Internet of Things (IoT) is one of the fastest emerging networking paradigms enabling a large number of applications for the benefit of mankind. Advancements in embedded system technology and compressed IPv6 have enabled the support of IP stack in resource constrained heterogeneous smart devices. However, global connectivity and resource constrained characteristics of smart devices have exposed them to different insider and outsider attacks, which put users' security and privacy at risk. Various risks associated with IoT slow down its growth and become an obstruction in the worldwide adoption of its applications. In RFC 6550, the IPv6 Routing Protocol for Low Power and Lossy Network (RPL) is specified by IETF's ROLL working group for facilitating efficient routing in 6LoWPAN networks, while considering its limitations. Due to resource constrained nature of nodes in the IoT, RPL is vulnerable to many attacks that consume the node's resources and degrade the network's performance. In this paper, we present a study on various attacks and their existing defense solutions, particularly to RPL. Open research issues, challenges, and future directions specific to RPL security are also discussed. A taxonomy of RPL attacks, considering the essential attributes like resources, topology, and traffic, is shown for better understanding. In addition, a study of existing cross-layered and RPL specific network layer based defense solutions suggested in the literature is also carried out.

翻译：物联网（IoT）是当今发展最快的网络范式之一，支撑着大量造福人类的应用程序。嵌入式系统技术与压缩IPv6的进步，使得资源受限的异构智能设备能够支持IP协议栈。然而，智能设备的全球连通性及资源受限特性使其易受各类内部与外部攻击，从而危及用户安全与隐私。与物联网相关的多种风险制约了其发展，并成为全球范围推广应用的一大障碍。在RFC 6550中，IETF的ROLL工作组为应对低功耗有损网络（6LoWPAN）的局限性，制定了IPv6路由协议（RPL），旨在保障该网络的高效路由。由于物联网节点具有资源受限的本质特征，RPL易遭受诸多攻击，这些攻击会消耗节点资源并降低网络性能。本文针对各类攻击及其现有防御方案（尤以RPL为焦点）展开研究，同时探讨了RPL安全领域的关键开放性问题、挑战及未来发展方向。为便于理解，本文基于资源、拓扑和流量等核心属性，构建了RPL攻击分类体系。此外，本文还对现有文献提出的跨层防御方案及基于RPL特定网络层的防御方案进行了分析。