Sybil Attack in RPL-Based Internet of Things: Analysis and Defenses

Over the past few years, Internet of Things (IoT) has emerged as a promising paradigm that connects various physical devices to the Internet, and contributes to the development of countless next-generation applications. As a major enabler for IoT, IPv6-based low-power and lossy networks (LLNs) have been receiving considerable attention as a mature solution for scalable data collection in a ubiquitous computing and communication infrastructure. In order to provide efficient point-to-multipoint and multipoint-to-point communication, a novel routing protocol for LLNs, also well known as RPL, has been proposed and standardized. Nonetheless, due to devices' constraints on processing power, memory, and energy, and the lack of specific security models of the RPL routing protocol, LLNs become an ideal target for various security attacks. In this article, we propose a Gini index-based countermeasure, also called GINI, to effectively detect and mitigate sybil attack in RPL-based LLNs, where the malicious node multicasts an excessive number of DODAG information solicitation (DIS) messages with different fictitious identities to cause the legitimate nodes to restart the Trickle algorithm frequently and broadcast a large number of DODAG information object (DIO) messages to quickly drain the limited energy resource of legitimate nodes. We also present a simple analytical model and its numerical results in terms of detection rate. We evaluate the proposed GINI countermeasure through extensive simulation experiments using OMNeT++ and compare its performance with two existing schemes, SecRPL and two-step detection. The simulation results show that the proposed GINI countermeasure can not only improve the detection rate and detection latency but also reduce energy consumption, indicating a viable approach against sybil attack in the IoT. For continuous improvement and future research, we further discuss the proposed GINI countermeasure in terms of design features, design constraints, and possible extensions.