datatracker.ietf.org
Sign in
Version 5.6.3.p2, 2014-09-29
Report a bug

Version Number and Rank Authentication
draft-dvir-roll-security-authentication-01

Document type: Expired Internet-Draft (individual)
Document stream: No stream defined
Last updated: 2012-07-12 (latest revision 2012-01-09)
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

Stream State:No stream defined
Document shepherd: No shepherd assigned

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:
http://www.ietf.org/archive/id/draft-dvir-roll-security-authentication-01.txt

Abstract

Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of constrained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low- power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. Therefore, in RPL special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop or manipulate a large part of the network traffic. In this document, a new security service is described that prevents any misbehaving DODAG node from illegitimately increasing the Version Number or publish illegitimately decreased Rank values.

Authors

Amit Dvir <azdvir@gmail.com>
Laszlo Dora <laszlo.dora@crysys.hu>
Levente Buttyan <buttyan@crysys.hu>
Tamas Holczer <tamas.holczer@crysys.hu>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)