A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT Networks
The potential worldwide deployment of Internet of Things (IoT) networks for a broad scope of critical applications has led to significant security concerns. With no effective support for IoT security, this rising trend would expose IoT deployments to numerous security threats. Due to their inherent...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10855393/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832575583274401792 |
|---|---|
| author | Ibrahim S. Alsukayti Mohammed Alreshoodi Mehdi Rouissat |
| author_facet | Ibrahim S. Alsukayti Mohammed Alreshoodi Mehdi Rouissat |
| author_sort | Ibrahim S. Alsukayti |
| collection | DOAJ |
| description | The potential worldwide deployment of Internet of Things (IoT) networks for a broad scope of critical applications has led to significant security concerns. With no effective support for IoT security, this rising trend would expose IoT deployments to numerous security threats. Due to their inherent resource constraints, IoT networks are critically susceptible to a wide range of adverse attacks. In particular, internal routing attacks pose serious challenges to network stability and lifetime. This is evident even for an IETF-standardized routing protocol like the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL). It lacks adequate provisioning of network security, making an internal routing attack such as the common Version Number (VN) attack easy to initiate and effective to target performance degradation and resource exhaustion. It is also possible for further variants of such an adverse attack to emerge and incur a different and significant impact on RPL networks. In this paper, a novel variant of the VN attack, referred to as the Decreased VN (DVN) attack, in experimentally investigated. It differently operates by decreasing the propagated VN value in DIO messages to cause disruptive subnet partitioning and topological re-establishment. Experimental evaluation results revealed the severe effects of DVN attacks on overall network performance. Network overhead and energy consumption were increased by more than 300% and 220%, respectively. Additionally, a reduction of over 28% and an increase of over 400% in PDR and latency, respectively, were experienced during the attack. To effectively mitigate the DVN attack, a novel lightweight solution called DVN-Secure RPL (DVN-SRPL) is introduced in this paper. It is based on an effective and simple distributed security scheme with limited modifications to certain operational aspects of RPL design. Experimental testing of DVN-SRPL demonstrated its efficiency in detecting and containing DVN attacks. It succeeded in mitigating the adverse effects of the attacks with considerable reductions of 179% and 142% in energy consumption and network overhead, respectively. Comparable QoS performance to the attack-free RPL was also maintained during the attack. |
| format | Article |
| id | doaj-art-51a397c531a244d8af845ab419ae246a |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-51a397c531a244d8af845ab419ae246a2025-01-31T23:04:57ZengIEEEIEEE Access2169-35362025-01-0113204722049010.1109/ACCESS.2025.353516610855393A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT NetworksIbrahim S. Alsukayti0https://orcid.org/0000-0002-6925-598XMohammed Alreshoodi1https://orcid.org/0000-0002-3066-6909Mehdi Rouissat2https://orcid.org/0000-0002-4444-2754Department of Computer Science, College of Computer, Qassim University, Buraydah, Saudi ArabiaUnit of Scientific Research, Applied College, Qassim University, Buraydah, Saudi ArabiaUniversity Center Nour Bachir El-Bayadh, STIC Laboratory, University of Abou Bekr Belkaid, Tlemcen, AlgeriaThe potential worldwide deployment of Internet of Things (IoT) networks for a broad scope of critical applications has led to significant security concerns. With no effective support for IoT security, this rising trend would expose IoT deployments to numerous security threats. Due to their inherent resource constraints, IoT networks are critically susceptible to a wide range of adverse attacks. In particular, internal routing attacks pose serious challenges to network stability and lifetime. This is evident even for an IETF-standardized routing protocol like the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL). It lacks adequate provisioning of network security, making an internal routing attack such as the common Version Number (VN) attack easy to initiate and effective to target performance degradation and resource exhaustion. It is also possible for further variants of such an adverse attack to emerge and incur a different and significant impact on RPL networks. In this paper, a novel variant of the VN attack, referred to as the Decreased VN (DVN) attack, in experimentally investigated. It differently operates by decreasing the propagated VN value in DIO messages to cause disruptive subnet partitioning and topological re-establishment. Experimental evaluation results revealed the severe effects of DVN attacks on overall network performance. Network overhead and energy consumption were increased by more than 300% and 220%, respectively. Additionally, a reduction of over 28% and an increase of over 400% in PDR and latency, respectively, were experienced during the attack. To effectively mitigate the DVN attack, a novel lightweight solution called DVN-Secure RPL (DVN-SRPL) is introduced in this paper. It is based on an effective and simple distributed security scheme with limited modifications to certain operational aspects of RPL design. Experimental testing of DVN-SRPL demonstrated its efficiency in detecting and containing DVN attacks. It succeeded in mitigating the adverse effects of the attacks with considerable reductions of 179% and 142% in energy consumption and network overhead, respectively. Comparable QoS performance to the attack-free RPL was also maintained during the attack.https://ieeexplore.ieee.org/document/10855393/Internet of Things (IoT)wireless networksnetwork securityenergy efficiency |
| spellingShingle | Ibrahim S. Alsukayti Mohammed Alreshoodi Mehdi Rouissat A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT Networks IEEE Access Internet of Things (IoT) wireless networks network security energy efficiency |
| title | A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT Networks |
| title_full | A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT Networks |
| title_fullStr | A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT Networks |
| title_full_unstemmed | A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT Networks |
| title_short | A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT Networks |
| title_sort | lightweight mitigation technique against a modified version number attack in iot networks |
| topic | Internet of Things (IoT) wireless networks network security energy efficiency |
| url | https://ieeexplore.ieee.org/document/10855393/ |
| work_keys_str_mv | AT ibrahimsalsukayti alightweightmitigationtechniqueagainstamodifiedversionnumberattackiniotnetworks AT mohammedalreshoodi alightweightmitigationtechniqueagainstamodifiedversionnumberattackiniotnetworks AT mehdirouissat alightweightmitigationtechniqueagainstamodifiedversionnumberattackiniotnetworks AT ibrahimsalsukayti lightweightmitigationtechniqueagainstamodifiedversionnumberattackiniotnetworks AT mohammedalreshoodi lightweightmitigationtechniqueagainstamodifiedversionnumberattackiniotnetworks AT mehdirouissat lightweightmitigationtechniqueagainstamodifiedversionnumberattackiniotnetworks |