IoT Flashcards
5 types of IoT
Consumer
Commercial
Industrial
Infrastructure
Military
What is an IoT?
IoT are devices that can be assigned IP addresses or unique identifiers
Why is IoT vulnerable?
IoT devices collect information about users and their environment, including personally identifiable, commercially confidential and/or sensitive data.
Why does IoT infrastructure have security challenges?
There is limited collaboration for initiatives to secure systems and ensuring interoperability between them.
What is one exploit example?
Chrysler’s in-vehicle connectivity system hacking Jeep’s media center, windshield wipers, air conditioner and accelerator.
Mirai IoT botnet attacking journalist website and Dyn’s network making Amazon, Twitter and Netflix to be unavailable for hours.
What is a constrained node?
IoT devices that are typically battery-operated and has low computing power.
What is a constrained network?
A network of constrained nodes resulting to low throughput, high packet loss and asymmetric link characteristics (eg. A-B better quality transmission than B-A).
What it RPL?
Routing Protocol for Low power and Lossy Network which can also known as distance vector as it manipulates vectors (tables) of distances from other nodes in the LLN.
Explain direction metric
Next hop address and output port.
Explain distance metric
Cost-based (eg. energy needed, number of hops).
Why is RPL also known as Source Routing Protocol?
Sender can partially or completely specify the route that the packet should take through the LLN.
What are border routers?
Routers that route between the local network and an external one (e.g. Internet) or to the cloud.
Why are (RPL) Source Routing Protocol used?
Allows easier troubleshooting and enables a node to discover all the possible routes to a host.
2 mode of operations for RPL
Storing and non-storing
What is storing mode?
Intermediate routers maintaining route tables. A downward routing table is kept at each node and traffic travels only as far as the common parent. Searching for the destination each node at a time
What is non-storing mode?
Node broadcasting message to everyone to where the receiver is when it replies.
What is the difference with DODAG and DAG?
DODAG has only 1 root node
What is a DODAG?
It is a direction oriented directed acylic graph. A graph with directed edges and no cycles.
ETX rank computation formula
Rank (X) = Rank (parent) + ETX (X, parent)
The higher the link quality the lower link cost and a lower ETX.
Residual energy rank computation formula
Rank (X) = Rank (parent) + (MAX_energy_ – X_energy_)
The higher the link quality the lower link cost and a higher energy.
MinHopRankIncrease rank computation formula
Rank (X) = Rank (parent) + (ROOT_energy_ - NODE_energy_) + MinHopRankIncrease
Parent + Step + MinHopRankIncrease
What is MRHOF?
Minimum Rank Hysteresis Objective Function is to find path with minimum rank.
How does MRHOF work?
If PARENT_pathcost_ + switchTreshold > CANDIDATE_pathcost_,
switch to CANDIDATE, else maintain PARENT.
What is switchtreshold formula?
(PARENTcost) + (PARENTlink) - (CANDIDATEcost + CANDIDATElink)
4 types of ICMP control messages used in RPL
DAO (Destination Advertisement Object)
DIO (DODAG Information Object)
DIS (DODAG Information Solicitation)
DAO-ACK (Destination Advertisement Object Acknowledgement)
DAO function
It is used to propagate destination information upwards along the DODAG.
DIO function
Information response to the DIS request. Information contains discovery of an RPL instance, learning its configuration parameters, selecting DODAG parent set and maintaining DODAG.
DIS function
Looking for information in the form of an information object. It is used to solicit (probe for) a DODAG Information Object from a RPL node.
DAO-ACK function
An acknowledgement message back to sender of DAO.
How does DODAG Construction Messages work?
DIS allows new nodes to discover the DODAG topology and join it. DIO messages carry information about the DODAG and the node’s relative position. Selected parent nodes are informed via DAO messages.
How does downward construction work?
Leaf node will send DAO messages to the neighbouring node up till the root node. There are 2 types, storing and non-storing where storing is links through parent nodes while non-storing is direct link to root.
How does upward construction work?
Root node will send DIO messages to the child nodes down till the leaf node.
How does DODAG self heal?
A new version number is propagated ensuring that reconstructed routes are cycle-free, routing table entries are updated and inconsistencies are removed from DODAG.
Nodes in new DODAG can assume new routing positions without being constrained by their ranks in old DODAG.
What is trickle timer used for?
The trickle time controls the healing rate.
What are 3 attack categories in RPL-based networks
Resources
Topology
Traffic
What are resource attacks and its sub-categories
Resource attacks causes exhaustion of network resources and impacts its performance.
Sub-categories: Direct and indirect
What are topology attacks and its sub-categories
Topology attacks aim to disrupt normal network operation and may cause isolation of 1 or more nodes.
Sub-categories: Sub-optimization and isolation
What are traffic attacks and its sub-categories
Traffic attack targets network traffic. Malicious node(s) are introduced inside the network, without disrupting operations.
Sub-categories: Eavesdropping and misappropriation
What is Flooding Table Attacks?
(Resouce-direct)
A malicious node generates large amount of traffic with illegitimate DIS messages, causing nodes within range to send DIO messages and reset their trickle timers leading to decrease in packet delivery rate while increasing end-to-end packet latency.
What is Routing Table Overload Attacks?
(Resouce-direct)
A malicious node uses DAO messages to advertise fake routes which saturate the routing table of the targeted victim node. It prevents building of new legitimate routes and could lead to memory overflow event.
What is Increased Rank Attacks?
(Resouce-indirect)
A malicious node advertises false rank information creating a loop in the DODAG and if there is no alternate parent, packets cannot reach the root.
What is DAG Inconsistency Attacks?
(Resouce-indirect)
A malicious node manipulates the RPL IPv6 header setting Rank-Error bit to 1 forcing target to drop packets. Dropped packets cause a reset of trickle timer which increases network overhead.
What is Version Number Modification Attacks?
(Resouce-indirect)
An attacker node generates DIO messages with false version numbers forcing re-build of routing tree which can cause disruption in network traffic.
What is Routing Table Falsification Attacks?
(Topology-Sub Optimization)
A malicious node advertises routes that are not in the sub-DODAG. Targeted nodes have wrong routes in their routing table causing network sub-optimization. As a result, longer path inducing delay, packet drops or network congestion.
What is Sinkhole Attacks?
(Topology-Sub Optimization)
A malicious node attracts a lot of traffic by advertising falsified control messages for preferred routing paths. After received the traffic in an illegitimate manner, it modifies or drops it. As such, it can be used to send bogus information to the root.
What is Wormhole Attacks?
(Topology-Sub Optimization)
2 malicious nodes tunnel routing information to another part of the network, nodes which are actually distant, see each other as if they are in the same neighborhood and create non-optimized routes according to the objective function. This affects network availability by dropping data or disrupting route paths.
What is Routing Information Replay Attacks?
(Topology-Sub Optimization)
A malicious node replays the rank parent’s node to child nodes in its sub-DODAG. This causes child nodes to choose the malicious node as the preferred parent and route through it.
What is Blackhole Attacks?
(Topology-Isolation)
A malicious node (single black hole) or many malicious nodes (colluding black hole) advertise itself as best route towards the root then drop all packets that it is supposed to forward. This causes loss of large part of network availability can be seen as a type of denial-of-service attack.
What is DAO Inconsistency Attacks?
(Topology-Isolation)
A malicious node uses the Forwarding-Error flag to make RPL routers remove legitimate downward routes and thus isolating nodes from the DODAG.
What is Sniffing and Analysis Attacks?
(Traffic-Eavesdropping)
Passive listening within malicious node’s focal communication range to packets transmission over the network.
What is Decreased Rank Attacks?
(Traffic-Misappropriation)
A malicious node advertises false rank information causing it to be selected as preferred parent then be privy to confidential/private information.
What is Identity Attacks?
(Traffic-Misappropriation)
Spoofing attack where malicious node copies identity of a valid node onto another physical node. Sybil attacks where malicious node assumes multiple logical identities on the same physical node.
