Description
The IoT network is the result of a technological revolution that represents the future of computing and communication. Therefore, its aim is to enable the integration and unification of all objects and communication systems that surround us. Also, IoT has a number of application domains, such as automotive, healthcare, logistics, environmental monitoring, and many others. Since IoT envisions an era where billions of things (devices) will be connected to the Internet and communicated with each other, this means that a large amount of data will be exchanged and processed. Technologies such as IEEE 802.15.4, 6LoWPAN, RPL and COAP make possible the creation of real applications connected to the IoT.
The 6LoWPAN (IPv6 Low-power Wireless Personal Area Network) allows routing IPv6 packets in a compressed form, since it allows the binding of 6LoWPAN and physical layer protocol, IEEE 802.15.4. This network enables to connect devices with limited resources to establish the conventional Internet Internet of Things (IoT). The RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) is a novel standardized routing protocol primarily designed to meet the specific routing requirements of the IoT. Further, connection oriented web protocols such as HTTP are not feasible and a new protocol, the CoAP (Constrained Application Protocol), is being standardized for the IoT.
In reason of the increase of intelligent devices and the mobility of some of these, the IoT is exposed to several vulnerabilities that are present in a variable communication infrastructure. Most devices that form the IoT possess limited computational resources, such as low power, limited capacity processing, storage, loss of links connection and other features. Because of these characteristics, the IoT becomes vulnerable to several ways of routing attacks. Among these types of IoT attacks, the sinkhole attack stands out being considered one of the most destructive routing attacks for wireless networks. An sinkhole attacker device aims to attract the greatest amount of traffic in a certain area harming the reception of data on collection point. Thus, it compromises the reliability and integrity of the data sent by the devices (node).
However, one possible solution is the use of INTI (Instrusion detection for SiNkhole attacks over 6LoWPAN for InterneT of ThIngs). INTI takes into account devices mobility, as well as the attackers can play different roles (free node, member node, leader node, etc). It has four modules: cluster configuration this module generates a leader-based hierarchy establishing groups to organize, ensure scalability and extend the lifetime of the network. Nodes are classified as members, associated and leaders depending on their functions. The assigned function is adaptable and changes over time with the network reconfiguration due to node mobility or an attack event. The routing monitoring INTI defines an observation component which counts the transmission number of input and output performed by a node. For this, the monitor node computes the number of transmissions performed by a “top” node in relation to its own messages. A node is called top node when it has a (rank) lower. Thereafter, its estimates the amount of transmission inputs and outputs performed. If the amount of incoming streams is equal to the number of output streams, the node is defined as good. Otherwise, the monitor node assumes that is happening any deviations from the normal operation. The attack detection and attack isolation, INTI identifies and reveals the identity of a sinkhole attacking node. The module of attacker detection performs two kinds of evaluations. These evaluations estimate the reputation and trust of the node to detect sinkhole attacks. Such assessments maintain continuously the security and integrity of the node. This module isolates a sinkhole node after its detection. For this, the node that has detected the sinkhole attack generates and propagates an alarm message in broadcast with the purpose of alerting the neighboring nodes. Moreover, this node promotes the isolation of the attacker by sending a message of restoration to its neighbors. The main data propagated in th restoration message consists of the cluster rank, in order to allow nodes of same rank start a regrouping.
Results achieved through project
- A study of the methods and mechanisms against existing sinkhole attacks in the literature. These methods and mechanisms were classified as countermeasures to prevent and counter detection. With this study were raised desirable requirements for an intrusion detection system (IDS) against sinkhole attacks to the IoT.
- The proposal and specification of INTI System (instructing for detection against sinkhole attacks on 6LoWPAN for the Internet of Things), a system that provides protection and safety to the IoT. The INTI architecture is organized into four modules: the module configuration of the groups, the monitoring module of the router , the attacker detection module and the attacker isolation module. Together can detect and isolate the attack of the network for this follow functioning normally.
- The specification INTI system combines the use of different techniques inspired by the behavior of each device for detecting sinkhole attack. It was also implemented a protocol that allows the formation of clusters, and allows the mobility of network devices thus closer to reality.
- The system evaluation on the INTI sinkhole attacks. The evaluation showed that the proposed system provides a considerable improvement in the detection of sinkhole attack. Thus , the proposed system is able to detect and isolate the sinkhole attack increasing performance and reducing network resource consumption and thereby reducing adverse effects.