Integrating 6LoWPAN Security with RPL Using The Chained Secure Mode Framework

TL;DR

This paper introduces a security framework that integrates 6LoWPAN with RPL using the Chained Secure Mode to authenticate fragments and prevent DoS attacks in IoT networks.

Contribution

It proposes a novel security integration method leveraging the CSM framework and Network Coding to enhance 6LoWPAN security against fragmentation attacks.

Findings

Significant mitigation of buffer-reservation attacks.

Almost no increase in power consumption.

Effective chain-of-trust in fragment routing.

Abstract

The IPv6 over Low-powered Wireless Personal Area Network (6LoWPAN) protocol was introduced to allow the transmission of Internet Protocol version 6 (IPv6) packets using the smaller-size frames of the IEEE 802.15.4 standard, which is used in many Internet of Things (IoT) networks. The primary duty of the 6LoWPAN protocol is packet fragmentation and reassembly. However, the protocol standard currently does not include any security measures, not even authenticating the fragments immediate sender. This lack of immediate-sender authentication opens the door for adversaries to launch several attacks on the fragmentation process, such as the buffer-reservation attacks that lead to a Denial of Service (DoS) attack and resource exhaustion of the victim nodes. This paper proposes a security integration between 6LoWPAN and the Routing Protocol for Low Power and Lossy Networks (RPL) through the Chained Secure Mode (CSM) framework as a possible solution. Since the CSM framework provides a mean of immediate-sender trust, through the use of Network Coding (NC), and an integration interface for the other protocols (or mechanisms) to use this trust to build security decisions, 6LoWPAN can use this integration to build a chain-of-trust along the fragments routing path. A proof-of-concept implementation was done in Contiki Operating System (OS), and its security and performance were evaluated against an external adversary launching a buffer-reservation attack. The results from the evaluation showed significant mitigation of the attack with almost no increase in power consumption, which presents the great potential for such integration to secure the forwarding process at the 6LoWPAN Adaptation Layer