VeRA - Version number and rank authentication in RPL

Amit Dvir, Támas Holczer, L. Buttyán

Research output: Chapter in Book/Report/Conference proceedingConference contribution

70 Citations (Scopus)

Abstract

Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of constrained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes' batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.

Original languageEnglish
Title of host publicationProceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011
Pages709-714
Number of pages6
DOIs
Publication statusPublished - 2011
Event8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011 - Valencia, Spain
Duration: Oct 17 2011Oct 22 2011

Other

Other8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011
CountrySpain
CityValencia
Period10/17/1110/22/11

Fingerprint

Routing protocols
Authentication
Topology

Keywords

  • Authentication
  • Hash chain
  • LLN
  • Rank
  • RPL
  • Version Number

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Cite this

Dvir, A., Holczer, T., & Buttyán, L. (2011). VeRA - Version number and rank authentication in RPL. In Proceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011 (pp. 709-714). [6076674] https://doi.org/10.1109/MASS.2011.76

VeRA - Version number and rank authentication in RPL. / Dvir, Amit; Holczer, Támas; Buttyán, L.

Proceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011. 2011. p. 709-714 6076674.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dvir, A, Holczer, T & Buttyán, L 2011, VeRA - Version number and rank authentication in RPL. in Proceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011., 6076674, pp. 709-714, 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011, Valencia, Spain, 10/17/11. https://doi.org/10.1109/MASS.2011.76
Dvir A, Holczer T, Buttyán L. VeRA - Version number and rank authentication in RPL. In Proceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011. 2011. p. 709-714. 6076674 https://doi.org/10.1109/MASS.2011.76
Dvir, Amit ; Holczer, Támas ; Buttyán, L. / VeRA - Version number and rank authentication in RPL. Proceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011. 2011. pp. 709-714
@inproceedings{cf977385fce14c1fac4f04f21611bf86,
title = "VeRA - Version number and rank authentication in RPL",
abstract = "Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of constrained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes' batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.",
keywords = "Authentication, Hash chain, LLN, Rank, RPL, Version Number",
author = "Amit Dvir and T{\'a}mas Holczer and L. Butty{\'a}n",
year = "2011",
doi = "10.1109/MASS.2011.76",
language = "English",
isbn = "9780769544694",
pages = "709--714",
booktitle = "Proceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011",

}

TY - GEN

T1 - VeRA - Version number and rank authentication in RPL

AU - Dvir, Amit

AU - Holczer, Támas

AU - Buttyán, L.

PY - 2011

Y1 - 2011

N2 - Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of constrained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes' batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.

AB - Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of constrained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes' batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values.

KW - Authentication

KW - Hash chain

KW - LLN

KW - Rank

KW - RPL

KW - Version Number

UR - http://www.scopus.com/inward/record.url?scp=83355172286&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=83355172286&partnerID=8YFLogxK

U2 - 10.1109/MASS.2011.76

DO - 10.1109/MASS.2011.76

M3 - Conference contribution

SN - 9780769544694

SP - 709

EP - 714

BT - Proceedings - 8th IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2011

ER -