Department of Computer Science and Information Systems
Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928
Browse
Item Experimental study of IP spoofing attack in 6LoWPAN network(IEEE, 2017) Mavani, Monali6L0WPAN is a communication protocol for Internet of Things. 6LoWPAN is IPv6 protocol modified for low power and lossy personal area networks. 6LoWPAN inherits threats from its predecessors IPv4 and IPv6. IP spoofing is a known attack prevalent in IPv4 and IPv6 networks but there are new vulnerabilities which creates new paths, leading to the attack. This study performs the experimental study to check the feasibility of performing IP spoofing attack on 6LoWPAN Network. Intruder misuses 6LoWPAN control messages which results into wrong IPv6-MAC binding in router. Attack is also simulated in cooja simulator. Simulated results are analyzed for finding cost to the attacker in terms of energy and memory consumption.Item Experimental study of IP spoofing attack in 6LoWPAN network(IEEE, 2017) Mavani, Monali6L0WPAN is a communication protocol for Internet of Things. 6LoWPAN is IPv6 protocol modified for low power and lossy personal area networks. 6LoWPAN inherits threats from its predecessors IPv4 and IPv6. IP spoofing is a known attack prevalent in IPv4 and IPv6 networks but there are new vulnerabilities which creates new paths, leading to the attack. This study performs the experimental study to check the feasibility of performing IP spoofing attack on 6LoWPAN Network. Intruder misuses 6LoWPAN control messages which results into wrong IPv6-MAC binding in router. Attack is also simulated in cooja simulator. Simulated results are analyzed for finding cost to the attacker in terms of energy and memory consumption.Item In unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.(Elsevier, 2018-10) Mavani, MonaliIn unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.Item Modeling and analyses of IP spoofing attack in 6LoWPAN network(Elsevier, 2017-09) Mavani, Monali6LoWPAN (modified version of IPv6 for low power devices) inherits security threats from its predecessor protocols, IPv4 and IPv6. IP spoofing is one such classic attack. There are vulnerabilities in 6LoWPAN and associated routing protocol, which open up new spoofing paths to the attacker. This study aims at profiling the feasibility to carry IPv6 spoofing attack on the 6LoWPAN network. Two new different attack paths are identified, which associate wrong IPv6 address with the MAC address of a node. These two paths use spoofed RPL and 6LoWPAN-ND messages to perform the IPv6 spoofing attack in an unsecured wireless medium. Probability of attack success is analyzed using the radio propagation environment parameters which affect the correct reception of a signal. It is shown that the success of an attack is highly dependent on the signal path loss. To perform the systematic mathematical analysis, attack tree model is used and attack is simulated in cooja simulator as well as performed in real experimental network. Our mathematical and simulated analysis show that path loss exponent, which represents distance based path loss, affects the probability of attack success. Attack feasibility analysis is done to find the cost to the attacker with respect to energy and memory consumption. It is observed that attacker code can be accommodated in memory constrained devices, and uses less energy to perform the attack, which manifests its feasibility.Item Modeling and analyses of IP spoofing attack in 6LoWPAN network(Elsevier, 2017) Mavani, Monali6LoWPAN (modified version of IPv6 for low power devices) inherits security threats from its predecessor protocols, IPv4 and IPv6. IP spoofing is one such classic attack. There are vulnerabilities in 6LoWPAN and associated routing protocol, which open up new spoofing paths to the attacker. This study aims at profiling the feasibility to carry IPv6 spoofing attack on the 6LoWPAN network. Two new different attack paths are identified, which associate wrong IPv6 address with the MAC address of a node. These two paths use spoofed RPL and 6LoWPAN-ND messages to perform the IPv6 spoofing attack in an unsecured wireless medium. Probability of attack success is analyzed using the radio propagation environment parameters which affect the correct reception of a signal. It is shown that the success of an attack is highly dependent on the signal path loss. To perform the systematic mathematical analysis, attack tree model is used and attack is simulated in cooja simulator as well as performed in real experimental network. Our mathematical and simulated analysis show that path loss exponent, which represents distance based path loss, affects the probability of attack success. Attack feasibility analysis is done to find the cost to the attacker with respect to energy and memory consumption. It is observed that attacker code can be accommodated in memory constrained devices, and uses less energy to perform the attack, which manifests its feasibility.Item Performance study of node wakeup rate on the privacy enabled addressing scheme in duty-cycled 6LoWPAN(IEEE, 2019-09) Mavani, MonaliNode address privacy in 6LoWPAN can be ensured using temporary addresses in the communication messages. If private temporary addresses are used, then it is difficult to track the nodes by looking at its addresses. Address configuration latency of privacy enabled IPv6 addressing scheme for 6LoWPAN may be affected due to radio duty cycling used to save energy. ContikiMAC is widely used duty cycling protocol in Contiki operating system's MAC layer along with the CSMA channel access mechanism. But the address configuration delay is increased with the use of duty cycling at the MAC layer. The ContikiMAC allows node to use different wake up frequency known as Channel check rate when it is not transmitting. In this paper, an experimental study is presented to evaluate the effect of Channel Check Rate on the address configuration latency and the communication cost. It is observed that the ContikiMAC duty cycling protocol is used to save energy. However, if the node wakeup frequency decreases, the address configuration latency and communication cost increasesItem Performance study of node wakeup rate on the privacy enabled addressing scheme in duty-cycled 6LoWPAN(IEEE, 2019) Mavani, MonaliNode address privacy in 6LoWPAN can be ensured using temporary addresses in the communication messages. If private temporary addresses are used, then it is difficult to track the nodes by looking at its addresses. Address configuration latency of privacy enabled IPv6 addressing scheme for 6LoWPAN may be affected due to radio duty cycling used to save energy. ContikiMAC is widely used duty cycling protocol in Contiki operating system's MAC layer along with the CSMA channel access mechanism. But the address configuration delay is increased with the use of duty cycling at the MAC layer. The ContikiMAC allows node to use different wake up frequency known as Channel check rate when it is not transmitting. In this paper, an experimental study is presented to evaluate the effect of Channel Check Rate on the address configuration latency and the communication cost. It is observed that the ContikiMAC duty cycling protocol is used to save energy. However, if the node wakeup frequency decreases, the address configuration latency and communication cost increases.Item Privacy enabled disjoint and dynamic address auto-configuration protocol for 6Lowpan(Elsevier, 2018-10) Mavani, MonaliIn unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.Item Privacy enabled disjoint and dynamic address auto-configuration protocol for 6Lowpan(Elsevier, 2018-10) Mavani, MonaliIn unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.Item Resilient against spoofing in 6LoWPAN networks by temporary-private IPv6 addresses(Springer, 2019-08) Mavani, MonaliAn attacker can disrupt the network operations in the 6LoWPANs by spoofing the IPv6 address while evading the detection. Despite many existing spoofing prevention techniques, spoofing threat still persists. Thus, it becomes necessary to devise a method which can offer resilience against spoofing by reducing the attack disruption time. This study aims at reducing IPv6 spoofing attack disruption time in 6LoWPANs. Hence, it provides the resiliency against IPv6 spoofing threat. The time complexity analysis of the attack tree for the spoofing attack is performed to analyze the attack disruption time. The analytical results show that attack disruption window is directly proportional to the lifetime of the node addresses. The lower lifetime of node addresses ensure the reduction of the attack disruption window. Thus, the use of temporary node addresses can be a solution for reducing the spoofing attack disruption window. Node’s IPv6 address can be changed periodically to dissociate a node from its permanent identity. Hence, an attacker has to re-perform the attack to gain significant benefits. Corrupted routing table as a result of spoofing attack and its countermeasure is simulated in Cooja running Contiki operating system. The length of the attack window depends upon the periodicity of the address change. The higher frequency of address change decreases the attack disruption time with an increase in the communication cost. Simulations have been performed to compare the optimum value of address change periodicity concerning the communication cost for two private addressing schemes proposed in the literature.Item Resilient against spoofing in 6LoWPAN networks by temporary-private IPv6 addresses(Springer, 2019-08) Mavani, MonaliAn attacker can disrupt the network operations in the 6LoWPANs by spoofing the IPv6 address while evading the detection. Despite many existing spoofing prevention techniques, spoofing threat still persists. Thus, it becomes necessary to devise a method which can offer resilience against spoofing by reducing the attack disruption time. This study aims at reducing IPv6 spoofing attack disruption time in 6LoWPANs. Hence, it provides the resiliency against IPv6 spoofing threat. The time complexity analysis of the attack tree for the spoofing attack is performed to analyze the attack disruption time. The analytical results show that attack disruption window is directly proportional to the lifetime of the node addresses. The lower lifetime of node addresses ensure the reduction of the attack disruption window. Thus, the use of temporary node addresses can be a solution for reducing the spoofing attack disruption window. Node’s IPv6 address can be changed periodically to dissociate a node from its permanent identity. Hence, an attacker has to re-perform the attack to gain significant benefits. Corrupted routing table as a result of spoofing attack and its countermeasure is simulated in Cooja running Contiki operating system. The length of the attack window depends upon the periodicity of the address change. The higher frequency of address change decreases the attack disruption time with an increase in the communication cost. Simulations have been performed to compare the optimum value of address change periodicity concerning the communication cost for two private addressing schemes proposed in the literature.Item Scalability Analysis of Privacy Enabled IPv6 Addressing Protocol for Duty Cycled 6LoWPAN(Bentham Science, 2019-12) Mavani, MonaliThe privacy enabled IPv6 addressing mechanism ensures the privacy of the node's identification in the communication messages. It makes it difficult for adversaries to track nodes and link any activities with the node's IP or the MAC address. Scalability of the privacy enabled IPv6 addressing scheme for 6LoWPAN may be affected due to underlying MAC layer mechanisms.