Secure Routing and Forwarding in RPL-based Internet of Things: Challenges and Solutions

As the Internet of Things (IoT) becomes an integral part of our everyday life, securing the IoT devices against malicious activities became critical for their deployment, especially with such devices entering homes and controlling essential services. Most IoT devices still have limited resources (i.e., energy, processing power, and memory), complicating the use of traditional security measures. A modified version of the traditional TPC/IP protocol stack was developed for IoT devices, commonly known as the uIP protocol stack. This protocol stack includes either lightweight versions of the traditional protocols, operating at each layer or IoT-suitable replacement protocols. Among these protocols, the Routing Protocol for Low Power and Lossy Networks (RPL) was designed to perform network-layer routing in IoT, while the IPv6 over Low-powered Wireless Personal Area Network (6LoWPAN) protocol was introduced to a new network-sub-layer called the 6LoWPAN adaptation layer. While exploring the challenges that face the routing and forwarding processes at the Network layer in RPL-based networks (or 6LoWPAN networks), from the work in this dissertation, it was found that both processes suffer from a significant vulnerability: the inability to authenticate the message's immediate sender. This problem is explored in detail, and its effects on the performance and security of IoT devices are thoroughly investigated. A solution is proposed to the authentication problem, in the form of a framework based on Network Coding (NC), which is introduced as a third security mode for RPL: the Chained Secure mode (CSM). A prototype for the proposed solution is evaluated, through simulations, for the RPL against several replay attacks, which proved to be effective against the investigated attacks. An integration of the 6LoWPAN protocol and the CSM framework is proposed to reduce the effect of buffer-reservation attacks. The preliminary evaluation results show that this integration between RPL and 6LoWPAN has the potential to mitigate and minimize the effect of the external adversaries of the buffer-reservation attack with minimal resource consumption.