Cyber-Physical Systems

ISSN: (Print) (Online) Journal homepage: https://www.tandfonline.com/loi/tcyb20

Novel Authentication and Secure Trust based

RPL Routing in Mobile sink supported Internet of
Things

Bandarupalli Rakesh & Parveen Sultana H

To cite this article: Bandarupalli Rakesh & Parveen Sultana H (2021): Novel Authentication and
Secure Trust based RPL Routing in Mobile sink supported Internet of Things, Cyber-Physical
Systems, DOI: 10.1080/23335777.2021.1933194

To link to this article: https://doi.org/10.1080/23335777.2021.1933194

Published online: 18 Jun 2021.

Submit your article to this journal

Article views: 12

View related articles

View Crossmark data

Full Terms & Conditions of access and use can be found at

https://www.tandfonline.com/action/journalInformation?journalCode=tcyb20
CYBER-PHYSICAL SYSTEMS
https://doi.org/10.1080/23335777.2021.1933194

Novel Authentication and Secure Trust based RPL Routing

in Mobile sink supported Internet of Things
Bandarupalli Rakesh and Parveen Sultana H
School of Computer Science and Engineering, VIT University, Vellore, Tamil Nadu, India

ABSTRACT ARTICLE HISTORY

In the modern era, prevalence of the Internet of Things (IoT) Received 30 June 2020
devices that have de facto protocol as IPv6 routing protocol Accepted 18 May 2021
for low power and lossy networks (RPL). Yet, RPL protocol is KEYWORDS
vulnerable to many attacks such as rank attack, password Internet of Things (IoT);
spoofing and more. To this end, most of the works have routing protocol for low
focused their research on securing the RPL-based IoT net­ power lossy network (RPL);
work. However, still there exist downsides such as high destination oriented directed
energy consumption, lack of effective authentication and acyclic graph (DODAG);
high packet losses. Motivated by these preceding defects, authentication; secure
this paper proposes the Novel Authentication and Secure routing; mobile sink
Trust-based RPL Routing in Mobile sink-supported Internet
of Things (SecRPL-MS). At first, SecRPL-MS performs
a registration process where all IoT nodes in the network
register themselves in the security entity. In this work, the
frequent death of IoT nodes is alleviated through deploying
mobile sink in the network. If any grid member (GM) node
wants to transmit their data to the grid head (GH) node, then
it must undergo authentication process. Secure routing is
adopted in RPL by utilising the sail fish optimisation algo­
rithm. Each GM node encrypts its sensed data using the
prince algorithm before transmitting it to the GH node. The
moving points are selected for the mobile sink using the
Quantum Inspired Neural Network (QINN) algorithm. This
proposed SecRPL-MS performance is evaluated using the
Network Simulator 3 (NS3) in terms of the Packet Delivery
Ratio (%), Delay (ms), Energy Consumption (mJ), Key
Generation Time (ms) and Malicious Node Detection
Accuracy (%). The proposed SecRPL-Ms outperforms 23% of
malicious node detection accuracy when compared to exist­
ing systems, which represent the proposed SecRPL-MS sys­
tem providing high security by mitigating the following
attacks such as rank attack, Sybil attack, blackhole attack
and man in the middle attack.

I. Introduction
Internet of Things (IoTs) have accomplished noticeable attention among the
researchers and industrialist due to its numerous application such as smart

CONTACT Bandarupalli Rakesh bandarupallirakesh@gmail.com SCOPE, VIT University, Vellore, Tamil

Nadu, India
© 2021 Informa UK Limited, trading as Taylor & Francis Group
2 R. BANDARUPALLI AND P. S. H

home, military, healthcare and so on [1]. IoT technology permits smart devices
to perceive and control the environment effectually. The routing is one of the
major research areas in the IoT owing to the constraint nature of the IoT device
where the optimal parent node is selected to route the packet to the root node
[2]. RPL is one of the best standard protocols to route the data in the IoT network
[3]. Since, it is intentionally designed for resource-constrained devices to handle
the IoT device resources effectively. In RPL-based routing, destination oriented
directed acyclic graph (DODAG) is constructed to minimise the resource con­
sumption in IoT devices [4]. Here, the objective function (OF) is estimated to
select the best parent node to route the packet to the root node.
On the other hand, RPL tempts to face numerous attacks during data trans­
mission [5]. Hence, the security in RPL routing has become an integral part of the
IoT network to achieve secure data transmission. In order to resist the malicious
IoT node participation in data transmission, authentication is introduced in the
IoT network [6]. The authors in [7] have authenticated the IoT node using the
location-based service scheme. Here, the keys provided during the registration
process are verified for the authentication process. The two phase-based
authentication protocol is utilised to secure the RPL routing in the IoT network
[8].
There have been many works concentrated on trust evaluation-based secure
routing in RPL-based IoT network [9]. In general, there are two types in the trust
evaluation to select the effective path for data transmissions such as direct trust
and indirect or recommended trust. Here, the direct trust is estimated for the
neighbour nodes which are in direct communication. The recommended trust is
estimated for the neighbour nodes which are not in direct communication. The
authors in [10] have contributed trust-based authentication scheme for secure
data transmission in IoT. Authors in [11] have introduced the new trust metric-
based path selection in RPL routing in IoT. Here, the trust evaluation is per­
formed based on the direct and indirect trust of the parent nodes. The rank
attack is one of the significant attacks in the RPL-based IoT network [12]. In this,
the malicious node transmits false rank to its neighbour node that tends packet
losses and high delay during the data transmission. The trust-based approach is
introduced in [13] to detect the rank and Sybil attacks in the IoT.
To reduce the frequent death of the IoT nodes and to enhance the network
lifetime, the mobile sink-based data gathering approach is evolved [12,13, 14].
The mobile sink follows the fixed or dynamic path to gather the data from the
nodes present in the network. This way of gathering the data from the IoT nodes
reduces the energy consumption and also increases the network lifetime. In
[15], a circular path-based mobile sink movement is introduced where the
mobile sink gathers data from the head nodes present in the network. Here,
the mobile sink movement is performed based on a fixed path.
Till now, the works that are concentrated on the security in RPL-based IoT
network is discussed. Generally, RPL protocol in IoT faces many attacks such as
 CYBER-PHYSICAL SYSTEMS 3

rank attack, Sybil attack, blackhole attack, man in the middle attack. From this
analysis, it is well known that still, security provisioning in RPL has many issues.
They are discussed as follows:
Strong credentials are not taken during the IoT node authentication. Thus
tends to malicious node participation in the data transmission.
Most of the works have detected the rank attack with the aid of the neigh­
bour node list that doesn’t result in high detection results. It is because of a lack
of significant parameter consideration such as rank variance, DIO transmission
count and so on.
In literature, most of the works are not focused on context-based information
(number of child count, packet drop count) during the trust evaluation that
tends to packet losses during the data transmission.
Most of the works don’t give attention to the network construction in order
to reduce the energy consumption of the IoT node.

1.1. Contributions of SecRPL-MS

In this work, the issues that were encountered in the preceding works were
eradicated as listed above. To achieve this, SecRPL-MS contributes the following
processes:
The network is divided into equal size grids based on the overall commu­
nication range and node coverage. Here, each grid is managed by one grid head
(GH) node. After selecting the GH, DODAG construction process will be initi­
alised. All the nodes register their ID, Grid ID, location and PUF with the security
entity that executes Quartile-based unique number (U.NO) generation for which
it considers ID and registration time.
The SecRPL-MS method increases the security level by performing authenti­
cation process using GH and mobile sink nodes. Before that GM and GH
credentials are registered into the security entity. During registration Pseudo
ID (P.ID) is generated by using blake2b algorithm and Random Number (R.No) is
generated by Edwards curve algorithm. After completion of registration,
authentication will be initialised. GM node authentication is done by consider­
ing strong credentials such as G.ID, PUF and their location. And GH node is
authenticated using mobile sink node. Thus evades the malicious node partici­
pation during the data transmission.
SecRPL-MS selects the optimal route between the source and destination for
secure data transmission. It is achieved through the sail fish optimisation algo­
rithm by considering the direct trust, recommended trust, hop count and
energy. The data transmitted is secured by using the encryption process by
adopting the prince algorithm.
The proposed work selects the optimal moving point for the mobile sink
using the QINN algorithm which considers energy, buffer size, previous moving
4 R. BANDARUPALLI AND P. S. H

direction, time and distance. Thus avoiding data transmission delay and packet
losses in the IoT network.

1.2. Paper structure

The structure of this paper is concise as follows: Section II explains related works
that are related to security in the RPL-based IoT network along with their
limitations. Section III describes the problems that exist in previous works in
detail. Section IV illustrates our proposed SecRPL-MS method with our proposed
algorithms. Section V discusses the experimental results of our proposed work
with a detail comparison. Finally, section VI concludes our contribution and also
gives some comments on our future directions.

II. Related work

This section is dedicated to discuss the state of the art works that are relied on
the security in RPL-based IoT network. Here, we have provided the description
of the existing works along with their limitations. In summary, the related
works that are intended to provide security in the RPL-based IoT network still
have more issues. To this end, we have described limitations in each work in
the literature that are discussed. In order to eradicate these issues in litera­
ture, we have stated the objectives of our proposed SecRPL-MS work as
follows:
To reduce the energy depletion in the IoT network via introducing the mobile
sink-based data gathering.
To provide an effective authentication scheme using the strong credentials in
IoT network to mitigate the presence of malicious nodes.
To reduce packet losses during data transmission via selecting an optimal
path in the network by considering effective metrics.
To mitigate the selection of malicious nodes during packet transmission with
the aid of effective trust-related metrics.
By this way, our work proves better than existing works. Related work and its
limitations are discussed as follows:
Zhang et al. [16] have pointed out the lightweight authentication mechanism
in the RPL-based network. Here, the cuckoo filter-based method is used to select
the authenticated RPL node for the data transmission. The utilised cuckoo
algorithm performs hashing operation to secure the data transmitted. The
fingerprint of the IoT device is utilised for the authentication process. This
paper secures data using the hashing operation; however, it is susceptible to
the quantum attacks. Hence, the transmitted data could be easily forged by the
malicious attackers.
Dammak et al. [17] have introduced the token-based authentication mechan­
ism in the secure RPL-based IoT network. Here, the authentication is performed
 CYBER-PHYSICAL SYSTEMS 5

based on the token-based technique. The token is transmitted between the

trusted node and the IoT device. Using the given token, IoT nodes authenticate
themselves before transmitting data to the root node. In this, token is provided
for data transmission without getting their strong credentials. Thus leads to the
more packet losses during data transmission due to malicious node
intervention.
Zhou et al. [18] have offered the unlikeable authentication-based security in
the IoT network. It also performs the key exchange process in order to secure
the data transmission. For this purpose, it utilised the bilinear pairing algorithm.
Here, the user registers themselves using the ID, password mechanism. For the
registered IoT node, it generates the private and public keys to secure data
transmission. It is performed by adopting the key agreement-based protocol. In
this, keys are generated using the bilinear pairing algorithm which pursues
complex computational process that leads to high resource consumption.
Hence, it is not suitable for the IoT network.
Melki et al. [19] have introduced the multi factor-based authentication in the
IoT network. Here, the two lightweight cryptographic operations are performed
to authenticate the IoT node in the network. They are one way hash functions
and X-OR function. It generates the key for secure data transmission using the
AES algorithm. However, keys generated using the AES are easily forged by the
malicious users since it follows symmetric key process.
Shafique et al. [20] have offered the rank attack detection mechanism in the
RPL-based IoT network. In this, the rank attack is detected using the sink node
present in the RPL-based IoT network. It is detected by verifying the DAO
message transmitted between the root and IoT node. Here, the rank attack is
detected using the node current rank, previous rank and its parent rank through
the sink node. Still, the utilised mechanism cannot detect all attacker node in
the network. Since, it considers less significant parameters to detect the rank
attackers in the network. The fuzzy based trust routing protocol is utilised by
hashemi et al. [21] to perform secure routing in the RPL-based IoT network. In
this, fuzzy algorithm is used to estimate the trust for each path between source
and destination node. Here, the trust is estimated using the quality, environ­
ment risk and time status information. Using these parameters, fuzzy provides
final trust for each path between source and destination node. Yet, these
metrics are not sufficient to detect the attack like rank. It is because of the
lack of rank oriented metrics.
Trust-based secure routing model is introduced by Mehta et al. [22] in RPL-
based IoT network. Here, the direct and indirect trust are estimated to select the
secure route between source and destination. Here, the direct trust is evaluated
using the number of packets sent via the neighbour node. It also considers the
ranking check result where current and initial ranks are analysed. Here, the
indirect trust is computed using the recommendation provided by the common
neighbour. Still, this paper faced high packet loss and energy consumption
6 R. BANDARUPALLI AND P. S. H

problems since hop count and energy-related parameters are not considered.
Nikravan et al. [23] have offered the rank attack detection in the RPL-based IoT
network. Here, the rank attack is mitigated with the aid of the onsign algorithm.
Using this algorithm, rank transmitted by each node undergoes the signing
operation by verifying the signed rank achieved from the nodes in the network.
This paper detects the rank attack node in the network. However, the rank
attacker node changes its rank to lower position which couldn’t be prevented
using the signing operation.
The secure routing is ensured in RPL network via effective mechanism
which is offered by Zaminkar et al. [24]. In this, the behaviour of the node is
analysed using the effective mechanism to detect the attack in the network.
Here, the malicious node is identified using the rank verification process.
Herein, the rank of the node is estimated by verifying the rank and parent
rank in the network. Here, the route is not selected by considering the energy-
related metrics. Thus tends to reduce the network lifetime of the RPL-based
IoT network.
The mobile sink-based data gathering is pointed out by thyagarajan et al. [25]
in IoT network. In this, the opportunistic-based routing is applied in the IoT
network. The mobile sink adopts the quasi mobility pattern to gather data from
the IoT nodes in the network. Here, the mobile sink moves in the four corners of
the network area. After gathering the data from the four corners, mobile sink
moves the centre point of the network area. However, mobile sink moving path
is mostly based on the outlier of the network that tends to increase the data
transmission delay for the inner IoT node. Thus leads to more packet losses in
the network.
Al-Janabi et al. [26] have introduced the mobile sink-based data gathering in
the IoT network. In this, the optimal path for the mobile sink is determined using
the genetic algorithm. The genetic algorithm selects the best next moving point
to gather the data from the IoT devices in the network. Here, the distance is
computed to select the next best moving point in the IoT network. The main
purpose of mobile sink is to reduce the energy consumption of the IoT node in
the network. However, this paper doesn’t rely on energy-related parameters to
select the next moving point. Thus tends to reduce the network lifetime of the
IoT network.

III. Problem statement

In this portion, the problems present in the existing works associated with the
RPL-based IoT network are being explained. From preceding works, some of the
main problems that were addressed are specified as follows: In previous works,
RPL attacks are detected using the parameters such as neighbour list, parent
rank, interactions and so on. However, context-based information (number of
child node, DIO packet transmission count) are highly significant to detect the
 CYBER-PHYSICAL SYSTEMS 7

attacks like rank, blackhole, sybil and Man-In-The-Middle. Hence, absence of

these information leads to increase in attacker node participation in network. In
literature, authentication based works did not accomplish security in an effec­
tive manner. Since, they authenticate device using their ID, password-related
metrics which can be easily forged by attacker node. This leads to degrade the
legitimate node legality in the network by forging their credentials. Further,
preceding works that concentrated on mobile sink-based data gathering didn’t
reduce the path length to avoid the delay in the network. It is due to the
gathering of data from one or two nodes at a time in the network.
The background of the problems are discussed as follows: Path constrained
mobile sink (PCMS)-based data gathering is performed in [27] to increase the
network lifetime. Here, the convex node authenticates the nodes in the network
using the ID, Counter and number credentials which don’t result in effective
detection of malicious nodes in the network. This is because of lack of utilising
strong credentials for authentication such as PUF, location, registration time and
so on. The proposed modified elgamal algorithm consumes more resources
from devices since it generates cipher text, double the length of the plaintext.
Mobile sink moves only in the outer periphery of the network that tends to
a rapid depletion in the energy of the node inside the network. Thus tends to
result in poor network lifetime. A secure trust aware routing protocol (SecTrust)
is introduced in [28] to secure the RPL-based IoT network. In this, the rank attack
is detected by analysing the node, which transmits the DIO sequence is present
in its neighbour list. Since, there may be a chance of compromised nodes
existing in the list of legitimate nodes. The presence of malicious node identi­
fication (trust estimation) during data transmission is not effective owing to
absence in context-based information such as number of children, DIO packet
transmission count and so on. This leads to the misdetection of malicious nodes
or camouflage of malicious nodes in the network. In addition, it selects the next
parent based on the ETX metric which increases the energy consumption of IoT
nodes in the network.
A pair-based sink relocation and adjustment-based mechanism is utilised in
mobile sink-based IoT network [29]. Here, the mobile sink node gathers data
from the two nodes only and also doesn’t consider the buffer size-related
metrics. This leads to increase in delay and packet losses during the data
transmission. In this, the mobile sink doesn’t authenticate the nodes before
gathering data from it. Hence, there may be malicious node participation in
network. A lightweight mechanism-based secure routing is utilised in the RPL-
based IoT network [30]. Two game theory models are utilised which induces
delay in RPL routing in IoT network due to tedious processing such as players
competencies, initial preparation and so on. The camouflage of malicious node
is not avoided completely because of absence in significant context-based
parameter consideration such as DIO packet transmission count, number of
children and so on.
8 R. BANDARUPALLI AND P. S. H

IV. System model

This section is devoted to discussing the proposed SecRPL-MS method in detail.
In this section, a brief explanation of our methodologies is provided with our
proposed algorithms.
The network area is divided into different grids with an equal size. After
dividing the network into the grids, one GH node is selected in each grid. The
GH node is selected by estimating the distance between the GM node and sink
node which is placed in top of the network initially. After completing the GH
selection process, the DODAG construction process is executed in each grid.
The construction of DODAG in RPL network is described as follows: In RPL,
DODAG is constructed to provide communication between the source node and
root node. During DODAG construction, it broadcasts three different messages
that are described as follows [31]:
DIO Message – It is abbreviated as DODAG Information Object (DIO) message
which is broadcasted by the root node in order to start DODAG construction.
The transmitted DIO messages are received by the nodes that exist in the
communication range of the root node. The received node joins the DODAG
by replying the DIO message, which is nothing but DAO message.
DAO Message – It is abbreviated as Destination Advertisement Object (DAO).
It is a unicast message where the node passes on information about the
destination in an upward direction towards the constructed DODAG. If a new
node wants to join in a RPL network, which normally receives DIO messages
from many sources, the node needs to select optimal parent based on objective
functions (OF). After completion of optimal parent selection, the node that
wants to join newly will respond with DAO message to its preferred parent.
DIS Message – It is abbreviated as DODAG Information Solicitation (DIS). It is
adopted when a node joins the DODAG. This message is unicasted to search its
neighbouring nodes in the network.
DAO-ACK Message – It is abbreviated as DAO acknowledgement. It is used to
acknowledge the message from the neighbour node that transmits the DAO
message. Figure 1 depicts the DODAG construction in RPL.

4.1. Conceptual overview

The network comprises of static IoT nodes and the mobile sink node. The main
aim is to reduce the energy consumption of the IoT nodes by deploying mobile
sink in the network. The novelty in the utilisation of the mobile sink is gathering
data from the four GH nodes in the network. The novelty of authentication is to
utilise strong credentials such as PUF, location and more. In addition, the
context-based information is employed during the trust estimation-based
secure routing in the RPL-based IoT network. The processes involved in the
SecRPL-MS are depicted in Figure 2 which is described as follows:
 CYBER-PHYSICAL SYSTEMS 9

At first, the nodes in the network register their credentials in the security
entity. After registering their credentials, the security entity provides U.No to
each registered node. Using the given U.No each GM node authenticates
themselves in the GH node. In this work, the GH node in the mobile sink node
is authenticated. For this purpose, the security entity provides P.ID and R.No to
each GH node. After completing the proper authentication process only, each
node in the network could transmit their data to the GH node or mobile sink
node. In this work, the rank attack is mitigated by using the trust estimation-
based path selection. Along with rank attack mitigation, Sybil, Man-In-The-

Figure 1. DODAG construction in RPL.

Figure 2. Architecture for SecRPL-MS framework.

10 R. BANDARUPALLI AND P. S. H

Middle and blackhole attacks are mitigated. It is achieved by proposing the sail
fish optimisation algorithm. Besides, reducing the path length of the mobile sink
node is also concentrated. Hence, QINN-based next moving point detection
process is proposed.

4.2. Registration process

The network structure is considered as grid which comprises GM, GH, Mobile
Sink and Security Entity nodes. After completing the grid construction and GH
node selection process, SecRPL-MS performs the registration process.
Initially, all the nodes in the network transmit a registration request to the
security entity. During registration requests, nodes transmit their credentials
such as G.ID, location and PUF details to the security entity. After gathering
credentials information from all nodes, the security entity performs separate
processes for GM and GH nodes. They are briefly discussed as follows:
(1) GM Node Registration Process: After gathering details from the GM
nodes, security entity performs the quartile-based Unique Number (U.No) gen­
eration process. Here, the U.No is generated with the aid of the G.ID and
registration time (R.T) of the each GM node. For generating the U.No, initially
security entity concatenates the G.ID and registration time parameters. It is
expressed as follows:
Security Entity ! Concatenate G:IDjjR:T (1)
For Instance: If G.ID = 01 and R.T = 12.10, then concatenate result will be 011210.
After completing the concatenation process, quartile is estimated using the
below equation:
Q ¼ Q3 Q1 (2)
For the concatenated data, quartile is estimated using the above equation. The
estimated quartile value is provided as the U.No to registered GM node. During
authentication process, GM node utilises this U.No to authenticate them.
(2) GH Node Registration Process: After gathering credentials from the GH
node, security entity performs the Pseudo ID (P.ID) and Random Number (R.No)
generation process. The P.ID and R.No generation processes are discussed as
follows:
P.ID Generation: P.ID is generated using the PUF value and Grid Member
Count (GMC). Here, the PUF value is the unique value embedded in each IoT
device. In this, PUF value is measured by performing challenge-response pair
results. Here, the response value is considered as unique PUF value to generate
the P.ID for each GH node.GMC is referred as the total member count of each GH
node in the network. The security entity computes the hash values for PUF value
and GMC using the blake2b algorithm. The reason behind selecting the blake2b
algorithm is that it performs extremely faster compared to conventional hashing
 CYBER-PHYSICAL SYSTEMS 11

algorithms such as MD5, SHA 1, SHA 2 and SHA 3. It also has less number of
rounds during the hash computation process. Hence, it doesn’t introduce any
delay during the registration process. Further, it is highly suitable for the
resource constraint environment like IoT network. Here, the hash is performed
using two different functions such as mixing and compression functions. The
generated hash functions are utilised to generate the hash values for both PUF
value and GMC. The generated hash values for both credentials are represented
as follows:
PUF and GMC ! Blake2b ! hðPUF Þ and hðGMC Þ (3)
For the generated hash values, security entity performs XOR function. It is
signified as follows:
Security Entity ! XOR ! hðPUF Þ � hðGMC Þ (4)
The generated XOR value is given as P.ID to the registered GH node.
R.No Generation: R.No generation is performed by security entity using the
edwards curve algorithms. The proposed Edwards curve is one of the curves in
the elliptic curve family. The Edwards curve over the finite field ‘f’ is defined as
follows:
x 2 þ y2 ¼ 1 þ dx 2 y2 (5)
For some scalar d∈f, where f value resides between 0 and 1. From the above
curve equation, R.No is generated for each GH node in the network.
These generated P.ID and R.No is given to registered GH node. Using these
credentials, GH node authenticates them in the mobile sink node.

4.3. Authentication process

Authentication is one of the significant processes in securing the RPL-based IoT
network. In this work, authentication using two different nodes such as GH and
mobile sink node is performed. The registered credentials of the GM and GH
nodes are transmitted to the respective entities that are responsible for
authentication.

Pseudo code for Authentication Process

//GM Node Authentication
For (GM nodes i = 0 ! n)
GM node ! Transmits ! .No, ID;
If (Cl > 0:5)
Grant Access;
Else
Second level factor request;
GM node ! Location, Initial R.T;
12 R. BANDARUPALLI AND P. S. H

If ((locationR:T) = = Authentication Credentials)

Grant access;
Else
Abort transmission;
End For;
//GH Node authentication
For (GH nodes i = 0 ! n)
GH node ! Transmits ! P. ID, R.No+C;
If (P:IDðR:No þ C Þ ¼¼ AuthenticationCredentials)
Grant Access
Else
Abort Transmission;
End For;

The above pseudo code provides the authentication process of proposed

SecRPL-MS method. The pseudo code is briefly discussed as follows:
(1) GM node Authentication Process: In this, GM nodes are authenticated in
the GH nodes. If GM nodes want to transmit their data to GH node, then it must
complete authentication process.
Figure 3 depicts the GM node two-fold authentication process with the aid of
the GH node. Initially, GM node sends transmission request along with their
credentials such as U.No and ID. After receiving transmission request along with
the credentials, GH node starts executing the authentication process. It esti­
mates the confidence level of given credentials such as the U.no and the ID.

Figure 3. GM node two-fold authentication process.

 CYBER-PHYSICAL SYSTEMS 13

Here, the confidence level value (Cl) resides between {0.5–1}. It is provided by
considering the below condition,
If (U.No&& ID = = Legitimate), Then Cl ¼ 1
If (U.No || ID = = Legitimate), Then
Cl ¼ 0:5 (6)
Based on the above condition, confidence level is provided to each authentication
process. If the confidence level is above the threshold (Cl>0.5) then the access is
granted for the data transmission. If the confidence level is below the threshold (Cl
≤0.5), then the second-level credentials are requested for the authentication.
For the second-level authentication process, GH node requests the second
level authentication factors to the GM node. After receiving the second-level
authentication factors, GM node transmits the location and initial registration
time credentials to the GH node. The GH node verifies the received credentials
with the authentication credentials. If the received credentials are similar to the
authentication credentials, then it provides access to transmit the data or else it
aborts the transmission. Finally, GH node transmits the malicious node informa­
tion to the mobile sink in order to broadcast the malicious node information to
the all nodes in the network.
(2) GH node authentication Process: In this work, GH node is authenticated
by using the mobile sink. After gathering data from the GM nodes, GH node
transmits those data to the mobile sink. Before data transmission, GH node must
complete authentication process with the mobile sink node.
For GH node authentication process, it transmits P.ID and R.No credentials to
the mobile sink node. Here, the R.No is added with the count value. Where, the
count value represents the count of the data communication performed with
the mobile sink.
GH node ! P:IDR:No þ C ! Mobile Sink (7)
The credentials provided to the mobile sink are verified with the authentication
credentials. It verifies both P.ID and addition of R.No. and count value. The mobile
sink knows the count value of the GH node transmission. Hence, it could verify the
R.No. with the count value. If the given credentials are legitimate, then it provides
access to transmit the data gathered from its GM nodes or else it aborts the data
transmission. And, it transmits the presence of malicious node in the network.

4.4. Sail fish-based secure routing

This section describes secure routing for data transmission. For that objective
function (OF) is defined in RPL and the main intention of the objective function
is to select the optimal parent path between source and root node. In each grid,
GM node is source node and GH node is root node. GH is selected based on energy
consumption, centrality and trust value. Centrality is one of the significant metrics
14 R. BANDARUPALLI AND P. S. H

to elect optimal head. In this work the network is represented as undirected graph,
G = (V, E), where V represent set of nodes and E represent set of edges. Centrality is
defined as the number of neighbour nodes which is calculated as follows,
X
Ci ¼ Nij (8)
j

Where, Ci represent node centrality and Nij represent number of neighbour

nodes j for node i. If, one node has high centrality then it will be selected as
parent node because it communicates with multiple nodes and maintain high
level trust. In this way optimal GH is elected.
The secure routing in the RPL-based IoT network is highly essential process.
Since, there have been many attacks existing during the RPL-based routing. One
of the main attacks induced during the routing is rank attack. Rank attacker
node reduces its rank during the route selection. Since, less rank node is
selected as parent node by children node to transmit the data to the root
node. Hence, rank attacker node reduces its rank during the data transmission.
Selecting the rank attack node as parent tends to increase the packet losses and
delay during the data routing process.
To this context, in this work the sail fish-based secure routing is adopted
which aims to evade the rank attack. In addition to rank attack, the Sybil, Man-In-
The-Middle and blackhole attacks in the network are mitigated. Routing process
is performed by using the sail fish optimisation algorithm. In this work, objective
function is formulated to avoid the rank attacker node during the routing. The
main intention of the objective function is to select the optimal parent path
between source and root node. In each grid, GM node is source node and GH
node is root node. The reason behind selecting the sail fish optimisation is that it
provides optimal result and performs faster when compared to other optimisa­
tion algorithms. The sail fish algorithm is invented in the year 2019 by
Shadravan et al. [32]. It selects the best path between source and destination
via computing the fitness function. Here, the fitness function is estimated using
four different metrics that are direct trust, recommended trust, hop count and
energy. These parameters are described as follows:
(1)Direct Trust: It is estimated to select the legitimate node as parent for the
source node. To estimate the direct trust, the packet drop count, number of
child nodes, rank variance from its parent node and DIO packet transmission
count parameters are considered.

Definition 1: Packet Drop Count –: It is used to reduce the packet drop during
the routing. It is measured by counting the number of packets that are dropped
by the parent node. It is formulated as follows:

NumberofpacketsDropped
Pdc ¼ (9)
NumberofReceived
 CYBER-PHYSICAL SYSTEMS 15

Definition 2: Rank Variance: It is one of the vital metric to detect the rank
attacker node the network. It defines the rank variance from its parent node. It is
expressed in mathematical form as follows:
Rv ¼ Rp Rc (10)

Here, the Rp signifies the rank of the parent and Rc signifies the rank of the
child node.

Definition 3: Number of Child Node (Nc): It is used to measure the child

node count of the parent node. It is used to identify the malicious node
effectually. Hence, it is highly vital to detect the rank attack node in the
network.

Definition 4: DIO packet transmission count (Dpc): It is defined as the number of

DIO packet transmitted by the parent node. Since, the malicious node transmits
DIO packet frequently. Therefore, this metric is highly significant to detect the
attacker in the network. Using these metrics, direct trust is estimated which is
formulated as follows:
n
X R
Dt ¼ (11)
i¼0
Pdci Dpci Nci

(2) Recommended Trust (Rt ): It is used to know the trustworthiness of the

selected parent node path in order to avoid malicious node participation in
the routing. The recommended trust is estimated to the nodes that are not in
the communication range of the source node. It is measured using the below
expression:
Rtði;mÞ ¼ Dtði;jÞ � Dtðj;mÞ (12)

The above formula provides the recommended trust estimation value of

node ‘i’ for node ‘m’. Here, D(t(i,j)) represents the direct trust value of node i on
node j. D(t(j,m)) represents the direct trust value of node j on node m.

(3) Hop Count (Hc): It is used to count the number of hops between the
source and root node. This metric is vital to reduce the delay during the routing
in the RPL-based IoT network. This leads to avoid the packet losses during the
data transmission.
(4) Energy (E): This metric is used to reduce the energy consumption of the
parent node path between source and destination. This tends to increase the
network lifetime of the RPL-based IoT network by reducing the frequent death
of the IoT nodes.
With the aid of the aforesaid metrics, sail fish optimisation algorithm esti­
mates the fitness function (f(x)) to select the optimal parent path. In addition to
fitness function estimation, sail fish also estimates its position and attack power
16 R. BANDARUPALLI AND P. S. H

to select the best path. For this purpose, following objective function is
formulated:
Minimise ! Pl &D
Subject to:
n
X Dti Rti Ei
f ð xÞ ¼ (13)
i¼0
Hci

Here, Pl represents the packet loss and D represents the delay during the
routing in the network. The path which has high f(x) is selected as the optimal
path to transmit the sensed data to the GH node. In this, the rank attack during
the data transmission is mitigated by measuring the direct and recommended
trust between the source and root node. Here, the direct trust is estimated using
highly effective metrics such as DIO transmission count, rank variance, child
node count and packet drop count. These metrics provide best result in the rank
attack mitigation during the routing.
After selecting the optimal path for the routing, source node encrypts the
sensed data using the prince algorithm. This proposed prince algorithm is
lightweight block cipher-based encryption algorithm [33]. To the best of our
knowledge we are first in utilising prince algorithm in securing the RPL-based
IoT network. Hence, it is highly suitable for the resource constraint environment
like IoT. This is the reason behind selecting the prince block cipher algorithm for
data encryption process. Furthermore, it also has low latency during the encryp­
tion and decryption with strong key generation process.
The proposed prince is a 64-bit block cipher method with the 128-bit key. In
this algorithm, key is splitted into two different parts of 64 bits size each. It is
expressed as follows:

k ¼ k0 k k1 (14)

The above splitted keys are further extended to 192 bit keys for mapping
purpose. It is formulated as follows:

ðk0 k k1 Þ ! k0 k k0 k k1 :¼ ðk0 k k0 � 1Þ � ðk0 k 63Þ k k1 (15)

The sensed data (ðdÞ) from the IoT node are encrypted using these keys
generated in the prince algorithm. For the given plain data (ðdÞ), cipher text
(C) is generated which is expressed as follows:

C ¼ E 0 ðd � k0 Þ � k1 (16)

Here, the E 0 represents the blocks cipher, k0 and k1 are generated keys for the
encryption. d Represents the sensed plain data from the IoT device. Using these
prince algorithm procedures, the data transmitted over RPL-based IoT network
is secured.
 CYBER-PHYSICAL SYSTEMS 17

4.5. Artificial intellect-based mobile sink movement

In this work, the optimal moving point for mobile sink node to gather data from
the GH nodes is selected. By selecting the best moving point for the mobile sink
node, the path length of the mobile sink is reduced. It is because of reducing the
unnecessary moves of the mobile sink to the points which has been already
visited within the short duration. In this work, four moving points for mobile sink
are considered to gather data from the GH nodes.
This mobile sink gathers data from the four GH nodes at a time in order to
reduce the delay and energy consumption. To the best of our knowledge, we
are first in gathering data from the more than two GH nodes at a time. As, most
of works gather data from one or two nodes at a time. This is achieved by
proposing the QINN algorithm. It selects the next moving point by considering
the four GH nodes nearest to the moving points. This proposed QINN algorithm
selects the next moving point by considering the energy, buffer size, distance,
previous moving direction and time which are taken as the input and hidden
layer calculates the weight value based on this inputs and select optimal
moving point. This process is done for each and every node present in the
network for selecting best moving point, thus reduces unnecessary moves of
the mobile sink nodes. Here, QINN algorithm is used which is under artificial
intelligence technique. Initially all the node information are trained in the neural
network and based on that training dataset, the QINN selects the best moving
point. The input parameters are discussed as follows:
(1) Buffer Size: This metric is used to measure the buffer size of the GH nodes.
Since, the node which has high buffer size must be selected first to reduce the
delay and packet losses. Hence, this metric is significant to select the next
moving points. The buffer size is measured using the below expression,
Np
Bs ¼ (17)
Tb
Here, the Np denotes the number of packets occupied in the buffer and Tb
denotes the total buffer.
(2) Distance: This metric is used to measure the distance between the current
and next moving points. It is used to reduce the path length of the mobile sink.
It is measured using the below expression,
qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi�ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi�ffiffiffiffi
2 2
D¼ N mp;x2 Cmp;x1 þ N mp;y2 Cmp;y1 (18)

Here, N mp;x2 ; N mp;y2 represents the x,y position of the next moving point and
Cmp;x1 ; Cmp;y1 denotes the x,y position of the current moving point.
(3) Previous Moving Direction and Time (Pd;t ): This metric is used to avoid the
frequent moving of mobile sink to the points that are visited within the short
amount of time. This reduces the unwanted moving and also reduces the path
length of the moving point.
18 R. BANDARUPALLI AND P. S. H

Figure 4 portrays the QINN-based moving point selection approach. The

proposed QINN comprises of three different layers that are input layer, hidden
layer and output layer [34]. In this algorithm, weights are represented as the
qubits. In this, input layer gathers the input as the four GH nodes information in
order to select one best moving point. The inputs are represented as
x1 ; x2 ; . . . xn . The inputs are considered as the qubits in the QINN algorithm.
Here, the input and output relations are described as follows:
n
X
hj ¼ C j � xi Rij j;ij (19)
i¼0

Here, Rij represents the quantum rotation gate and ;ij denotes the quantum
weight. It is represented as follows:

;ij ¼ ½αi βi �T (20)

In this, αi and βi are state probability that represents 0 and 1. The output layer
provides best moving point by utilising the below equation:
!
Xn
yjl ¼ s wjl hj (21)
j¼0

Here, the s represents the sigmoid function and wjl represents the weight link
between jth neuron in hidden layer and lth neuron in output layer. The weight is
estimated using the below formula,

Figure 4. QINN-based moving point selection.

 CYBER-PHYSICAL SYSTEMS 19

n
X Ej Pd;tj
wj ¼ (22)
j¼0
Bs;j Dj

Using this equation, weight is estimated for each GH nodes nearest to the
moving point. By utilising the weight estimated in hidden layer, output layer
predicts the one best moving point for the mobile sink. From the selected
moving point, mobile sink gathers data from the nearest four GH nodes. By
gathering data from four GH nodes at a time, the delay and path length is
reduced and also enhance the network lifetime by reducing the energy con­
sumption of the GH node.

V. Simulation Results and Discussions

This portion is dedicated to analyse the efficacy of the SecRPL-MS method in
terms of the simulation. In order to show the efficacy of this work, this section is
further splitted into four different aspects such as simulation environment,
performance metrics (packet delivery ratio, delay, energy consumption, key
generation time, malicious node detection accuracy), comparative analysis
and security analysis.

5.1. Simulation environment

The proposed concepts are experimented using the NS3.26 simulator. The
utilised NS3.26 simulator exhibits better performance for any kind of the net­
work topology. In this paper, star topology is used for network simulation.
Hence, this simulator is selected for SecRPL-MS work.
This simulation network comprises of 1000*1000 m area. It consists of para­
meters of packet, blake2b and prince algorithms used in this work. Table 1
illustrates the simulation parameters used in SecRPL-MS method.
Figure 5a depicts the simulation environment of the SecRPL-MS work. Our
simulation environment area is 1000*1000 m of grid network in which DODAG is
constructed using the nodes within the grid. Here, each grid comprises one grid
head node to gather data from the grid member node. In this, we deploy one
security entity, one mobile sink and 100 IoT nodes. In this simulation environ­
ment, 20% of attacker nodes are deployed in the network. The data transmission
in the network is achieved using the RPL routing protocol. Figure 5b represents
the overall process of the proposed SecRPL-MS method.

5.2. Performance metrics

The performance of the proposed SecRPL-MS work is evaluated by using the
Packet Delivery Ratio, Delay, Energy Consumption, Key Generation Time and
20 R. BANDARUPALLI AND P. S. H

Table 1. Simulation parameters.

Parameters Values
Simulation area 1000*1000 m
Number of mobile sink 1
Number of IoT nodes 100
Traffic type Constant bit Rate (CBR)
routing protocol RPL
Transmission range of IoT node 200 m
Network protocol IP based
Transmission power 3 dbm
Initial energy 50 J
MAC layer standard IEEE 802.15.4
Packet parameters Number of packets 2000 (approx.)
Packet interval 1μs
Packet size 1024 bytes
Packet generation speed 5–50 packets/s
Data packet size 60 bytes
DIO packet length 17 bytes
DAO packet length 17 bytes
DIS packet length 2 bytes
Packets interval 0.5, 1.5, 2 s
Blake2b parameters Type Differential
Number of rounds 3.5
Key size 64
Prince parameters Number of rounds 11
Key size 128
Block size 64
Structure Substitution–permutation network
Simulation time 500 s

Malicious Node Detection Accuracy. These performance metrics are briefly

discussed as follows:

(1) Packet delivery ratio

It is one of the essential metrics to compute the efficacy of this proposed work. It
is defined as the number of packets successfully transmitted (Np;s ) compared to
the total received packets (Tp ). It is expressed in mathematical form as follows:

Np;s
Pdr ¼ (23)
Tp

(2) Delay
It is used to measure the delay incurred during the routing in RPL-based IoT
network. It is defined as the time consumed to reach the source packets to
destination root node in the network. It is measured using the below equation:
n
X
D¼ Pr;t Pt;t (24)
i¼0

Here, Pt;t denotes the packet transmission time and Pr;t denotes the packet
received time.
 CYBER-PHYSICAL SYSTEMS 21

Security Entity
1000
N1 N14 N20
N7
N11
N2 N15 N16 N21 N24
N5 N8
N10 N22
N4 N13 N18 N19 N23
N6 N9 Malicious N25
N3 N17
750 N12 Mobile Sink Node
N26 Movement N38 N45
N32 GH node
N30 N35
N39 N42 N46 N49
N27 N33 N41 N48
N34 N44
N29 N47 GM
N28 N31 N36 N37 N40 N43 node N50
500
N51 N58 N64 N70
N72 N71
N52 N54 N61 N65 N68
N59 N73 N76
N53 N60 N69
N57 N67 N75
N56 N63 N66 N74
N55 N62
250
N90 Mobile N97
N77
N83 N100
N80 N91 N94 SinkN96
N78 N84 N86 N93 N99
N79 N85 N89
N95
N81 N92 N98
N82 N87 N88

0 250 500 750 1000

Figure 5. (a) Simulation environment of SecRPL-MS. (b) Flowchart of proposed SecRPL-Ms.

22 R. BANDARUPALLI AND P. S. H

(3) Energy Consumption

This metric is used to evaluate the proficiency of this proposed work in terms
of the network lifetime. It is described as the energy consumed during the
data transmission in the network. It is measured by using the below
equation:
Ec ¼ Te Re (25)
Where, Te signifies the total energy and Re denotes the Remaining energy.

(4) Key generation time

This metric is used to evaluate the time consumed for key generation in this
work. Since, key generation time is one of the significant metric in the secure
data transmission in the network. If key generation time is high, then it will
induce issues such as delay during data transmission and consumes more
resources from IoT device. Hence, it must be reduced during the data
transmission.

(5) Malicious node detection accuracy

This metric defines the accuracy of proposed SecRPL-MS in terms of detecting
the malicious node. It proves the efficacy of this work with respect to the
malicious node detection in the RPL-based IoT network. It is measured using
the below expression:
NumberofDtctedMaliciousNode
Acc ¼ (26)
TotalNumberofMaliciousNode

5.3. Comparative analysis

Here, the proposed work is compared with the other existing methods such as
PCMS [27] and SecTrust [28]. These works are considered for comparison, since
their contribution is similar to our proposed SecRPL-MS.

(1) Impact on packet delivery ratio

In this analysis, the packet delivery ratio performance is compared with other
existing methods in terms of the number of nodes in the network. The packet
delivery ratio must be high compared to existing methods in order to prove the
better routing performance.
As represented in the Figure 6a and 6b performance of the proposed SecRPL-
MS is better when compared to other methods with respect to number of nodes
and malicious nodes respectively. It is because of secure routing performance
through sail fish algorithm. Here, the sail fish algorithm computes the direct and
recommended trusts information of the path. It includes the parameters like
packet drop count, and rank variance which accurately predict the malicious
 CYBER-PHYSICAL SYSTEMS 23

node present in the routing path. Hence, this work evades the malicious node
participation in the RPL-based IoT network. Besides, the mobile sink-based data
gathering is utilised in the network. Hence, GH node doesn’t need to wait long
time to transmit its data to the mobile sink node that avoids the packet drops.
This is the reason behind increase in packet delivery ratio when compared to
other existing methods. On the other hand, existing methods such as PCMS and
SecTrust achieved less packet delivery ratio. It is due to their inefficiency in
secure path selection. Here, SecTrust doesn’t provide focus on significant para­
meters such as rank variance, DIO packet transmission count and so on during
the path selection. As compared to proposed and SecTrust, PCMS achieved less

Figure 6. (a) Comparison of packet delivery ratio. (b) Packet delivery ratio vs. #of malicious
nodes.
24 R. BANDARUPALLI AND P. S. H

packet delivery ratio. The reason behind this is the absence of trust evaluation
during the packet transmission. On the whole, SecRPL-MS method increases
maximum of 24% and 22% of packet delivery ratio with respect to number of
nodes and number of malicious nodes respectively, when compared to existing
methods.

(2) Impact on delay

In this subsection, we analyse the SecRPL-MS delay performance with respect to
the existing methods. Here, delay performance is measured by varying the
number of nodes in the network.
From the Figure 7a and 7b, it is perceived that the performance of the
delay measure of proposed work is better when compared to the other
existing methods with respect to number of nodes and number of malicious
nodes respectively. This is achieved by providing the secure transmission
path between source and destination. The path which has less hop count is
selcted between source and destination. Besides, the fast performing algo­
rithm is utilised for route selection namely Sail fish optimisation. It provides
high speed convergence when compared to other optimisation algorithms
such as GWO, CSA and PSO. Further, mobile sink selects next moving point by
considering the buffer size parameter of the GH node. Hence, packet need
not wait for huge amount of time to reach the mobile sink node. These
benefits result in less delay during the data transmission when compared to
the other existing methods. By contrast, other existing methods such as
PCMS and SecTrust achieved high delay during the data transmission. It is
because of their inefficiency in mechanism utilisation in path selection. Since,
these two existing methods don’t utilise any effective mechanism like opti­
misation to select the optimal path between the source and destination. This
causes delay during the path selection, hence these methods achieve more
delay when compared to proposed SecRPL-MS. Therefore, this method
reduces delay for a maximum of 160 ms and 170 ms compared to other
existing methods with respect to number of nodes and number of malicious
nodes.

(3) Impact on energy consumption

In this part, the impact of the SecRPL-MS energy consumption result is
investigated with the other existing methods. Here, the energy consumption
is measured with the aid of the increasing number of nodes in the network.
As shown in Figure 8a, energy consumption performance of the proposed
work is less when compared to the other existing methods such as PCMS and
SecTrust. Less energy consumption is achieved in IoT network via utilising the
mobile sink in the network. The proposed mobile sink gathers data from four
different GH nodes at a time. This reduces the energy consumption of the GH
node by storing the huge amount of data. Further, energy of the GH node is also
 CYBER-PHYSICAL SYSTEMS 25

Figure 7. (a) Comparison of delay. (b) Delay vs. #of malicious nodes.

considered during the path selection. Hence, the energy consumption is

reduced during the routing process. Besides, the best next moving point is
selected using the QINN algorithm by considering the buffer size and energy-
related metrics of the GH nodes. The next moving point is considered by
considering the energy-related metric results in less energy consumption via
balancing the energy of the GH nodes. Furthermore, the lightweight algorithm
is utilised to secure the data transmission. This results in less energy
26 R. BANDARUPALLI AND P. S. H

Figure 8. (a) Comparison of energy consumption. (b) Energy consumption vs. # of malicious
node.

consumption of the IoT nodes in the network. Furthermore, the routing path is
also selected based on the energy parameter. Hence, the energy consumption
incurred during the data transmission is reduced. These advantages are the
reason behind less energy consumption of the proposed work. By contrast,
 CYBER-PHYSICAL SYSTEMS 27

PCMS method utilised static circular path to gather data from the IoT nodes. This
increases the energy consumption due to the delay incurred during the data
gathering process for low energy nodes. Meanwhile, SecTrust doesn’t utilise
mobile sink to gather data from the IoT nodes in the network. Hence, this
method achieved high energy consumption when compared to the proposed
and PCMS methods. Therefore, this proposed work reduces energy consump­
tion to a maximum of 50 mJ when compared to other existing methods.
Similarly, Figure 8b represents the comparison of proposed and existing system
energy consumption with respect to number of malicious nodes. The result
shows that the proposed method consumes 60 mJ lesser energy when com­
pared to existing methods.

(4) Impact on malicious attack detection accuracy

In this subsection, impact of the malicious attack detection accuracy perfor­
mance is analysed for proposed and existing methods. In this, the malicious
attack detection accuracy is measured by simulating the number of attackers in
the network. This proposed work enhances the attack detection rate by calcu­
lating false positive and false negative values in data transmission. The rank
attack is detected during the data transmission using the effective metrics. They
are rank variance, DIO packet transmission count, packet drop count and the
number of child nodes. Figure 10 represents the comparison of the malicious
attack detection accuracy of proposed and existing methods. From this figure, it
is seen that performance of the proposed work is better when compared to the
other existing methods. In this work, authentication and secure routing is
performed to avoid malicious node participation in data transmission. The GM
nodes are authenticated by the GH node by performing two fold authentication
processes.
During this twofold authentication process, GH node gathers the secure
information about the GM node such as location and initial R.T. Further, the
GH node is authenticated by using mobile sink node using the P.ID, R.No and
count of the data transmission with the mobile sink node. Here, P.ID is gener­
ated with the aid of the PUF and GMC. And, R.No is generated using the Edwards
curve algorithm. These parameters are highly unique and cannot be forged by
the malicious attacker. If these credentials are not similar with the authentica­
tion credentials, then verification node considers it as a malicious node and
broadcast their presence in the network to other nodes. Hence, this work
detects the malicious node with high accuracy. Meanwhile, existing methods
don’t utilise high secure credentials to authenticate the nodes in the network.
The PCMS authenticates only the outer nodes in the network since it gathers
data from those nodes only. However, inner nodes could be malicious nodes
resulting in more packet losses and delay during the data transmission.
Meanwhile, SecTurust doesn’t authenticate the nodes in the network.
Therefore, these existing methods achieve less malicious attack detection
28 R. BANDARUPALLI AND P. S. H

accuracy when compared to the proposed methods. This proposed method

increases maximum of 23% accuracy compared to the other existing methods.

(5) Impact on key generation time

In this analysis, the key generation time parameter of the proposed and existing
methods is compared. It is measured by varying the number of packets gener­
ated by the IoT nodes in the network.
Figure 9 illustrates the comparison of the key generation time performance of
the proposed and existing method in terms of bytes variation such as 512 and
1024. From this figure, it is observed that performance of proposed work is
better in key generation time for both 512 bytes and 1024 bytes. This proposed
work reduces the key generation time through the prince algorithm. The data is
encrypted using the prince algorithm which is lightweight algorithm. Hence, its

Figure 9. Comparison of key generation time.

Figure 10. Comparison of malicious attack detection accuracy.

 CYBER-PHYSICAL SYSTEMS 29

performance is faster in key generation and encryption processes. This reduces

overall key generation time for generated packets. Besides, blake2b algorithm is
utilised which performs extremely faster in key generation when compared to
the conventional algorithms such as MD5, SHA1 and more. Hence, this method
has less key generation time when compared to the other existing methods.
Meanwhile, existing method PCMS has high key generation time during the
data transmission for both 512 bytes and 1024 bytes. It utilised the elgamal
algorithm to generate the key for encryption and decryption process. It has high
key generation time since it executes tedious computational process. Besides, it
requires high number of bits for key generation process. This results in increas­
ing the key generation time compared to the proposed method. On the whole,
this method reduces 70 ms and 75 ms for both 512 bytes and 1024 bytes
compared to the PCMS method.

5.4. Security analysis

In this section, the security provided by the proposed SecRPL-MS method in

RPL-based IoT network is analysed. The work is simulated under 20% of attacker
nodes in the network. From the above simulation results comparison, it is
proved that this work performs better in both security provisioning and energy
consumption in the network. In this work, four attacks such as rank attack, Sybil
attack, blackhole attack and man in the middle attack are detected by perform­
ing authentication and secure routing. The detail description of attack mitiga­
tion is listed as follows:
(1) Rank Attack: This proposed work mitigates the rank attack in the RPL-
based IoT network. The behaviour of rank attacker is to change their rank value
into lower value in order to attract the other nodes to select it as parent node.
This rank attack is mitigated by considering the effective metrics such as rank
variance, DIO transmission count, child count and packet drop count. These
metrics are considered during the direct trust estimation. By selecting the
parent node these metrics avoids the participation of rank attacker node in
the data transmission.
(2) Sybil Attack: The proposed SecRPL-MS method is robust against the Sybil
attack. The behaviour of Sybil attacker node is to utilise several identities to get
access from the security entity in order to participate in the data transmission.
This work mitigates this attack by utilising the U.No, P.ID and R.No generated by
the security entity for the given node credentials. Here, two-fold authentication
process is performed on the GM node to participate in the data transmission.
Hence, Sybil attacker node must undergo two level authentication processes. If
first level authentication process is fails, then it must undergo second level
authentication process where location and R.T parameters are considered.
Here, location information is highly useful to predict the Sybil attacker node in
the network. Besides, P.ID metrics are generated using the PUF value which is
30 R. BANDARUPALLI AND P. S. H

unique for each IoT device. Therefore, this work evades the Sybil attacker
participation in the RPL-based IoT network.
(3)Blackhole Attack: This network is highly secured against the black hole
attack in the RPL-based IoT network. The behaviour of black hole attacker node
is to drop the packets silently that are transmitted through it. In this work, the
packet drop count is considered as one of the metrics in path selection. Besides,
the number of DIO packet transmitted count is considered to select the route.
These two metrics are highly vital to mitigate the black hole attacker node
participation in the network. Since, this work doesn’t select the node which has
high DIO packet transmission count and packet drop count in data transmission.
As a result, this work avoids the black hole attack node participation in the RPL-
based IoT network.
(4) Man In The Middle Attack: This network resists against the Man In The
Middle attack. The behaviour of Man in the Middle attack is to be in between the
two nodes during the data transmission in order to forge the data transmitted.
After forging the data, it further imputes malicious information into it. This
attack is mitigated in the work through encrypting the data during the data
transmission. It is achieved by employing the prince encryption algorithm to
encrypt the data to be transmitted. The keys generated using the prince algo­
rithm is highly confidential which couldn’t be identified by the malicious node.
Hence, the data transmitted between source and destination is highly secured
which couldn’t be forged by the attacker node. Therefore, this work avoids the
Man in the Middle Attack during the data transmission in RPL-based IoT
network.

5.5. Numerical analysis

In this section, the summary of the experimental results of proposed SecRPL-MS
is discussed. The performance of the SecRPL-MS is evaluated using the five
performance measures that are packet delivery ratio, delay, energy consump­
tion, key generation time and malicious attack detection accuracy.
From the evaluation results, it is proved that this work outperforms other
existing methods such as PCMS and SecTrust. At first, the packet delivery ratio
performance is evaluated in which maximum of 99% is achieved for 100 nodes. It is
24% higher than PCMS and 19% higher than the SecTrust methods. The delay
measure is 30 ms which is 160 ms less when compared to the PCMS and 60 ms less
when compared to the SecTrust method. The reason behind high packet delivery
ratio and delay is that this proposed method secure routing in RPL-based IoT
network. It evades the malicious node participation in routing thus reducing delay
and more packet losses in the network. Besides, the proposed method achieved
less key generation time as 50 ms for 512 bytes and 55 ms for 1024 bytes. It is 70 ms
and 75 ms less when compared to PCMS for 512 bytes and 1024 bytes. The energy
consumption of proposed method is 10 mJ lesser than PCMS and 50mJ lesser than
 CYBER-PHYSICAL SYSTEMS 31

SecTrust for 100 nodes. The energy consumption of the IoT nodes is reduced
though our mobile sink-based data gathering procedures. In addition this energy
consumption is also considered as one of the metrics during the path selection.
Hence, the energy consumption is also reduced during the data transmission. And
finally, the malicious attack detection accuracy is measured where the maximum of
98% for 20 attacker nodes is achieved. It is 23% higher than PCMS and 18% higher
than the SecTrust methods. It is because of the proposed effective authentication
of GH and GM node. Besides, secure data transmission is performed through
encryption and secure path selection processes. The Table 2 summarises the
numerical results of proposed and existing methods.

VI. Conclusion
So far, there have been many works that focused their contribution in securing
the RPL-based IoT network. This paper also aims to secure the routing in the IoT,
four sequential processes have been proposed to secure the network from the
attackers such as rank attack. Primarily, the registration process is executed
where all the nodes in the network register their credentials in security entity.
For the registered GM node, security entity transmits the U.No and for GH node
security entity transmits the P.ID and R.No. The optimal path between source
and root node is selected using the sail fish algorithm. In order to avoid rank
attacker participation in the routing, direct and recommended trust information
is utilised. Data is gathered from the GH node using the mobile sink in order to
increase the network lifetime. For mobile sink, best next moving point is
selected using the QINN algorithm. Finally, SecRPL-MS method is compared
with the existing methods. From comparison, it is proved that this work exhibits
better performance compared to other existing works such as PCMS and
SecTrust. And this SecRPL-Ms method solves the existing issues of high energy
consumption, delay and packet losses. In future work, it is intended to propose
the trust-based secure routing mechanism by verifying the recommended trust
received from the neighbour nodes. Further, it is intended to mitigate other
security attacks such as DDoS and DoS in the RPL-based IoT network.

Disclosure of potential conflicts of interest

No potential conflict of interest was reported by the author(s).

References
[1] Hwang R-H, Peng M-C, Cheng-Yu W. A novel RPL-based multicast routing mechanism
for wireless sensor network. Int J Ad Hoc Ubiquitous Comput. 2019;33(2):122–131.
 32

Table 2. Summary of numerical results of proposed and existing methods.

Experimental statics
R. BANDARUPALLI AND P. S. H

Kgt (ms)
Methods D 512 1024 Acc Mobile sink
Reference proposed Contribution Pdr (%) (ms) Ec (mJ) B B (%) Consideration cownsides
[27] PCMS Mobile sink-based data gathering and 70.1 134.8 44.5 65.2 90.1 70.5 Yes ● Consumes more resources because of huge processing
securityin data transmission algorithm.
● Ineffective authentication due to lack of strong
credentials
[28] SecTrust Trust-based secure routing 77.8 52.1 60.6 – – 76.25 No ● High energy consumption due to circular path-based sink
movement
● Misidentification of malicious nodes due to absence of
context-based information in trst estimation
Proposed SecRPL- Authentication and trust-based 97.1 17.8 29.6 31.2 37.75 96.9 Yes Nil
MS secure routing
 CYBER-PHYSICAL SYSTEMS 33

[2] Preeth SKSL, Dhanalakshmi, Shakeel, P. M R An intelligent approach for energy efficient
trajectory design for mobile sink based IoT supported wireless sensor networks. Peer-to
-Peer networking and applications. ; 2019. p. 1–12.
[3] Jawaligi SS, Biradar GS. QoS oriented and delay tolerant WSN routing protocol for data
gathering in IoT ecosystem. Int J Internet Technol Secur Trans. 2018;8(3):469.
[4] Shin S, Kim K, Kwon T. Detection of malicious packet dropping attacks in RPL-based
internet of things. Int J Ad Hoc Ubiquitous Comput. 2019;31(2):133.
[5] Raoof A, Matrawy A, Lung C. Enhancing routing security in IoT: performance evaluation
of RPL secure mode under attacks. ArXiv, Cornel University, Newyork; 2020. abs/
2004.07815.
[6] Wang K-H, Chen C-M, Fang W, et al. On the security of a new ultra-lightweight
authentication protocol in IoT environment for RFID tags. J Supercomputing. 2018;74
(1):65–70.
[7] Yugha R, Chithra S (2019). Attribute based trust evaluation for secure RPL protocol in
IoT environment. 2019 International Conference on Vision Towards Emerging Trends in
Communication and Networking (ViTECoN), Inida, 1–7.
[8] Razali MF, Rusli ME, Jamil N, et al. TPAL: a protocol for node authentication in IoT.
J Comput Sci. 2018;14(10):1401–1411.
[9] Hashemi SY, Shams Aliee F. Dynamic and comprehensive trust model for IoT and its
integration into RPL. J Supercomputing. 2018;75(7):1–30.
[10] Mabodi K, Yusefi M, Zandiyan S, et al. Multi-level trust-based intelligence schema for
securing of internet of things (IoT) against security threats using cryptographic
authentication. J Supercomputing. 2020;76:7081-7106
[11] Djedjig N, Tandjaoui D, Medjek F, et al. Trust-aware and cooperative routing protocol
for IoT security. J Inf Secur Appl. 2020;52:1–17.
[12] Fatima-tuz-zahra, Jhanjhi N, Brohi SN, et al. (2019). Proposing a rank and wormhole
attack detection framework using machine learning. 2019 13th International
Conference on Mathematics, Actuarial Science, Computer Science and Statistics
(MACS), Pakistan
[13] Tandon A, Srivastava P (2019). Trust-based enhanced secure routing against rank and
sybil attacks in IoT. 2019 Twelfth International Conference on Contemporary
Computing (IC3), India.
[14] Wang J, Gao Y, Yin X, et al. An enhanced PEGASIS algorithm with mobile sink support
for wireless sensor networks. Wireless Commun Mobile Comput. 2018;2018
(9472075):1–9472075:9.
[15] Lamaazi H, Benamar N, Jara AJ. RPL-based networks in static and mobile environment:
a performance assessment analysis. J King Saud Univ Comput Inf Sci. 2018;30
(3):320–333.
[16] Zhang T, Zhang T, Ji X, et al. (2019). Cuckoo-RPL: cuckoo filter based RPL for defending
AMI network from blackhole attacks. 2019 Chinese Control Conference (CCC), China.
[17] Dammak M, Boudia ORM, Messous MA, et al. (2019). Token-based lightweight authen­
tication to secure IoT networks. 2019 16th IEEE Annual Consumer Communications &
Networking Conference (CCNC), USA.
[18] Zhou Y, Liu T, Tang F, et al. An unlinkable authentication scheme for distributed IoT
application. In: IEEE Access
[19] Melki R, Noura HN, Chehab A. Lightweight multi-factor mutual authentication protocol
for IoT devices. Int J Inf Secur. 2020;19:679-694.
[20] Shafique U, Khan A, Rehman A, et al. Detection of rank attack in routing protocol for
Low Power and Lossy Networks. In: Annals of telecommunications, Springer
Professional, Germany. 2018;Vol. 73(7-8):429–438.
34 R. BANDARUPALLI AND P. S. H

[21] Hashemi SY, Shams Aliee F. Fuzzy, dynamic and trust based routing protocol for IoT.
J Netw Syst Manage. 2020;28(4):1248–1278.
[22] Mehta R, Parmar MM (2018). Trust based mechanism for Securing IoT Routing Protocol
RPL against Wormhole &Grayhole Attacks. 2018 3rd International Conference for
Convergence in Technology, India (I2CT).
[23] Nikravan M, Movaghar A, Hosseinzadeh M. A lightweight defense approach to mitigate
version number and rank attacks in low-power and lossy networks. Wireless Pers
Commun. 2018;99(2):1035–1059.
[24] Zaminkar M, Fotohi R. SoS-RPL: securing Internet of Things against sinkhole attack
using RPL protocol-based node rating and ranking mechanism. Wireless Pers Commun.
2020;114(2):1287–1312.
[25] Thyagarajan J, Kulanthaivelu S. A joint hybrid corona based opportunistic routing
design with quasi mobile sink for IoT based wireless sensor network. J Ambient Intell
Humaniz Comput.2021;12:991-1009.
[26] Al-Janabi TA, Al-Raweshidy HS. A centralised routing protocol with a scheduled mobile
sink-based AI for large scale I-IoT. IEEE Sens J. 2018;18(24):10248-10261.
[27] Renold AP, Athi BG. Energy efficient secure data collection with path-constrained
mobile sink in duty-cycled unattended wireless sensor network. Pervasive Mob
Comput. 2019;55: 1–12.
[28] Airehrour D, Gutierrez JA, Ray SK. SecTrust -RPL: a secure trust-aware RPL routing
protocol for Internet of Things. Future Gener Comput Syst. 2018;93:860-876.
[29] Thiruchelvi A, Karthikeyan N. A novel pair based sink relocation and route adjustment
in mobile sink WSN integrated IoT. IET J. 2020; 14(3):365-37.
[30] Kiran V, Rani S, Singh P. Towards a light weight routing security in IoT using
non-cooperative game models and dempster-Shaffer theory. Wireless Pers Commun.
2019;110(4):1729–1749.
[31] Tian H, Qian Z, Wang X, et al. QoI-aware DODAG construction in RPL-based event
detection wireless sensor networks. J Sens. 2017;2017:1–9.
[32] Shadravan S, Naji HR, Bardsiri VK. The sailfish optimizer: a novel nature-inspired
metaheuristic algorithm for solving constrained engineering optimization problems.
Eng Appl Artif Intell. 2019;80:20–34.
[33] Borghoff J, Canteaut A, Güneysu T, et al. PRINCE – a low-latency block cipher for
pervasive computing applications. In: Lecture notes in computer science, Springer
Nature, Switzerland. 2012. p. 208–225.
[34] Jeswal SK, Chakraverty S. Recent developments and applications in quantum neural
network: a review. Arch Comput Methods Eng. 2018;26:793-807.