SPRINKLER: A Multi-RPL Man-in-the-Middle Identification Scheme in IoT Networks

Cyber-threat protection is one of the most challenging research branches of Internet-of-Things ( i o t ). With the exponential increase of tiny connected devices, the battle between friend and foe intensifies. Unfortunately, i o t devices offer very limited security features, laying themselves wide open to new attacks, inhibiting the expected global adoption of i o t technologies. Moreover, existing prevention and mitigation techniques and intrusion detection systems handle attack anomalies rather than the attack itself while using a significant amount of the network resources. rpl , the de-facto routing protocol for i o t , proposes minimal security features that cannot handle internal attacks. Hence, in this paper, we propose sprinkler , which identifies the specific thing that is under attack by an adversarial Man-in-The-Middle. sprinkler uses the multi-instance feature of rpl to identify the adversary. The proposed solution adheres to two basic principles: it only uses pre-existing standard routing protocols and does not rely on a centralized or trusted third-party node such as a certificate authority. All information must be gleaned by each node using only primitives that already exist in the underlying communication protocol, which excludes any training dataset. Simulations show that sprinkler adds minimal maintenance and energy expenditure while pinpointing deterministically the attacker in the network. In particular, sprinkler has a message delivery rate and detection rate of 100%.