The DAO Induction Attack Against the RPL-based Internet of Things

Abstract: RPL is the emerging routing standard for low power and lossy networks (LLNs). LLN is a key component of the Internet of Things (IoT), hence its security is imperative for the age of IoT. In this work, we present the DAO induction attack, a novel attack against RPL. In this attack, a malicious insider or a compromised node periodically increments its DTSN number. Each such increment can trigger/induce a large number of control message transmissions in the network. We show that this degrades the network performance in terms of end-to-end latency, packet loss ratio, and power consumption. To mitigate, we propose a lightweight solution to detect the DAO induction attack. Our solution imposes nearly no overhead on IoT devices, which is important as these devices are typically constrained in terms of power, memory and processing.