RPL routing protocol performance under sinkhole and selective forwarding attack: experimental and simulated evaluation

ABSTRACT


INTRODUCTION
Ever since the emergence of the term Internet of things (IoT) proposed by Kevin Aston in the late 1990's, it has completely change era from analog to digitized world [1].When IPv6 was introduced in 2011 momentum gained in terms of smartness connecting physical and virtual thing with the help of embedded and sensor network technology.Smartness and intelligence are now widespread in the industry by way of Industrial IoT, agriculture, smart home, healthcare, logistics etc. making life smoother and easier to live and enjoy with fullest [2].To make possible dream of 30 billion smart devices connected as predicted by Gartner report [3], IETF (Internet Engineering Task Force) came with the concept of 6LoWPAN (IPv6 over low power wireless private area network) [4].Since standard routing protocol like AODV, DSR and OLSR for wireless networks are not fitted for LLN due to its higher energy usage, repair in case of network failure and lack of consideration of node/link properties for establishment of routes, IETF ROLL working group comes up with RFC 6550 proposed standard RPL [5] which is IPv6 based lightweight, distance vector, loop-free, proactive source routing protocol applied for highly adaptive and dynamically changing network conditions with low power and lossy constraints personal area network.It fills the routing gap between LoWPAN and on other side IP world.As more and more devices are connected, larger chunks of data will be generated on network leading to security concerns and greater possibility of network attacks externally as well as internally.The aim of this paper is to evaluate performance of RPL protocol considering power consumption as quality of service parameter under sinkhole and selective forwarding networking attacks.
In section 2 state of art related to RPL is mentioned which section 3 discuss two network attacks and its implementation flow scenario in contiki operating system and Cooja as simulator support.Section 4 will give idea about simulation configuration parameters and various scenario details.Section 5 discusses result analysis in terms of power consumption for all three scenarios.Section 6 provides conclusion and throw some light on future directions.

RPL (ROUTING PROTOCOL FOR LOW POWER AND LOSSY NETWORKS) IN LITERATURE
RPL support mesh and hierarchical topology by considering routing through backup siblings/parent when needed based on concept of "DODAG (Destination oriented directed acyclic graph)".Acyclic property helps to achieve loop free networks in graph.RPL supports all three traffic types i.e.P2MP (point to multipoint) in terms of downward routes, MP2P (multipoint to point) using upward routes towards LBR and P2P (point to point) for both transmission type like unicast and multicast.
RPL categorized nodes in three ways.1) LBR (Low power and lossy border router) also called DODAG root or sink node as shown in Figure 1 which acts as gateway between internet and LLN networks.It has a property to generate new DODAG or its different versions.2) Routers which is used for forwarding and generating traffic.3) Host also called leaf node or end device (indicated by 3 and 4 in DODAG1 and 3 in DODAG2) which is capable of only generating traffic.As shown in Figure 1 there are two DODAG (DODAG1, DODAG2) which combines as one RPL instance uniquely identified by RPLInstanceID.Nodes may belong to multiple instances but should remain in one DODAG at a time within individual instance [6].Each node in DODAG is differentiated with rank which defines nodes individual position and path to its LBR.Rank values increases when you move in downward direction form sink node.Rank is computed based on objective function (OF (0) and MRHOF) [7][8][9].

RPL DODAG construction
It supports two route formation.MP2P traffic is supported using upward routes with the help of DIO and DIS messages [10] for both grounded and floating node.P2MP and P2P traffic is supported using downward routes with the help of DAO message.It carries out both route formation with the help of neighbor discovery protocol which helps in local repair internally [11].

Upward route
Grounded node acting as LBR or sink node broadcast DIO which contains necessary information like RPLInstanceID, objective function (OF (0) or MRHOF), version, trickle timer [12] information and other parameters required for calculating rank to its neighbours.If the node willing to join DODAG receive DIO message for first time it adds its address to parent list and compute rank as per prescribed objective TELKOMNIKA Telecommun Comput El Control  RPL routing protocol performance under sinkhole and selective forwarding attack… (Bimal H. Patel) 1851 function and then multicast updated DIO message to others.If a node which is already part of DODAG receives DIO it discards or process it by analysing mentioned criteria.Based on criteria if node's new rank is less than old rank it changes it rank and updates its information to avoid loops else maintain its current position in DODAG [13,14].If floating node wants to join DODAG it multicast DIS message to nearer nodes.After receiving DIS message one of the grounded nodes send unicast DIO message back to floating node which select appropriate neighbor or preferred parent to join DODAG [15].

Downward route
P2MP and P2P traffic is supported by downward route with the help of DAO control message.RPL uses two modes of operation for maintaining downward routes; (a) Storing mode in which every router node maintains routing information; (b) Non-storing mode in which only sink node will have routing information and acts as source node to send traffic information to other nodes [16].RPL provides both local and global recovery schemes.If there is any link failure between two nodes or loop is generated it performs local repair with the help of back up parent, rank and neighbor discovery protocol.Since by rule every child will have higher rank compare to its parent it will never form loop and count to infinity problem will not occur.Though local repair will not lead to optimal path and results in terms of quality of parameters global repair is required by incrementing DODAG version number and whole DODAG is constructed with no concern to previous version and new version will have optimal path for reaching sink node with the help of rank as parameter by considering various objective functions.

ROUTING ATTACKS AGAINST RPL NETWORKS
RPL routing protocol for 6LoWPAN due to its properties like limited processing power, changing network topology in terms of DODAG, link failures and mobility are prone to various network attacks.Broadly attacks can be classified as external attack effected by internet (example brute force attack and malware attack) and internal attacks due to wireless sensor networks [17,18].Again, internal attacks on overall network can be categorized as attacks targeting exhaustion of networks, attacks targeting RPL network topology and attacks against network traffic.In this paper, we will focus on the two routing attacks sinkhole attack and selective forwarding attack and in further section we will evaluate it effect on power consumption by comparing it with normal scenario.

Sinkhole attack
In sinkhole attack malicious node by artificially changing rank somewhat higher than border router deceives legitimate nodes to get attacked towards itself claiming better path and link availability [18].As shown in below Figure 2 left hand side shows normal scenario where node 2 and 3 can be reached directly to sink node/border router but when node 6 advertise its rank lower artificially than nodes which are in vicinity will get attracted towards it.All nodes 2, 3,5,7,9 and 10 will get attracted towards malicious node 6 which is shown in right hand side of Figure 2.This attack is more devastating and cause larger network problems when it is combined with other attacks [19].

Selective forwarding attack
As name suggest this attack will forward control packets of RPL and drop data packets.Selective forward attack will work in tandem with sinkhole attack and cause severe consequences to network by attracting nodes and disrupting routing routes [18].As shown in Figure 2 node 6 after attracting nearby nodes either drops control packets or data packets and will not forward to legitimate node or to border router [19].Overall flowchart describing implementation scenario is shown in below Figure 3.Here we are going to

SIMULATION ENVIRONMENT
The performance of RPL protocol has been evaluated and analyzed under normal [21][22][23] and attack scenario (Sinkhole and Selective forwarding attacks) with the help of widely used IoT operating system Contiki [24] while simulation support is provided by Cooja [25].Various configuration parameters considered to carry out simulation is shown in Table 1.To get meaningful results three different scenarios is considered, such as; a. Scenario 1 As shown in Figure 4 5 Z1 motes are considered out of which 1 mote will act as sink/border mote, 1 mote will act as attacking mote and rest 3 will behave normally.

b. Scenario 2
Here we have considered 10 motes out of which 2 motes are behaving abnormally.

c. Scenario 3
To get accurate effect of power consumption on various motes due to attack scenario 20 motes are considered out of which 3 are misbehaving.Figures 6 (a

RESULT AND DISCUSSION
In this section we investigate and compare normal and malicious behavior of all three scenarios taking into account power consumption of motes as quality of service parameter.The formula for calculating power and energy is described in (1) which takes into consideration approximate current consumption of Z1 motes circuits [26].

Energy
For scenario 1 as you can see from Figure 4 that 2 and 3 are neighboring nodes which get affected due to mote 5 acting as attack node (sinkhole and selective forwarding).Power consumption of node 2 and 3 is increased compared to normal scenario is shown in Figure 7.In terms of percentage node 5 power consumption is drained more compare to normal case since all traffic gets attracted.For scenario 2 as you can see from Figure 5 (a) that 2 and 3 are neighboring nodes which get affected due to mote 9 acting as attack node (sinkhole and selective forwarding).Power consumption of node 2 and 3 is increased compared to normal scenario is shown in Figure 8 (a).Node 2 power is consumed more since it is nearer to sink node also.From Figure 8 (b) it shows that power consumption of node 8 and 7 is increased compared to normal scenario due to effect of attack on mote 10.In terms of percentage mode 9 and 10 power consumption is more compare to normal case since all traffic gets attracted.
For scenario 3 we have tried to cover bigger picture by considering 20 motes as you can see from Figure 6

CONCLUSION AND FUTURE WORK
This paper compares normal and attack scenario using three different experiments.As we can see from scenario 1, 2 and 3 that motes which are in vicinity and higher rank than attacking motes get affected most in terms of power consumption while motes which are having already lower rank and choosing attacking motes as parent are not affected much in both normal as well as abnormal scenario.We can also conclude that power consumption of attacking motes is much more than motes when behaved normally.In future same attacks can be compared with other quality of service parameters like PRR (Packet Reception Ratio) and throughput along with packet delivery fraction.Sinkhole and Selective forwarding attacks can be combined with wormhole attack which may show devastating effect on network resources.

Figure 2 .
Figure 2. Normal to Sinkhole attack scenario


ISSN: 1693-6930 TELKOMNIKA Telecommun Comput El Control, Vol. 18, No. 4, August 2020: 1849 -1856 1852 compare normal case and by button click event malicious behavior is activated and finally in terms power consumption both scenarios is compared[20].

Figure 3 .
Figure 3. Implementation scenario of RPL attacks

Figure 5 (
a) and Figure 5 (b) gives us idea about what are the other motes in range of these attacking motes 9 and 10 which are getting affected.
), (b) and (c) gives information about motes which are getting affected in terms of power due to attacking motes 18,19 and 20.

Figure 8 .Figure 9 .
Figure 8.Effect of Power consumption on other motes due to attack motes; (a) mote 9 attack scenario and (b) mote 10 attack scenario

Table 1 .
Configuration parameters