TY - JOUR
T1 - SPRINKLER
T2 - A Multi-RPL Man-in-the-Middle Identification Scheme in IoT Networks
AU - Zilberman, Aviram
AU - Dvir, Amit
AU - Stulman, Ariel
N1 - Publisher Copyright:
© 2002-2012 IEEE.
PY - 2024
Y1 - 2024
N2 - Cyber-threat protection is one of the most challenging research branches of Internet-of-Things (iot). With the exponential increase of tiny connected devices, the battle between friend and foe intensifies. Unfortunately, iot devices offer very limited security features, laying themselves wide open to new attacks, inhibiting the expected global adoption of iot technologies. Moreover, existing prevention and mitigation techniques and intrusion detection systems handle attack anomalies rather than the attack itself while using a significant amount of the network resources. rpl, the de-facto routing protocol for iot, proposes minimal security features that cannot handle internal attacks. Hence, in this paper, we propose sprinkler, which identifies the specific thing that is under attack by an adversarial Man-in-The-Middle. sprinkler uses the multi-instance feature of rpl to identify the adversary. The proposed solution adheres to two basic principles: it only uses pre-existing standard routing protocols and does not rely on a centralized or trusted third-party node such as a certificate authority. All information must be gleaned by each node using only primitives that already exist in the underlying communication protocol, which excludes any training dataset. Simulations show that sprinkler adds minimal maintenance and energy expenditure while pinpointing deterministically the attacker in the network. In particular, sprinkler has a message delivery rate and detection rate of 100%.
AB - Cyber-threat protection is one of the most challenging research branches of Internet-of-Things (iot). With the exponential increase of tiny connected devices, the battle between friend and foe intensifies. Unfortunately, iot devices offer very limited security features, laying themselves wide open to new attacks, inhibiting the expected global adoption of iot technologies. Moreover, existing prevention and mitigation techniques and intrusion detection systems handle attack anomalies rather than the attack itself while using a significant amount of the network resources. rpl, the de-facto routing protocol for iot, proposes minimal security features that cannot handle internal attacks. Hence, in this paper, we propose sprinkler, which identifies the specific thing that is under attack by an adversarial Man-in-The-Middle. sprinkler uses the multi-instance feature of rpl to identify the adversary. The proposed solution adheres to two basic principles: it only uses pre-existing standard routing protocols and does not rely on a centralized or trusted third-party node such as a certificate authority. All information must be gleaned by each node using only primitives that already exist in the underlying communication protocol, which excludes any training dataset. Simulations show that sprinkler adds minimal maintenance and energy expenditure while pinpointing deterministically the attacker in the network. In particular, sprinkler has a message delivery rate and detection rate of 100%.
KW - IoT
KW - LLN device identification
KW - MANET
KW - MiTM
KW - RPL
KW - secret sharing
UR - http://www.scopus.com/inward/record.url?scp=85187011242&partnerID=8YFLogxK
U2 - 10.1109/TMC.2024.3370894
DO - 10.1109/TMC.2024.3370894
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85187011242
SN - 1536-1233
VL - 23
SP - 9971
EP - 9988
JO - IEEE Transactions on Mobile Computing
JF - IEEE Transactions on Mobile Computing
IS - 10
ER -