IoT

Question 1

5 types of IoT

Answer 1

Consumer
Commercial
Industrial
Infrastructure
Military

Question 2

What is an IoT?

Answer 2

IoT are devices that can be assigned IP addresses or unique identifiers

Question 3

Why is IoT vulnerable?

Answer 3

IoT devices collect information about users and their environment, including personally identifiable, commercially confidential and/or sensitive data.

Question 4

Why does IoT infrastructure have security challenges?

Answer 4

There is limited collaboration for initiatives to secure systems and ensuring interoperability between them.

Question 5

What is one exploit example?

Answer 5

Chrysler’s in-vehicle connectivity system hacking Jeep’s media center, windshield wipers, air conditioner and accelerator.
Mirai IoT botnet attacking journalist website and Dyn’s network making Amazon, Twitter and Netflix to be unavailable for hours.

Question 6

What is a constrained node?

Answer 6

IoT devices that are typically battery-operated and has low computing power.

Question 7

What is a constrained network?

Answer 7

A network of constrained nodes resulting to low throughput, high packet loss and asymmetric link characteristics (eg. A-B better quality transmission than B-A).

Question 8

What it RPL?

Answer 8

Routing Protocol for Low power and Lossy Network which can also known as distance vector as it manipulates vectors (tables) of distances from other nodes in the LLN.

Question 9

Explain direction metric

Answer 9

Next hop address and output port.

Question 10

Explain distance metric

Answer 10

Cost-based (eg. energy needed, number of hops).

Question 11

Why is RPL also known as Source Routing Protocol?

Answer 11

Sender can partially or completely specify the route that the packet should take through the LLN.

Question 12

What are border routers?

Answer 12

Routers that route between the local network and an external one (e.g. Internet) or to the cloud.

Question 13

Why are (RPL) Source Routing Protocol used?

Answer 13

Allows easier troubleshooting and enables a node to discover all the possible routes to a host.

Question 14

2 mode of operations for RPL

Answer 14

Storing and non-storing

Question 15

What is storing mode?

Answer 15

Intermediate routers maintaining route tables. A downward routing table is kept at each node and traffic travels only as far as the common parent. Searching for the destination each node at a time

Question 16

What is non-storing mode?

Answer 16

Node broadcasting message to everyone to where the receiver is when it replies.

Question 17

What is the difference with DODAG and DAG?

Answer 17

DODAG has only 1 root node

Question 18

What is a DODAG?

Answer 18

It is a direction oriented directed acylic graph. A graph with directed edges and no cycles.

Question 19

ETX rank computation formula

Answer 19

Rank (X) = Rank (parent) + ETX (X, parent)

The higher the link quality the lower link cost and a lower ETX.

Question 20

Residual energy rank computation formula

Answer 20

Rank (X) = Rank (parent) + (MAX_energy_ – X_energy_)

The higher the link quality the lower link cost and a higher energy.

Question 21

MinHopRankIncrease rank computation formula

Answer 21

Rank (X) = Rank (parent) + (ROOT_energy_ - NODE_energy_) + MinHopRankIncrease

Parent + Step + MinHopRankIncrease

Question 22

What is MRHOF?

Answer 22

Minimum Rank Hysteresis Objective Function is to find path with minimum rank.

Question 23

How does MRHOF work?

Answer 23

If PARENT_pathcost_ + switchTreshold > CANDIDATE_pathcost_,
switch to CANDIDATE, else maintain PARENT.

Question 24

What is switchtreshold formula?

Answer 24

(PARENTcost) + (PARENTlink) - (CANDIDATEcost + CANDIDATElink)

Question 25

4 types of ICMP control messages used in RPL

Answer 25

DAO (Destination Advertisement Object)
DIO (DODAG Information Object)
DIS (DODAG Information Solicitation)
DAO-ACK (Destination Advertisement Object Acknowledgement)

Question 26

DAO function

Answer 26

It is used to propagate destination information upwards along the DODAG.

Question 27

DIO function

Answer 27

Information response to the DIS request. Information contains discovery of an RPL instance, learning its configuration parameters, selecting DODAG parent set and maintaining DODAG.

Question 28

DIS function

Answer 28

Looking for information in the form of an information object. It is used to solicit (probe for) a DODAG Information Object from a RPL node.

Question 29

DAO-ACK function

Answer 29

An acknowledgement message back to sender of DAO.

Question 30

How does DODAG Construction Messages work?

Answer 30

DIS allows new nodes to discover the DODAG topology and join it. DIO messages carry information about the DODAG and the node’s relative position. Selected parent nodes are informed via DAO messages.

Question 31

How does downward construction work?

Answer 31

Leaf node will send DAO messages to the neighbouring node up till the root node. There are 2 types, storing and non-storing where storing is links through parent nodes while non-storing is direct link to root.

Question 32

How does upward construction work?

Answer 32

Root node will send DIO messages to the child nodes down till the leaf node.

Question 33

How does DODAG self heal?

Answer 33

A new version number is propagated ensuring that reconstructed routes are cycle-free, routing table entries are updated and inconsistencies are removed from DODAG.
Nodes in new DODAG can assume new routing positions without being constrained by their ranks in old DODAG.

Question 34

What is trickle timer used for?

Answer 34

The trickle time controls the healing rate.

Question 35

What are 3 attack categories in RPL-based networks

Answer 35

Resources
Topology
Traffic

Question 36

What are resource attacks and its sub-categories

Answer 36

Resource attacks causes exhaustion of network resources and impacts its performance.
Sub-categories: Direct and indirect

Question 37

What are topology attacks and its sub-categories

Answer 37

Topology attacks aim to disrupt normal network operation and may cause isolation of 1 or more nodes.
Sub-categories: Sub-optimization and isolation

Question 38

What are traffic attacks and its sub-categories

Answer 38

Traffic attack targets network traffic. Malicious node(s) are introduced inside the network, without disrupting operations.
Sub-categories: Eavesdropping and misappropriation

Question 39

What is Flooding Table Attacks?

(Resouce-direct)

Answer 39

A malicious node generates large amount of traffic with illegitimate DIS messages, causing nodes within range to send DIO messages and reset their trickle timers leading to decrease in packet delivery rate while increasing end-to-end packet latency.

Question 40

What is Routing Table Overload Attacks?

(Resouce-direct)

Answer 40

A malicious node uses DAO messages to advertise fake routes which saturate the routing table of the targeted victim node. It prevents building of new legitimate routes and could lead to memory overflow event.

Question 41

What is Increased Rank Attacks?

(Resouce-indirect)

Answer 41

A malicious node advertises false rank information creating a loop in the DODAG and if there is no alternate parent, packets cannot reach the root.

Question 42

What is DAG Inconsistency Attacks?

(Resouce-indirect)

Answer 42

A malicious node manipulates the RPL IPv6 header setting Rank-Error bit to 1 forcing target to drop packets. Dropped packets cause a reset of trickle timer which increases network overhead.

Question 43

What is Version Number Modification Attacks?

(Resouce-indirect)

Answer 43

An attacker node generates DIO messages with false version numbers forcing re-build of routing tree which can cause disruption in network traffic.

Question 44

What is Routing Table Falsification Attacks?

(Topology-Sub Optimization)

Answer 44

A malicious node advertises routes that are not in the sub-DODAG. Targeted nodes have wrong routes in their routing table causing network sub-optimization. As a result, longer path inducing delay, packet drops or network congestion.

Question 45

What is Sinkhole Attacks?

(Topology-Sub Optimization)

Answer 45

A malicious node attracts a lot of traffic by advertising falsified control messages for preferred routing paths. After received the traffic in an illegitimate manner, it modifies or drops it. As such, it can be used to send bogus information to the root.

Question 46

What is Wormhole Attacks?

(Topology-Sub Optimization)

Answer 46

2 malicious nodes tunnel routing information to another part of the network, nodes which are actually distant, see each other as if they are in the same neighborhood and create non-optimized routes according to the objective function. This affects network availability by dropping data or disrupting route paths.

Question 47

What is Routing Information Replay Attacks?

(Topology-Sub Optimization)

Answer 47

A malicious node replays the rank parent’s node to child nodes in its sub-DODAG. This causes child nodes to choose the malicious node as the preferred parent and route through it.

Question 48

What is Blackhole Attacks?

(Topology-Isolation)

Answer 48

A malicious node (single black hole) or many malicious nodes (colluding black hole) advertise itself as best route towards the root then drop all packets that it is supposed to forward. This causes loss of large part of network availability can be seen as a type of denial-of-service attack.

Question 49

What is DAO Inconsistency Attacks?

(Topology-Isolation)

Answer 49

A malicious node uses the Forwarding-Error flag to make RPL routers remove legitimate downward routes and thus isolating nodes from the DODAG.

Question 50

What is Sniffing and Analysis Attacks?

(Traffic-Eavesdropping)

Answer 50

Passive listening within malicious node’s focal communication range to packets transmission over the network.

Question 51

What is Decreased Rank Attacks?

(Traffic-Misappropriation)

Answer 51

A malicious node advertises false rank information causing it to be selected as preferred parent then be privy to confidential/private information.

Question 52

What is Identity Attacks?

(Traffic-Misappropriation)

Answer 52

Spoofing attack where malicious node copies identity of a valid node onto another physical node. Sybil attacks where malicious node assumes multiple logical identities on the same physical node.