Biblio
The Internet Protocol version 6 (IPv6) over Low Power Wireless Personal Area Networks (6LoWPAN), which is a promising technology to promote the development of the Internet of Things (IoT), has been proposed to connect millions of IP-based sensing devices over the open Internet. To support the mobility of these resource constrained sensing nodes, the Proxy Mobile IPv6 (PMIPv6) has been proposed as the standard. Although the standard has specified some issues of security and mobility in 6LoWPANs, the issues of supporting secure group handovers have not been addressed much by the current existing solutions. In this paper, to reduce the handover latency and signaling cost, an efficient and secure group mobility scheme is designed to support seamless handovers for a group of resource constrained 6LoWPAN devices. With the consideration of the devices holding limited energy capacities, only simple hash and symmetric encryption method is used. The security analysis and the performance evaluation results show that the proposed 6LoWPAN group handover scheme could not only enhance the security functionalities but also support fast authentication for handovers.
Internet Protocol version 6 (IPv6) over Low power Wireless Personal Area Networks (6LoWPAN) is extensively used in wireless sensor networks (WSNs) due to its ability to transmit IPv6 packet with low bandwidth and limited resources. 6LoWPAN has several operations in each layer. Most existing security challenges are focused on the network layer, which is represented by its routing protocol for low-power and lossy network (RPL). RPL components include WSN nodes that have constrained resources. Therefore, the exposure of RPL to various attacks may lead to network damage. A sinkhole attack is a routing attack that could affect the network topology. This paper aims to investigate the existing detection mechanisms used in detecting sinkhole attack on RPL-based networks. This work categorizes and presents each mechanism according to certain aspects. Then, their advantages and drawbacks with regard to resource consumption and false positive rate are discussed and compared.
This work presents the proof of concept implementation for the first hardware-based design of Moving Target Defense over IPv6 (MT6D) in full Register Transfer Level (RTL) logic, with future sights on an embedded Application-Specified Integrated Circuit (ASIC) implementation. Contributions are an IEEE 802.3 Ethernet stream-based in-line network packet processor with a specialized Complex Instruction Set Computer (CISC) instruction set architecture, RTL-based Network Time Protocol v4 synchronization, and a modular crypto engine. Traditional static network addressing allows attackers the incredible advantage of taking time to plan and execute attacks against a network. To counter, MT6D provides a network host obfuscation technique that offers network-based keyed access to specific hosts without altering existing network infrastructure and is an excellent technique for protecting the Internet of Things, IPv6 over Low Power Wireless Personal Area Networks, and high value globally routable IPv6 interfaces. This is done by crypto-graphically altering IPv6 network addresses every few seconds in a synchronous manner at all endpoints. A border gateway device can be used to intercept select packets to unobtrusively perform this action. Software driven implementations have posed many challenges, namely, constant code maintenance to remain compliant with all library and kernel dependencies, the need for a host computing platform, and less than optimal throughput. This work seeks to overcome these challenges in a lightweight system to be developed for practical wide deployment.