TRAIL: Topology Authentication in RPL
This addresses security threats in IoT networks, offering a practical solution for future RPL deployments, though it builds incrementally on existing work like VeRA.
The paper tackles vulnerabilities in the RPL routing protocol for IoT, specifically topological attacks like blackholing and interception, by proposing TRAIL, a topology authentication scheme that identifies attackers using reachability tests without heavy cryptography, achieving scalable and reliable protection.
The IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) was recently introduced as the new routing standard for the Internet of Things. Although RPL defines basic security modes, it remains vulnerable to topological attacks which facilitate blackholing, interception, and resource exhaustion. We are concerned with analyzing the corresponding threats and protecting future RPL deployments from such attacks. Our contributions are twofold. First, we analyze the state of the art, in particular the protective scheme VeRA and present two new rank order attacks as well as extensions to mitigate them. Second, we derive and evaluate TRAIL, a generic scheme for topology authentication in RPL. TRAIL solely relies on the basic assumptions of RPL that (1) the root node serves as a trust anchor and (2) each node interconnects to the root as part of a hierarchy. Using proper reachability tests, TRAIL scalably and reliably identifies any topological attacker without strong cryptographic efforts.