@article{15811, keywords = {IPv6, Security, Internet of things, RPL, 6LoWPAN, Sybil attack, Wormhole attack}, author = {Pallavi Kaliyar and Wafa Ben Jaballah and Mauro Conti and Chhagan Lal}, title = {LiDL: Localization with early detection of sybil and wormhole attacks in IoT Networks}, abstract = {The Internet of Things (IoT) is recognized as a disruptive innovation that has been led by industry leaders and researchers. IoT promises to improve our daily life based on smart objects interacting with each other, and that can be connected to the Internet. Building a security framework into this new paradigm is a significant technical challenge today. It is mainly due to the low-cost and resource-constrained nature of IoT devices. In most of the IoT application scenarios, the routing is done by the de-facto standard protocol called routing protocol for low power and lossy networks (RPL). The use of RPL is suitable due to its energy-efficient schemes, availability of secure and multiple communication modes, and adaptivity to work in various IoT network scenarios. Hence, many researchers are now focusing on RPL related security issues. To this end, our work provides a concise description of two major threats to RPL called sybil and wormhole attacks. Moreover, we propose two solutions to detect these attacks in RPL-based IoT networks. Specifically, our proposed techniques exploit the concept of Highest Rank Common Ancestor (HRCA) to find a common ancestor with the highest rank among all the ancestors that a pair of nodes have in the target network tree. Our two detection algorithms not only detect an ongoing attack but also localizes the position of the adversary in the network. Thus, it makes the mitigation process lightweight and fast. We implement the two approaches in Cooja, the Contiki network emulator. The results obtained from our experiments demonstrate the feasibility of the proposals concerning true positive rate, detection time, packet loss ratio, memory consumption, and network overhead. Our techniques show promising to cover more complex scenarios in the future.}, year = {2020}, journal = {Computers and Security, Elsevier}, volume = {94}, publisher = {Elsevier}, issn = {0167-4048}, doi = {https://doi.org/10.1016/j.cose.2020.101849}, }