MVTC-Sec: Lightweight Timestamp Correlation for Securing RPL Against DIO Replay Attacks

The rapid expansion of the Internet of Things (IoT) has brought greater attention to the reliability and security of communication within Low-Power and Lossy Networks (LLNs) with constrained resources. Of all the protocols for such networks, the Routing Protocol for Low-Power and Lossy Networks (RPL) plays a central role in enabling effective routing in 6LoWPAN-based IoT systems. However, RPL does not possess any built-in security measures, making it vulnerable to a wide range of attacks, primarily DODAG Information Object (DIO) message-based attacks such as DIO suppression, neighbor, and copycat attacks. Such attacks destabilize the network topology, reduce the packet delivery ratio (PDR), and increase both latency and energy consumption. To address these issues, this paper proposes MVTC-Sec, a Mathematically Validated Timestamp Correlation method that detects replay-based DIO attacks by analyzing deviations from the expected Trickle algorithm timing. Passively observing DIO intervals, MVTC-Sec identifies attack nodes violating the exponential backoff behavior, with efficient and lightweight attack detection irrespective of cryptographic overhead. We evaluate MVTC-Sec using the Cooja simulator under both static and mobile RPL scenarios, with varying attacker behaviors and replay intervals. Results show that MVTC-Sec achieves a detection accuracy ranging from 90% to 99%, improves packet delivery ratio (PDR) to 0.50-0.96, and reduces end-to-end latency by up to 60%. The scheme proves to be of low overhead, requiring only (48.1 kB ROM, 6.3 KB RAM), making it suitable for resource-constrained devices. Compared to the existing solutions, MVTC-Sec offers higher detection accuracy, lower complexity, and improved adaptability, making it an efficient and scalable protection method for RPL-based IoT networks.