applied
sciences
Article
RPL-Based IoT Networks under Simple and Complex Routing
Security Attacks: An Experimental Study
Ibrahim S. Alsukayti 1, *
Citation: Alsukayti, I.S.; Alreshoodi,
M. RPL-Based IoT Networks under
Simple and Complex Routing
Security Attacks: An Experimental
Study. Appl. Sci. 2023, 13, 4878.
https://doi.org/10.3390/app13084878
Academic Editors: Haruna Chiroma,
Nasir Faruk and Ibrahim Hashem
Received: 28 February 2023
Revised: 4 April 2023
Accepted: 10 April 2023
Published: 13 April 2023
Copyright: © 2023 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
Appl. Sci. 2023, 13, 4878. https://doi.org/10.3390/app13084878
and Mohammed Alreshoodi 2
1 Department of Computer Science, College of Computer, Qassim University, Buraydah 51452, Saudi Arabia
2 Unit of Scientific Research, Applied College, Qassim University, Buraydah 52571, Saudi Arabia
* Correspondence: [email protected]; Tel.: +966-503999154
Abstract: Effective security support still remains a challenge even for a standardized Internet of
Things network protocol such as the IPv6 Routing Protocol for Low-Power and Lossy Networks
(RPL). It provides limited protection against external security attacks but stays highly vulnerable to
internal routing attacks. The inherent RPL design of RPL, particularly its topology establishment
and maintenance mechanism, makes it easy to initiate such kinds of attacks which target overall
network performance and topology stability. Establishing a firm and practical understanding of the
impacts of these attacks on RPL networks is still critically needed for further investigation. This
is more demanding when considering varying-scale RPL deployments targeted by complex attack
scenarios. In this research work, an extensive experimental study of these critical RPL routing attacks
considering simple-to-complex attack scenarios in varying-scale RPL network setups is presented. It
provides a practical contribution toward experimentally understanding the effectiveness of internal
routing attacks when targeting RPL-based IoT networks. The main objective is to provide future
research works with a practical reference to the effectiveness of these security attacks and the overall
performance of RPL networks under routing attacks. The results indicate the adverse impacts of
routing attacks on the overall performance of RPL networks. Even in simple attack scenarios, it
was found that the attacked networks experienced noticeable degradation in QoS performance and
topology stability. In addition, the attacks incurred considerable increases in energy consumption
and control traffic overhead. These were more evident in large-scale experimental setups and also
under composite and hybrid routing attacks. QoS performance and topology stability degraded by
more than 90% whereas energy consumption and network overhead increased by more than 200%.
Keywords: Internet of Things (IoT); wireless networks; network security; energy efficiency
1. Introduction
One of the emerging technologies that facilitate a broad range of incipient smart appli-
cations is the Internet of Things (IoT). It enables the smart provisioning of intelligent and
advanced services in different domains such as industry [1], healthcare [2], and agricul-
ture [3]. A revolutionary development of a wide scope of new IoT applications is being
witnessed nowadays. Examples are smart cities, smart metering, industrial automation,
and environmental monitoring. As a result, the number of IoT-enabled devices has been
showing exponential growth in recent years. The forecast in [4] indicates that more than
30 billion IoT devices will be connected in 2030. As estimated by the McKinsey Global
Institute [5], the IoT industry may generate $3.9–11.1 trillion a year in revenue by 2025.
An IoT network typically comprises small-sized devices which have limited compu-
tation and energy resources. Energy-efficient wireless communication technologies are
utilized to enable effective connectivity among these devices. Therefore, the Low-power
and Lossy Network (LLN) is widely used for the establishment of efficient IoT infrastruc-
ture. It effectively allows network topologies to be built with resource-limited devices
connected over unreliable wireless links. Due to these networking characteristics, routing
https://www.mdpi.com/journal/applsci
Appl. Sci. 2023, 13, 4878 2 of 23

becomes a challenging functionality in LLNs, particularly for IoT applications with strict
requirements.
A set of LLN routing requirements have been defined by the IETF ROLL working
group considering several IoT applications. These include urban, industrial, building
automation, and home automation applications which are specified in RFC 5548 [6], RFC
5673 [7], RFC 5867 [8], and RFC 5826 [9], respectively. Taking these routing requirements
into account, an IETF-standardized and LLN-customized routing protocol is specified in
RFC 6550 [10] and called the IPv6 Routing Protocol for Low-Power and Lossy Networks
(RPL). The protocol functionality is based on extending IPv6 networking to IoT devices
and establishing a structured network topology. It addresses effective loop-free routing
for efficient communication of IoT data packets. The protocol design is flexible and cus-
tomizable enough to enable effective topology optimization toward addressing the network
requirements of certain IoT deployments.
Nevertheless, security requirements were not effectively considered and provisioned
in the original RPL specification. Its potential vulnerability to different security attacks is
still a major security challenge. There is still no adequate security support provided by the
standard RPL against the different types of security attacks [10]. Only limited resilience
to external attacks is provided by the RPL specification [11] whereas complete security
support addressing routing attacks is not provisioned [12,13]. Routing attacks are common
in RPL networks to target overall network performance and topology stability [14–18]. This
gives rise to different emerging security challenges for real-life RPL-based IoT deployments.
As IoT networks are gradually being deployed in various critical fields, an open security
issue such as this would impede the effectiveness of such a trend.
The growing deployment of IoT devices in our vehicles, buildings, mobile devices,
and appliances would open the doors for severe security threats compared with the cases of
traditional networks. The potential damage that can consequently happen would be critical,
causing IoT networks to collapse with complete communication disruption and data loss.
As estimated earlier in [19], cybercrime during 2015 incurred a cost of $400–500 billion. The
figure rose six-fold in 2016 to approximately $2–3 trillion. All these vital considerations
demonstrate the importance of a practical understanding of potential security attacks and
the need for intensive experimental analysis of their impacts on RPL network performance.
Without such a critical orientation for a standardized IoT protocol such as RPL, it would be
hard to effectively realize efficient and practical IoT security solutions.
Therefore, there is a compelling need to investigate the impact of these types of internal
routing attacks on the overall performance of RPL networks. A deep understanding of
such critical situations is a vital step towards effectively developing efficient IoT attack
mitigation solutions. This is more critical in the case of large-scale deployment scenarios
which are common in different IoT applications including smart cities, e-healthcare, and
industrial automation. In this research work, we carried out an extensive experimental
study of a set of critical routing attacks in the context of RPL networks. Addressing the
practical investigation of RPL networks during simple-to-complex routing attack scenarios
while considering different attack types and varying-scale setups in a multidimensional
performance study represents the novelty of this work. The major focus was on analyzing
the effects of certain well-known internal routing attacks on RPL networks. These were
namely the Version Number (VN), rank, Worst Parent (WP), and replay attacks.
This research work provides a practical contribution toward experimentally study-
ing the effectiveness of internal routing attacks on RPL-based IoT networks. It mainly
contributes to the practical understanding of diverse routing attacks in varying-scale IoT
network setups and simple-to-complex security attack scenarios. The main objective is to
provide future research works with a practical research reference of the security efficiency
and overall network performance of RPL networks under routing attacks. Accordingly, a
set of critical security research questions were identified for this study to experimentally
answer. These are as follows:
Appl. Sci. 2023, 13, 4878 3 of 23

- What is the most adverse internal routing attack in RPL networks considering the
rank, VN, WP, and replay attacks?
- What is the impact of composite internal routing attacks on the overall performance
and topology stability of RPL networks?
- How adverse is it to have hybrid internal routing attacks initiated in RPL networks,
compared to single and composite attacks?
- Would RPL internal routing attacks be more effective as the scale of the network
increases?
Systematic and practical experimentation was carried out to give in-depth answers
to these research questions. The results indicate the adverse impacts of routing attacks on
the overall performance of RPL networks. Even in simple attack scenarios, the networks
experienced noticeable degradation of QoS performance and network stability in addition
to noticeable increases in control traffic overhead and energy consumption. This was more
evident in large-scale experimental setups and also under composite and hybrid attacks.
The following section presents an overview of the standard RPL. Section 3 discusses
RPL security and describes the RPL internal routing attacks of interest. In Section 4, the
attack model and network assumptions are presented. Section 5 provides a research
overview of the related work. In Section 6, the experimental methodology followed in this
study is detailed. Section 7 presents the obtained experimental results whereas Section 8
provides insightful discussion. The conclusion is then provided in Section 9.

2. RPL Overview
IoT networks are characterized by the interconnectivity of a high number of resource-
constrained embedded devices over LLNs. These devices are of small capacity and re-
stricted in terms of computation, storage, and energy resources. Scarce LLN links are
typically utilized to establish network connectivity among these devices without any guar-
antee of high network performance and communication reliability. However, wireless data
communications are guaranteed without adding much complexity and incurring high cost
and energy consumption. Therefore, the link layer communication technology commonly
adopted for LLNs is IEEE 802.15.4. On top of that, header compression and fragmentation
are incorporated in LLN architecture as an additional IP adaptation layer for effective
integration with IPv6 networks. The IETF in RFC 4944 [20] and RFC 6282 [21] specifies
that such functionality is provided by the IPv6 over Low-Power Wireless Personal Area
Networks (6LowPANs). It enables LLNs to efficiently address end-to-end IP networking.
For effective LLN routing on top of the 6LowPAN layer, the IETF ROLL working
group specified RPL in RFC 6550 [10] to provide a customized networking solution for
maintaining the IPv6 routing functionality at the network layer. It enables effective loop-free
routing of IoT data traffic over constrained LLN links. RPL is developed as a distance-
vector routing protocol that works in a proactive mode of operation. It supports different
communication schemes: point-to-point, point-to-multipoint, and multipoint-to-point. RPL
is designed with a routing framework adhering to the distinct characteristics of LLNs while
providing the flexibility to implement objective-oriented routing optimization. It facilitates
the implementation of different routing optimization objectives using one or multiple
routing metrics. Therefore, RPL provides the support to meet the varying requirements of
a broad range of IoT applications.
A single LLN is structured by RPL as one or a set of distinct RPL instances with each
one constructed as a Directed Acyclic Graph (DAG). An RPL instance consists of single or
multiple Destination-Oriented DAGs (DODAGs). A DODAG is established as a multihop
network topology of a designated root (RPL sink node) and multiple normal RPL nodes.
Figure 1 presents an example RPL network of two RPL instances. Instance 1 contains two
different DODAGs and Instance 2 has a single DODAG. Internet connectivity for these
DODAGs is maintained through their corresponding sink nodes (SN1–3).
 Appl.Sci.
Appl. Sci.2023,
2023,13,
13,4878
x FOR PEER REVIEW 44 of
of 23
23

Figure1.1.An
Figure AnExample
ExampleRPL
RPLNetwork.
Network.

RPL
RPLoperation
operationisisbased
basedononfour
fourmainmainICMPv6
ICMPv6messages
messagesto toenable
enablethetheconstruction
constructionof of
aaDODAG
DODAG topology in a multihop fashion. This is achieved in two main stages:upward
topology in a multihop fashion. This is achieved in two main stages: upward
and
and downward
downward networknetwork pathpath establishment.
establishment.The Thefirst
first stage
stage starts
starts with
with thethesink sink
node node
ini-
initiating
tiating periodic dissemination of DODAG Information Object (DIO) messages. Uponthe
periodic dissemination of DODAG Information Object (DIO) messages. Upon the
reception
receptionofofthe themessage,
message,eacheachrecipient
recipient node
node processes
processes andandthenthenforwards
forwards it toit its
to neighbor
its neigh-
nodes. Having this process repeated by each node joining the DODAG enables full network
bor nodes. Having this process repeated by each node joining the DODAG enables full
convergence and the successful establishment of upward paths across the network. That
network convergence and the successful establishment of upward paths across the net-
is, the DIO messages carry the necessary information to the nodes for successful DODAG
work. That is, the DIO messages carry the necessary information to the nodes for success-
discovery and maintenance. The disseminated information in the DIO message includes
ful DODAG discovery and maintenance. The disseminated information in the DIO mes-
the Instance ID and DODAG ID which are utilized to identify a DODAG. In addition, each
sage includes the Instance ID and DODAG ID which are utilized to identify a DODAG. In
DIO message contains the Version Number (VN) which indicates the current update to the
addition, each DIO message contains the Version Number (VN) which indicates the cur-
topology of the DODAG. Other indicators including the rank value and IPv6 address of
rent update to the topology of the DODAG. Other indicators including the rank value and
the parent node are also disseminated to enable nodes to successfully join the network.
IPv6 address of the parent node are also disseminated to enable nodes to successfully join
The DIO messages also contain other important information indicating the Objective
the network.
Function (OF) being applied in the current RPL instance. DODAG topology formation
The DIO messages also contain other important information indicating the Objective
is dictated by the OF to meet specific routing optimization goals and achieve certain
Function (OF) beingnetwork
application-specific applied in the current RPL
requirements. RPLinstance.
provides DODAG topologyOF
a customizable formation
that canis
dictated by the OF to meet specific routing optimization goals
be implemented for objective-oriented routing toward effective optimization of DODAG and achieve certain appli-
cation-specific
construction. network
Certain requirements.
optimization RPL provides
objectives a customizable
can be defined OF that requirements
to meet different can be imple-
including network reliability, energy efficiency, and data security. These canconstruc-
mented for objective-oriented routing toward effective optimization of DODAG then be
tion. Certain
utilized optimization
for the establishmentobjectives can beupward
of low-cost defined to meet different
routing paths. Eachrequirements
RPL node includ-
uses
ing network reliability, energy efficiency, and data security.
the advertised OF in DIO messages for node ranking and parent selection. The rank These can then be utilized for
the establishment of low-cost upward routing paths. Each RPL
calculation is performed by the node to specify its virtual distance to the sink node and node uses the advertised
OF in DIO
inhibits any messages
routing loop.for node rankingensures
This process and parentthat selection.
rank increases The rank
as thecalculation
node’s position is per-
formed by the node to specify its virtual distance to the sink node
goes deeper in the DODAG. A preferred parent (next hop) is then selected among those of and inhibits any routing
loop. This process
lower-ranked nodesensures that ranklist
in its neighbor increases as the node’s
which consists of all theposition
sources goes deeper in
of received the
DIO
DODAG. A preferred parent (next hop) is then selected among
messages. Optimal parent selection can then guarantee minimum-cost loop-free routing those of lower-ranked
nodes
over in its neighbor
lowest-ranked list which consists of all the sources of received DIO messages. Op-
parents.
timalDifferent
parent selection can thenand
routing metrics guarantee minimum-cost
constraints can be utilized loop-free routing over lowest-
for implementing an OF
ranked
that parents.
fulfills specific application requirements. A routing metric is a quantitative value
Different routing
that represents a specificmetrics and constraints
characteristic can be utilized
of the network based on forthe
implementing
calculation an OF that
of certain
fulfills specific application requirements. A routing metric is a
network parameters. This value indicates the cost of selecting a certain path according quantitative value that rep-
resents
to a specific characteristic
an optimization objective. OFs of can
the network based onusing
be implemented the calculation of certain network
single or composite routing
parameters.
metrics basedThis valuestatic
on either indicates the costvalues.
or dynamic of selecting
Examples a certain path according
of potential routing metrics to an opti-
and
mization objective.
constraints can be foundOFs in can
RFCbe 6551
implemented
[22] whichusing single
classifies themor into
composite
node and routing metrics
link routing
based on
metrics andeither static orThere
constraints. dynamic
are twovalues. ExamplesOFs
standardized of potential
for RPL: routing
Objective metrics
Function andZerocon-
(OF0)
straintsandcanMinimum
be foundRank with
in RFC 6551Hysteresis
[22] which Objective
classifiesFunction
them into (MRHOF).
node and RFC link6552 [23]
routing
specifies
metrics and OF0constraints.
which is based Thereonarethetwohop count as aOFs
standardized routing metric.
for RPL: MRHOF
Objective Functionhas been
Zero
Appl. Sci. 2023, 13, 4878 5 of 23

developed to address network reliability as specified in RFC 6719 [24]. It uses the Estimated
Transmission Count (ETX) as a routing metric which is based on the calculation of the
necessary transmissions/retransmission for successful packet delivery.
The following stage to upward routing is downward network path establishment. It
is initiated in response to the process of topology construction. Each node propagates its
routing information upward upon the reception of a DIO message via a parent node. This is
performed by sending a Destination Advertisement Object (DAO) message over the upward
paths already established to the sink node. The message contains routing information such
as the node’s IPv6 address. Two modes of downward routing are supported: storing
and non-storing modes. The former is fully stateful as the routing information being
disseminated in DAO messages is stored by each node. Internal routing across the DODAG
network is effectively maintained based on the stored routing information. This enables
data packets to be routed from any RPL source to an RPL destination via a common ancestor
node. The non-storing mode is based on source routing that allows routing data traffic
through the root only. Accordingly, only the sink node has complete access to the network
destinations in a DODAG whereas no routing table is maintained by the other nodes. In
either of these modes, RPL nodes acknowledge the reception of DAO messages by replying
with DAO-ACK messages.
During topology construction and maintenance, RPL utilizes the Trickle algorithm [25]
to manage network overhead and maintain control packets at a minimum level. It provides
the ability to control DIO transmissions based on how stable the network is currently.
It starts with a small time interval and then applies an exponential increase as long as
the DODAG topology stays stable without any inconsistency detected in the network.
Otherwise, the algorithm resets the time interval, causing the process to start over. Examples
of the events that cause such a reset are VN updates, preferred parent changes, and the
reception of any DIS message triggering DIO broadcasting.
In addition, RPL defines two different procedures for addressing node or link failure.
The first is the local repair which addresses failures by enabling the immediate selection
of an alternative preferred parent node to the current one. The second procedure is the
global repair which requires updating the current version of the topology and initiating
full DODAG topology reconstruction. The sink node initiates this process by incrementing
the currently advertised VN. This results in the exchange of several DIS and DIO messages
across the network after resetting the trickle timer. These failure recovery procedures are
initiated upon the detection of any routing problem such as routing loops. This provides
a reliable guarantee of effective failure recovery but at the cost of much more network
overhead, particularly in large deployments.

3. RPL Routing Attacks

The protocol design of the standard RPL incorporates limited security support against
external security attacks. It comes in multiple basic security modes, namely the insecure,
preinstalled, and authentication modes. The protocol operates without security support in
the insecure mode whereas preinstalled security keys are utilized for the establishment of
secure data communication in the preinstalled mode. In the authentication mode, a security
key needs to be obtained from an authentication authority before joining an RPL network
and establishing data communication [10].
Although RPL ensures limited resilience against external attacks [11], it lacks sufficient
support to defend against internal routing attacks [12,13]. RPL has no mechanism to
address the common attacks such as sinkhole, wormhole, and blackhole attacks nor the
RPL-specific ones including VN, rank, and WP attacks [14–18]. This would magnify the
vulnerability of the protocol and makes it an attractive target for different routing attacks.
Moreover, these attacks can be easily launched by any node in RPL networks. For example,
a malicious node can initiate a VN attack by updating the VN value being disseminated in
the DIO message without adhering to the standard protocol operation. As a result, a new
illegitimate DODAG update is carried out, leading to a full topology reconstruction of the
Appl. Sci. 2023, 13, 4878 6 of 23

RPL network. Such an attack in addition to other types of attack would cause an adverse
impact on network stability and incur a noticeable increase in network overhead and power
consumption. The following sub-sections provide a brief overview of four critical routing
attacks that can be easily and effectively initiated in RPL networks [14–18].

3.1. Rank Attack

One of the main RPL design aspects is the ranking mechanism which utilizes the rank
property to ensure loop-free routing. It is based on having the rank values increase in the
downward direction from the root to the leaf nodes. Accordingly, preferred parent selection
is performed on neighbor nodes of lower ranks and better positions only. However, such
a mechanism can be exploited by a malicious node to launch the so-called rank attack.
Without strict adherence to the above rule, a node can increase its rank value and deceive
its neighbor nodes at some point after joining an RPL network. The target is to create a sub-
optimal topology causing data traffic to traverse network paths of lower QoS performance.
It also can incur unwanted routing loops and drain available resources, particularly when
considering large-scale RPL deployments.
In other cases, the rank attack can be launched by a malicious node, decreasing its
advertised rank value. This would attract most of its neighbor nodes as a well-ranked
parent candidate. As a result, multiple neighbor nodes would then make changes to their
current preferred parents. This then can help in initiating further attacks such as blackhole
attacks and cause the situation to be even worse. The main target in both modes of rank
attack is undermining network stability.

3.2. Version Number (VP) Attack

RPL defines the version numbering mechanism to enable simple tracking of the
frequent updates to a DODAG topology due to global repairs. The version property is used
to indicate a new global repair and specify the iteration in which the topology is currently
considered. The sink node initiates a DODAG with the default VN which is then associated
with the initial setup of the topology. DIO advertisements carry the version information
in the version field of the message. Upon the initiation of a global repair, the sink node
advertises DIO messages with a new VN. A global repair can be performed under different
conditions including the detection of VN inconsistencies and routing loops. Once a node
receives the new VN, it recalculates its rank value and repositions within the topology after
updating the state of its current VN. Accordingly, a new VN update would result in new
positions of the nodes and a complete update to the DODAG topology.
As per the RPL specification [10], the version field in the DIO message is set by the
sink node only without being changed as the messages are propagated across the network.
However, RPL comes with no guarantee that this stays unviolated by any malicious
activities. Such a security gap can be utilized to launch a VN attack using the version
property. This only requires a malicious node to modify the advertised DIO messages
with a new VN. This would result in broadcasting a fake VN update and triggering an
illegitimate global repair. However, the recipients consider it a legitimate global repair
and thus have no option but to participate in the process. The objective of the attack is to
cause a serious disruption of network stability by initiating unnecessary global repairs and
flooding the RPL network with a high number of control messages. The main target is to
exhaust network resources and cause a noticeable reduction in overall performance and
network lifetime.

3.3. Worst Parent (WP) Attack

The creation of a sub-optimal topology is one of the main objectives when targeting
RPL network security toward overall network performance degradation. This can be
achieved by having malicious RPL nodes select the candidate parents of the highest rank as
their preferred parents instead of those with the minimum ranks. Although this violates the
standard operation of RPL, this behavior can be easily realized to enable the initiation of the
Appl. Sci. 2023, 13, 4878 7 of 23

WP attack. The attacking nodes then systematically keep changing their preferred parents
to the worst possible without the need for changing their current rank. The main objective
is to establish the worst available paths for the attacking node’s sub-DODAG. The attack
targets the creation of routing sub-optimization which would lead to high transmission
delay in addition to occasional routing loops and network isolation.

3.4. Replay Attack

The broadcast messages of RPL such as DIO messages can be eavesdropped by any
node joining an RPL network. To initiate a replay attack, the eavesdropper node mali-
ciously resends the eavesdropped message to its neighbor RPL nodes. The message is then
perceived as a new one having fresh and relevant information. The attack can be applied
using any type of RPL control message. If this is performed to duplicate and multicast
the DIO messages of a neighbor node, it is then called a neighbor replay attack. Another
possibility is that the attacker sends outdated eavesdropped DIO messages containing old
routing information to cause the problem of stale routing information. Moreover, the replay
attack can be used to initiate a Denial-of-Service (DoS) attack, referred to as a copycat
attack. It is based on frequent multicasting of the eavesdropped control messages with a
fixed replay interval after modifying the messages’ source IP addresses to the one of the
attacker. In general, the main objective of replay attacks is the formation of non-optimal
topology and the degradation of network performance. It is also possible to have the attack
result in DODAG disruption and inconsistency, leading the targeted nodes to be unable to
communicate and then detach from the DODAG.

4. Related Work
As discussed in the previous section, RPL comes with different basic security modes
but has no sufficient security support against internal routing attacks. Although secure
access control can be provided using the authentication mode, there is still a great oppor-
tunity for a node to be compromised and used for initiating internal routing attacks. The
inherent protocol design of RPL makes it easy to initiate common routing attacks such as
the sinkhole, blackhole, and wormhole attacks [13,26,27] in addition to the RPL-specific
ones such as VN, replay, and WP attacks [28,29]. The different potential RPL security
attacks have been surveyed and reviewed in different research studies [14–18]. In these
works, a classification of the RPL attacks into those targeting network topology, network
resources, and network traffic was provided. An example of a network topology attack
is the WP attack whereas the VN and rank attacks were categorized as network resource
attacks.
In addition, there have been various research efforts made to study the performance of
RPL networks under a specific routing attack. The overall results showed that these attacks
result in considerable overall performance degradation of the targeted RPL networks. The
experimental results presented in [30] demonstrated how RPL networks experienced a
high delay, packet loss, and network overhead when being under blackhole attacks. The
experimental study in [31] showed the adverse impact of the wormhole attack on the power
consumption and network overhead of RPL networks. The same attack was investigated
in [32] over a real-testbed setup. The results illustrated the ability of the attack to cause
high increases in packet loss. The experimental study in [33] discussed the adverse impact
of the sinkhole attack on RPL compared to other protocols such as AODV. The attack
led to a degradation of QoS performance and increases in network overhead and energy
consumption as indicated by the presented simulation results.
The study presented in [34,35] showed that DIS flooding attacks can decrease PDR
and increase delay and power consumption, particularly in composite-attack scenarios.
Experimenting with RPL networks using real-testbed setups in [36], similar results showing
that DIS flooding attack degraded power consumption in addition to nodes’ joining time
were presented. In [37], the DAO induction attack caused a noticeable degradation of QoS
performance and led to high increases in communication delay and packet loss. In [38], the
Appl. Sci. 2023, 13, 4878 8 of 23

impact of single and composite replay attacks on RPL networks was experimentally exam-
ined. As the results indicated, the attacks led to a high degradation of QoS performance
and an increase in energy consumption.
The VN attack was investigated in different research studies for examining its effect
on RPL networks. The simulation results in [39] indicate how the VN attack can result in a
noticeable drop in PDR in addition to a high increase in delay and network overhead. High
power consumption can also be incurred by VN attacks as demonstrated by the evaluation
results in [40,41]. Moreover, a more effective VN attack can be launched with multiple
nodes performing the attack simultaneously in a distributed manner. The experimental
results in [42] show that increasing the number of attackers amplified the adverse effect
of the VN attack. Other studies showed that the RPL network experienced more adverse
impacts of VN attacks as the network was flooded by these attacks [43] and when the
network had mobile nodes [44].
The rank attack was also experimentally studied in [45] considering different network
topology structures. The evaluation results showed that the attack affected the overall
performance of RPL networks in all the considered scenarios as the energy consumption
and network overhead noticeably increased. In [46], it was observed that targeting large-
scale RPL networks with composite rank attacks can noticeably lead to high degradation of
QoS performance.
There have also been other attempts to compare the impact of different RPL routing
attacks on RPL networks. In [47], a comparison of the VN, WP, and DIS flooding attacks
was presented considering both single- and composite-attack scenarios in relatively large-
scale setups. The simulation results showed that the RPL network was more affected
by the VN and DIS flooding attacks than the WP attack in terms of QoS performance,
power consumption, and network overhead. Other comparison studies were presented
in [48,49] to show the impacts of the single and composite VN, rank, and hello flooding
attacks. The results indicated noticeable network performance degradation in terms of
QoS measures, energy consumption, and network overhead. The impact of certain attacks
including hello flooding, selective forwarding, clone ID, sybil, and local repair attacks
on network performance was analyzed in [50]. The experimental results showed RPL
networks under these attacks experienced low network throughput. The evaluation study
presented in [51] highlighted the ability of single and composite rank, local repair, neighbor,
and DIS flooding attacks to degrade QoS performance and increase network overhead.
However, there are still certain aspects and considerations that have not yet been
effectively studied and analyzed as indicated in Table 1. The focus has been mainly on
experimenting with RPL networks under certain routing attacks in relatively simple and
small-scale setups. There have been few attempts towards investigating composite RPL
attacks in more complex scenarios. Challenging RPL networks with combinations of
different attacks in varying-scale hybrid-attack scenarios has not been effectively analyzed
yet. Considering all these aspects in a multidimensional study that sheds empirical light
on the security performance of RPL networks is the main aim of this research work. It
provides a reference study for addressing advanced security support against more complex
RPL attack scenarios of large-scale setups and hybrid routing attacks.
Appl. Sci. 2023, 13, 4878 9 of 23

Table 1. Comparison of related work and the current study.

Extensive
Large- Composite- Hybrid- Multiple Varying
Evalua-
Ref. Scale Attack Attack Types of Attack
tion
Setups Scenarios Scenarios Attacks Positions
Metrics
[30] × × × × × ×
[31] × × × × × ×
[32] × × × × × ×
[33] × × × × × ×
√ √
[34] × × × ×
√ √
[35] × × × ×
[36] × × × × × ×
√
[37] × × × × ×
√
[38] × × × × ×
√ √
[39] × × × ×
√ √
[40] × × × ×
[41] × × × × × ×
√ √
[42] × × × ×
√ √
[43] × × × ×
√ √
[44] × × × ×
√ √ √
[45] × × ×
√ √ √
[46] × × ×
√ √ √
[47] × × ×
√ √ √
[48] × × ×
√ √
[49] × × × ×
√
[50] × × × × ×
√ √ √
[51] × × ×
√ √ √ √ √ √
This Study

5. Routing Attack Model

This section provides a brief discussion of the basic network characteristics and as-
sumptions upon which this study is based. It is assumed that an RPL network always has
a single sink node and multiple non-sink RPL nodes. All the nodes run an RPL imple-
mentation as specified by the RPL standard in RFC 6550 [10]. The sink node is the node
that initiates the DODAG in a storing mode. It is also assumed that the sink node has no
exposure to any form of routing attack.
One or more of the non-sink nodes act as attacking nodes to perform certain attacks
during RPL attack scenarios. An attack can be initiated by a single node in the network
joining as a legitimate one and establishing direct communications with the legitimate
neighbor nodes. In addition, multiple differently positioned nodes can initiate the same
attack either independently or in a cooperative manner. It is also possible that these
attacking nodes simultaneously perform different types of routing attacks such as the VN
and rank attacks.
The assumption was made that each node is a stationary small-sized device that is
resource-limited and powered by batteries. Varying-scale deployment of the devices is con-
sidered following different positioning strategies such as uniform and random positioning.
Wireless connectivity among the nodes is assumed in multihop topological setups. Different
types of real IoT devices exist in the market that incorporate an RPL implementation in
Appl. Sci. 2023, 13, 4878 10 of 23

their networking stacks. Among these are Tmote [52], Zolertia Z1 [53], TelosB [54], and
MicaZ [55].
The deployment of the nodes is assumed to address a specific IoT application. The
application-specific IoT data are frequently collected in a periodical manner. The trans-
mission of the IoT data is performed at a predefined time interval over UDP data packets.
This is carried out using the established upward routing paths in RPL networks. The sink
node acts as an Internet gateway and serves as a central point via which data forwarding
to/from the Internet is carried out.
RPL networks initially run under no attack and reach a certain level of topological
stability. The initiation of the attacks is assumed after a certain time by which the RPL
network topology comes to convergence. The target of the attacker is to cause critical dis-
ruption to network stability by establishing unnecessary communications and flooding the
network with a high volume of control traffic. The main objective is to incur a considerable
degradation of the overall network performance and a noticeable drop in network lifetime.

6. Methodology
IoT devices are commonly characterized by constrained resources and limited capabil-
ities which entail the need for customized Operating Systems (OSs). The common choices
in this regard are Contiki OS and TinyOS. These are open-source OSs that implement
IPv6-based network stacks to support effective IP connectivity. Both come with practical
implementations of 6LowPANs and RPL to provide IP adaptation and IPv6-based network
routing, respectively. Additionally, Contiki OS [56] includes the Cooja network simulator
which can be effectively utilized to emulate different IoT scenarios while running the real
Contiki OS implementation. It enables building IoT setups using different types of virtual
IoT motes that can be configured to effectively emulate real-life IoT deployments. The
experimentation of this work was carried out using the Cooja simulator of the most recent
version of Contiki OS (Contiki 3.0).
For the implementation of the different routing attacks, modifications were made to
the RPL code base in the network stack of the Contiki OS. Most of the code modifications
were carried out to two main source files: “rpl-dag.c” and “rpl-icmp6.c”. This was carried
out for the RPL implementation of the attacker nodes only for running a specific attack ten
minutes after the simulation start time. The source code was modified to decrease the rank
by two, increase the VN by one, copy and resend the neighbor’s DIO messages, and select
the parent having the highest rank value for implementing the rank, VN, replay, and WP
attacks, respectively.
For effective analysis, the experiment was designed with three RPL experimental
setups referred to as S1, S2, and S3. It was deemed important to implement different
setups of varying-scale network topologies and varying complexity levels for realizing a
comprehensive analysis. For each setup, an RPL network of a single RPL instance having
one DODAG of a single sink was considered. A total of 25, 40, and 65 nodes were the
DODAG sizes of S1, S2, and S3, respectively. Figure 2 presents the network topology of S2.
Each one of the sink and sensor nodes was emulated as a Zolertia Z1 mote which has an
MSP430 16 MHz MCU. It also comes with a 92 KB flash memory, 8 KB RAM, and CC2420
transceiver. Random placement of the nodes in the simulated deployment area of 300 ×
300 m was considered for all the setups. A multihop network topology was formed among
all the nodes in all the setups. In addition, the communication and interference ranges were
configured to 25 and 50 m, respectively, for all the nodes. Table 2 provides a summary of
the main simulation parameters.
Appl.
Appl.Sci. 2023,13,
Sci.2023, 13,4878
x FOR PEER REVIEW 11
11 ofof2323

Figure2.2.Network
Figure NetworkTopology
TopologyofofS2.
S2.

Table 2. Simulation Parameters.

Table 2. Simulation Parameters.
Simulation Parameter Value
Simulation
Area SizeParameter Value
300 × 300 m
Area Size S1 25 × 300 m
300
Number of Nodes S2 S1 40 25
Number of Nodes S3 S2 65 40
Topology S3 Random 65
MoteTopology
Type Zolertia Z1
Random
Mote Current Consumption in CPU Mode 0.5 mA at 3 V
Mote Type Zolertia Z1
Mote Current Consumption in LPM Mode 0.0005 mA at 3 V
Mote
Mote Current
Current Consumption
Consumption in CPU
in Tx ModeMode 17.4 0.5
mAmA at 3atV3 V
Mote
Mote Current
Current Consumption
Consumption in LPM
in Rx ModeMode 0.0005
18.8 mA at mA3 Vat 3 V
Radio Medium Model
Mote Current Consumption in Tx Mode UDGM:17.4Distance
mA atLoss
3V
Operating System Contiki 3.0
Mote Current Consumption in Rx Mode 18.8 mA at 3 V
MAC Layer ContikiMAC
RPL Radio Medium
Objective Model
Function UDGM: Distance
MRHOF (ETX) Loss
RPL Operating
Routing ModeSystem StoringContiki
Mode3.0
Communication Range
MAC Layer 25 m
ContikiMAC
Interference Range 50 m
RPL Objective Function MRHOF (ETX)
Traffic Type CBR
RPL Routing
Data Transmission Mode
Interval Storing
±5 s Mode
Communication
Control Message Size Range 25 m
4 Bytes
Data Packet Size
Interference Range 40 Bytes
50 m
Confidence Level 95%
Traffic Type CBR
Simulation Duration 50 min
Data Transmission Interval ±5 s
Control Message Size
The adopted implementation of the Contiki OS runs the two standard4 Bytes OFs. In this
work, RPL was experimented
Data Packetwith
Size the MRHOF which is based on the routing metric of
40 Bytes
ETX. Additionally, each RPL sensor
Confidence Level
node was configured to run a UDP client for the fre-
95%
quent transmission of IoT data packets. It regularly sends a UDP packet at a ±5 s data
Simulation Duration 50 min
communication interval. This is received by the sink node which also runs a central UDP
server. Furthermore, different plugins of Cooja were configured at each node. These in-
The the
cluded adopted implementation
“collect-view” of the Contiki
and “powertrace” OS runswhich
modules the two standard
simplify the OFs. In thisof
collection
work, RPL
overall was experimented
performance with the
data and energy MRHOF which
consumption is based
indicators, on the routing metric
respectively.
of ETX.
TheAdditionally, each RPL sensor
evaluation methodology wasnode was to
designed configured
incorporateto run a UDP
multiple client for the
experimentation
stages as shown in Figure 3. The first one was based on running an attack-free scenario
Appl. Sci. 2023, 13, 4878 12 of 23

frequent transmission of IoT data packets. It regularly sends a UDP packet at a ±5 s

data communication interval. This is received by the sink node which also runs a central
UDP server. Furthermore, different plugins of Cooja were configured at each node. These
Appl. Sci. 2023, 13, x FOR PEER REVIEW
included the “collect-view” and “powertrace” modules which simplify the collection 12 of of
23
overall performance data and energy consumption indicators, respectively.
The evaluation methodology was designed to incorporate multiple experimentation
stages
for eachasexperimental
shown in Figure 3. using
setup The first
the one was based
original on running an attack-free
RPL implementation. This assistedscenario
in es-
for each experimental setup using the original RPL implementation. This assisted
tablishing the performance baseline necessary for establishing an overall comparison in estab-
lishing
against the
theperformance
experimentalbaseline necessary
measurements for establishing
collected in the nextanstages.
overallThe
comparison against
RPL implemen-
the experimental measurements collected in the next stages. The RPL implementation
tation was then examined under different single-attack scenarios in the following evalua- was
then examined under different single-attack scenarios in the following evaluation
tion stage. For each setup, multiple attack scenarios were created considering different stage.
For each
attack setup,
types andmultiple
attackingattack
nodes.scenarios were created
Composite-attack considering
scenarios different
were then attack in
considered types
the
and attacking nodes. Composite-attack scenarios were then considered in the third
third stage to run diverse attack scenarios with more than one attacking node. Two differ- stage to
run diversewere
ent nodes attack scenariosto
configured with
runmore than attack
the same one attacking node. Two
in each scenario different nodes
considering were
a different
configured to run the same attack in each scenario considering a different experimental
experimental setup at a time. For the final evaluation stage, the same procedure was then
setup at a time. For the final evaluation stage, the same procedure was then repeated except
repeated except that the two attacking nodes simultaneously run different attack types in
that the two attacking nodes simultaneously run different attack types in each scenario.
each scenario.

Figure 3. Overview of the Evaluation Methodology.

Figure 3. Overview of the Evaluation Methodology.

During each
During each stage
stage and
and for
for each
each scenario,
scenario, the
the attack
attack is
is performed
performed by by different
different nodes
nodes
of varying properties, in particular node position and neighbor count.
of varying properties, in particular node position and neighbor count. This was deemed This was deemed
important for
important for the
the effective
effective investigation
investigation of of the
the variant
variant forms
forms of of potential
potential RPL
RPL attacks
attacks and
and
diverse security
diverse security effects
effectson
onRPL
RPLperformance.
performance.The Theinitiation
initiationofofthe the attack
attack was
was configured
configured to
to be
be tenten minutes
minutes after
after thethe simulation
simulation startstart
timetime which
which waswas set50tomin.
set to 50 min.
EachEach simulation
simulation run
run was
was repeated
repeated ten times
ten times andaverage
and the the average
of theofcollected
the collected
resultsresults was obtained.
was obtained.
The evaluation was based on different network measures which provide effective
indications of various network performance parameters. These are categorized as follows: follows:
‑- QoS performance: Throughput, Packet Delivery Ratio (PDR), delay, delay, and
and ETX.
ETX.
‑- Network stability: Beacon interval and Preferred Parent Change (PPC) rate.
‑- Network overhead: DIO transmission rate and DAO transmission rate.
‑- Energy efficiency: Consumed Energy (CE).
The calculation of the average PDR was based on the ratio of the number of received
data packets at the UDP server to the number of transmitted data packets at the UDP
clients.
clients. The
The throughput
throughputwas wascalculated byby
calculated obtaining
obtainingthethe
average of the
average of total number
the total of data
number of
bits that were successfully transmitted per second. For the delay calculation, the
data bits that were successfully transmitted per second. For the delay calculation, the re- required
time
quiredfortime
the for
transmitted data packets
the transmitted to be successfully
data packets received
to be successfully by thebyUDP
received server
the UDP was
server
collected and averaged.
was collected The calculation
and averaged. of theofETX
The calculation the was
ETX based on obtaining
was based the average
on obtaining of
the aver-
the
age total
of thenumber of transmissions
total number and retransmissions
of transmissions requiredrequired
and retransmissions for the successful delivery
for the successful
of data packets.
delivery of data packets.
The DIO and DAO transmission rates were calculated as the average number of DIO
and DAO advertisements being transmitted across the network per minute, respectively.
For the calculation of the PPC rate, the total number of changes made by all the nodes to
their preferred parent during the entire time of the simulation was divided by the number
of nodes and then the average was taken. Beacon interval is an important measure of to-
Appl. Sci. 2023, 13, 4878 13 of 23

The DIO and DAO transmission rates were calculated as the average number of DIO
and DAO advertisements being transmitted across the network per minute, respectively.
For the calculation of the PPC rate, the total number of changes made by all the nodes to
their preferred parent during the entire time of the simulation was divided by the number
of nodes and then the average was taken. Beacon interval is an important measure of
topology stability as a small beacon interval indicates that more topology updates are being
performed in the network. It is the average of the time between two consecutive beacons of
all the RPL nodes.
The data collected by the “powertrace” module were utilized to obtain the time
spent in each mote state (Transmit, Listen, CPU, and Low-power states). These were
then multiplied by their corresponding current consumption levels and the power supply
voltage as specified in [52]. The average of the total was then taken for the calculation of
energy consumption.

7. Results
Table 3 shows how the standard RPL networks performed well under no attack
considering all the setups. It can be seen that a high QoS performance and network stability
were achieved in addition to maintaining low traffic overhead and energy consumption.
The network was able to keep PDR and throughput to high levels in addition to maintaining
low delay and ETX even in large-scale scenarios. The network also limited the DIO and
DAO transmissions to only 74 packets per minute at most as well as the PPC rate to only
a single change/node on average. The total energy consumption was also maintained at
a relatively low value of 5800 joules in the relatively large-scale setup of S3. However,
the presented results in Tables 4–6 and Figures 4–8 show how adverse the impact of the
different routing attacks is on the overall performance and stability of RPL networks.

Table 3. The Results of the Standard RPL Networks Under No Attacks.

Beacon DIO DAO Energy PPC

Setup PDR Throughput Delay ETX
Interval Rate Rate Cons. Rate
S1 98.62 230.98 131.04 199.5 996 6 6 1800 0.5
S2 94.28 341.75 136.35 248.05 703 20 20 3200 0.5
S3 91.6 546.35 142.7 345.4 678 38 35 5800 0.7

Table 4. QoS Performance Results: Single-Attack Scenario.

Attack PDR Throughput Delay ETX

Rank 89.54 205.67 209.91 256.03
VN 87.07 200.26 217.62 269.42
S1
WP 90.82 209.01 201.68 248.17
Replay 91.31 217.26 198.32 240.92
Rank 84.39 301.81 223.17 402.26
VN 82.02 290.76 234.96 421.47
S2
WP 86.11 316.62 210.84 388.41
Replay 86.97 327.45 207.71 373.46
Rank 76.25 454.19 250.93 579.34
VN 74.03 439.07 263.36 598.62
S3
WP 78.42 473.86 231.05 463.41
Replay 79.09 491.22 224.98 452.38
Appl. Sci. 2023, 13, 4878 14 of 23

Table 5. QoS Performance Results: Composite-Attack Scenario.

Attack PDR Throughput Delay ETX

Rank 85.53 196.49 220.06 269.14
VN 83.19 192.18 226.83 281.53
S1
WP 86.92 200.03 211.89 261.27
Replay 88.01 207.40 208.53 254.12
Rank 78.96 279.80 238.65 419.10
VN 76.94 274.73 245.14 435.42
S2
WP 81.67 298.59 229.32 404.28
Replay 82.87 311.42 223.19 389.33
Appl. Sci. 2023, 13, x FOR PEER REVIEW Rank 68.89 412.72 270.66 607.2914 of 23
VN 66.78 398.60 282.09 622.07
S3
WP 71.02 425.93 254.07 488.86
Replay 72.15 444.75 243.97 476.83
WP 71.02 425.93 254.07 488.86
Replay 72.15 444.75 243.97 476.83
Table 6. QoS Performance Results: Hybrid-Attack Scenario.
Table 6. QoS Performance Results: Hybrid-Attack Scenario.
Attack PDR Throughput Delay ETX
Attack PDR Throughput Delay ETX
Rank–WP 84.54 195.12 222.94 273.43
Rank–WP 84.54 195.12 222.94 273.43
Rank–VN 79.50 184.17 232.87 294.73
Rank–VN 79.50 184.17 232.87 294.73
Rank–Replay 87.18 202.77 210.82 258.01
S1 S1 Rank–Replay 87.18 202.77 210.82 258.01
VN–WPVN–WP 82.48 82.48
187.72 187.72 228.61228.61 289.48
289.48
WP–Replay
WP–Replay
87.46 87.46
205.60 205.60 209.22209.22 255.98
255.98
VN–Replay
VN–Replay
86.02 86.02
198.00 198.00 214.02214.02 266.47
266.47
Rank–WPRank–WP 77.65 77.65 278.04 278.04 242.32242.32 429.08
429.08
Rank–VNRank–VN 70.76 70.76 250.12 250.12 253.50253.50 472.93
472.93
Rank–Replay 81.90
Rank–Replay 81.90 301.07 301.07 228.95228.95 399.12
399.12
S2 S2
VN–WPVN–WP 72.71 72.71 255.60 255.60 251.92251.92 465.36
465.36
WP–Replay 81.95
WP–Replay 81.95 307.51 307.51 227.81227.81 397.97
397.97
VN–Replay 78.97
VN–Replay 78.97 282.64 282.64 236.46236.46 410.95
410.95
Rank–WP 66.79 410.06 271.04 621.11
Rank–WP 66.79 410.06 271.04 621.11
Rank–VN 61.82 369.00 300.28 667.80
Rank–VN 61.82 369.00 300.28 667.80
Rank–Replay 72.06 428.23 245.29 481.78
S3 Rank–Replay 72.06 428.23 245.29 481.78
S3 VN–WP 63.22 370.89 294.24 664.76
VN–WP 63.22 370.89 294.24 664.76
WP–Replay 71.51 436.71 249.56 477.97
WP–Replay 71.51 436.71 249.56 477.97
VN–Replay 70.16 425.27 266.48 504.06
VN–Replay 70.16 425.27 266.48 504.06

(a) (b) (c)

Figure 4. PPC Rate Results: (a) Single-Attack Scenario; (b) Composite-Attack Scenario; (c) Hybrid-
Figure 4. PPC Rate Results: (a) Single-Attack Scenario; (b) Composite-Attack Scenario; (c) Hybrid-
Attack Scenario.
Attack Scenario.
 (a) (b) (c)
Figure 4. PPC Rate Results: (a) Single-Attack Scenario; (b) Composite-Attack Scenario; (c) Hybrid-
Appl. Sci. 2023, 13, 4878 Attack Scenario. 15 of 23

Appl. Sci. 2023, 13, x FOR(a)

PEER REVIEW (b) (c) 15 of 23
Appl. Sci. 2023, 13, x FOR PEER REVIEW 15 of 23
Figure 5. Average Beacon Interval Results: (a) Single-Attack Scenario; (b) Composite-Attack Sce-
Figure 5. Average Beacon Interval Results: (a) Single-Attack Scenario; (b) Composite-Attack Scenario;
nario; (c) Hybrid-Attack Scenario.
(c) Hybrid-Attack Scenario.

(a) (b) (c)

(a) (b) (c)
Figure 6. DIO Transmission Rate Results: (a) Single-Attack Scenario; (b) Composite-Attack Scenario;
Figure6.6.DIO
Figure DIOTransmission
TransmissionRate
RateResults:
Results:(a)
(a)Single-Attack
Single-AttackScenario;
Scenario;(b)
(b)Composite-Attack
Composite-AttackScenario;
Scenario;
(c) Hybrid-Attack Scenario.
(c) Hybrid-Attack Scenario.
(c) Hybrid-Attack Scenario.

(a) (b) (c)

(a) (b) (c)
Figure 7. DAO Transmission Rate Results: (a) Single-Attack Scenario; (b) Composite-Attack Sce-
Figure7. 7.
Figure DAO
DAO Transmission
Transmission Rate
Rate Results:
Results: (a) Single-Attack
(a) Single-Attack Scenario;
Scenario; (b) Composite-Attack
(b) Composite-Attack Sce-
Scenario;
nario; (c) Hybrid-Attack Scenario.
(c)nario; (c) Hybrid-Attack
Hybrid-Attack Scenario.Scenario.
 (a) (b) (c)

Appl. Sci. 2023, 13, 4878

Figure 7. DAO Transmission Rate Results: (a) Single-Attack Scenario; (b) Composite-Attack Sce-
16 of 23
nario; (c) Hybrid-Attack Scenario.

(a) (b) (c)

Figure 8. Energy Consumption Results: (a) Single-Attack Scenario; (b) Composite-Attack Scenario;
Figure 8. Energy Consumption Results: (a) Single-Attack Scenario; (b) Composite-Attack Scenario;
(c) Hybrid-Attack Scenario.
(c) Hybrid-Attack Scenario.

InInthe
thesingle-attack
single-attack scenarios,
scenarios, thethe
QoSQoS performance
performance degraded
degraded andnetwork
and the the network
becamebe-
came less stable while experiencing high increases in control traffic overhead
less stable while experiencing high increases in control traffic overhead and power con- and power
consumption.
sumption. TableTable 4 shows
4 shows that attacks
that single single attacks
caused acaused a reduction
reduction of up
of up to 13% in to
the13%
PDRinandthe
PDR and throughput in S1 and up to 20% in S2 and S3. In addition, high
throughput in S1 and up to 20% in S2 and S3. In addition, high increases in delay and ETXincreases in delay
ofand
up ETX
to 74% of were
up toexperienced
74% were experienced
considering allconsidering all three experimental
three experimental setups. Network setups. Net-
stability
work
was alsostability was also
significantly significantly
affected as shown affected as shown
in Figure in Figure
4a. It can be seen4a.
in Itallcan
thebe seen that
setups in all
the PPC rate increased by 3–8 changes/node on average. It was also very challenging for
the RPL network to maintain high beacon intervals during the different routing attacks as
shown in Figure 5a. In S1, the rates of DIO and DAO transmissions increased by more than
25 packets per minute as shown in Figures 6a and 7a. Scaling the network up in S2 and S3
made the situation even worse as more than 100 and 180 control packets were transmitted
per minute, respectively. Another increase was also experienced as the consumed energy
increased by more than 150% in all three experimental setups as indicated in Figure 8a.
When the performed RPL routing attacks became composite, more performance
degradation and stability difficulty were experienced. Compared to the single-attack
results, Table 5 shows that the QoS measures were adversely affected by the composite
attacks with up to 9% additional degradation. Figure 5b indicates a reduction of more than
20% in beacon interval. Control traffic transmission was increased by more than 17% as
shown in Figures 6b and 7b. Moreover, the results presented in Figures 4b and 8b indicate
high increases in the PPC rate by more than 12 changes/node on average and in the total
consumed energy by more than 400 joules, respectively.
The overall performance and stability of standard RPL networks became even worse
during hybrid RPL routing attacks. This was more apparent for the network overhead as can
be noticed in Figures 6c and 7c. That is, additional control traffic transmission of more than
40% was experienced during hybrid attacks compared with composite attacks. Another
noticeable divergence can be seen when comparing the PPC rates in Figure 4c. Clearly, the
hybrid attacks resulted in more unstable network topologies than the composite attacks.
There were more than 4 changes/node on average during the hybrid attacks considering
all the experimental setups. Figure 8c shows that energy consumption also increased by
more than 10%. The results presented in Table 6 indicate that the overall QoS performance
degraded by up to 7% considering all three experimental setups. It can be seen from the
overall results that hybrid routing attacks are generally more effective in targeting standard
RPL networks than other routing attack strategies.
Another important aspect is understanding the most adverse routing attack for stan-
dard RPL networks. Considering the single-attack scenarios, Table 4 shows that the VN
attack is the most effective routing attack when compared with the other attacks. Similar
observations can be made when examining the results of the composite-attack scenarios in
Table 5. Single and composite VN attacks resulted in additional QoS degradation by 2–9%
compared to the other attacks. The results presented in Figure 4a,b, Figure 5a,b, Figure 6a,b,
Figure 7a,b and Figure 8a,b also indicate the same outcome. Single and composite VN
attacks caused additional energy consumption by more than 17%. Higher DIO and DAO
Appl. Sci. 2023, 13, 4878 17 of 23

transmissions of more than 19 control packets per minute and higher PPC rates of up to
7 changes/node on average were also experienced during the single and composite VN
attacks. These observations became more evident as the network scaled up.
The next in the order of effectiveness for single- and composite-attack scenarios was
the rank attack. Although it had less overall impact than VN attacks, Tables 4 and 5
show that the rank attacks led to 9–25% less PDR and throughput in addition to 28–90%
additional delay and ETX considering all three experimental setups. The rank attacks also
led to noticeable increases in the PPC rate and energy consumption as shown in Figure 4a,b
and Figure 8a,b, respectively. However, the WP attack came next to the VN attacks when it
comes to the impact on network overhead. It resulted in higher control packet transmissions
than in the cases of rank and replay attacks. Compared to these attacks, 15–53% additional
transmissions were incurred by the WP attacks in single- and composite-attack scenarios
considering all three setups as presented in Figure 6a,b and Figure 7a,b.
The least effective routing attack among those under consideration was the replay
attack considering single- and composite-attack scenarios in all the setups. It resulted in a
less adverse impact on QoS performance by up to 7% and lower control traffic by up to 22
control packets per minute compared to the other attacks. The replay attacks also had a
less adverse effect on network stability and energy consumption but with very close results
to those of the WP attacks. Nevertheless, the replay attacks can still be regarded as harmful
RPL routing attacks with noticeable adverse impacts on network overhead and stability,
particularly in composite-attack scenarios and large-scale setups.
In hybrid-attack scenarios, the results show that the combination of VN–rank attacks
had the most significant impact on QoS performance and network stability considering all
the setups. These attacks incurred pronounced degradation of the QoS performance with
more than 19% reductions in PDR and throughput in addition to more than 48% increases
in delay and ETX as indicated in Table 6. The PPC rate increased to 38 changes/node on
average and the consumed energy reached a considerably high figure of almost 20,000
joules during the hybrid VN–rank attacks as shown in Figures 4c and 8c, respectively.
However, combining the VN and WP attacks led to close results with a higher impact on
network overhead. For example, Figures 6c and 7c show that this combination incurred
791 control packets per minute in S3, adding more than 16 control packets per minute
compared to the results of the hybrid VN–rank attacks. Considering all the setups, it can be
seen that combining the VN attack with either rank or WP attacks yields the most effective
attack strategies to target standard RPL networks.
Next to these hybrid attacks in the order of effectiveness were the combinations of
VN and replay attacks as well as rank and WP attacks. These attacks resulted in degraded
QoS performance with more than 13% reductions in PDR and throughput in addition to
more than 34% increases in delay and ETX as indicated in Table 6. They also incurred high
network overhead with the transmission of up to 791 control packets per minute as shown
in Figures 6c and 7c. Figure 8c shows that they caused high energy consumption of up to
17,262 joules. However, these two combinations of hybrid attacks were less effective than
the composite VN attacks, particularly for network overhead and energy consumption.
Figures 6b and 7b show that composite VN attacks resulted in up to 19 additional control
packets per minute and Figure 8b shows that they led to up to 1191 additional joules.
Regarding QoS performance and network stability, composite VN attacks still had a higher
impact but with very close results to the aforementioned hybrid attacks.
Similarly, the results also show that the composite rank and composite WP attacks
were more effective than some of the hybrid attacks. For example, the composite rank
attack resulted in more degraded QoS measurements and higher energy consumption than
the hybrid VN–replay, rank–replay, and WP–replay attacks. The composite WP attack also
incurred higher network overhead compared to the hybrid WP–replay and rank–replay
attacks. In addition, the hybrid attacks with the least effectiveness were the WP–replay
and rank–replay attacks. The hybrid WP–replay attacks had the least impact on QoS
performance, network stability, and power consumption whereas the hybrid rank–replay
Appl. Sci. 2023, 13, 4878 18 of 23

attacks were the least effective in targeting network overhead. However, the composite
replay attacks yielded less impact on RPL networks than these two combinations and any
other hybrid attacks.
Another critical consideration is investigating the effectiveness of routing attacks as
the RPL network scales up. In single-attack scenarios, the average degradations in QoS
measures and network overhead were very close in S1 and S2 whereas a difference of 5–10%
was noticed in S3. Similarly, energy consumption and network stability measures were
more affected by increasing the scale of the network. Similar observations can also be made
for the composite-attack scenarios as the impact of the routing attacks on the large-scale
setup of S3 was more apparent. Although this scalability effect was evident for all the
routing attacks, the VN and rank attacks had a slightly higher impact as the network scaled
up considering both single- and composite-attack scenarios. For example, the VN and rank
attacks caused the QoS measures to degrade by 7–18% in S3 compared to the results of S1
and S2 whereas the QoS degradations were up to 15% in the cases of other routing attacks
as indicated in Tables 4 and 5. In hybrid-attack scenarios, the impact of routing attacks
was amplified as the size of the network increased. For example, the PPC rate and energy
consumption increased by more than 11% as the network scaled up from S1 to S3 as shown
in Figures 4c and 8c, respectively. This can be noticed for all the hybrid-attack combinations
but was a bit more noticeable for the VN–rank and VN–WP attacks.

8. Discussion
A basic IoT network routing solution is provided by the IETF-standardized RPL. The
protocol design provides no security support for defending against the diverse types of
routing attacks. In fact, the inherent design properties and characteristics of RPL make
it easy to initiate a set of routing attacks targeting overall network performance and
stability. The RPL topology establishment process enables utilizing the vulnerable ranking
mechanism for impairing the protocol functionality and incurring sub-optimal routing.
The basic topology maintenance process of RPL also allows the launching of DoS attacks
by arbitrarily tampering with the unsecured version numbering mechanism and initiating
frequent illegitimate global repairs. In addition, RPL has an intrinsic vulnerability to
passive impersonation as it has no mechanism to prevent eavesdropping and manipulation
of control data.
Overall QoS performance can be easily and effectively targeted in different routing
attack scenarios. In simple attack scenarios of a small-scale network with a single attacker,
a reduction of up to 13% in PDR and throughput as well as an increase of more than 35% in
delay and ETX were incurred. As the attack scenario becomes more complex with hybrid
attacks in large-scale networks, the situation becomes even worse with a reduction of more
than 32% in PDR and throughput in addition to an increase of more than 90% in delay
and ETX. This makes it extremely challenging to foster the deployment of standard RPL
networks in latency-sensitive and real-time IoT applications.
It is also evident that attacked RPL networks suffer from significant degradation in
network overhead, energy consumption, and topology stability. The adverse effects are
extremely significant in large-scale setups which are common for most IoT applications
such as the smart city application. The overhead in the network can noticeably increase
by more than 700% in single-attack scenarios whereas the increase can reach more than
900% in the cases of hybrid-attacks scenarios. Increases of more than 200% in energy
consumption can also be easily achieved particularly when performing complex routing
attacks. In addition, simple routing attack scenarios caused RPL networks to stay unstable
with a high increase of more than 1000% in topology changes.
It is apparent that standard RPL networks without additional security support face
serious security difficulties. The networks would permanently become at high risk of
critical performance degradation as a result of easy-to-initiate routing attacks. Thus, the
technical efficiency and practical feasibility of RPL network deployment in critical IoT
applications become questionable. As addressing such an issue becomes inevitable, the
Appl. Sci. 2023, 13, 4878 19 of 23

practical performance understanding established in this paper provides the basis for the
development of advanced RPL security support. The presented results can serve as a
practical reference for effectively comprehending RPL-based IoT networks under routing
attacks. This is an important step towards enriching the security of the protocol and
reviving its potential for a broad range of IoT applications.
The lessons learned in this study can be summarized as follows:
• RPL networks perform well under no attacks. Even in large-scale scenarios, high QoS
performance was achieved and the network stays highly stable while maintaining low
control traffic overhead and power consumption.
• RPL lacks a standardized security-provisioning functionality against internal routing
attacks. In the absence of integrated security support, wide deployments of RPL
networks would be highly hindered, particularly for security-critical IoT applications.
• RPL networks are inherently prone to a wide range of routing attacks that can be easily
initiated by any compromised node. Even in the case of a complex routing attack,
multiple attacking nodes can simply perform multiple attacks simultaneously in a
composite- or hybrid-attack setup.
• QoS performance and topology stability of RPL networks can be effectively targeted
by routing attacks, particularly composite and hybrid ones. In addition, these attacks
provide an effective method to highly increase network overhead and energy con-
sumption. The damage would be significant in a way that can cause RPL networks to
collapse with complete communication disruption and data loss.
• RPL networks of a large scale suffer severe side effects from the routing attacks.
As most IoT applications would involve a high number of nodes, the use of RPL
without protection from such attacks would become a matter of security. Incorporating
standard RPL routing into large-scale IoT networking for daily sensitive applications
would make networks at permanent security risk of adverse routing attacks.
• Targeting RPL networks with hybrid attacks combining different routing attacks
at once is a new routing attack approach in the context of RPL networking. The
adverse impact of this kind of attack on RPL networks is highly evident. As most of
the enhancements to RPL properties have been made at the protocol, topology, and
communication levels to alleviate simple security-deteriorated situations, this study
provides an intensive investigation of hybrid attacks to stimulate further advanced
RPL security solutions.
• Experimental simulation testing has been the predominant evaluation methodology
that ensures simplicity and reproducibility. This method also enables studying exper-
imental issues such as scalability in an easy and cost-effective manner. Backing up
such a method with realistic experimentation over physical testbeds is an important
consideration. A shift towards such a viable integrated methodology is feasible to
increase evaluation practicality. This study provides the initial major step toward such
a strategy.
The functionality of RPL leaves enough room for further improvement toward effective
security support. The protocol design of RPL comes with the flexibility to incorporate
effective and advanced protection against routing attacks. Security-oriented optimization
of different RPL operational aspects can be considered in this regard. For example, RPL
can be incorporated with secure OF design, node ranking algorithms, topology update
validation methods, and integrity-preserved message exchange. However, the balance
between efficiency and complexity should be emphasized as a key security design issue that
needs to be effectively addressed before implementing RPL at scale. Security solutions for
RPL networks should be effectively developed at minimal computational complexity and
resource consumption. Here are some perspectives that can be considered when developing
RPL security support:
• RPL completely relies on the behavior of parent nodes during topology establishment
and updates. Malicious and illegitimate activities affect all the neighbor and child
nodes at the lower hierarchical levels of the affected topological zones. By enhancing
Appl. Sci. 2023, 13, 4878 20 of 23

the interaction and controlling the association among parent and child nodes, the
protection of RPL networks from rank attacks can be effectively achieved.
• Although it is specified that global repairs are only performed by the sink node,
the protocol design provides no guarantee of immunity to VN attacks imitated by
compromised nodes. RPL nodes blindly participate in any global repair without
verifying the legitimacy of the process. It is important to ensure strict adherence to
the RPL specification and prevent any topology updates coming from non-sink nodes
and taking a direction other than the downward direction. This requires effective
collaboration among RPL nodes to enable efficient verification of global repairs in a
distributed manner.
• RPL topology establishment and maintenance processes are managed by the exchange
of control information transmitted in a systematic and periodical manner. Monitoring
abnormal behaviors and validating data integrity are vital to preventing the misuse of
routing information and initiation of replay attacks.
• Assuming the applicability of a single-attack mitigation solution to defend composite
ones would not be a feasible strategy. Composite ones require more collaborative and
distributed mechanisms to be effectively detected and mitigated.
• It is challenging to mitigate hybrid attacks without addressing the different RPL rout-
ing attacks with a one-solution-fits-all approach. Jointly addressing and optimizing
multiple network security aspects at different levels need to be achieved in a customiz-
able and efficient manner. The fusion of multiple technological advancements into an
RPL security architecture would be a feasible consideration in this regard.
• Validating the feasibility of any solution in only small-scale scenarios is not sufficient
to ensure its efficiency and avoid scalability issues. More emphasis needs to be placed
on large-scale experimentation when validating RPL security solutions.
• It is important to emphasize not adding much to the complexity of the RPL design
when enhancing RPL functionality to a further security limit. Security solutions need
to be effective without imposing additional entities, high computational complexity,
and unnecessary communication overhead. This can be approached with effective
modifications to certain RPL operational properties, particularly those related to
topology establishment and maintenance.

9. Conclusions
It is evident that the RPL routing protocol is still vulnerable to a wide range of security
attacks. RPL design has no sufficient security support for network resilience against the
different internal routing attacks. The experimental study presented in this paper helps
in establishing a firm understanding of the performance of RPL networks under a set of
diverse routing attack scenarios. The outcome of this work can serve as a practical reference
for deeply comprehending RPL-based IoT networks under routing attacks. This is an
important step towards the development of effective security solutions for enriching the
security of the protocol and reviving its potential for a wider scope of IoT applications.
The results indicate the adverse impacts of routing attacks on the overall performance
of RPL networks. Even in simple attack scenarios, the networks experienced noticeable
degradation of QoS performance and network stability in addition to considerable increases
in control traffic overhead and energy consumption. This was more evident in large-scale
experimental setups and also under composite and hybrid attacks.
Considering these implications of the routing attacks in RPL networks, the develop-
ment of more secure routing mechanisms becomes vital. Without efficient security support,
compromising the integrity of the RPL control messages becomes easy. However, security
solutions should be developed based on a lightweight and simple approach. This is crucial
given the limited capabilities of typical IoT devices which operate in low-power and lossy
networks. Utilizing the outcomes of this study for addressing such considerations in an
effective routing security solution is the main target for our future work. The focus will
Appl. Sci. 2023, 13, 4878 21 of 23

be on the development of an integrated RPL security architecture that provides effective

protection from potential RPL routing attacks.

Author Contributions: Conceptualization, I.S.A. and M.A.; methodology, I.S.A. and M.A.; software,
I.S.A. and M.A.; validation, I.S.A. and M.A.; formal analysis, I.S.A. and M.A.; investigation, I.S.A.
and M.A.; resources, I.S.A.; data curation, I.S.A. and M.A.; writing—original draft preparation,
I.S.A.; writing—review and editing, I.S.A. and M.A.; visualization, M.A.; supervision, I.S.A.; project
administration, I.S.A.; funding acquisition, I.S.A. All authors have read and agreed to the published
version of the manuscript.
Funding: The researchers would like to thank the Deanship of Scientific Research, Qassim University
for funding the publication of this project.
Institutional Review Board Statement: Not applicable.
Informed Consent Statement: Not applicable.
Data Availability Statement: Data are available upon request.
Conflicts of Interest: The authors declare no conflict of interest.

References
1. Fantana, N.L.; Riedel, T.; Schlick, J.; Ferber, S.; Hupp, J.; Miles, S.; Michahelles, F.; Svensson, S. IoT Applications—Value Creation
for Industry. In Internet of Things: Converging Technologies for Smart Environments and Integrated Ecosystems; Vermesan, O., Friess, P.,
Eds.; River Publishers: Gistrup, Denmark, 2022; pp. 153–206. [CrossRef]
2. Al-rawashdeh, M.; Keikhosrokiani, P.; Belaton, B.; Alawida, M.; Zwiri, A. IoT Adoption and Application for Smart Healthcare: A
Systematic Review. Sensors 2022, 22, 5377. [CrossRef]
3. Farooq, M.S.; Sohail, O.O.; Abid, A.; Rasheed, S. A Survey on the Role of IoT in Agriculture for the Implementation of Smart
Livestock Environment. IEEE Access 2022, 10, 9483–9505. [CrossRef]
4. Sujey, L. Number of Internet of Things (IoT) Connected Devices Worldwide in 2018, 2025 and 2030. Available online: https:
//www.statista.com/statistics/802690/worldwide-connected-devices-by-access-technology/ (accessed on 15 January 2023).
5. Manyika, J.; Chui, M.; Bisson, P.; Woetzel, J.; Dobbs, R.; Bughin, J.; Aharon, D. The Internet of Things: Mapping the Value beyond the
Hype; McKinsey Global Institute: New York, NY, USA, 2015.
6. Dohler, M.; Watteyne, T.; Winter, T.; Barthel, D. Routing Requirements for Urban Low-Power and Lossy Networks; IETF RFC 5548;
IETF: Wilmington, DE, USA, 2009. [CrossRef]
7. Pister, K.; Thubert, P.; Dwars, S.; Phinney, T. Industrial Routing Requirements in Low-Power and Lossy Networks; IETF RFC 5673; IETF:
Wilmington, DE, USA, 2009. [CrossRef]
8. Martocci, J.; Mil, P.D.; Riou, N.; Vermeylen, W. Building Automation Routing Requirements in Low-Power and Lossy Networks; IETF
RFC 5867; IETF: Wilmington, DE, USA, 2010. [CrossRef]
9. Brandt, A.; Buron, J.; Porcu, G. Home Automation Routing Requirements in Low-Power and Lossy Networks; IETF RFC 5826; IETF:
Wilmington, DE, USA, 2010. [CrossRef]
10. Winter, T.; Thubert, P.; Brandt, A.; Hui, J.; Kelsey, R.; Levis, P.; Pister, K.; Struik, R.; Vasseur, J.; Alexander, R. RPL: IPv6 Routing
Protocol for Low-Power and Lossy Networks; IETF RFC 6550; IETF: Wilmington, DE, USA, 2012. [CrossRef]
11. Tsao, T.; Alexander, R.; Dohler, M.; Daza, V.; Lozano, A.; Richardson, M. A Security Threat Analysis for the Routing Protocol for
Low-Power and Lossy Networks (RPLs); IETF RFC 7416; IETF: Wilmington, DE, USA, 2015. [CrossRef]
12. Perazzo, P.; Vallati, C.; Arena, A.; Anastasi, G.; Dini, G. An Implementation and Evaluation of the Security Features of RPL. In
Proceedings of the 16th International Conference Ad-Hoc Networks and Wireless, Messina, Italy, 20–22 September 2017; pp.
63–76. [CrossRef]
13. Raoof, A.; Matrawy, A.; Lung, C.H. Enhancing Routing Security in IoT: Performance Evaluation of RPL’s Secure Mode Under
Attacks. IEEE Internet Things J. 2020, 7, 11536–11546. [CrossRef]
14. Mayzaud, A.; Badonnel, R.; Chrisment, I. A Taxonomy of Attacks in RPL-based Internet of Things. Int. J. Netw. Secur. (IJNS) 2016,
18, 459–473. [CrossRef]
15. Bang, A.O.; Rao, U.P.; Kaliyar, P.; Conti, M. Assessment of Routing Attacks and Mitigation Techniques with RPL Control Messages:
A Survey. ACM Comput. Surv. 2023, 55, 1–36. [CrossRef]
16. Al-Hadhrami, Y.; Hussain, F.K. DDoS Attacks in IoT Networks: A Comprehensive Systematic Literature Review. World Wide Web
2021, 24, 971–1001. [CrossRef]
17. Pongle, P.; Chavan, G. A survey: Attacks on RPL and 6LoWPAN in IoT. In Proceedings of the International Conference on
Pervasive Computing (ICPC), Pune, India, 8–10 January 2015; pp. 1–6. [CrossRef]
18. Altulaihan, E.; Almaiah, M.A.; Aljughaiman, A. Cybersecurity Threats, Countermeasures and Mitigation Techniques on the IoT:
Future Research Directions. Electronics 2022, 11, 3330. [CrossRef]
Appl. Sci. 2023, 13, 4878 22 of 23

19. Morgan, S. Global Cybersecurity Spending Predicted to Exceed \$1 Trillion From 2017–2021. Cybercrime Magazine, June 2019.
Available online: https://cybersecurityventures.com/cybersecurity-market-report/ (accessed on 15 January 2023).
20. Kushalnagar, N.; Montenegro, G.; Hui, J.; Culler, D. Transmission of IPv6 Packets over IEEE 802.15.4 Networks; IETF RFC 4944; IETF:
Wilmington, DE, USA, 2007. [CrossRef]
21. Hui, J.; Thubert, P. Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks; IETF RFC 6282; IETF: Wilmington,
DE, USA, 2011. [CrossRef]
22. Vasseur, J.P.; Kim, M.; Pister, K.; Dejean, N.; Barthel, D. Routing Metrics Used for Path Calculation in Low-Power and Lossy Networks;
IETF RFC 6551; IETF: Wilmington, DE, USA, 2012. [CrossRef]
23. Thubert, P. Objective Function Zero for the Routing Protocol for Low-Power and Lossy Networks (RPL); IETF RFC 6552; IETF: Wilmington,
DE, USA, 2012. [CrossRef]
24. Gnawali, O.; Levis, P. The Minimum Rank with Hysteresis Objective Function; IETF RFC 6719; IETF: Wilmington, DE, USA, 2012.
[CrossRef]
25. Levis, P.; Clausen, T.; Hui, J.; Gnawali, O.; Ko, J. The Trickle Algorithm; IETF RFC 6206; IETF: Wilmington, DE, USA, 2011. [CrossRef]
26. Avila, K.; Jabba, D.; Gomez, J. Security Aspects for RPL-Based Protocols: A Systematic Review in IoT. Appl. Sci. 2020, 10, 6472.
[CrossRef]
27. Butun, I.; Österberg, P.; Song, H. Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures. IEEE Commun.
Surv. Tutor. 2020, 22, 616–644. [CrossRef]
28. Verma, A.; Ranga, V. Security of RPL based 6LoWPAN Networks in the Internet of Things: A Review. IEEE Sens. J. 2020, 20,
5666–5690. [CrossRef]
29. Raoof, A.; Matrawy, A.; Lung, C.H. Routing Attacks and Mitigation Methods for RPL-Based Internet of Things. IEEE Commun.
Surv. Tutor. 2019, 21, 1582–1606. [CrossRef]
30. Kumar, A.; Matam, R.; Shukla, S. Impact of Packet Dropping Attacks on RPL. In Proceedings of the 4th International Conference
on Parallel, Distributed and Grid Computing (PDGC), Waknaghat, India, 22–24 December 2016; pp. 694–698. [CrossRef]
31. Samuel, C.; Alvarez, B.M.; Ribera, E.G.; Ioulianou, P.P.; Vassilakis, V.G. Performance Evaluation of a Wormhole Detection
Method using Round-Trip Times and Hop Counts in RPL-Based 6LoWPAN Networks. In Proceedings of the 12th International
Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP), Porto, Portugal, 20–22 July 2020;
pp. 1–6. [CrossRef]
32. Perazzo, P.; Vallati, C.; Varano, D.; Anastasi, G.; Dini, G. Implementation of a Wormhole Attack Against a RPL Network:
Challenges and Effects. In Proceedings of the 14th Annual Conference on Wireless On-demand Network Systems and Services
(WONS), Isola, France, 6–8 February 2018; pp. 95–102. [CrossRef]
33. Mohapatro, M.; Snigdh, I. An Experimental Study of Distributed Denial of Service and Sink Hole Attacks on IoT based Healthcare
Applications. Wirel. Pers. Commun. 2021, 121, 707–724. [CrossRef]
34. Rajasekar, V.R.; Rajkumar, S. A Study on Impact of DIS flooding Attack on RPL-based 6LowPAN Network. Microprocess. Microsyst.
2022, 94, 104675. [CrossRef]
35. Nguyen, T.; Ngo, T.; Nguyen, T.; Tran, D.; Tran, H.A.; Bui, T. The Flooding Attack in Low Power and Lossy Networks: A Case
Study. In Proceedings of the International Conference on Smart Communications in Network Technologies (SaCoNeT), El Oued,
Algeria, 27–31 October 2018; pp. 183–187. [CrossRef]
36. Kalita, A.; Brighente, A.; Khatua, M.; Conti, M. Effect of DIS Attack on 6TiSCH Network Formation. IEEE Commun. Lett. 2022, 26,
1190–1193. [CrossRef]
37. Baghani, A.S.; Rahimpour, S.; Khabbazian, M. The DAO Induction Attack: Analysis and Countermeasure. IEEE Internet Things J.
2022, 9, 4875–4887. [CrossRef]
38. Verma, A.; Ranga, V. The Impact of Copycat Attack on RPL based 6LoWPAN Networks in Internet of Things. Computing 2021,
103, 1479–1500. [CrossRef]
39. Mayzaud, A.; Sehgal, A.; Badonnel, R.; Chrisment, I.; Schönwälder, J. A Study of RPL DODAG Version Attacks. In Monitoring
and Securing Virtualized Networks and Services; Sperotto, A., Doyen, G., Latré, S., Charalambides, M., Stiller, B., Eds.; Springer:
Berlin/Heidelberg, Germany, 2014; Volume 8508, pp. 92–104. [CrossRef]
40. Aris, A.; Oktug, S.F.; Berna Ors Yalcin, S. RPL Version Number Attacks: In-depth Study. In Proceedings of the IEEE/IFIP Network
Operations and Management Symposium, Istanbul, Turkey, 25–29 April 2016; pp. 776–779. [CrossRef]
41. Ambarkar, S.S.; Shekokar, N. Critical and Comparative Analysis of DoS and Version Number Attack in Healthcare IoT System. In
Proceedings of the First Doctoral Symposium of Natural Computing Research, Pune, India, 29 April–2 May 2020; pp. 301–312.
[CrossRef]
42. Arış, A.; Oktuğ, S.F. Analysis of the RPL Version Number Attack with Multiple Attackers. In Proceedings of the International
Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), Dublin, Ireland, 15–17 June 2020; pp.
1–8. [CrossRef]
43. Rouissat, M.; Belkheir, M.; Belkhira, H. A Potential Flooding Version Number Attack Against RPL based IOT Networks. J. Electr.
Eng. 2022, 73, 267–275. [CrossRef]
44. Sharma, G.; Grover, J.; Verma, A. Performance Evaluation of Mobile RPL-based IoT Networks under Version Number Attack.
Comput. Commun. 2023, 197, 12–22. [CrossRef]
Appl. Sci. 2023, 13, 4878 23 of 23

45. Bang, A.; Rao, U.P. Impact Analysis of Rank Attack on RPL-Based 6LoWPAN Networks in Internet of Things and Aftermaths.
Arab. J. Sci. Eng. 2022, 48, 2489–2505. [CrossRef]
46. Le, A.; Loo, J.; Lasebae, A.; Vinel, A.; Chen, Y.; Chai, M. The Impact of Rank Attack on Network Topology of Routing Protocol for
Low-Power and Lossy Networks. IEEE Sens. J. 2013, 13, 3685–3692. [CrossRef]
47. Dogan, C.; Yilmaz, S.; Sen, S. Analysis of RPL Objective Functions with Security Perspective. In Proceedings of the 11th
International Conference on Sensor Networks (SENSORNETS), Online Streaming, 7–8 February 2022; pp. 71–80. [CrossRef]
48. Sharma, S.; Verma, V.K. Security Explorations for Routing Attacks in Low Power Networks on Internet of Things. J. Supercomput.
2021, 77, 4778–4812. [CrossRef]
49. Hkiri, A.; Karmani, M.; Machhout, M. The Routing Protocol for Low Power and Lossy Networks (RPL) under Attack: Simulation
and Analysis. In Proceedings of the 5th International Conference on Advanced Systems and Emergent Technologies (IC_ASET),
Hammamet, Tunisia, 22–25 March 2022; pp. 143–148. [CrossRef]
50. Verma, A.; Ranga, V. Analysis of Routing Attacks on RPL based 6LoWPAN Networks. Int. J. Grid Distrib. Comput. 2018, 11, 43–56.
[CrossRef]
51. Le, A.; Loo, J.; Luo, Y.; Lasebae, A. The Impacts of Internal Threats Towards Routing Protocol for Low Power and Lossy Network
Performance. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Split, Croatia, 7–10 July 2013;
pp. 789–794. [CrossRef]
52. Tmote Sky Datasheet, Moteiv Corporation. Available online: https://insense.cs.st-andrews.ac.uk/files/2013/04/tmote-sky-
datasheet.pdf (accessed on 3 November 2022).
53. Zolertia, “Z1 Datasheet”, Zolertia Advancare, March 2010. Available online: http://zolertia.sourceforge.net/wiki/images/e/e8
/Z1_RevC_Datasheet.pdf (accessed on 3 November 2022).
54. TelosB Datasheet, Document Part Number: 6020-0094-01 Rev B, Crossbow Technology Inc., San Jose, CA, USA. Available online:
https://www.willow.co.uk/TelosB_Datasheet.pdf (accessed on 3 November 2022).
55. MICAz. Wireless Measurement System Datasheet, Document Part Number: 6020-0060-04 Rev A; Crossbow Technology Inc.: San Jose,
CA, USA; Available online: http://courses.ece.ubc.ca/494/files/MICAz_Datasheet.pdf (accessed on 3 November 2022).
56. Dunkels, A.; Gronvall, B.; Voigt, T. Contiki- a Lightweight and Flexible Operating System for Tiny Networked Sensors. In
Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks, Tampa, FL, USA, 16–18 November
2004; pp. 455–462. [CrossRef]

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual
author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to
people or property resulting from any ideas, methods, instructions or products referred to in the content.