Intrusion Detection and light weight Firewall for the 6LoWPAN networks

Abstract: IPv6 over Low power WPAN (6loWPAN) is an adaption layer introduced between the link layer and the network layer in the TCP/IP protocol stack to t the IPv6 datagrams over the IEEE 802.15.4 link layer. 6loWPAN networks comprise of internet enabled resource-constrained smart objects which are interconnected with each other through the Internet Protocol (IPv6). In Internet of Things (IoT), smart devices of the 6loWPAN networks are connected to the unsecured public Internet. RPL (Routing Protocol for Low-Power and Lossy Networks) is the standardized routing protocol dened for routing IP datagrams over the lossy links in LLN (Low-Power and Lossy Networks). In IoT, all devices have a global identity and could be accessed from anywhere in the globe. Hence, security is an important factor in protecting the devices and their informational resources from adversaries. Security solutions must be highly e ective for smart objects considering their limited resources. Despite the state of the art crypto solutions providing information security, IPv6 enabled smart objects are vulnerable to attacks from outside and inside the 6LoWPAN networks. This thesis attempts to identify the intrusions aimed to disrupt 6LoWPAN networks and to prevent external adversaries taking advantage of the resource constrained 6LoWPAN environment. We review state of the art security attacks in conventional WSNs and the RPL-based LLNs. In order to improve the security within 6LoWPAN networks, we extend SVELTE (an IDS for the IoT) by adding ETX (Expected Transmissions) parameter in the 6Mapper. In RPL, ETX is a link reliability metric which indicates the number of successful IP datagram transmissions with respect to the Border Router. Monitoring the ETX value could prevent the Border Router and neighboring nodes to engage actively with the malicious intruder. We propose a geographic routing algorithm to identify the malicious node conducting attacks against ETX-based solutions. We also implement a lightweight rewall at the Border Router to prevent 6LoWPAN networks from external attackers. In this rewall we conduct a stateful deep packet inspection on the protocols adhering to the protocol stack for the 6LoWPAN networks. Our evaluation shows that the IDS module with ETX metric consumes negligible energy and very less CPU processing power. Our intrusion detection mechanisms improves the true positive rate of SVELTE.