Jun Jiang,Yuhong Liu

DOI: https://doi.org/10.48550/arXiv.2201.06937

2022-01-18

Abstract:IPv6 Routing Protocol for Low Power and Lossy Networks (RPL) is an essential routing protocol to enable communications for IoT networks with low power devices. RPL uses an objective function and routing constraints to find an optimized routing path for each node in the network. However, recent research has shown that topological attacks, such as selective forwarding attacks, pose great challenges to the secure routing of IoT networks. Many conventional secure routing solutions, on the other hand, are computationally heavy to be directly applied in resource-constrained IoT networks. There is an urgent need to develop lightweight secure routing solutions for IoT networks. In this paper, we first design and implement a series of advanced selective forwarding attacks from the attack perspective, which can flexibly select the type and percentage of forwarding packets in an energy efficient way, and even bad-mouth other innocent nodes in the network. Experiment results show that the proposed attacks can maximize the attack consequences (i.e. number of dropped packets) while maintaining undetected. Moreover, we propose a lightweight trust-based defense solution to detect and eliminate malicious selective forwarding nodes from the network. The results show that the proposed defense solution can achieve high detection accuracy with very limited extra energy usage (i.e. 3.4%).

Networking and Internet Architecture

S. Remya,Manu J. Pillai,C. Arjun,Somula Ramasubbareddy,Yongyun Cho

DOI: https://doi.org/10.1109/access.2024.3391918

IF: 3.9

2024-05-03

IEEE Access

Abstract:An extensive worldwide network known as the Internet of Things (IoT) links different electronic devices and facilitates easy communication and group work. This interdependency is especially apparent in Low Power and Lossy Networks (LLNs), where resource-constrained devices adhere to specified protocols for effective communication. Such systems frequently use Routing Protocol for LLNs (RPL). Nevertheless, due to its basic simplicity, there are numerous ways to exploit it, thereby compromising network security. It is also difficult to carry out complex computational operations on LLNs due to their resource constraints. A highly developed system called the Trust-Based Intrusion Detection System for RPL (TIDSRPL) is presented in this research study. Complex trust computations are offloaded to the root node by TIDSRPL, which assesses node trust based on network behavior. Reduce the possibility of resource depletion with this strategic transfer that preserves energy, storage, and computational resources at the node level. Comparative analysis with the default RPL Objective Function (OF), MRHOF-RPL, demonstrates TIDSRPL's superior efficacy in detecting and isolating malicious nodes engaged in Sinkhole, Selective forwarding, and Sybil attacks. Notably, TIDSRPL exhibits a 20-35% reduction in average packet loss ratio and attains 33-45% greater energy efficiency compared to MRHOF-RPL, reinforcing its robustness in securing LLN operations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Dong,Xiaojin Liu

DOI: https://doi.org/10.1109/tii.2015.2495147

IF: 12.3

2015-01-01

IEEE Transactions on Industrial Informatics

Abstract:Time synchronization is crucial for cyber-physical systems (CPSs), e.g., wireless sensor and actuator networks. Cyber physical security is an important yet challenging problem. In particular, attacks to the time synchronization service may incur data distortion or even malfunction of the whole system. Sybil attack is one of the most common attack types for sensor networks, where a node illegitimately claims multiple identities. Existing secure time-synchronization protocols; however, cannot well address Sybil attacks in the time synchronization process. We propose a robust and secure time-synchronization protocol (RTSP) to defend against Sybil attacks. Different from previous secure timesync protocols, RTSP employs a novel graph theoretical approach, which is able to perform anomaly detection at the message level instead of the node level. This fine-grained detection ability enables RTSP to become robust against Sybil attacks, as well as node compromise and message manipulation attacks. Extensive experimental results show the effectiveness of our proposed protocol.

Jawad Hassan,Adnan Sohail,Ali Ismail Awad,M. Ahmed Zaka

DOI: https://doi.org/10.1016/j.adhoc.2024.103576

IF: 4.816

2024-06-15

Ad Hoc Networks

Abstract:The Internet of Things (IoT) has recently gained significance as a means of connecting various physical devices to the Internet, enabling various innovative applications. However, the security of IoT networks is a significant concern due to the large volume of data generated and transmitted over them. The limited resources of IoT devices, along with their mobility and diverse characteristics, pose significant challenges for maintaining security in routing protocols, such as the Routing Protocol for Low-Power and Lossy Networks (RPL). This lacks effective defense mechanisms against routing attacks, including Sybil and rank attacks. Various techniques have been proposed to address this issue, including cryptography and intrusion-detection systems. The use of these techniques on IoT nodes is limited by their low power and lossy nature, primarily due to the significant computational overhead they involve. In addition, conventional trust-management systems for addressing security concerns need to be improved due to their high computation, memory, and energy costs. Therefore, this paper presents a novel, Lightweight, and Efficient Trust-based Mechanism (LETM-IoT) for resource-limited IoT networks to mitigate Sybil attacks. We conducted extensive simulations in Cooja, the Contiki OS simulator, to assess the efficacy of the proposed LETM-IoT against three types of Sybil attack (A, B, and C). A comparison was also made with standard RPL and state-of-the-art approaches. The experimental findings show that LETM-IoT outperforms both of these in terms of average packet-delivery ratio by 0.20 percentage points, true-positive ratio by 1.34 percentage points, energy consumption by 2.5%, and memory utilization by 19.42%. The obtained results also show that LETM-IoT consumes increased storage by 5.02% compared to the standard RPL due to the existence of an embedded security module.

computer science, information systems,telecommunications

Iain Baird,Baraq Ghaleb,Isam Wadhaj,Gordon Russell,William J. Buchanan

DOI: https://doi.org/10.3390/electronics13173467

IF: 2.9

2024-09-03

Electronics

Abstract:In the evolving landscape of the Internet of Things (IoT), ensuring the security and integrity of data transmission remains a paramount challenge. Routing Protocol for Low-Power and Lossy Networks (RPL) is commonly utilized in IoT networks to facilitate efficient data routing. However, RPL networks are susceptible to various security threats, with Sybil and flood attacks being particularly detrimental. Sybil attacks involve malicious nodes generating multiple fake identities to disrupt network operations, while flood attacks overwhelm network resources by inundating them with excessive traffic. This paper proposes a novel mitigation strategy leveraging Bloom filters and hash chains to enhance the security of RPL-based IoT networks against sybil and flood attacks. Extensive simulation and performance analysis demonstrate that this solution significantly reduces the impact of sybil and flood attacks while maintaining a low power consumption profile and low computational overhead.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jae-Dong Kim,Dabin Kim,Minseok Ko,Jong-Moon Chung

2024-10-05

Abstract:Wireless sensor networks (WSN) are widely used in vehicular networks to support Vehicle-to-Everything (V2X) communications. Wireless sensors in vehicular networks support sensing and monitoring of various environmental factors and vehicle movement, which can help to enhance traffic management, road safety, and transportation efficiency. However, WSNs face security challenges due to their distributed nature and resource limited modules. In Sybil attacks, attackers create multiple fake identities to disrupt network operations (e.g., denial-of-service (DoS)), which is one of the major security concerns in WSNs. Defensive techniques have been proposed, which recently include a received signal strength indicator (RSSI) profiling scheme that improves the performance and is not affected by internal forgeable information. However, even this new RSSI based robust detection scheme was found to be vulnerable when Sybil attackers are mobile or intentionally manipulate their radio transmission power in addition to their device address. In this paper, a unique identification based trust path routing scheme (UITrust) is proposed, which uses the device's physically invariable unique identifiers and routing path trust level estimations to avoid power-controlled Sybil attacks, where the simulation results show the proposed scheme can provide a significant improvement compared to existing schemes.

Cryptography and Security

Zhang Taimin,Ji Xiaoyu,Xu Wenyuan

DOI: https://doi.org/10.1007/s11036-020-01634-z

2020-01-01

Mobile Networks and Applications

Abstract:Advanced metering infrastructure (AMI) is the core component of the smart grid. As the wireless connection between smart meters in AMI is featured with high packet loss and low transmission rate, AMI is considered as a representative of the low power and lossy networks (LLNs). In such communication environment, the routing protocol in AMI network is essential to ensure the reliability and real-time of data transmission. The IPv6 routing protocol for low-power and lossy networks (RPL), proposed by IETF ROLL working group, is considered to be the best routing solution for the AMI communication environment. However, the performance of RPL can be seriously degraded due to jamming attack. In this paper, we analyze the performance degradation problem of RPL protocol under jamming attack. We propose a backup node selection mechanism based on the standard RPL protocol. The proposed mechanism chooses a predefined number of backup nodes that maximize the probability of successful transmission. We evaluation the proposed mechanism through MATLAB simulations, results show the proposed mechanism improves the performance of RPL under jamming attack prominently.

Muhammad Zunnurain Hussain,Zurina Mohd Hanapi,Azizol Abdullah,Masnida Hussin,Mohd Izuan Hafez Ninggal

DOI: https://doi.org/10.7717/peerj-cs.2231

2024-08-09

Abstract:In the modern digital market flooded by nearly endless cyber-security hazards, sophisticated IDS (intrusion detection systems) can become invaluable in defending against intricate security threats. Sybil-Free Metric-based routing protocol for low power and lossy network (RPL) Trustworthiness Scheme (SF-MRTS) captures the nature of the biggest threat to the routing protocol for low-power and lossy networks under the RPL module, known as the Sybil attack. Sybil attacks build a significant security challenge for RPL networks where an attacker can distort at least two hop paths and disrupt network processes. Using such a new way of calculating node reliability, we introduce a cutting-edge approach, evaluating parameters beyond routing metrics like energy conservation and actuality. SF-MRTS works precisely towards achieving a trusted network by introducing such trust metrics on secure paths. Therefore, this may be considered more likely to withstand the attacks because of these security improvements. The simulation function of SF-MRTS clearly shows its concordance with the security risk management features, which are also necessary for the network's performance and stability maintenance. These mechanisms are based on the principles of game theory, and they allocate attractions to the nodes that cooperate while imposing penalties on the nodes that do not. This will be the way to avoid damage to the network, and it will lead to collaboration between the nodes. SF-MRTS is a security technology for emerging industrial Internet of Things (IoT) network attacks. It effectively guaranteed reliability and improved the networks' resilience in different scenarios.

Zahrah A. Almusaylim,NZ Jhanjhi,Abdulaziz Alhumam

DOI: https://doi.org/10.3390/s20215997

IF: 3.9

2020-10-22

Sensors

Abstract:The rapid growth of the Internet of Things (IoT) and the massive propagation of wireless technologies has revealed recent opportunities for development in various domains of real life, such as smart cities and E-Health applications. A slight defense against different forms of attack is offered for the current secure and lightweight Routing Protocol for Low Power and Lossy Networks (RPL) of IoT resource-constrained devices. Data packets are highly likely to be exposed in transmission during data packet routing. The RPL rank and version number attacks, which are two forms of RPL attacks, can have critical consequences for RPL networks. The studies conducted on these attacks have several security defects and performance shortcomings. In this research, we propose a Secure RPL Routing Protocol (SRPL-RP) for rank and version number attacks. This mainly detects, mitigates, and isolates attacks in RPL networks. The detection is based on a comparison of the rank strategy. The mitigation uses threshold and attack status tables, and the isolation adds them to a blacklist table and alerts nodes to skip them. SRPL-RP supports diverse types of network topologies and is comprehensively analyzed with multiple studies, such as Standard RPL with Attacks, Sink-Based Intrusion Detection Systems (SBIDS), and RPL+Shield. The analysis results showed that the SRPL-RP achieved significant improvements with a Packet Delivery Ratio (PDR) of 98.48%, a control message value of 991 packets/s, and an average energy consumption of 1231.75 joules. SRPL-RP provided a better accuracy rate of 98.30% under the attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Tianchen Zhang,Taimin Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.23919/chicc.2019.8866139

2019-01-01

Abstract:Advanced metering infrastructure (AMI) is a key component in the smart grid. Transmitting data robustly and reliably between the tremendous smart meters in the AMI is one of the most crucial tasks for providing various services in smart grid. Among the many efforts for designing practical routing protocols for the AMI, the Routing Protocol for Low-Power and Lossy Networks (RPL) proposed by the IETF ROLL working group is considered the most consolidated candidate. Resent research has shown cyber attacks such as blackhole attack and version number attack can seriously damage the performance of the network implementing RPL. The main reason that RPL. is vulnerable to these kinds of attacks is the lack an authentication mechanism. In this paper, we study the impact of blackhole attacks on the performance of the AMI network and proposed a new blackhole attack that can bypass the existing defense mechanism. Then, we propose a cuckoo filter based RPL to defend the AMI network from blackhole attacks. We also give the security analysis of the proposed method.

Mina Zaminkar,Reza Fotohi

DOI: https://doi.org/10.48550/arXiv.2005.09140

2020-05-17

Cryptography and Security

Abstract:Through the Internet of Things (IoT) the internet scope is established by the integration of physical things to classify themselves into mutual things. A physical thing can be created by this inventive perception to signify itself in the digital world. Regarding the physical things that are related to the internet, it is worth noting that considering numerous theories and upcoming predictions, they mostly require protected structures, moreover, they are at risk of several attacks. IoTs are endowed with particular routing disobedience called sinkhole attack owing to their distributed features. In these attacks, a malicious node broadcasts illusive information regarding the routings to impose itself as a route towards specific nodes for the neighboring nodes and thus, attract data traffic. RPL (IP-V6 routing protocol for efficient and low-energy networks) is a standard routing protocol which is mainly employed in sensor networks and IoT. This protocol is called SoS-RPL consisting of two key sections of the sinkhole detection. In the first section rating and ranking the nodes in the RPL is carried out based on distance measurements. The second section is in charge of discovering the misbehavior sources within the IoT network through, the Average Packet Transmission RREQ (APT-RREQ). Here, the technique is assessed through wide simulations performed within the NS-3 environment. Based on the results of the simulation, it is indicated that the IoT network behavior metrics are enhanced based on the detection rate, false-negative rate, false-positive rate, packet delivery rate, maximum throughput, and packet loss rate.

Wei Yang,Yuan Wang,Zhixiang Lai,Yadong Wan,Zhuo Cheng

DOI: https://doi.org/10.1109/cyberc.2018.00020

2018-01-01

Abstract:RPL is a routing protocol for Low-Power and Lossy Networks, which is the routing protocol standardized for the Internet of Things (IoT). However, RPL has many serious vulnerabilities which can be exploited by attackers. In this paper, we adopt an finite state machines(FSM) based vulnerability discovering approach to analyze the security vulnerabilities of RPL, which can successfully discover sinkhole attack, selective forwarding attack and hello flood attack. Then we propose some security countermeasures to defend against the attacks. Finally, we run a thorough set of simulations to assess the impact of the sinkhole attack and the effectiveness of proposed countermeasure. The results show that the attack can significantly damage the RPL and the countermeasure can successfully detect the malicious node.

Mina Zaminkar,Fateme Sarkohaki,Reza Fotohi

DOI: https://doi.org/10.48550/arXiv.2012.02242

2020-11-21

Cryptography and Security

Abstract:Internet of Things (IoT) provides the possibility for milliards of devices throughout the world to communicate with each other, and data is collected autonomously. The big data generated by the devices should be managed securely. Due to security challenges, like malicious nodes, many approaches cannot respond to these concerns. In this paper, a robust hybrid method, including encryption, is used as an efficient approach for resolving the RPL protocol concerns so that the devices are connected securely. Therefore, the proposed DSH-RPL method for securing the RPL protocol comprises the four following phases: The first phase creates a reliable RPL. The second phase detects the sinkhole attack. The third phase quarantines the detected malicious node, and the fourth phase transmits data through encryption. The simulation results show that the DSH-RPL reduces the false-positive rate more than 18.2% and 23.1%, and reduces the false-negative rate more than 16.1% and 22.78%, it also increases the packet delivery rate more than 19.68% and 25.32% and increases the detection rate more than 26% and 31% compared to SecTrust-RPL and IBOOS-RPL.

B. Ghaleb,A. Al-Dubai,A. Hussain,J. Ahmad,I. Romdhani,Z. Jaroucheh

2023-05-17

Abstract:The Routing Protocol for Low power and Lossy networks (RPL) has been developed by the Internet Engineering Task Force (IETF) standardization body to serve as a part of the 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks) standard, a core communication technology for the Internet of Things (IoT) networks. RPL organizes its network in the form of a tree-like structure where a node is configured as the root of the tree while others integrate themselves into that structure based on their relative distance. A value called the Rank is used to define each node's relative position and it is used by other nodes to take their routing decisions. A malicious node can illegitimately claim a closer position to the root by advertising a lower rank value trapping other nodes to forward their traffic through that malicious node. In this study, we show how this behavior can have a detrimental side effect on the network via extensive simulations and propose a new secure objective function to prevent such an attack.

Networking and Internet Architecture,Cryptography and Security

Amal Hkiri,Mouna Karmani,Omar Ben Bahri,Ahmed Mohammed Murayr,Fawaz Hassan Alasmari,Mohsen Machhout

DOI: https://doi.org/10.32604/cmc.2023.047087

2024-01-01

Abstract:The RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) protocol is essential for efficient communication within the Internet of Things (IoT) ecosystem. Despite its significance, RPL’s susceptibility to attacks remains a concern. This paper presents a comprehensive simulation-based analysis of the RPL protocol’s vulnerability to the decreased rank attack in both static and mobile network environments. We employ the Random Direction Mobility Model (RDM) for mobile scenarios within the Cooja simulator. Our systematic evaluation focuses on critical performance metrics, including Packet Delivery Ratio (PDR), Average End to End Delay (AE2ED), throughput, Expected Transmission Count (ETX), and Average Power Consumption (APC). Our findings illuminate the disruptive impact of this attack on the routing hierarchy, resulting in decreased PDR and throughput, increased AE2ED, ETX, and APC. These results underscore the urgent need for robust security measures to protect RPL-based IoT networks. Furthermore, our study emphasizes the exacerbated impact of the attack in mobile scenarios, highlighting the evolving security requirements of IoT networks.

computer science, information systems,materials science, multidisciplinary

Abhishek Verma,Virender Ranga

DOI: https://doi.org/10.1007/s11235-020-00674-w

2023-02-24

Abstract:The IPv6 routing protocol for low-power and lossy networks (RPL) is the standard routing protocol for IPv6 based low-power wireless personal area networks (6LoWPANs). In RPL protocol, DODAG information object (DIO) messages are used to disseminate routing information to other nodes in the network. A malicious node may eavesdrop DIO messages of its neighbor nodes and later replay the captured DIO many times with fixed intervals. In this paper, we present and investigate one of the severe attacks named as a non-spoofed copycat attack, a type of replay based DoS attack against RPL protocol. It is shown that the non-spoofed copycat attack increases the average end-to-end delay (AE2ED) and packet delivery ratio of the network. Thus, to address this problem, an intrusion detection system (IDS) named CoSec-RPL is proposed in this paper. The attack detection logic of CoSec-RPL is primarily based on the idea of outlier detection (OD). CoSec-RPL significantly mitigates the effects of the non-spoofed copycat attack on the network's performance. The effectiveness of the proposed IDS is compared with the standard RPL protocol. The experimental results indicate that CoSec-RPL detects and mitigates non-spoofed copycat attack efficiently in both static and mobile network scenarios without adding any significant overhead to the nodes. To the best of our knowledge, CoSec-RPL is the first RPL specific IDS that utilizes OD for intrusion detection in 6LoWPANs.

Cryptography and Security,Networking and Internet Architecture

DOI: https://doi.org/10.1186/s13638-024-02377-1

2024-06-09

EURASIP Journal on Wireless Communications and Networking

Abstract:The extensive utilization of IoT applications leads to the aggregation of a substantial volume of data, presenting a crucial challenge in terms of data routing within these networks. RPL intentionally surpasses the limitations sometimes observed in low-power and lossy networks, which are particularly prevalent in IoT networks. The RPL protocol is designed specifically for static networks that do not involve mobility or topological changes. The RPL protocol guarantees continuous connectivity between nodes and mitigates the risk of data loss in stationary IoT applications that do not involve mobility or alterations in network configuration. The article utilizes a mobility aid technology known as network performance stability using the intelligent routing protocol (nPSIR), which expands upon RPL. The Mobility Support Entity (nPSIR) facilitates the displacement of all nodes, with the exception of the root node, and ensures uninterrupted connection during mobility. Moreover, it deals with the situation where there is a physical barrier between two interconnected nodes in a changing environment. In order to achieve this objective, it employs a dynamic trickle timer that operates within two distinct ranges. Furthermore, it utilizes a neighbor link quality table, a mechanism for selecting the most beneficial parent node in the event of migration, a measure of confidence, the identification of crucial regions, and a blacklist. Multiple simulations validate that nPSIR effectively decreases hand-off delay and improves packet delivery, despite the minor drawbacks of increased signaling costs and power consumption. The delivery ratio decreases the quantity of lost data packets and surpasses both RPL as a responsive protocol and mRPL as a proactive protocol in relation to mobility.

telecommunications,engineering, electrical & electronic

Debasmita Dey,Nirnay Ghosh

2024-03-07

Abstract:Routing Protocol for Low Power and Lossy Networks (RPL) is the de-facto routing standard in IoT networks. It enables nodes to collaborate and autonomously build ad-hoc networks modeled by tree-like destination-oriented direct acyclic graphs (DODAG). Despite its widespread usage in industry and healthcare domains, RPL is susceptible to insider attacks. Although the state-of-the-art RPL ensures that only authenticated nodes participate in DODAG, such hard security measures are still inadequate to prevent insider threats. This entails a need to integrate soft security mechanisms to support decision-making. This paper proposes iTRPL, an intelligent and behavior-based framework that incorporates trust to segregate honest and malicious nodes within a DODAG. It also leverages multi-agent reinforcement learning (MARL) to make autonomous decisions concerning the DODAG. The framework enables a parent node to compute the trust for its child and decide if the latter can join the DODAG. It tracks the behavior of the child node, updates the trust, computes the rewards (or penalties), and shares with the root. The root aggregates the rewards/penalties of all nodes, computes the overall return, and decides via its $\epsilon$-Greedy MARL module if the DODAG will be retained or modified for the future. A simulation-based performance evaluation demonstrates that iTRPL learns to make optimal decisions with time.

Networking and Internet Architecture

Somnath Karmakar,Jayasree Sengupta,Sipra Das Bit

DOI: https://doi.org/10.1109/comsnets51098.2021.9352937

2021-01-05

Abstract:In recent times researchers have found several security vulnerabilities in the Routing Protocol for Low power and Lossy network (RPL), amongst which rank attack is a predominant one causing detrimental effects on the network by creating a fake topology. To address this concern, we propose a low-overhead rank attack detection scheme for non-storing mode of RPL used in IoT to deal with both increased and decreased rank attacks. Accordingly, we have modified the RPL Destination Oriented Directed Acyclic Graph (DODAG) formation algorithm to detect rank attacks during topology formation and maintenance. The distributed module of the algorithm runs in all the participating nodes whereas the centralized module runs in the sink. Unlike many existing schemes, instead of sending additional control message, we make the scheme low-overhead by simply modifying the DAO control message. Additionally, a lightweight Message Authentication Code (HMAC-LOCHA) is used to verify the integrity and authenticity of the control messages exchanged between nodes and the sink. The correctness of the proposed scheme is established through a concrete proof using multiple test case scenarios. Finally, the performance of the proposed scheme is evaluated both theoretically and through simulation in Contiki-based Cooja simulator. Theoretical evaluation proves the scheme’s energy efficiency. Simulation results show that our scheme outperforms over a state-of-the-art rank attack detection scheme in terms of detection accuracy, false positive/negative rate and energy consumption while also keeping acceptable network performance such as improved detection latency and at par packet delivery ratio.

Girish Sharma,Jyoti Grover,Abhishek Verma

DOI: https://doi.org/10.1109/ANTS59832.2023.10469481

2024-04-02

Abstract:In recent times, the Internet of Things (IoT) has a significant rise in industries, and we live in the era of Industry 4.0, where each device is connected to the Internet from small to big. These devices are Artificial Intelligence (AI) enabled and are capable of perspective analytics. By 2023, it's anticipated that over 14 billion smart devices will be available on the Internet. These applications operate in a wireless environment where memory, power, and other resource limitations apply to the nodes. In addition, the conventional routing method is ineffective in networks with limited resource devices, lossy links, and slow data rates. Routing Protocol for Low Power and Lossy Networks (RPL), a new routing protocol for such networks, was proposed by the IETF's ROLL group. RPL operates in two modes: Storing and Non-Storing. In Storing mode, each node have the information to reach to other node. In Non-Storing mode, the routing information lies with the root node only. The attacker may exploit the Non-Storing feature of the RPL. When the root node transmits User Datagram Protocol~(UDP) or control message packet to the child nodes, the routing information is stored in the extended header of the IPv6 packet. The attacker may modify the address from the source routing header which leads to Denial of Service (DoS) attack. This attack is RPL specific which is known as Hatchetman attack. This paper shows significant degradation in terms of network performance when an attacker exploits this feature. We also propose a lightweight mitigation of Hatchetman attack using game theoretic approach to detect the Hatchetman attack in IoT.

Cryptography and Security