Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things

Vijay Kumar; George Oikonomou; Theo Tryfonas

doi:10.1109/WF-IoT.2016.7845515

Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things

Vijay Kumar, George Oikonomou, Theo Tryfonas

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

8 Citations (Scopus)

784 Downloads (Pure)

Abstract

Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network’s state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.

Original language	English
Title of host publication	2016 IEEE 3rd World Forum on Internet of Things (WF-IoT 2016)
Subtitle of host publication	Proceedings of a meeting held 12-14 December 2016, Reston, Virginia, USA
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Number of pages	6
ISBN (Electronic)	9781509041305
ISBN (Print)	9781509041312
DOIs	https://doi.org/10.1109/WF-IoT.2016.7845515
Publication status	Published - Mar 2017
Event	3rd IEEE World Forum on Internet of Things - Reston, VA, United States Duration: 12 Dec 2016 → 14 Dec 2016

Conference

Conference	3rd IEEE World Forum on Internet of Things
Abbreviated title	WF-IoT 2016
Country/Territory	United States
City	Reston, VA
Period	12/12/16 → 14/12/16

Keywords

6LoWPAN Forensics
Traffic Forensics
Wireless Sensor Networks

Access to Document

10.1109/WF-IoT.2016.7845515

Full-text PDF (accepted author manuscript)
This is the author accepted manuscript (AAM). The final published version (version of record) is available online via IEEE at http://ieeexplore.ieee.org/document/7845515/. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 234 KB

Handle.net

Persistent link

RERUM
Oikonomou, G., Papadopoulos, G., Wojcik, M. & Tryfonas, T.
1/09/13 → 31/08/16
Project: Research

Cite this

Kumar, V., Oikonomou, G., & Tryfonas, T. (2017). Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT 2016): Proceedings of a meeting held 12-14 December 2016, Reston, Virginia, USA [7845515] Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/WF-IoT.2016.7845515

@inproceedings{ddfe192236e241c09a525c0f40d9997f,

title = "Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things",

abstract = "Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network{\textquoteright}s state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.",

keywords = "6LoWPAN Forensics, Traffic Forensics, Wireless Sensor Networks",

author = "Vijay Kumar and George Oikonomou and Theo Tryfonas",

year = "2017",

month = mar,

doi = "10.1109/WF-IoT.2016.7845515",

language = "English",

isbn = "9781509041312",

booktitle = "2016 IEEE 3rd World Forum on Internet of Things (WF-IoT 2016)",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "3rd IEEE World Forum on Internet of Things, WF-IoT 2016 ; Conference date: 12-12-2016 Through 14-12-2016",

}

Kumar, V , Oikonomou, G & Tryfonas, T 2017, Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things. in 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT 2016): Proceedings of a meeting held 12-14 December 2016, Reston, Virginia, USA., 7845515, Institute of Electrical and Electronics Engineers (IEEE), 3rd IEEE World Forum on Internet of Things, Reston, VA, United States, 12/12/16. https://doi.org/10.1109/WF-IoT.2016.7845515

Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things. / Kumar, Vijay ; Oikonomou, George ; Tryfonas, Theo.
2016 IEEE 3rd World Forum on Internet of Things (WF-IoT 2016): Proceedings of a meeting held 12-14 December 2016, Reston, Virginia, USA. Institute of Electrical and Electronics Engineers (IEEE), 2017. 7845515.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things

AU - Kumar, Vijay

AU - Oikonomou, George

AU - Tryfonas, Theo

PY - 2017/3

Y1 - 2017/3

N2 - Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network’s state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.

AB - Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network’s state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.

KW - 6LoWPAN Forensics

KW - Traffic Forensics

KW - Wireless Sensor Networks

U2 - 10.1109/WF-IoT.2016.7845515

DO - 10.1109/WF-IoT.2016.7845515

M3 - Conference Contribution (Conference Proceeding)

SN - 9781509041312

BT - 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT 2016)

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 3rd IEEE World Forum on Internet of Things

Y2 - 12 December 2016 through 14 December 2016

ER -

Kumar V , Oikonomou G , Tryfonas T. Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT 2016): Proceedings of a meeting held 12-14 December 2016, Reston, Virginia, USA. Institute of Electrical and Electronics Engineers (IEEE). 2017. 7845515 Epub 2017 Feb 9. doi: 10.1109/WF-IoT.2016.7845515

Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things

Abstract

Conference

Keywords

Access to Document

Handle.net

Fingerprint

Projects

RERUM

Cite this