{"title":"Security-aware RPL: Designing a novel objective function for risk-based routing with rank evaluation","authors":"Ferhat Arat , Sedat Akleylek","doi":"10.1016/j.comnet.2025.111122","DOIUrl":null,"url":null,"abstract":"<div><div>Routing Protocol for Low-Power and Lossy Networks (RPL) is a widely used routing protocol in the Internet of Things (IoT) environments due to its suitability for resource-constrained devices and lossy network conditions. However, the inherent vulnerabilities in RPL pose significant security risks to IoT deployments. To address these challenges, we propose a security-aware routing approach that modifies objective functions (OFs) in terms of risk and vulnerability aspects. Among these vulnerabilities, rank attacks are particularly critical, as they exploit RPL’s core mechanism for route optimization by manipulating rank values to disrupt network performance. Detecting such attacks is crucial, as they can lead to suboptimal routing, increased energy consumption, and network instability, severely impacting IoT operations. To the best of our knowledge, it is the first approach to making the RPL algorithm security-aware by conducting a risk- and vulnerability-focused routing. In our approach, a step-by-step vulnerability-oriented security model is applied. First, we establish the IoT topology using communication range metrics to connect devices. We identify and analyze potential security vulnerabilities in RPL using established databases such as the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). Based on these analyses, a set of OFs is defined to guide RPL routing decisions. The OF formulation incorporates factors such as CVSS values, vulnerability severity, and network topology. Risk levels are measured at device, path, and network-levels, leveraging these OFs. The proposed security-aware routing procedure dynamically adapts routing behavior based on the defined OFs, integrating risk assessment mechanisms into the routing process. This enables the protocol to prioritize routes with lower security risks while avoiding those vulnerable to potential attacks. Additionally, rank attacks are detected by identifying malicious nodes that manipulate rank values. To evaluate the proposed method, comparisons are made with existing procedures regarding running time and asymptotic complexity. The results demonstrate better performance in parent selection and rank attack detection, highlighting the effectiveness of our approach in enhancing the security of RPL-based IoT networks.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"260 ","pages":"Article 111122"},"PeriodicalIF":4.6000,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625000908","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/2/14 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
Routing Protocol for Low-Power and Lossy Networks (RPL) is a widely used routing protocol in the Internet of Things (IoT) environments due to its suitability for resource-constrained devices and lossy network conditions. However, the inherent vulnerabilities in RPL pose significant security risks to IoT deployments. To address these challenges, we propose a security-aware routing approach that modifies objective functions (OFs) in terms of risk and vulnerability aspects. Among these vulnerabilities, rank attacks are particularly critical, as they exploit RPL’s core mechanism for route optimization by manipulating rank values to disrupt network performance. Detecting such attacks is crucial, as they can lead to suboptimal routing, increased energy consumption, and network instability, severely impacting IoT operations. To the best of our knowledge, it is the first approach to making the RPL algorithm security-aware by conducting a risk- and vulnerability-focused routing. In our approach, a step-by-step vulnerability-oriented security model is applied. First, we establish the IoT topology using communication range metrics to connect devices. We identify and analyze potential security vulnerabilities in RPL using established databases such as the National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). Based on these analyses, a set of OFs is defined to guide RPL routing decisions. The OF formulation incorporates factors such as CVSS values, vulnerability severity, and network topology. Risk levels are measured at device, path, and network-levels, leveraging these OFs. The proposed security-aware routing procedure dynamically adapts routing behavior based on the defined OFs, integrating risk assessment mechanisms into the routing process. This enables the protocol to prioritize routes with lower security risks while avoiding those vulnerable to potential attacks. Additionally, rank attacks are detected by identifying malicious nodes that manipulate rank values. To evaluate the proposed method, comparisons are made with existing procedures regarding running time and asymptotic complexity. The results demonstrate better performance in parent selection and rank attack detection, highlighting the effectiveness of our approach in enhancing the security of RPL-based IoT networks.
低功耗和有损网络路由协议(Routing Protocol for Low-Power and Lossy Networks, RPL)是物联网(IoT)环境中广泛使用的路由协议,因为它适合于资源受限的设备和有损网络条件。然而,RPL固有的漏洞给物联网部署带来了重大的安全风险。为了应对这些挑战,我们提出了一种安全感知路由方法,该方法根据风险和脆弱性方面修改目标函数(OFs)。在这些漏洞中,rank攻击尤其重要,因为它们利用RPL的路由优化核心机制,通过操纵rank值来破坏网络性能。检测此类攻击至关重要,因为它们可能导致次优路由、能源消耗增加和网络不稳定,严重影响物联网运营。据我们所知,这是通过执行以风险和漏洞为中心的路由使RPL算法具有安全意识的第一种方法。在我们的方法中,应用了一步一步的面向漏洞的安全模型。首先,我们使用通信范围指标建立物联网拓扑来连接设备。我们使用国家漏洞数据库(NVD)和通用漏洞评分系统(CVSS)等已建立的数据库识别和分析RPL中的潜在安全漏洞。基于这些分析,定义了一组OFs来指导RPL路由决策。OF公式包含CVSS值、漏洞严重程度和网络拓扑等因素。利用这些OFs,在设备、路径和网络级别度量风险级别。提出的安全感知路由过程基于定义的OFs动态调整路由行为,将风险评估机制集成到路由过程中。这使得协议优先考虑安全风险较低的路由,同时避免易受攻击的路由。此外,通过识别操纵秩值的恶意节点来检测秩攻击。为了评估所提出的方法,比较了现有的程序在运行时间和渐近复杂性。结果表明,在父级选择和等级攻击检测方面表现出更好的性能,突出了我们的方法在增强基于rpl的物联网网络安全性方面的有效性。
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
