[en] During the joining phase of an IoT network, when a node plays the role of a proxy node, it becomes responsible for forwarding Join Requests and Join Responses between the joining node and the network coordinator. If a proxy node is malicious, it has the potential to prevent new nodes from joining the network or direct them towards another entity impersonating the coordinator. Therefore, the joining phase is a critical stage for ensuring network security. In this paper, a robust system for detecting malicious proxy nodes during the joining phase is presented. This solution involves the coordinator maintaining a log table that records the participation frequency of each node as a proxy node. Following each joining phase, the coordinator receives a lightweight end-to-end encrypted packet from the joining node, containing information about any malicious proxy nodes encountered during the joining process. Having these data, the system calculates the number of legitimate proxy node participation for each node. The detection system utilizes these factors, along with a range of tunable parameters, to categorize nodes as either malicious or honest. Furthermore, this solution takes into account various potential attacks on the detection process, originating from both proxy nodes and joining nodes. This solution was integrated with a previously proposed consensus-based authentication mechanism for the 6TiSCH protocol. The evaluation includes both theoretical analysis and simulations, taking into consideration diverse parameters and attack scenarios. The results from the theoretical analysis align with the simulation outcomes, confirming the efficacy of our detection system in identifying malicious nodes and its resilience against potential attacks.
Disciplines :
Computer science
Author, co-author :
Haj-Hassan, Ali; Computer Science Department, University of Mons, Belgium ; Univ. Polytechnique Hauts-de-France, LAMIH, CNRS, UMR 8201, INSA Hauts-de-France, France
Imine, Youcef ; Univ. Polytechnique Hauts-de-France, LAMIH, CNRS, UMR 8201, INSA Hauts-de-France, France
Gallais, Antoine ; Univ. Polytechnique Hauts-de-France, LAMIH, CNRS, UMR 8201, INSA Hauts-de-France, France
Quoitin, Bruno ; Université de Mons - UMONS > Faculté des Sciences > Service des Réseaux et Télécommunications
Language :
English
Title :
Detecting malicious proxy nodes during IoT network joining phase
Ashrif, Fatma Foad, Sundararajan, Elankovan A., Ahmad, Rami, Hasan, Mohammad Kamrul, Yadegaridehkordi, Elaheh, Survey on the authentication and key agreement of 6LoWPAN: Open issues and future direction. J. Netw. Comput. Appl., 2023, 103759.
Vogli, Elvis, Ribezzo, Giuseppe, Grieco, L. Alfredo, Boggia, Gennaro, Fast network joining algorithms in industrial IEEE 802.15. 4 deployments. Ad Hoc Netw. 69 (2018), 65–75.
Tomasin, Stefano, Zulian, Simone, Vangelista, Lorenzo, Security analysis of Lorawan join procedure for internet of things networks. 2017 IEEE Wireless Communications and Networking Conference Workshops, WCNCW, 2017, IEEE, 1–6.
Boufenneche, Yassine, Zitouni, Rafik, George, Laurent, Gharbi, Nawel, Network formation in 6TiSCH industrial internet of things under misbehaved nodes. 2020 7th International Conference on Internet of Things: Systems, Management and Security, IOTSMS, 2020, IEEE, 1–6.
Haj-Hassan, Ali, Imine, Youcef, Gallais, Antoine, Quoitin, Bruno, Zero-touch mutual authentication scheme for 6TiSCH industrial IoT networks. 2022 International Wireless Communications and Mobile Computing, IWCMC, 2022, IEEE, 354–359.
Zarpelão, Bruno Bogaz, Miani, Rodrigo Sanches, Kawakani, Cláudio Toshio, de Alvarenga, Sean Carlisto, A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84 (2017), 25–37.
Benkhelifa, Elhadj, Welsh, Thomas, Hamouda, Walaa, A critical review of practices and challenges in intrusion detection systems for IoT: Toward universal and resilient systems. IEEE Commun. Surv. Tutor. 20:4 (2018), 3496–3509.
Hajiheidari, Somayye, Wakil, Karzan, Badri, Maryam, Navimipour, Nima Jafari, Intrusion detection systems in the internet of things: A comprehensive investigation. Comput. Netw. 160 (2019), 165–191.
Haj-Hassan, Ali, Imine, Youcef, Gallais, Antoine, Quoitin, Bruno, Consensus-based mutual authentication scheme for industrial IoT. Ad Hoc Netw., 145, 2023, 103162.
Abhishek, Nalam Venkata, Lim, Teng Joon, Sikdar, Biplab, Tandon, Anshoo, An intrusion detection system for detecting compromised gateways in clustered IoT networks. 2018 IEEE International Workshop Technical Committee on Communications Quality and Reliability, CQR, 2018, IEEE, 1–6.
Segura, Gustavo A. Nunez, Chorti, Arsenia, Margi, Cintia Borges, Centralized and distributed intrusion detection for resource-constrained wireless SDN networks. IEEE Internet Things J. 9:10 (2021), 7746–7758.
Sharma, Rahul, Chan, Chien Aun, Leckie, Christopher, Evaluation of centralised vs distributed collaborative intrusion detection systems in multi-access edge computing. 2020 IFIP Networking Conference, Networking, 2020, IEEE, 343–351.
Raza, Shahid, Wallgren, Linus, Voigt, Thiemo, SVELTE: Real-time intrusion detection in the internet of things. Ad hoc Netw. 11:8 (2013), 2661–2674.
Rahman, Sawsan Abdul, Tout, Hanine, Talhi, Chamseddine, Mourad, Azzam, Internet of things intrusion detection: Centralized, on-device, or federated learning?. IEEE Network 34:6 (2020), 310–317.
Zhou, Man, Han, Lansheng, Lu, Hongwei, Fu, Cai, Distributed collaborative intrusion detection system for vehicular ad hoc networks based on invariant. Comput. Netw., 172, 2020, 107174.
Lalouani, Wassila, Younis, Mohamed, Robust distributed intrusion detection system for edge of things. 2021 IEEE Global Communications Conference, GLOBECOM, 2021, IEEE, 01–06.
Colom, José Francisco, Gil, David, Mora, Higinio, Volckaert, Bruno, Jimeno, Antonio Manuel, Scheduling framework for distributed intrusion detection systems over heterogeneous network architectures. J. Netw. Comput. Appl. 108 (2018), 76–86.
Haj-Hassan, Ali, Habib, Carol, Nassar, Jad, Real-time spatio-temporal based outlier detection framework for wireless body sensor networks. 2020 IEEE International Conference on Advanced Networks and Telecommunications Systems, ANTS, 2020, IEEE, 1–6.
Hassan, Wan Haslina, et al. Current research on internet of things (IoT) security: A survey. Comput. Netw. 148 (2019), 283–294.
Kouicem, Djamel Eddine, Bouabdallah, Abdelmadjid, Lakhlef, Hicham, Internet of things security: A top-down survey. Comput. Netw. 141 (2018), 199–221.
Alaba, Fadele Ayotunde, Othman, Mazliza, Hashem, Ibrahim Abaker Targio, Alotaibi, Faiz, Internet of things security: A survey. J. Netw. Comput. Appl. 88 (2017), 10–28.
Kalita, Alakesh, Brighente, Alessandro, Khatua, Manas, Conti, Mauro, Effect of DIS attack on 6TiSCH network formation. IEEE Commun. Lett. 26:5 (2022), 1190–1193.
Cervantes, Christian, Poplade, Diego, Nogueira, Michele, Santos, Aldri, Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for internet of things. 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM, 2015, IEEE, 606–611.
Khan, Zeeshan Ali, Herrmann, Peter, A trust based distributed intrusion detection mechanism for internet of things. 2017 IEEE 31st International Conference on Advanced Information Networking and Applications, AINA, 2017, IEEE, 1169–1176.
Buczak, Anna L., Guven, Erhan, A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18:2 (2015), 1153–1176.
Da Costa, Kelton A.P., Papa, João P., Lisboa, Celso O., Munoz, Roberto, de Albuquerque, Victor Hugo C., Internet of things: A survey on machine learning-based intrusion detection approaches. Comput. Netw. 151 (2019), 147–157.
Viegas, Eduardo K., Santin, Altair O., Oliveira, Luiz S., Toward a reliable anomaly-based intrusion detection in real-world environments. Comput. Netw. 127 (2017), 200–216.
