6533b82ffe1ef96bd1294eb0

RESEARCH PRODUCT

Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned

Pekka ToivanenJ. L. Patino-andresKeijo HaatajaN. VidgrenJ. J. Ramirez-sanchis

subject

business.industryComputer scienceProcess (engineering)SIGNAL (programming language)Computer securitycomputer.software_genreWireless securitySecurity serviceVulnerability evaluationComputerSystemsOrganization_SPECIAL-PURPOSEANDAPPLICATION-BASEDSYSTEMSbusinesscomputerKey exchangeComputer networkNeuRFon

description

In this paper, two practical attacks against ZigBee security are proposed and the latter one is also carried out in our laboratory environment. The attack scenarios are based on utilizing several vulnerabilities found from the main security components of ZigBee technology. The first attack is based on sabotaging the ZigBee End-Device by sending a special signal that makes it wake-up constantly until the battery runs out. The second attack is based on exploiting the key exchange process in ZigBee when using the Standard Security level defined by the ZigBee specification: we also demonstrate with experimental figures that attacks against ZigBee-enabled devices become practical by using our attack scenario. In addition, countermeasures that render the proposed attacks impractical, although not totally eliminating their potential danger, are devised. Moreover, some new ideas that will be used in our future research work are proposed.

yearjournalcountryeditionlanguage
2013-01-012013 46th Hawaii International Conference on System Sciences
https://doi.org/10.1109/hicss.2013.475