Provenance-enabled packet path tracing in the RPL-based internet of things

Abstract

The interconnection of resource-constrained and globally accessible things with unreliable Internet make them vulnerable to attacks such as, but not limited to, data forging, false data injection, and packet drop. Such attacks may affect mission-critical applications that rely on sensor data for decision-making processes, hence, necessitates high assurance of trustworthy data. For the data trustworthiness, provenance is considered to be an effective mechanism that tracks both data acquisition and data transmission. However, provenance management for IoT networks is faced with several challenges such as low energy, bandwidth consumption, and efficient storage. In this paper, we propose a bi-fold Provenance-enabled Packed Path Tracing (PPPT) approach to identify packet drop (either maliciously or due to network disruptions) and detect faulty or misbehaving nodes in the Routing protocol for low-Power and Lossy networks (RPL). Firstly, ordered system-level provenance information encapsulates the data generating nodes and the forwarding nodes in the data packet. Secondly, to closely monitor the dropped packets, a node-level provenance in the form of the packet sequence number is enclosed as a routing entry in the routing table of each participating node. Lossless in nature, both approaches conserve provenance size satisfying processing and storage requirements of IoT devices. The experimental results show that the provenance size remains constant (i.e., 2 bytes) in the proposed scheme, irrespective of the number of hops or number of sent packets. Therefore, it does not affect factors such as memory usage (additional RAM and ROM usage: 504 and 3874 bytes respectively), energy consumption, and processing efficiency for provenance generation time in comparison to RPL-only approach. Furthermore, our proposed provenance-enabled RPL (PPPT) outperforms the RPL-only approach from the perspective of added security such as data trustworthiness and features such as identification of malicious nodes and other disruptions in the network.