Securing RPL using Network Coding: The Chained Secure Mode (CSM)

TL;DR

This paper introduces the Chained Secure Mode (CSM), a novel security approach for RPL in IoT networks that improves resistance to routing attacks and enhances overall security and performance.

Contribution

The paper proposes the Chained Secure Mode (CSM), a new security mechanism based on network coding, to strengthen RPL against routing attacks and integrate with existing security measures.

Findings

CSM outperforms UM and PSM in security and performance.

CSM effectively mitigates Neighbor and Wormhole attacks.

CSM reduces impact of CloneID attack.

Abstract

As the de facto routing protocol for many Internet of Things (IoT) networks nowadays, and to assure the confidentiality and integrity of its control messages, the Routing Protocol for Low Power and Lossy Networks (RPL) incorporates three modes of security: the Unsecured Mode (UM), Preinstalled Secure Mode (PSM), and the Authenticated Secure Mode (ASM). While the PSM and ASM are intended to protect against external routing attacks and some replay attacks (through an optional replay protection mechanism), recent research showed that RPL in PSM is still vulnerable to many routing attacks, both internal and external. In this paper, we propose a novel secure mode for RPL, the Chained Secure Mode (CSM), based on the concept of intraflow Network Coding (NC). The CSM is designed to enhance RPL resilience and mitigation capability against replay attacks while allowing the integration with external security measures such as Intrusion Detection Systems (IDSs). The security and performance of the proposed CSM were evaluated and compared against RPL in UM and PSM (with and without the optional replay protection) under several routing attacks: the Neighbor attack (NA), Wormhole (WH), and CloneID attack (CA), using average packet delivery rate (PDR), End-to-End (E2E) latency, and power consumption as metrics. It showed that CSM has better performance and more enhanced security than both the UM and PSM with the replay protection, while mitigating both the NA and WH attacks and significantly reducing the effect of the CA in the investigated scenarios.