低功耗有损网络安全路由协议研究综述

doi:10.11772/j.issn.1001-9081.2018051067

摘要/Abstract

摘要： 随着物联网不断飞速发展，低功耗有损网络（LLN）的研究与应用成为一种发展趋势。首先，介绍了6LoWPAN与低功耗有损网络路由协议（RPL）的基本原理和结构；其次，总结了LLN中RPL所面对的主要安全威胁以及应对方法，根据协议所采用的不同策略进行归纳、分类和比较；然后，对国内外已有安全RPL研究情况进行了介绍和分析，同时对现有安全威胁和解决方案进行了总结；最后，提出了在大规模、移动性、自组织、低功耗的RPL中需要进一步研究的安全问题和发展趋势。

关键词: 6LoWPAN, 低功耗有损网络, 低功耗有损网络路由协议, 安全路由协议, 路由攻击, 物联网

Abstract: With the rapid development of the Internet of Things (IoT), the research and application of Low-power and Lossy Network (LLN) has become a trend of development. Firstly, the basic principle and structure of IPv6 over Low-power Wireless Personal Area Network (6LoWPAN) and Routing Protocol for Low-power and lossy network (RPL) were introduced. Secondly, the main security threats of RPL routing in LLN and the corresponding solutions were summarized, classified and compared through the different strategies adopted by the protocol. Then, the research status of existing secure RPL at home and abroad was introduced and analyzed. At the same time, the existing security threats and solutions were summarized. Finally, the security issues and development trends that needed to be further studied in large-scale, mobile, self-organizing and low-power RPL were proposed.

Key words: IPv6 over Low-power Wireless Personal Area Network (6LoWPAN), Low Power and Lossy Network (LLN), Routing Protocol for Low-power and lossy network (RPL), security routing protocol, routing attack, Internet of Things (IoT)

中图分类号:

TP393.0

罗宇杰, 张健, 唐彰国, 李焕洲. 低功耗有损网络安全路由协议研究综述[J]. 计算机应用, 2018, 38(12): 3462-3470.

LUO Yujie, ZHANG Jian, TANG Zhangguo, LI Huanzhou. Research summary of secure routing protocol for low-power and lossy networks[J]. Journal of Computer Applications, 2018, 38(12): 3462-3470.

参考文献

[1] GARA F, SAAD L B, AYED R B, et al. RPL protocol adapted for healthcare and medical applications[C]//Proceedings of the 2015 International Wireless Communications and Mobile Computing Conference. Piscataway, NJ:IEEE, 2015:690-695.
[2] BRANDT A, BACCELLI E, CRAGIE R, et al. Applicability statement:the use of the routing protocol for low-power and lossy networks (RPL) protocol suite in home automation and building control[EB/OL].[2018-03-26]. https://www.rfc-editor.org/rfc/pdfrfc/rfc7733.txt.pdf.
[3] SAWAFI Y A, TOUZENE A, DAY K, et al. Toward hybrid RPL based IoT sensing for smart city[C]//Proceedings of the 2018 International Conference on Information Networking. Piscataway, NJ:IEEE, 2018:599-604.
[4] KUSHALNAGAR N, MONTENEGRO G, SCHUMACHER C. IPv6 over low-power wireless personal area networks (6LoWPANs):overview, assumptions, problem statement, and goals[EB/OL].[2018-03-26]. https://tools.ietf.org/pdf/rfc4919.pdf.
[5] SHELBY Z, BORMANN C. 6LoWPAN:the Wireless Embedded Internet[M]. New York:Wiley Publishing, 2010:15-24.
[6] HUI J W, THUBERT P. Compression format for IPv6 datagrams over IEEE 802.15.4-based networks[EB/OL].[2018-03-26]. https://tools.ietf.org/pdf/rfc6282.pdf.
[7] WINTER T, THUBERT P, BRANDT A, et al. RPL:IPv6 routing protocol for low power and lossy networks[EB/OL].[2018-03-26]. https://www.rfc-editor.org/rfc/pdfrfc/rfc6550.txt.pdf.
[8] 马亲民,戴光智.6LoWPAN适配层分片重组的研究与实现[J].单片机与嵌入式系统应用,2014,14(4):1-4.(MA Q M, DAI G Z. Study and realization of fragmentation and reassembly in 6LoWPAN adaption layer[J]. Microcontrollers & Embedded Systems, 2014, 14(4):1-4.)
[9] CHOWDHURY A H, IKRAM M, CHA H S, et al. Route-over vs mesh-under routing in 6LoWPAN[C]//Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing:Connecting the World Wirelessly. New York:ACM, 2009:1208-1212.
[10] LEE T H, CHIANG H S, CHANG L H, et al. Modeling and performance analysis of route-over and mesh-under routing schemes in 6LoWPAN[C]//Proceedings of the 2013 IEEE International Conference on Systems, Man, and Cybernetics. Piscataway, NJ:IEEE, 2013:3802-3806.
[11] ISMAIL N H A, HASSAN R, et al. 6LoWPAN local repair using bio inspired artificial bee colony routing protocol[J]. Procedia Technology, 2013, 11:281-287
[12] YUE L, XIE D L, ZHAO J T, et al. E-HiLow:extended hierarchical routing protocol in 6LoWPAN wireless sensor network[C]//Proceedings of the IEEE 8th International Conference on Networking, Architecture and Storage. Piscataway, NJ:IEEE, 2013:8-12.
[13] AIREHROUR D, GUTIERREZ J A, RAY S K. SecTrust-RPL:a secure trust-aware RPL routing protocol for Internet of things[EB/OL].[2018-03-26]. https://doi.org/10.1016/j.future.2018.03.021.
[14] GLISSA G, RACHEDI A, MEDDEB A. A secure routing protocol based on RPL for Internet of things[C]//Proceedings of the 2016 IEEE Global Communications Conference. Piscataway, NJ:IEEE, 2016:1-7.
[15] DEY G K, AHMED M M, AHMMED K T. Performance analysis and redistribution among RIPv2, EIGRP & OSPF routing protocol[C]//Proceedings of the 2015 International Conference on Computer and Information Engineering. Piscataway, NJ:IEEE, 2015:21-24.
[16] ALZUBAIDI M, ANBAR M, AL-SALEEM S, et al. Review on mechanisms for detecting sinkhole attacks on RPLs[C]//Proceedings of the 8th International Conference on Information Technology. Piscataway, NJ:IEEE, 2015:369-374.
[17] MARDINI W, ALJAWARNEH S, AL-ABDI A, et al. Performance evaluation of RPL objective functions for different sending intervals[C]//Proceedings of the 20186th International Symposium on Digital Forensic and Security. Piscataway, NJ:IEEE, 2018:1-6.
[18] AGUSTIN J P C, JACINTO J H, LIMJOCO W J R, et al. IPv6 routing protocol for low-power and lossy networks implementation in network simulator-3[C]//Proceedings of the 2017 IEEE Region 10 Conference. Piscataway, NJ:IEEE, 2017:3129-3134.
[19] PARTHASARATHY M. Protocol for carrying authentication and network access (PANA) threat analysis and security requirements[EB/OL].[2018-03-26]. http://www.docin.com/p-687614757.html.
[20] TSAO T, ALEXANDER R, DOHLER M, et al. A security threat analysis for the routing protocol for low-power and lossy networks (RPLs)[EB/OL].[2018-03-26]. http://www.faqs.org/rfcs/rfc7416.html.
[21] KALLAPUR P V, RANJAN N, VIDYARTHI R, et al. Enhanced variant of RPL for improved security[C]//Proceedings of the 2017 International Conference on Advances in Computing, Communications and Informatics. Piscataway, NJ:IEEE, 2017:2302-2306.
[22] RAZA S, DUQUENNOY S, HÖGLUND J, et al. Secure communication for the Internet of things-a comparison of link-layer security and IPsec for 6LoWPAN[J]. Security and Communication Networks, 2014, 7:2654-2668.
[23] PONGLE P, CHAVAN G. A survey:attacks on RPL and 6LoWPAN in IoT[C]//Proceedings of the 2015 International Conference on Pervasive Computing. Piscataway, NJ:IEEE, 2015:1-6.
[24] AIREHROUR D, GUTIERREZ J, RAY S K. Secure routing for Internet of things:a survey[J]. Journal of Network & Computer Applications, 2016, 66(C):198-213.
[25] MANGELKAR S, DHAGE S N, NIMKAR A V. A comparative study on RPL attacks and security solutions[C]//Proceedings of the 2017 International Conference on Intelligent Computing and Control. Piscataway, NJ:IEEE, 2017:1-6.
[26] WANG Z F, ZHANG L Y, ZHENG Z Y, et al. An optimized RPL protocol for wireless sensor networks[C]//Proceedings of the IEEE 22nd International Conference on Parallel and Distributed Systems. Piscataway, NJ:IEEE, 2016:294-299.
[27] MEDJEK F, TANDJAOUI D, ABDMEZIEM M R, et al. Analytical evaluation of the impacts of Sybil attacks against RPL under mobility[C]//Proceedings of the 12th International Symposium on Programming and Systems. Piscataway, NJ:IEEE, 2015:1-9.
[28] MEDJEK F, TANDJAOUI D, ROMDHANI I, et al. Performance evaluation of RPL protocol under mobile Sybil attacks[C]//Proceedings of the 2017 IEEE Trustcom/BigDataSE/ICESS. Piscataway, NJ:IEEE, 2017:1049-1055.
[29] PERREY H, LANDSMANN M, UGUS O, et al. TRAIL:topology authentication in RPL[C]//Proceedings of the 2016 International Conference on Embedded Wireless Systems and Networks. New York:ACM, 2016:59-64.
[30] DVIR A, HOLCZER T, BUTTYAN L. VeRA-version number and rank authentication in RPL[C]//Proceedings of the IEEE 8th International Conference on Mobile Ad-Hoc and Sensor Systems. Piscataway, NJ:IEEE, 2011:709-714.
[31] CLAUSEN T, YI J, HERBERG U, et al. Observations of RPL:IPv6 routing protocol for low power and lossy networks[EB/OL].[2018-03-26]. https://tools.ietf.org/pdf/draft-clausen-lln-rpl-experiences-00.pdf.
[32] LE A, LOO J, CHAI K K, et al. A specification-based IDS for detecting attacks on RPL-based network topology[J]. Information, 2016, 7(2):Article No. 25.
[33] RAZA S, WALLGREN L, VOIGT T. SVELTE:real-time intrusion detection in the Internet of things[J]. Ad Hoc Networks, 2013, 11(8):2661-2674.
[34] AHMED F, KO Y B. Mitigation of black hole attacks in routing protocol for low power and lossy networks[J]. Security and Communication Networks, 2016, 9(18):5143-5154.
[35] AIREHROUR D, GUTIERREZ J, RAY S K. Securing RPL routing protocol from blackhole attacks using a trust-based mechanism[C]//Proceedings of the 26th International Telecommunication Networks and Applications Conference. Piscataway, NJ:IEEE, 2016:115-120.
[36] SEHGAL A, MAYZAUD A, BADONNEL R, et al. Addressing DODAG inconsistency attacks in RPL networks[C]//Proceedings of the 2014 Global Information Infrastructure & Networking Symposium. Piscataway, NJ:IEEE, 2014:1-8.
[37] MAYZAUD A, SEHGAL A, BADONNEL R, et al. A study of RPL DODAG version attacks[C]//Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, LNCS 8508. Berlin:Springer, 2014:92-104.
[38] PU C. Mitigating DAO inconsistency attack in RPL-based low power and lossy networks[C]//Proceedings of the IEEE 8th Annual Computing and Communication Workshop and Conference. Piscataway, NJ:IEEE, 2018:570-574.
[39] WALLGREN L, RAZA S, VOIGT T. Routing attacks and countermeasures in the RPL-based Internet of things[J]. International Journal of Distributed Sensor Networks, 2013, 2013:1-11.
[40] MAYZAUD A, SEHGAL A, BADONNEL R, et al. Mitigation of topological inconsistency attacks in RPL-based low-power lossy networks[J]. Networks, 2015, 25(5):320-339.
[41] ARIS A, OKTUG S F, YALCIN S B O. RPL version number attacks:in-depth study[C]//Proceedings of the 2016 IEEE/IFIP Network Operations and Management Symposium. Piscataway, NJ:IEEE, 2016:776-779.
[42] MAYZAUD A, BADONNEL R, CHRISMENT I. A distributed monitoring strategy for detecting version number attacks in RPL-based networks[J]. IEEE Transactions on Network and Service Management, 2017, 14(2):472-486.
[43] MAYZAUD A, BADONNEL R, CHRISMENT I. Detecting version number attacks in RPL-based networks using a distributed monitoring architecture[C]//Proceedings of the 12th International Conference on Network and Service Management. Piscataway, NJ:IEEE, 2017:127-135.
[44] REHMAN A, KHAN M M, LODHI M A, et al. Rank attack using objective function in RPL for low power and lossy networks[C]//Proceedings of the 2016 International Conference on Industrial Informatics and Computer Systems. Piscataway, NJ:IEEE, 2016:1-5.
[45] RAI K K, ASAWA K. Impact analysis of rank attack with spoofed IP on routing in 6LoWPAN network[C]//Proceedings of the 10th International Conference on Contemporary Computing. Piscataway, NJ:IEEE, 2017:1-5.
[46] CHEN B B, LI Y, MASHIMA D. Analysis and enhancement of RPL under packet drop attacks[C]//Proceedings of the 10th International Conference on Communication Systems & Networks. Piscataway, NJ:IEEE, 2018:167-174.
[47] PU C, HAJJAR S. Mitigating forwarding misbehaviors in RPL-based low power and lossy networks[C]//Proceedings of the 15th IEEE Annual Consumer Communications & Networking Conference. Piscataway, NJ:IEEE, 2018:1-6.
[48] KHAN F I, SHON T, LEE T, et al. Wormhole attack prevention mechanism for RPL based LLN network[C]//Proceedings of the 5th International Conference on Ubiquitous and Future Networks. Piscataway, NJ:IEEE, 2013:149-154.
[49] AHSAN M S, BHUTTA M N M, MAQSOOD M. Wormhole attack detection in routing protocol for low power lossy networks[C]//Proceedings of the 2017 International Conference on Information and Communication Technologies. Piscataway, NJ:IEEE, 2017:58-67.
[50] PERAZZO P, VALLATI C, VARANO D, et al. Implementation of a wormhole attack against a RPL network:challenges and effects[C]//Proceedings of the 14th Annual Conference on Wireless On-demand Network Systems and Services. Piscataway, NJ:IEEE, 2018:95-102.
[51] KASINATHAN P, PASTRONE C, SPIRITO M A, et al. Denial-of-service detection in 6LoWPAN based Internet of things[C]//Proceedings of the 9th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications. Piscataway, NJ:IEEE, 2013:600-607.
[52] RGHIOUI A, KHANNOUS A, BOUHORMA M. Denial-of-service attacks on 6LoWPAN-RPL networks:issues and practical solutions[J]. Journal of Advanced Computer Science and Technology, 2014, 3(2):143-153.
[53] DJEDJIG N, TANDJAOUI D, MEDJEK F. Trust-based RPL for the Internet of things[C]//Proceedings of the 2015 IEEE Symposium on Computers and Communication. Piscataway, NJ:IEEE, 2016:962-967.
[54] DJEDJIG N, TANDJAOUI D, MEDJEK F, et al. New trust metric for the RPL routing protocol[C]//Proceedings of the 8th International Conference on Information and Communication Systems. Piscataway, NJ:IEEE, 2017:328-335.
[55] SEEBER S, SEHGAL A, STELTE B, et al. Towards a trust computing architecture for RPL in cyber physical systems[C]//Proceedings of the 9th International Conference on Network and Service Management. Piscataway, NJ:IEEE, 2013:134-137.
[56] GUCLU S O, OZCELEBI T, LUKKIEN J J. Trust-based neighbor unreachability detection for RPL[C]//Proceedings of the 25th International Conference on Computer Communication and Networks. Piscataway, NJ:IEEE, 2016:1-6.
[57] IUCHI K, MATSUNAGA T, TOYODA K, et al. Secure parent node selection scheme in route construction to exclude attacking nodes from RPL network[C]//Proceedings of the 21st Asia-Pacific Conference on Communications. Piscataway, NJ:IEEE, 2016:299-303.
[58] LAHBIB A, TOUMI K, ELLEUCH S, et al. Link reliable and trust aware RPL routing protocol for Internet of things[C]//Proceedings of the IEEE 16th International Symposium on Network Computing and Applications. Piscataway, NJ:IEEE, 2017:1-5.
[59] AIREHROUR D. A trust-based routing framework for the Internet of things[D]. Auckland:Auckland University of Technology, 2017:2-29.
[60] AIREHROUR D, GUTIERREZ J, RAY S K. A testbed implementation of a trust-aware RPL routing protocol[C]//Proceedings of the 27th International Telecommunication Networks and Applications Conference. Piscataway, NJ:IEEE, 2017:1-6.
[61] AIREHROUR D, GUTTIERREZ J, RAY S K. A trust-based defence scheme for mitigating blackhole and selective forwarding attacks in the RPL routing protocol[J]. Australian Journal of Telecommunications and the Digital Economy, 2018, 6(1):41-59.
[62] ELLEUCHI M, BOUJELEBEN M, ABID M, et al. Securing RPL-based Internet of things applied for water pipeline monitoring[C]//Proceedings of the 25th International Conference on Software, Telecommunications and Computer Networks. Piscataway, NJ:IEEE, 2017:1-7.
[63] 马雁飞.基于RPL的适配层安全机制的研究与实现[D].北京:北京交通大学,2015:23-29.(MA Y F. Study and implementation of adaptation layer security based on RPL[D]. Beijing:Beijing Jiaotong University, 2015:23-29.)
[64] MA G J, LI X, PEI Q Q, et al. A security routing protocol for Internet of things based on RPL[C]//Proceedings of the 2017 International Conference on Networking and Network Applications. Piscataway, NJ:IEEE, 2017:209-213.
[65] VEDANTHAM R, VIJAYASANKAR K, RAGHU A K, et al. Network address assignment and reclamation for hierarchical based RPL networks:US 2017/006.3685 A1[P]. 2017-03-2
[66] SAHAY R, GEETHAKUMARI G, MODUGU K. Attack graph-based vulnerability assessment of rank property in RPL-6LoWPAN in IoT[C]//Proceedings of the IEEE 4th World Forum on Internet of Things. Piscataway, NJ:IEEE, 2018:308-313.
[67] HU B, SUN Z X. F-RPL:an optimized RPL routing protocol[J]. ICIC Express Letters, 2017, 11(5):927-938.
[68] ANAND M C R, TAHILIANI M P. TmRPL++:trust based smarter-HOP for optimized mobility in RPL[C]//Proceedings of the 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems. Piscataway, NJ:IEEE, 2016:1-6.
[69] 何王吉,马皛源,李鑫,等.能量均衡的低功耗有损网络路由协议[J].计算机应用,2018,38(4):1095-1101.(HE W J, MA X Y, LI X, et al. Energy balancing routing protocol for low-power and lossy network[J]. Journal of Computer Applicationss, 2018, 38(4):1095-1101.)
[70] ALJARRAH E. Deployment of multi-fuzzy model based routing in RPL to support efficient IoT[J]. International Journal of Communication Networks & Information Security, 2017, 9(3):457-465.
[71] BARCELO M, CORREA A, VICARIO J L, et al. Cooperative interaction among multiple RPL instances in wireless sensor networks[J]. Computer Communications, 2016, 81(C):61-71.