. The performance of BE-RPL is assessed using the COOJA simulator. It improves the energy use, network control overhead, frame acknowledgment ratio, and packet delivery ratio of the network.     

Quality of Service Support in RPL Networks: Standing State and Future Prospects

The development of IP-based Internet of Things (IoT) networks would facilitate more effective end-to-end IP network architectures, but it remains a challenge. Network routing needs to be effectively addressed in the IoT environments of scarce computational and energy resources. Accordingly, the Internet Engineering Task Force (IETF) has specified the IPv6 Routing Protocol for Low Power and Lossy Network (RPL) to provide a bespoke IPv6-based routing framework for IoT networks. However, RPL comes with no Quality of Service (QoS) support which is an essential requirement for many IoT applications. The network research community has introduced a number of research proposals enhancing RPL with different QoS solutions. This paper presents a review of these proposed solutions and aims to establish a firm understanding of recent QoS developments for RPL and possible areas for future IoT routing research. The focus is on comprehending the protocol and networking properties that can affect QoS performance in RPL networks. Consideration is also given to different objective functions developed for addressing varying QoS aspects such as throughput, delay, and packet loss. RPL is also extended in a number of QoS solutions following different approaches at the MAC, network, and application layers. However, there is still a need for further developments to address effective QoS support, particularly for dynamic RPL networks.     

一种针对RPL入侵检测的自适应节能算法

RPL（IPv6 routing protocol for low power and lossy networks）是IPv6低功耗有损无线网络的路由层协议,缺乏健全的安全保护机制且运行于资源受限的物联网设备导致容易受到网络攻击,因此在进行安全检测时应尽可能减少消耗设备资源。针对上述问题,分析了RPL网络的拓扑结构、RPL的入侵检测技术和常见网络攻击的原理,论证并提出了能够降低设备功率和网络负载的自适应节能算法,最后基于Contiki 3.0和Cooja实现并验证了该算法的有效性。实验结果表明,该算法能够根据网络拓扑挑选出有效的检测节点,在保证检测率的情况下降低约12%的设备平均功率。     

Ad Hoc网络中的虫洞攻击与检测方法研究

虫洞攻击是一种针对移动自组织网络路由协议的攻击,一般是至少由两个节点进行合谋的协同攻击。攻击节点之间通过虫洞攻击能够大量吸引数据包,从而达到控制网络的目的。基于按需距离矢量路由协议,根据移动自组织网络中的虫洞攻击原理,采用NS2仿真平台,通过对按需距离矢量路由协议的修改,对虫洞攻击进行了仿真,并且分析了虫洞攻击对网络性能参数的影响。根据虫洞攻击特性,设计了三种攻击检测方法:地理位置定位、邻居信任检测以及邻居监听。将这三种方法在NS2中仿真,验证了其可行性。     

基于置信区域设置的低功耗有损网络路由

现有多数低功耗有损网络路由(RPL)协议没有考虑真实环境中移动节点的定位误差。为此,提出基于移动节点置信区域的低功耗有损路由协议,记为KPRPL。KPRPL协议考虑了静态和移动两类节点,并正视真实环境下的定位误差。在静态节点间路由,KPRPL协议考虑传统的期望传输次数(ETX)为路由度量;而针对有移动节点参与的路由,采用新的RPL度量。每个移动节点依据信道条件产生置信区域,利用Kalman滤波修正移动节点位置。再依据经Kalman滤波后的修正位置和方差,移动节点重新构建置信区域,并形成候选锚节点集。最终,移动节点利用端到端ETX估计值,选择最优的路径。仿真结果表明,与传统的RPL协议相比,KPRPL协议提高了在恶劣环境下的可靠性和鲁棒性。     

Adaptive Threat Modeling for Secure Ad Hoc Routing Protocols

Secure routing protocols for mobile ad hoc networks provide the required functionality for proper network operation. If the underlying routing protocol cannot be trusted to follow the protocol operations, additional trust layers, such as authentication, cannot be obtained. Threat models drive analysis capabilities, affecting how we evaluate trust. Current attacker threat models limit the results obtained during protocol security analysis over ad hoc routing protocols. Developing a proper threat model to evaluate security properties in mobile ad hoc routing protocols presents a significant challenge. If the attacker strength is too weak, we miss vital security flaws. If the attacker strength is too strong, we cannot identify the minimum required attacker capabilities needed to break the routing protocol. In this paper we present an adaptive threat model to evaluate route discovery attacks against ad hoc routing protocols. Our approach enables us to evaluate trust in the ad hoc routing process and allows us to identify minimum requirements an attacker needs to break a given routing protocol.     

低功耗有损网络安全路由协议研究综述

随着物联网不断飞速发展，低功耗有损网络（LLN）的研究与应用成为一种发展趋势。首先，介绍了6LoWPAN与低功耗有损网络路由协议（RPL）的基本原理和结构；其次，总结了LLN中RPL所面对的主要安全威胁以及应对方法，根据协议所采用的不同策略进行归纳、分类和比较；然后，对国内外已有安全RPL研究情况进行了介绍和分析，同时对现有安全威胁和解决方案进行了总结；最后，提出了在大规模、移动性、自组织、低功耗的RPL中需要进一步研究的安全问题和发展趋势。     

面向IPv6物联子网的轻量级树型转发模型

在IPv6 物联网中,RPL 路由模型已得到广泛的认可.然而对于规模较大的多跳网络结构,RPL 面临着部分转发节点路由容量较大的问题.而且物联子网中扁平化的地址结构使得这一问题更为突出.设计了支持IPv6 地址自动分配的轻量级树型转发模型TFAD（tree forwarding model with address automatically distributed）,将物联子网中的节点构造成一棵层次转发树,树节点的IPv6 地址在子树范围内高度聚合.各节点只需存储与其子节点数相当的转发项,即可完成TFAD 模型的数据转发.此外,设计了TFAD 模型的备份父节点机制,当网络出现故障时能够以子树为单位进行网络拓扑重构,实现物联子网的快速路由恢复.实验验证了TFAD 模型的高效路由存储性能以及快速的路由学习能力和故障后路由恢复能力.     

移动自组织网络中内部丢包的检测模型

无线移动自组织网络中数据的传输是基于中间节点的合作转发的,但由于内部自私节点为了节省带宽和电量或者网络受到恶意节点的攻击,导致丢包行为发生,网络性能严重降低。基于无线自组织网络常用的路由协议AODV,提出了一种新的针对内部丢包攻击的检测模型。该检测模型引入旁信道概念,旁信道节点和看门狗共同检测并记录节点转发报文行为,采用邻居信息表存放检测结果,当相应节点的记录值达到一定下限时就被隔离出网络。由于旁信道可以发送警报报文,该模型能够同时检测到自私节点或合作攻击节点引起的内部丢包攻击。     

SINGLETON: A lightweight and secure end-to-end encryption protocol for the sensor networks in the Internet of Things based on cryptographic ratchets

For many systems, safe connectivity is an important requirement, even if the transmitting machines are resource-constrained. The advent of the Internet of Things (IoT) has also increased the demand for low-power devices capable of connecting with each other or sending data to a central processing site. The IoT allows many applications in a smart environment, such as outdoor activity control, smart energy, infrastructure management, environmental sensing, or cyber-security issues. Security in such situations remains an open challenge because of the resource-constrained design of sensors and objects, or the multi-purpose adversaries may target the process during the life cycle of a smart sensor. This paper discusses widely used protocols that provide safe communications for various applications in IoT and also different attacks are defined. In this paper, to protect the IoT objects and sensors, we propose a comprehensive and lightweight security protocol based on Cryptographic Ratchets. That is, an encrypted messaging protocol using the Double Ratchet Algorithm is defined which we call Singleton, and the implementation of protocol is tested and compared to the implementation of the IoT standard protocols and a post-quantum version of the protocol. Various cryptographic primitives are also evaluated, and their suitability for use in the protocol is tested. The results show that the protocol as the building stone not only enables efficient resource-wise protocols and architectures but also provides advanced and scalable IoT sensors. Our design and analysis demonstrate that Singleton security architecture can be easily integrated into existing network protocols such as IEEE 802.15.4 or OMA LWM2M, which offers several benefits that existing approaches cannot offer both performance and important security services. For chat applications such as WhatsApp, Skype, Facebook Private Messenger, Google Allo, and Signal, a cryptographic ratchet-based protocol provides end-to-end encryption, forward secrecy, backward secrecy, authentication, and deniability.

     

Cost Optimized Switching of Routing Protocol Scheme for IoT Applications

In this work, we propose a context-aware switching of routing protocol scheme for specific application requirements of IoT in real-time using a software-defined networking controller in wireless sensor networks. The work planned has two stages i) Selection of suitable routing protocol (RP) for given IoT applications using higher cognitive process and ii) Deployment of the corresponding routing protocol. We use the supervised learning-regression method for classification of the routing protocol while considering the network parameters like stability, path delay, energy utilization, and throughput. The chosen routing protocol will be set in the sensor network using a software-defined networking controller in an exceedingly flexible manner during the second stage. Extensive simulation has been done and results are evaluated to point out the strength of the proposed work, while dynamically varying the specific requirements of IoT applications. We observe that the work proposed is path-breaking the prevailing methods, where a specific routing protocol is employed throughout the period of time. It’s clearly shown that the proposed, Low-cost Context-Aware Protocol Switching (LCAPS) scheme is efficient in improving the performance of the sensor network and also meets the specific application requirements of IoT by using Software-Defined Wireless Sensor Networks SDWSNs.     

无线传感器网络的RPL路由协议研究

路由协议执行网络拓扑描述、路由选择和数据包转发的功能,影响整个网络的性能和存活时间。现有的路由协议需要发送大量数据包维护网络拓扑,以及大量的存储空间来存储路由条目。由于硬件的限制,无线传感器节点无论是能量,还是其处理能力、存储能力都受到极大的制约。因此,IETFRoLL工作组提出了一种针对低功耗有损网络的IPV6路由协议,即RPL路由协议。文中对RPL路由协议的拓扑构建过程、数据包路由过程和Trickle定时器的算法等进行了分析,通过使用COOJA仿真工具对其进行仿真,验证了RPL路由协议在低功耗有损网络中具有较高的性能。     

基于剩余级别负载均衡的RPL路由协议

低功耗有损网络LLNs(Low-Power and Lossy Networks)中,RPL路由协议可以减少能耗和延长网络生命周期,但是负载的不均衡严重影响了RPL路由协议的性能.据此,提出了一种优化的RPL路由协议—WLB-RPL.该协议以节点剩余能量以及节点平均邻居距离为权重计算剩余级别,并通过动态调整通信半径完成路由构建,以均衡能量.仿真结果表明,改进后的路由协议可以对之前的负载均衡进行更好的优化,达到了理想的效果.     

基于双层模糊逻辑信任的OLSR安全路由协议

由于移动自组网的开放性、分散性的特点,导致传统的OLSR信任模型存在无法明确量化节点的信任指标和忽视节点的网络环境的问题.针对上述问题,本文提出一种基于环境自适应决策的双层模糊逻辑信任模型,并与OLSR协议搭建了EFT-OLSR协议.该模型划分为参数提取模块、双层模糊推理模块、决策模块.首先选取节点剩余能量(P),阻止隐式的自私攻击;其次通过运用改进的双层模糊逻辑结构,限制计算节点信任指标的复杂度;最后根据网络环境动态调整路由协议中的信任阈值.实验表明, EFT-OLSR协议在数据包传递率(PDR)、平均端到端延迟、丢包率方面优于现有的FT-OLSR信任模型.     

DSR协议下数据包攻击及防御机制

移动Ad—hoc网络又称移动自组网、多跳网络,是一种特殊的、在不借助中心管理的情况下,在有限的范围内实现多个移动终端临时互联的网络。由于Adhoc网络自身的特殊性,其路由协议的设计与传统固定网络有很大不同,而且种类繁多,DSR协议便是其中一种。DSR协议也被称做动态源路由协议,它作为Ad—hoc网络的路由协议之一,最大特点是在发送的每个数据包中放入一个完整的、按序排列的路由信息,并且在传递数据包的过程中依赖着这些路由信息去完成工作。文章主要介绍了Ad—hoc网络中的DSR协议的工作方式,针对其安全性提出一种新的攻击模型——数据包攻击,并通过模拟实验,给出了数据包攻击的检测方法和防御策略,能够成功地发现并有效地阻碍数据包攻击。     

RPL in a nutshell: A survey

IPv6 Routing Protocol for Low Power and Lossy Networks (RPL) is a routing protocol specifically designed for Low power and Lossy Networks (LLN) compliant with the 6LoWPAN protocol. It currently shows up as an RFC proposed by the IETF ROLL working group. However, RPL has gained a lot of maturity and is attracting increasing interest in the research community. The absence of surveys about RPL motivates us to write this paper, with the objective to provide a quick introduction to RPL. In addition, we present the most relevant research efforts made around RPL routing protocol that pertain to its performance evaluation, implementation, experimentation, deployment and improvement. We also present an experimental performance evaluation of RPL for different network settings to understand the impact of the protocol attributes on the network behavior, namely in terms of convergence time, energy, packet loss and packet delay. Finally, we point out open research challenges on the RPL design. We believe that this survey will pave the way for interested researchers to understand its behavior and contributes for further relevant research works.     

一种新的Ad hoc网络安全路由方案

在移动Adhoc网络中,网络的自组织、动态拓扑以及无线接入等特点使得路由的安全性问题日益突出。论文提出了一种基于按需路由的高效、安全路由方案(ESAR),阐述了该方案的原理,路由发现和路由维护过程,并对其安全性能以及网络性能进行了分析,与同类型的方案进行了比较。该方案可以有效地防止对路由信息的伪装、篡改、路由重播、拒绝服务(DoS)等攻击,并且考虑了Adhoc网络资源有限的特点,使用对称密钥机制,降低网络资源的开销。     

基于模糊信任的无线传感器网络可信路由

由于无线传感器网络（WSNs）经常部署在苛刻环境下,节点易被物理俘获或损坏,无线多跳通信的方式也使得网络容易遭受各种信号干扰和攻击,路由安全显得尤为重要。在分簇路由协议的基础上,引入了节点可信度作为路由选择的度量,提出了基于模糊信任的无线传感器网络可信路由模型。该模型中,每个节点的信任值由剩余能量、包转发率、路由信息篡改以及声明诚实度等4个属性采用变权模糊综合评判算法得到。仿真结果表明：在变权模糊综合评判算法中,通过提高具有过低值的属性的权值,可以突出节点的缺陷,使得具备过低剩余能量或是过低包转发率,路由信息篡改信任,或过低诚实度任意一个缺陷的节点都不能够得到较高的信任值从而被选为簇头节点,避免行为恶意的节点破坏网络路由。     

A lightweight authentication and key agreement protocol for heterogeneous IoT with special attention to sensing devices and gateway

Focusing specifically on sensing devices with restricted resources, heterogeneous internet of things (HIoT) is an attractive scenario for IoT networks. Nonetheless, the very nature of wireless channels in these networks has given rise to a series of security challenges, which need to be considered while developing authentication protocols. Here, we scrutinized Yu and Park’s, Kumari et al.’s, and Ostad-sharif et al.'s protocols and illustrated their weaknesses against key compromise attacks, insider attacks, and violation of anonymity. Furthermore, for heterogeneous IoT contexts, a lightweight and secure authentication and key agreement protocol for heterogeneous IoT environments is presented. Concerning the restricted resources of sensing devices, an attempt is made to provide an efficient HIoT-based authentication protocol to enhance network security and performance. The gateway as a trusted authority with the maximum workload and sensing devices with the highest restrictions on resources are considered in the suggested protocol. As a result, the user bears the brunt of the workload in the individual session. The Burrows–Abadi–Needham (BAN) logic is used to validate the proposed protocol, and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is utilized to demonstrate resilience to existing active attacks. Simulation findings and performance assessment revealed that our protocol improved communication overheads by up to 110%, computation overheads by up to 83%, and sensing device maximum storage capacity by up to 51%.

     

Black Hole Attack Detection and Performance Improvement in Mobile Ad-Hoc Network

ABSTRACT

Security is an essential service for mobile network communications. Routing plays an important role in the security of mobile ad-hoc networks (MANETs). A wide variety of attacks targets the weakness of MANETs. By attacking the routing protocols, attackers can absorb network traffic, injecting themselves into the path between the source and destination. The black hole attack is one of the routing attacks where a malicious node advertise itself as having the shortest path to all nodes in the network by sending fake route reply. In this paper, a defense scheme for detecting black hole node is proposed. The detection is based on the timing information and destination sequence numbers maintained in the Neighborhood Route Monitoring Table. The table maintains the record of time of Reply. A black hole node will send a route reply message without checking the routing table as the legitimate node normally does. This reduced reply time is used to detect the black hole node. To improve the security further, the destination sequence number is checked with the threshold value, which is dynamically updated. The simulation results demonstrate that the protocol not only detects black hole attack but also improves the overall performance.