Towards Detecting Routing-based Internal Attacks in 6TiSCH Architecture

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
The Routing Protocol for Low-Power and Lossy Networks (RPL) was proposed by the Routing Over Low power and Lossy networks (ROLL) working group to support the routing requirements of the Low-power and Lossy Networks (LLNs). RPL has been adapted by the IPv6 over the Time-Slotted and Channel Hopping mode of IEEE 802.15.4e (6TiSCH) architecture that brought the deterministic and time-critical industrial networks to the Internet. 6TiSCH devices, however, are not prone to tampering and some of its protocols are vulnerable to a number of internal attacks; for instance, the RPL. We aim in this thesis to tackle internal attacks that are violating the RPL’s rules. We are proposing two Intrusion Detection Systems (IDSs) with high accuracy detection rates, and low processing power and storage consumption to suit 6TiSCH architecture. On the first fold of this thesis, we propose a centralized specification-based IDS, namely: ARM (Authenticated Rank and routing Metric) to detect two forms of rules-related attacks where the compromised mote might either manipulate its location in the routing graph or might advertise a better path toward the root. Briefly, ARM is composed of centralized and distributed modules installed on the root mote and all RPL motes, respectively. The root is responsible for making the detection decisions while the motes periodically share their routing information with the root. On the second fold, we introduce a fully distributed IDS named FORCE (FOrged Rank and routing metriC dEtector) to detect a wider range of rules-related attacks and to suit larger networks. In FORCE, each mote locally analyzes any received control messages, and accordingly, detects any suspicious behavior. On the third fold, we introduced the enhanced version of ARM IDS, namely ARM-Pro where most of the modules are enhanced to detect most of the rules-related attacks. We implemented and evaluated our IDSs through extensive simulation scenarios. The results demonstrate their ability in detecting the rules-related attacks with a high detection rate and without incurring significant overhead to the resources in terms of the storage footprint, communication, and energy consumption on individual devices. Our IDSs are lightweight and suitable for the resource-constrained wireless networks.