Ph.D. Defense: Areej Althubaity

Doctoral Dissertation Oral Defense

Title: Towards Detecting Routing-based Internal Attacks in 6TiSCH Architecture

Ph.D. Candidate: Areej Althubaity

Major Advisor:  Prof. Song Han

Associate Advisors: Prof. Reda A. Ammar, Prof. Sanguthevar Rajasekaran.

Date/Time: Tuesday, December 22, 2020, 10:00 AM – 12:00 PM

Location:  

Meeting link:

https://uconn-cmr.webex.com/uconn-cmr/j.php?MTID=m6d9ea6e50cef0caf5d8bee92f331e48c

Meeting number: 120 360 7773

Password: adV7nnGxd32

Join by phone: +1-415-655-0002 US Toll

Access code: 120 360 7773

Abstract:

The Routing Protocol for Low-Power and Lossy Networks (RPL) was proposed by the Routing Over Low power and Lossy networks (ROLL) working group to support the routing requirements of the Low-power and Lossy Networks (LLNs). RPL has been adapted by the IPv6 over the Time-Slotted and Channel Hopping mode of IEEE 802.15.4e (6TiSCH) architecture that brought the deterministic and time-critical industrial networks to the Internet. 6TiSCH devices, however, are not prone to tampering and some of its protocols are vulnerable to a number of internal attacks; for instance, the RPL.

We aim in this thesis to tackle internal attacks that are violating the RPL’s rules. We are proposing two Intrusion Detection Systems (IDSs) with high accuracy detection rates, and low processing power and storage consumption to suit 6TiSCH architecture. On the first fold of this thesis, we propose a centralized specification-based IDS, namely: ARM (Authenticated Rank and routing Metric) to detect two forms of rules-related attacks where the compromised mote might either manipulate its location in the routing graph or might advertise a better path toward the root. Briefly, ARM is composed of centralized and distributed modules installed on the root mote and all RPL motes, respectively. The root is responsible for making the detection decisions while the motes periodically share their routing information with the root. On the second fold, we introduce a fully distributed IDS named FORCE (FOrged Rank and routing metriC dEtector) to detect a wider range of rules-related attacks and to suit larger networks. In FORCE, each mote locally analyzes any received control messages, and accordingly, detects any suspicious behavior. On the third fold, we introduced the enhanced version of ARM IDS, namely ARM-Pro where most of the modules are enhanced to detect most of the rules-related attacks.

We implemented and evaluated our IDSs through extensive simulation scenarios. The results demonstrate their ability in detecting the rules-related attacks with a high detection rate and without incurring significant overhead to the resources in terms of the storage footprint, communication, and energy consumption on individual devices. Our IDSs are lightweight and suitable for the resource-constrained wireless networks.