1553-877X (c) 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/COMST.2018.2885894, IEEE Communications Surveys & Tutorials IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. XX, NO. X, XXX 2017 1 Routing Attacks and Mitigation Methods for RPL-Based Internet of Things Ahmed Raoof, Student Member, IEEE, Ashraf Matrawy, Senior Member, IEEE, and Chung-Horng Lung, Senior Member, IEEE Abstract—The recent bloom of Internet of Things (IoT) and its prevalence in many security-sensitive environments made the security of these networks a crucial requirement. Routing in many of IoT networks has been performed using the Routing Protocol for Low Power and Lossy Networks (RPL), due to its energy-efficient mechanisms, secure modes availability, and its adaptivity to work in various environments; hence, RPL security has been the focus of many researchers. This paper presents a comprehensive study of RPL, its known attacks, and the mitigation methods proposed to counter these attacks. We conducted a detailed review of the RPL standard, including a recently proposed modification. Also, we investigated all recently published attacks on RPL and their mitigation methods through the literature. Based on this investigation, and to the best of our knowledge, we introduced a first-of-its-kind classification scheme for the mitigation methods that is based on the techniques used for the mitigation. Furthermore, we thoroughly discussed RPL- based Intrusion Detection Systems (IDSs) and their classifica- tions, highlighting the most recently proposed IDSs. Index Terms—RPL, Internet of Things, Routing Attacks, IoT, IoT Security, IDS, Attacks Classification, Mitigation Methods Classification. I. I NTRODUCTION Internet of Things (IoT) is a network of things that are uniquely identified and connected to the Internet. These things can range from Radio Frequency Identification (RFID) tags and small sensors and actuators in Wireless Sensor Network (WSN), smart grids and Machine-to-Machine (M2M) net- works, all the way up to smartphones and connected vehicles. Hence, IoT networks are heterogeneous and use various stan- dards [1], [2]; one of which is the IPv6 over Low-powered Wireless Personal Area Network (6LoWPAN). 6LoWPAN networks have the following main characteristics [3], [4]: resource-constrained nodes (energy, memory, and processing power), lossy links, and low data rates (∼ 250kbps). In addition, Most of the traffic in these networks is either point- to-multipoint (root to leaf nodes) or multipoint-to-point (leaf nodes to root node). Besides, these networks use 6LoWPAN protocol stack [5], developed by Internet Engineering Task Force (IETF). This protocol stack is based on IPv6 protocol [6], with the addition of an adaptation layer (6LoWPAN) [7], [8] that handles header compression, and fragmentation and reassembly of IPv6 packets (among other duties). Fig.1 shows a comparison between 6LoWPAN’s and TCP/IP’s protocol A. Raoof and C. Lung are with Systems and Computer Engineering Depart- ment, Faculty of Engineering and Design, Carleton University, Ottawa, ON K1S 5B6, Canada (email: ahmed.raoof@carleton.ca; chlung@sce.carleton.ca) A. Matrawy is with School of Information Technology, Carleton University, Ottawa, ON K1S 5B6, Canada (email: ashraf.matrawy@carleton.ca) (a) 6LoWPAN protocol stack Application Layer (CoAP) Transport Layer (UDP) Network Layer (IPv6, ICMPv6, RPL) Adaptation Layer (6LoWPAN) Link Layer (802.15.4 MAC) Physical Layer (802.15.4 PHY) Application Layer (HTTP, etc.) Transport Layer (TCP, UDP) Network Layer (IPv6,ICMPv6, OSPF, etc.) Link Layer (Variety) Physical Layer (Variety) (b) Five layers protocol stack Fig. 1. (a) 6LoWPAN protocol stack, compared to (b) Internet’s five layers protocol stack. stacks. Additional details about other protocols and standards used in this protocol stack can be found in [3], [9], [10]. As WSN routing methods do not work effectively in IoT [4], [11], and the traditional Internet routing protocols are not suitable for the resource-constrained IoT devices, several solutions have been proposed for routing in 6LoWPAN net- works (and IoT in general) [12]–[15]. Among these standards, Routing Protocol for Low Power and Lossy Networks (RPL) was introduced by Internet Engineering Task Force (IETF) [3]. RPL is designed from scratch to meet the routing needs of IoT networks and minimize resource consumption along the routing path. The protocol is also flexible to adapt to different environments it works within; this is done by using a suitable Objective Function (OF) – see §III. It also has several energy- efficient repair mechanisms. IoT has gained tremendous attention and security is one of the major concerns in IoT. Moreover, RPL is designed explicitly for IoT networks (including smart grids and M2M networks) to meet the requirements of routing and efficient resource consumption. Hence, there is a critical need to inves- tigate the security aspect of RPL for a better understanding of the attacks and mitigation techniques for RPL. In this survey, we will focus on the routing attacks on RPL and their mitigation methods, whether these mitigation methods are part of the current protocol implementation/design or proposed in the literature. We summarize our contributions as follows:- • We have investigated and presented a thorough review of RPL’s specifications, including a recent "security-minded" proposal to update and modify the standard [16]. To our