Security Countermeasures for Topology and Flooding Attacks in Low Power and Lossy Networks

Student thesis: Doctoral ThesisDoctor of Philosophy (PhD)


Internet of Things have become an integral part in many industries such as health- care, home automation, automobile, and agriculture. Many applications of IoT use networks of unattended micro battery-operated devices with limited compu- tational power and unreliable communication systems. Such networks are called Low-Power and Lossy Network (LLN) which is based on a stack of protocols de- signed to prolong the life of an application by conserving battery power and mem- ory usage. Most commonly used routing protocol is the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL).
RPL suffers from vulnerabilities related to routing paths formation, network maintenance, and response to some of its control messages. Specifically, compro- mised nodes can advertise falsified routing information to form sub-optimised paths or trigger network reformations. Furthermore, they can flood a network with join- ing requests to trigger a massive number of replies. No standardised RPL solutions provide the security against such attacks. Moreover, existing literature works are mostly based on using monitoring architectures, public key infrastructure (PKI), or a blacklisting approach. Any monitoring devices must be physically secured and utilising only secure communications which is not easily scaleable. Using PKI in LLNs is still a challenge as certificates management is unsuitable for LLN devices. Blacklisting nodes using their advertise addresses is clearly vulnerable to identity spoofing. Moreover, attacks described in few sentences could miss details which transforms any discussion on impact analysis to be subject to interpretation.
Therefore, the aim of this dissertation is to first implement attacks using a developed framework to launch multiple attacks simultaneously on different nodes during specified times. Second, to analyse the strategies of an adversary when launching the aforementioned attacks. Then, the impact of the instigated attacks in each strategy is analysed to establish a baseline for countermeasures evaluation.

Finally, security countermeasures for the aforementioned attacks are proposed as well as their performances are evaluated.
In countering the attack responsible for forming sub-optimised routing paths, preloading a minimum relative location in each node has filtered out any future attempts to accept false routing metrics. As for the attack causing unnecessary net- work reformations, nodes will only accept cryptographically authenticated routing information to trigger future network rebuilds. Lastly, any faster interarriving join- ing requests will be evaluated against thresholds with hysteresis to adjust RPL’s response to potential floods.
Date of Award7 May 2024
Original languageEnglish
Awarding Institution
  • University of Bristol
SupervisorTheo Tryfonas (Supervisor) & George Oikonomou (Supervisor)

Cite this