Intrusions detection and tolerance for the self-organising Internet of Things.

Abstract

The Internet of Things (IoT) consists of physical objects that sense, collect, and might process data. These objects are resourceconstrained as they are powered by batteries and have limited computation and storage capability. Billions of these devices are interconnected and connected to the Internet under lossy and noisy communication environments such as ZigBee and Bluetooth. IoT applications have emerged in several socio-economic sectors such as healthcare, industry, and energy. Nevertheless, the IoT's Low-Power and Lossy Networks (LLNs) rise challenges in designing efficient and secure routing protocols that fulfil the routing requirements in such networks. In this regards, the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL) was designed and standardised to overcome the routing challenges underpinning the LLNs. RPL considers limitations in both the energy power and the computational capabilities of LLNs. Besides the different characteristics of the IoT components, the rapid growth of IoT applications and the increasing number of smart objects result in producing a massive amount of data and traffic leading to increase the IoT's vulnerabilities. The research community studies the security challenges of the IoT from many different points of view, one of which is the security vulnerability of IoT communication protocols at the network layer, and consequently, the RPL's threats given that it represents one of the main pillars of LLNs. Although the RPL specification introduces mechanisms aiming to achieve confidentiality, integrity and replay protection, RPL is still susceptible to internal attacks that go beyond the encryption and authentication defence. In response to the RPL's security issues, intrusions tolerance and detection systems are proposed in this work as the last line of defence for RPL. On the one hand, intrusion detection systems (IDSs) have been proposed to analyse the network's activities and nodes' behaviour in order to detect the intrusions. On the other hand, intrusion tolerance mechanisms have been introduced to respond immediately to the intrusions, thus reducing the effects of the attacks on the LLNs.