MVTC-Sec: Lightweight Timestamp Correlation for Securing RPL Against DIO Replay Attacks

IF 3.4 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Access Pub Date : 2025-07-10 DOI:10.1109/ACCESS.2025.3587977

Tahar Guerbouz;Akram Zine Eddine Boukhamla;Djalila Belkebir;Sahraoui Dhelim

{"title":"MVTC-Sec: Lightweight Timestamp Correlation for Securing RPL Against DIO Replay Attacks","authors":"Tahar Guerbouz;Akram Zine Eddine Boukhamla;Djalila Belkebir;Sahraoui Dhelim","doi":"10.1109/ACCESS.2025.3587977","DOIUrl":null,"url":null,"abstract":"The rapid expansion of the Internet of Things (IoT) has brought greater attention to the reliability and security of communication within Low-Power and Lossy Networks (LLNs) with constrained resources. Of all the protocols for such networks, the Routing Protocol for Low-Power and Lossy Networks (RPL) plays a central role in enabling effective routing in 6LoWPAN-based IoT systems. However, RPL does not possess any built-in security measures, making it vulnerable to a wide range of attacks, primarily DODAG Information Object (DIO) message-based attacks such as DIO suppression, neighbor, and copycat attacks. Such attacks destabilize the network topology, reduce the packet delivery ratio (PDR), and increase both latency and energy consumption. To address these issues, this paper proposes MVTC-Sec, a Mathematically Validated Timestamp Correlation method that detects replay-based DIO attacks by analyzing deviations from the expected Trickle algorithm timing. Passively observing DIO intervals, MVTC-Sec identifies attack nodes violating the exponential backoff behavior, with efficient and lightweight attack detection irrespective of cryptographic overhead. We evaluate MVTC-Sec using the Cooja simulator under both static and mobile RPL scenarios, with varying attacker behaviors and replay intervals. Results show that MVTC-Sec achieves a detection accuracy ranging from 90% to 99%, improves packet delivery ratio (PDR) to 0.50-0.96, and reduces end-to-end latency by up to 60%. The scheme proves to be of low overhead, requiring only (48.1 kB ROM, 6.3 KB RAM), making it suitable for resource-constrained devices. Compared to the existing solutions, MVTC-Sec offers higher detection accuracy, lower complexity, and improved adaptability, making it an efficient and scalable protection method for RPL-based IoT networks.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"122088-122106"},"PeriodicalIF":3.4000,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11077154","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11077154/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid expansion of the Internet of Things (IoT) has brought greater attention to the reliability and security of communication within Low-Power and Lossy Networks (LLNs) with constrained resources. Of all the protocols for such networks, the Routing Protocol for Low-Power and Lossy Networks (RPL) plays a central role in enabling effective routing in 6LoWPAN-based IoT systems. However, RPL does not possess any built-in security measures, making it vulnerable to a wide range of attacks, primarily DODAG Information Object (DIO) message-based attacks such as DIO suppression, neighbor, and copycat attacks. Such attacks destabilize the network topology, reduce the packet delivery ratio (PDR), and increase both latency and energy consumption. To address these issues, this paper proposes MVTC-Sec, a Mathematically Validated Timestamp Correlation method that detects replay-based DIO attacks by analyzing deviations from the expected Trickle algorithm timing. Passively observing DIO intervals, MVTC-Sec identifies attack nodes violating the exponential backoff behavior, with efficient and lightweight attack detection irrespective of cryptographic overhead. We evaluate MVTC-Sec using the Cooja simulator under both static and mobile RPL scenarios, with varying attacker behaviors and replay intervals. Results show that MVTC-Sec achieves a detection accuracy ranging from 90% to 99%, improves packet delivery ratio (PDR) to 0.50-0.96, and reduces end-to-end latency by up to 60%. The scheme proves to be of low overhead, requiring only (48.1 kB ROM, 6.3 KB RAM), making it suitable for resource-constrained devices. Compared to the existing solutions, MVTC-Sec offers higher detection accuracy, lower complexity, and improved adaptability, making it an efficient and scalable protection method for RPL-based IoT networks.

查看原文本刊更多论文

MVTC-Sec：用于保护RPL免受DIO重放攻击的轻量级时间戳相关性

随着物联网（IoT）的快速发展，资源受限的低功耗和有损网络（lln）中通信的可靠性和安全性受到了越来越多的关注。在此类网络的所有协议中，低功耗和有损网络路由协议（RPL）在实现基于6lowpan的物联网系统的有效路由方面发挥着核心作用。然而，RPL没有任何内置的安全措施，使其容易受到各种攻击，主要是基于DODAG信息对象（DIO）消息的攻击，如DIO抑制、邻居和复制攻击。这种攻击会破坏网络拓扑结构的稳定，降低PDR (packet delivery ratio)，增加时延和能耗。为了解决这些问题，本文提出了MVTC-Sec，这是一种经过数学验证的时间戳相关方法，通过分析与预期涓流算法时间的偏差来检测基于重播的DIO攻击。被动观察DIO间隔，MVTC-Sec识别违反指数后退行为的攻击节点，具有高效和轻量级的攻击检测，而不考虑加密开销。我们使用Cooja模拟器在静态和移动RPL场景下对MVTC-Sec进行了评估，这些场景具有不同的攻击者行为和重放间隔。结果表明，MVTC-Sec的检测准确率在90% ~ 99%之间，将分组分发率（PDR）提高到0.50 ~ 0.96，将端到端延迟降低了60%。该方案被证明开销低，只需要（48.1 kB ROM, 6.3 kB RAM），使其适合资源受限的设备。与现有解决方案相比，MVTC-Sec具有更高的检测精度、更低的复杂性和更好的适应性，使其成为基于rpl的物联网网络的有效和可扩展的保护方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.