Journal
PROCEEDINGS OF THE EIGHTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY'18)
Volume -, Issue -, Pages 307-318Publisher
ASSOC COMPUTING MACHINERY
DOI: 10.1145/3176258.3176326
Keywords
Fragmentation; Security Service; 6LoWPAN; Threat; Attack; Adversary; Internet of Things
Categories
Funding
- National Science Foundation CAREER Award [CNS-1351038, ACI-1642078, SaTC-1723768]
Ask authors/readers for more resources
6LoWPAN is a widely used protocol for communication over IPV6 Low-power Wireless Personal Area Networks. Unfortunately, the 6LoWPAN packet fragmentation mechanism possesses vulnerabilities that adversaries can exploit to perform network attacks. Lack of fragment authentication, payload integrity verification, and sender IP address validation lead to fabrication, duplication, and impersonation attacks. Moreover, adversaries can abuse the poor reassembly buffer management technique of the 6LoWPAN layer to perform buffer exhaustion and selective forwarding attacks. In this paper, we propose SecuPAN - a security scheme for mitigating fragmentation-based network attacks in 6LoWPAN networks and devices. We propose a Message Authentication Code based per-fragment integrity and authenticity verification scheme to defend against fabrication and duplication attacks. We also present a mechanism for computing datagram-tag and IPv6 address cryptographically to mitigate impersonation attacks. Additionally, our reputation-based buffer management scheme protects 6LoWPAN devices from buffer reservation attacks. We provide an extensive security analysis of SecuPAN to demonstrate that SecuPAN is secure against strong adversarial scenarios. We also implemented a prototype of SecuPAN on Contiki enabled IoT devices and provided a performance analysis of our proposed scheme.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available