A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)
RFC 7416
Internet Engineering Task Force (IETF) T. Tsao
Request for Comments: 7416 R. Alexander
Category: Informational Eaton's Cooper Power Systems Business
ISSN: 2070-1721 M. Dohler
CTTC
V. Daza
A. Lozano
Universitat Pompeu Fabra
M. Richardson, Ed.
Sandelman Software Works
January 2015
A Security Threat Analysis for
the Routing Protocol for Low-Power and Lossy Networks (RPLs)
Abstract
This document presents a security threat analysis for the Routing
Protocol for Low-Power and Lossy Networks (RPLs). The development
builds upon previous work on routing security and adapts the
assessments to the issues and constraints specific to low-power and
lossy networks. A systematic approach is used in defining and
evaluating the security threats. Applicable countermeasures are
application specific and are addressed in relevant applicability
statements.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7416.
Tsao, et al. Informational [Page 1]
RFC 7416 Security Threat Analysis for ROLL RPL January 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Relationship to Other Documents . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Considerations on RPL Security . . . . . . . . . . . . . . . 5
4.1. Routing Assets and Points of Access . . . . . . . . . . . 6
4.2. The ISO 7498-2 Security Reference Model . . . . . . . . . 8
4.3. Issues Specific to or Amplified in LLNs . . . . . . . . . 10
4.4. RPL Security Objectives . . . . . . . . . . . . . . . . . 12
5. Threat Sources . . . . . . . . . . . . . . . . . . . . . . . 13
6. Threats and Attacks . . . . . . . . . . . . . . . . . . . . . 13
6.1. Threats Due to Failures to Authenticate . . . . . . . . . 14
6.1.1. Node Impersonation . . . . . . . . . . . . . . . . . 14
6.1.2. Dummy Node . . . . . . . . . . . . . . . . . . . . . 14
6.1.3. Node Resource Spam . . . . . . . . . . . . . . . . . 15
6.2. Threats Due to Failure to Keep Routing Information
Confidential . . . . . . . . . . . . . . . . . . . . . . 15
6.2.1. Routing Exchange Exposure . . . . . . . . . . . . . . 15
6.2.2. Routing Information (Routes and Network Topology)
Exposure . . . . . . . . . . . . . . . . . . . . . . 15
6.3. Threats and Attacks on Integrity . . . . . . . . . . . . 16
6.3.1. Routing Information Manipulation . . . . . . . . . . 16
6.3.2. Node Identity Misappropriation . . . . . . . . . . . 17
6.4. Threats and Attacks on Availability . . . . . . . . . . . 18
6.4.1. Routing Exchange Interference or Disruption . . . . . 18
6.4.2. Network Traffic Forwarding Disruption . . . . . . . . 18
6.4.3. Communications Resource Disruption . . . . . . . . . 20
6.4.4. Node Resource Exhaustion . . . . . . . . . . . . . . 20
Tsao, et al. Informational [Page 2]
Show full document text