V. Kumar, G. Oikonomou, T. Tryfonas

Abstract:
Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network’s state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.
Reference:
V. Kumar, G. Oikonomou, T. Tryfonas, "Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things", in Proc. IEEE World Forum on Internet of Things (WF-IoT), 2016
Bibtex Entry:
@INPROCEEDINGS{Kumar-2016-wfiot,
  title = {Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things},
  author = {Vijay Kumar and George Oikonomou and Theo Tryfonas},
  year = {2016},
  booktitle = {Proc. IEEE World Forum on Internet of Things (WF-IoT)},
  publisher = {IEEE},
  oa-url = {http://research-information.bristol.ac.uk/en/publications/traffic-forensics-for-ipv6based-wireless-sensor-networks-and-the-internet-of-things(ddfe1922-36e2-41c0-9a52-5c0f40d9997f).html},
  doi = {10.1109/WF-IoT.2016.7845515},
  gsid = {14490874809198159091},
  abstract = {Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network’s state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.}
}
Powered by bibtexbrowser

Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things