CRA-RPL: A Novel Lightweight challenge-Response authentication-based technique for securing RPL against dropped DAO attacks

Abstract

IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) is one of the most prominent networking technologies currently fueling the drastic growth of the Internet of Things (IoT) market. As 6LoWPAN runs on resource-constrained devices like ultra-low powered micro-controllers and radio transceivers, therefore use of traditional routing protocols is not recommended. To solve the problem of achieving energy-efficient routing in 6LoWPAN, Routing Protocol for Low-power and Lossy Networks (RPL) is specified by IETF. Although RPL gives many benefits to 6LoWPAN, but the research fraternity has raised many concerns regarding its security. One such security issue is the Dropped Destination Advertisement Object (DDAO) attack. In a DDAO attack, an attacker exploits the standard DAO forwarding technique of RPL to perform the attack without getting noticed. Using multiple experiments, we have observed that the key network performance parameters are severely affected by the DDAO attack. In this view, this paper proposes a novel lightweight Challenge-Response Authentication-based technique for securing RPL against DDAO attacks. The key idea of CRA-RPL is to use a modified version of control messages by incorporating challenge-response pair for authenticating DAO-ACK messages. CRA-RPL is implemented on a widely used Contiki-NG embedded operating system and validated on Cooja Simulator. Performance of CRA-RPL is compared with ContikiRPL (i.e., standard RPL implementation). The experimental findings indicate that CRA-RPL effectively identifies and counteracts DDAO attacks in static and mobile environments without devastatingly affecting the resource-constrained nodes. In a DDAO attack, an attacker exploits the standard DAO forwarding technique of RPL to perform the attack without getting noticed. Using multiple experiments, we have observed that the key network performance parameters are severely affected by the DDAO attack. In this view, this paper proposes a novel lightweight Challenge-Response Authentication-based technique for securing RPL against DDAO attacks. The key idea of CRA-RPL is to use a modified version of control messages by incorporating challenge-response pair for authenticating DAO-ACK messages. CRA-RPL is implemented on a widely used Contiki-NG embedded operating system and validated on Cooja Simulator. Performance of CRA-RPL is compared with ContikiRPL (i.e., standard RPL implementation). The experimental findings indicate that CRA-RPL effectively identifies and counteracts DDAO attacks in static and mobile environments without devastatingly affecting the resource-constrained nodes.