Dynamics of TCP traffic over ATM networks
SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
SPINS: security protocols for sensor networks
Wireless Networks
A key-management scheme for distributed sensor networks
Proceedings of the 9th ACM conference on Computer and communications security
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Contiki - A Lightweight and Flexible Operating System for Tiny Networked Sensors
LCN '04 Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks
Secure code distribution in dynamically programmable wireless sensor networks
Proceedings of the 5th international conference on Information processing in sensor networks
Securing the deluge Network programming system
Proceedings of the 5th international conference on Information processing in sensor networks
Sluice: Secure Dissemination of Code Updates in Sensor Networks
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Security Protocols for Use with Wireless Sensor Networks: A Survey of Security Architectures
ICWMC '07 Proceedings of the Third International Conference on Wireless and Mobile Communications
Combinatorial design of key distribution mechanisms for wireless sensor networks
IEEE/ACM Transactions on Networking (TON)
Hash chains with diminishing ranges for sensors
International Journal of High Performance Computing and Networking
Seluge: Secure and DoS-Resistant Code Dissemination in Wireless Sensor Networks
IPSN '08 Proceedings of the 7th international conference on Information processing in sensor networks
Protection Against Packet Fragmentation Attacks at 6LoWPAN Adaptation Layer
ICHIT '08 Proceedings of the 2008 International Conference on Convergence and Hybrid Information Technology
Extending IP to Low-Power, Wireless Personal Area Networks
IEEE Internet Computing
Short paper: reactive jamming in wireless networks: how realistic is the threat?
Proceedings of the fourth ACM conference on Wireless network security
Fragmentation considered vulnerable: blindly intercepting and discarding fragments
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Efficient hashing using the AES instruction set
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Security Challenges in the IP-based Internet of Things
Wireless Personal Communications: An International Journal
Tampering with motes: real-world physical attacks on wireless sensor networks
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
A survey on jamming attacks and countermeasures in WSNs
IEEE Communications Surveys & Tutorials
International Journal of Communication Systems
Towards viable certificate-based authentication for the internet of things
Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy
Towards viable certificate-based authentication for the internet of things
Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy
6LoWPAN security: adding compromise resilience to the 802.15.4 security sublayer
Proceedings of the International Workshop on Adaptive Security
Hi-index | 0.00 |
6LoWPAN is an IPv6 adaptation layer that defines mechanisms to make IP connectivity viable for tightly resource-constrained devices that communicate over low power, lossy links such as IEEE 802.15.4. It is expected to be used in a variety of scenarios ranging from home automation to industrial control systems. To support the transmission of IPv6 packets exceeding the maximum frame size of the link layer, 6LoWPAN defines a packet fragmentation mechanism. However, the best effort semantics for fragment transmissions, the lack of authentication at the 6LoWPAN layer, and the scarce memory resources of the networked devices render the design of the fragmentation mechanism vulnerable. In this paper, we provide a detailed security analysis of the 6LoWPAN fragmentation mechanism. We identify two attacks at the 6LoWPAN design-level that enable an attacker to (selectively) prevent correct packet reassembly on a target node at considerably low cost. Specifically, an attacker can mount our identified attacks by only sending a single protocol-compliant 6LoWPAN fragment. To counter these attacks, we propose two complementary, lightweight defense mechanisms, the content chaining scheme and the split buffer approach. Our evaluation shows the practicality of the identified attacks as well as the effectiveness of our proposed defense mechanisms at modest trade-offs.