A Lightweight Scheme for Mitigating RPL Version Number Attacks in IoT Networks

Abstract

Internet of Things (IoT) systems incorporate a multitude of resource-limited devices typically interconnected over Low Power and Lossy Networks (LLNs). Robust IP-based network routing among such constrained IoT devices can be effectively realized using the IPv6 Routing Protocol for LLN (RPL) which is an IETF-standardized protocol. The RPL design features a topology maintenance mechanism based on a version numbering system. However, such a design property makes it easy to initiate Version Number (VN) attacks targeting the stability, lifetime, and performance of RPL networks. Thus the wide deployment of RPL-based IoT networks would be hindered significantly unless internal routing attacks such as the VN attacks are efficiently addressed. In this research work, a lightweight and effective detection and mitigation solution against RPL VN attacks is introduced. With simple modifications to the RPL functionality, a collaborative and distributed security scheme is incorporated into the protocol design (referred to as CDRPL). As the experimental results indicated, it provides a secure and scalable solution enhancing the resilience of the protocol against simple and composite VN attacks in different experimental setups. CDRPL guaranteed fast and accurate attack detection as well as quick topology convergence upon any attack attempt. It also efficiently maintained network stability, control traffic overhead, QoS performance, and energy consumption during different scenarios of the VN attack. Compared to other similar approaches, CDRPL yields better performance results with lightweight node-local processing, no additional entities, and less communication overhead.