Xianghui Cao,Devu Manikantan Shila,Yu Cheng,Zequ Yang,Yang Zhou,Jiming Chen

DOI: https://doi.org/10.1109/jiot.2016.2516102

IF: 10.6

2016-01-01

IEEE Internet of Things Journal

Abstract:ZigBee has been widely recognized as an important enabling technique for Internet of Things (IoT). However, the ZigBee nodes are normally resource-limited, making the network susceptible to a variety of security threats. This paper closely investigates a severe attack on ZigBee networks termed as ghost, which leverages the underlying vulnerabilities of the IEEE 802.15.4 security suites to deplete the energy of the nodes. We show that the impact of ghost is very large and that it can facilitate a variety of threats including denial of service and replay attacks. We highlight that merely deploying a standard suite of advanced security techniques does not necessarily guarantee improved security, but instead might be leveraged by adversaries to cause severe disruption in the network. We propose several recommendations on how to localize and withstand the ghost and other related attacks in ZigBee networks. Extensive simulations are provided to show the impact of the ghost and the performance of the proposed recommendations. Moreover, physical experiments also have been conducted and the observations confirm the severity of the impact by the ghost attack. We believe that the presented work will aid the researchers to improve the security of ZigBee further.

Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Wenyuan Xu,Timothy Wood,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1145/1023646.1023661

2004-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch denial of service (DoS) attacks. One form of denial of service is targeted at preventing sources from communicating. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this paper we present two strategies that may be employed by wireless devices to evade a MAC/PHY-layer jamming-style wireless denial of service attack. The first strategy, channel surfing, is a form of spectral evasion that involves legitimate wireless devices changing the channel that they are operating on. The second strategy, spatial retreats, is a form of spatial evasion whereby legitimate mobile devices move away from the locality of the DoS emitter. We study both of these strategies for three broad wireless communication scenarios: two-party radio communication, an infrastructured wireless network, and an ad hoc wireless network. We evaluate several of our proposed strategies and protocols through ns-2 simulations and experiments on the Berkeley mote platform.

Wenyuan Xu,Wade Trappe,Yanyong Zhang,Timothy Wood

DOI: https://doi.org/10.1145/1062689.1062697

2005-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch jamming-style attacks. These attacks can be easily accomplished by an adversary emitting radio frequency signals that do not follow an underlying MAC protocol. Jamming attacks can severely interfere with the normal operation of wireless networks and, consequently, mechanisms are needed that can cope with jamming attacks. In this paper, we examine radio interference attacks from both sides of the issue: first, we study the problem of conducting radio interference attacks on wireless networks, and second we examine the critical issue of diagnosing the presence of jamming attacks. Specifically, we propose four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. We then discuss different measurements that serve as the basis for detecting a jamming attack, and explore scenarios where each measurement by itself is not enough to reliably classify the presence of a jamming attack. In particular, we observe that signal strength and carrier sensing time are unable to conclusively detect the presence of a jammer. Further, we observe that although by using packet delivery ratio we may differentiate between congested and jammed scenarios, we are nonetheless unable to conclude whether poor link utility is due to jamming or the mobility of nodes. The fact that no single measurement is sufficient for reliably classifying the presence of a jammer is an important observation, and necessitates the development of enhanced detection schemes that can remove ambiguity when detecting a jammer. To address this need, we propose two enhanced detection protocols that employ consistency checking. The first scheme employs signal strength measurements as a reactive consistency check for poor packet delivery ratios, while the second scheme employs location information to serve as the consistency check. Throughout our discussions, we examine the feasibility and effectiveness of jamming attacks and detection schemes using the MICA2 Mote platform.

Wenyuan Xu,Ke Ma,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1109/mnet.2006.1637931

IF: 10.294

2006-01-01

IEEE Network

Abstract:Wireless sensor networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming, attacks that effectively cause a denial of service of either transmission or reception functionalities. These attacks can easily be accomplished by an adversary by either bypassing MAC-layer protocols or emitting a radio signal targeted at jamming a particular channel. In this article we survey different jamming attacks that may be employed against a sensor network. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. We highlight the challenges associated with detecting jamming. To cope with jamming, we propose two different but complementary approaches. One approach is to simply retreat from the interferer which may be accomplished by either spectral evasion (channel surfing) or spatial evasion (spatial retreats). The second approach aims to compete more actively with the interferer by adjusting resources, such as power levels and communication coding, to achieve communication in the presence of the jammer.

QI Nan,HAN Bo,LI Ping

DOI: https://doi.org/10.3969/j.issn.1001-4551.2007.02.008

2007-01-01

Abstract:ZigBee is a new wireless network technology.On the platform of this experiment,some key issues were introduced on how to build intelligent home wireless sensor network using ZigBee.And the protocol of the wireless network stack and network topology were also analyzed.

Fadi Farha,Huansheng Ning,Weishan Zhang,Kim-Kwang Raymond Choo,shunkun yang,Jiabo xu

DOI: https://doi.org/10.1109/tmc.2020.3006905

IF: 6.075

2020-01-01

IEEE Transactions on Mobile Computing

Abstract:ZigBee is one of the communication protocols used in the Internet of Things (IoT) applications. In typical deployment scenarios involving low-cost and low-power IoT devices, many communication features are disabled, consequently affecting the security offered by ZigBee. The ZigBee specification assumes that deployment of frame counters is sufficient to mitigate replay attacks in secure ZigBee networks. However, we demonstrate that it is insufficient in this paper (i.e., the network is no longer secure after the coordinator restarts). As a countermeasure, we present a timestamp-based scheme to mitigate replay attacks. Our mitigation strategy does not consume power significantly, and fully powered devices will be responsible for providing power-constrained devices with the current timestamp. The proposed scheme is designed for all ZigBee topologies and different states of ZigBee End Devices (ZEDs). Findings from our evaluation show that the proposed scheme can successfully mitigate replay attacks, with no significant network performance degradation even assuming a worst-case scenario (i.e., many devices are sending data simultaneously).

computer science, information systems,telecommunications

Jun Huang,Guoliang Xing,Gang Zhou,Ruogu Zhou

DOI: https://doi.org/10.1109/icnp.2010.5762779

2010-01-01

Abstract:Recent years have witnessed the increasing adoption of ZigBee technology for performance-sensitive applications such as wireless patient monitoring in hospitals. However, operating in unlicensed ISM bands, ZigBee devices often yield unpredictable throughput and packet delivery ratio due to the interference from ever increasing WiFi hotspots in 2.4 GHz band. Our empirical results show that, although WiFi traffic contains abundant white space, the existing coexistence mechanisms such as CSMA are surprisingly inadequate for exploiting it. In this paper, we propose a novel approach that enables ZigBee links to achieve assured performance in the presence of heavy WiFi interference. First, based on statistical analysis of real-life network traces, we present a Pareto model to accurately characterize the white space in WiFi traffic. Second, we analytically model the performance of a ZigBee link in the presence of WiFi interference. Third, based on the white space model and our analysis, we develop a new ZigBee frame control protocol called WISE, which can achieve desired trade-offs between link throughput and delivery ratio. Our extensive experiments on a testbed of 802.11 netbooks and 802.15.4 TelosB motes show that, in the presence of heavy WiFi interference, WISE achieves 4× and 2× performance gains over B-MAC and a recent reliable transmission protocol, respectively, while only incurring 10.9% and 39.5% of their overhead.

Vladimir Shakhov,Insoo Koo

DOI: https://doi.org/10.3390/s18061849

2018-06-06

Abstract:The emerging Internet of Things (IoT) has great potential; however, the societal costs of the IoT can outweigh its benefits. To unlock IoT potential, there needs to be improvement in the security of IoT applications. There are several standardization initiatives for sensor networks, which eventually converge with the Internet of Things. As sensor-based applications are deployed, security emerges as an essential requirement. One of the critical issues of wireless sensor technology is limited sensor resources, including sensor batteries. This creates a vulnerability to battery-exhausting attacks. Rapid exhaustion of sensor battery power is not only explained by intrusions, but can also be due to random failure of embedded sensor protocols. Thus, most wireless sensor applications, without tools to defend against rash battery exhausting, would be unable to function during prescribed times. In this paper, we consider a special type of threat, in which the harm is malicious depletion of sensor battery power. In contrast to the traditional denial-of-service attack, quality of service under the considered attack is not necessarily degraded. Moreover, the quality of service can increase up to the moment of the sensor set crashes. We argue that this is a distinguishing type of attack. Hence, the application of a traditional defense mechanism against this threat is not always possible. Therefore, effective methods should be developed to counter the threat. We first discuss the feasibility of rash depletion of battery power. Next, we propose a model for evaluation of energy consumption when under attack. Finally, a technique to counter the attack is discussed.

Khandaker Foysal Haque,Ahmed Abdelgawad,Kumar Yelamarthi

DOI: https://doi.org/10.3390/s22093245

IF: 3.9

2022-04-23

Sensors

Abstract:The recent development of wireless communications has prompted many diversified applications in both industrial and medical sectors. Zigbee is a short-range wireless communication standard that is based on IEEE 802.15.4 and is vastly used in both indoor and outdoor applications. Its performance depends on networking parameters, such as baud rates, transmission power, data encryption, hopping, deployment environment, and transmission distances. For optimized network deployment, an extensive performance analysis is necessary. This would facilitate a clear understanding of the trade-offs of the network performance metrics, such as the packet delivery ratio (PDR), power consumption, network life, link quality, latency, and throughput. This work presents an extensive performance analysis of both the encrypted and unencrypted Zigbee with the stated metrics in a real-world testbed, deployed in both indoor and outdoor scenarios. The major contributions of this work include (i) evaluating the most optimized transmission power level of Zigbee, considering packet delivery ratio and network lifetime; (ii) formulating an algorithm to find the network lifetime from the measured current consumption of packet transmission; and (iii) identifying and quantizing the trade-offs of the multi-hop communication and data encryption with latency, transmission range, and throughput.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mahyar TajDini,Volodymyr Sokolov,Volodymyr Buriachok

DOI: https://doi.org/10.48550/arXiv.1906.10878

2019-06-26

Cryptography and Security

Abstract:The article presents a method of organizing men-in-the-middle attack and penetration test on Bluetooth Low Energy devices and ZigBee packets using software define radio with sniffing and spoofing packets, capture and analysis techniques on wireless waves with the focus on Bluetooth. The paper contains the analysis of the latest scientific work in this area, provides a comparative analysis of SDRs and the rationale for the choice of hardware, gives the sequence of actions for collecting wireless data packets and data collection from ZigBee and BLE devices, and analyzes ways to improve captured wireless packet analysis techniques. For the study collected experimental setup, the results of which are analyzed in real time. The collected wireless data packets are compared with those sent. The result of the experiment shows the weaknesses of local wireless networks.

Demin Gao,Shuai Wang,Yunhuai Liu,Wenchao Jiang,Zhijun Li,Tian He

DOI: https://doi.org/10.1016/j.comcom.2021.06.017

IF: 5.047

2021-09-01

Computer Communications

Abstract:<p>Cross-Technology Communication(CTC) enables that WiFi devices can talk to ZigBee devices directly without any hardware changes or gateway equipment, and WiFi occupies a much wider bandwidth (20MHz) than ZigBee (2MHz), which sheds the light on spoofing-jamming attack based on CTC, where a WiFi device, as a sophisticated attacker spoofs or jams an area in which multiple-channels sensor network operating. In this work, we attempt to emulate two ZigBee frames under different frequencies within a single WiFi frame by controlling non-continuous bands of subcarriers. In other words, a WiFi device can independently communicate with the ZigBee devices operating in two channels. In a different perspective, the application based on CTC will be significantly impaired when CTC suffers from malicious attacks such as spoofing or jamming. In our work, we implement a parallel spoofing system, called SamBee, that can spoof the ZigBee devices operating in two different channels or jam the ZigBee devices operating in five distinct channels simultaneously only using a single WiFi frame, which causes maximum damage to the network in term of corrupted communication links with low cost. We implement our design based on a USRP-N210 and MICAz hybrid platform, the results show that parallel spoofing attacks and multiple-channels jamming attacks based on CTC is feasible, and our results also provide valuable insights about the associated defense mechanisms on achieving desirable performance.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Yang,Qin Wang,Yadong Wan,Yue Qi

DOI: https://doi.org/10.1504/ijes.2017.10008941

2017-01-01

International Journal of Embedded Systems

Abstract:Time synchronisation is very crucial in many wireless sensor network applications especially in industrial wireless networks. The current industrial wireless standards all use TDMA-based channel-sharing protocols on the medium access control (MAC) layer. If an adversary launches time synchronisation attacks to the industrial wireless networks, the whole networks communication will be paralysed. However, the time synchronisation is insufficient to be protected in the current industrial wireless standards which based on IEEE802.15.4e standard. So it is important to study in depth the time synchronisation method of attack and defense in IEEE802.15.4e networks. In this paper we give a survey of time synchronisation in IEEE802.15.4e networks and point out the possible attacks. They include ASN attack, message manipulation attack, node identity attack and pulse-delay attack. Then we propose some countermeasures against these attacks. Finally, we perform a series of experiments to evaluate the effectiveness of corresponding defences for the attacks. The experiment results show that the proposed mechanisms can successfully defend against these attacks. And the energy consumption of these defense methods are very low.

Alaa Allakany,Abeer Saber,Samih M Mostafa,Maazen Alsabaan,Mohamed I Ibrahem,Haitham Elwahsh

DOI: https://doi.org/10.3390/s23125703

2023-06-19

Abstract:The latest version of ZigBee offers improvements in various aspects, including its low power consumption, flexibility, and cost-effective deployment. However, the challenges persist, as the upgraded protocol continues to suffer from a wide range of security weaknesses. Constrained wireless sensor network devices cannot use standard security protocols such as asymmetric cryptography mechanisms, which are resource-intensive and unsuitable for wireless sensor networks. ZigBee uses the Advanced Encryption Standard (AES), which is the best recommended symmetric key block cipher for securing data of sensitive networks and applications. However, AES is expected to be vulnerable to some attacks in the near future. Moreover, symmetric cryptosystems have key management and authentication issues. To address these concerns in wireless sensor networks, particularly in ZigBee communications, in this paper, we propose a mutual authentication scheme that can dynamically update the secret key value of device-to-trust center (D2TC) and device-to-device (D2D) communications. In addition, the suggested solution improves the cryptographic strength of ZigBee communications by improving the encryption process of a regular AES without the need for asymmetric cryptography. To achieve that, we use a secure one-way hash function operation when D2TC and D2D mutually authenticate each other, along with bitwise exclusive OR operations to enhance cryptography. Once authentication is accomplished, the ZigBee-based participants can mutually agree upon a shared session key and exchange a secure value. This secure value is then integrated with the sensed data from the devices and utilized as input for regular AES encryption. By adopting this technique, the encrypted data gains robust protection against potential cryptanalysis attacks. Finally, a comparative analysis is conducted to illustrate how the proposed scheme effectively maintains efficiency in comparison to eight competitive schemes. This analysis evaluates the scheme's performance across various factors, including security features, communication, and computational cost.

Xiaolong Zheng,Zhichao Cao,Jiliang Wang,Yuan He,Yunhao Liu

DOI: https://doi.org/10.1145/2668332.2668334

2014-01-01

Abstract:ABSTRACTTo save energy, wireless sensor networks often run in a low duty cycle mode, where the radios of sensor nodes are scheduled between ON and OFF states. For nodes to communicate with each other, Low Power Listening (LPL) and Low Power Probing (LPP) are two types of rendezvous mechanisms. Nodes with LPL or LPP rely on signal strength or probe packets to detect potential transmissions, and then keep the radio-on for communications. Unfortunately, in many cases, signal strength and probe packets are susceptible to interference, resulting in undesirable radio on time when the signal strength of interference is above a threshold or a probe packet is interfered. To address the issue, we propose ZiSense, an energy efficient rendezvous mechanism which is resilient to interference. Instead of checking the signal strength or decoding the probe packets, ZiSense detects the existence of ZigBee transmissions and wakes up nodes accordingly. On sensor nodes with limited information and resource, we carefully study and extract short-term features purely from the time-domain RSSI sequence, and design a rule-based approach to efficiently identify the existence of ZigBee. We theoretically analyze the benefit of ZiSense in different environments and implement a prototype in TinyOS with TelosB motes. We examine ZiSense performance under controlled interference and office environments. The evaluation results show that, compared with state-of-the-art rendezvous mechanisms, ZiSense significantly reduces the energy consumption.

Xiang GAO,Yongli DENG,Yuanyuan Lü,Qiyong LU

DOI: https://doi.org/10.3969/j.issn.1004-1699.2014.11.017

2014-01-01

Abstract:ZigBee technology is one of the important techniques for wireless sensor network. Among the implements of ZigBee,Z-Stack is one of the software architecture released by TI Corporation,which has been widely used. The article used CC2530 as hardware platform and Z-Stack as software platform to analyze Z-Stack. It points out that there is power consumption issue on current Z-Stack in practical use. The corresponding power-saving algorithms are also put forward. They are power optimization algorithm for end-device nodes and low power consumption routing al-gorithm for router nodes. Both algorithms are verified by experiments. The results show that the power-saving algo-rithms based on Z-Stack proposed in the article can save power consumption effectively when the nodes work and then improve the overall life of the network.

Yingxiao Sun,Zhenquan Qin,Junyu Hu,Lei Wang,Jiaxin Du,Yan Ren

DOI: https://doi.org/10.1007/978-3-319-94268-1_37

2018-01-01

Abstract:The unlicensed ISM spectrum is becoming increasingly populated by ubiquitous wireless networks, such coexistence can inevitably incur the cross-technology interference (CTI) for the scarcity of spectrum resources. Existing approaches for defending against such interferences often modify hardware condition, which can be ineffective when encountering with the massive deployment of legacy ZigBee devices and uncertain WiFi APs. In this paper, we build an Adaptive Transmission Estimation (ATE) model to mitigate the negative effect on ZigBee side based on a channel quality quantification metric called Channel Idle Degree (CID) and logistic regression, which can indicate ZigBee devices to adjust packet rate efficiently. Particularly, our mechanism that is a lightweight, and software-level approach without any modification on the hardware of devices, can be easily implemented on the off-the-shelf ZigBee devices. Extensive experimental results show that, under the coverage of different WiFi traffic, our lightweight mechanism can achieve 4x and 1.5x performance gains over WISE and CII. Particularly, when WiFi traffic is 4 Mbps, we can still obtain over 90%. Furthermore, the energy consumption efficiency can be reduced markedly.

Christopher Vattheuer,Charlie Liu,Ali Abedi,Omid Abari

DOI: https://doi.org/10.48550/arXiv.2301.07202

2023-01-18

Abstract:Home security systems have become increasingly popular since they provide an additional layer of protection and peace of mind. These systems typically include battery-powered motion sensors, contact sensors, and smart locks. Z-Wave is a very popular wireless communication technology for these low-power systems. In this paper, we demonstrate two new attacks targeting Z-Wave devices. First, we show how an attacker can remotely attack Z-Wave security devices to increase their power consumption by three orders of magnitude, reducing their battery life from a few years to just a few hours. Second, we show multiple Denial of Service (DoS) attacks which enables an attacker to interrupt the operation of security systems in just a few seconds. Our experiments show that these attacks are effective even when the attacker device is in a car 100 meters away from the targeted house.

Cryptography and Security,Networking and Internet Architecture

Fanfan Ding,Zhiqian Bo,Dahai Zhang,Xin Chen,Xinzhou Dong,Shenxing Shi

DOI: https://doi.org/10.1109/drpt.2015.7432668

2015-01-01

Abstract:This paper introduces the basic structure and functions of the Intelligent Protection Center, and besides, it describes rapid reconstruction of power grid and rapid recovery of communication channel, both based on the Intelligent Protection Center. In this paper, we have compared the characteristics of various wireless communication modes and discussed unique advantages of ZigBee technology in reconstructing of power system after disaster. We intentionally proposed the rebuilding of the wireless channel based on the ZigBee technology for "information island" where there was not any circuitous channel around, and have carried out the simulation about this project.

Chieh-Jan Mike Liang,Bodhi Priyantha,Jie Liu,Andreas Terzis

DOI: https://doi.org/10.1145/1869983.1870014

2010-01-01

Abstract:Frequency overlap across wireless networks with different radio technologies can cause severe interference and reduce communication reliability. The circumstances are particularly unfavorable for ZigBee networks that share the 2.4 GHz ISM band with WiFi senders capable of 10 to 100 times higher transmission power. Our work first examines the interference patterns between ZigBee and WiFi networks at the bit-level granularity. Under certain conditions, ZigBee activities can trigger a nearby WiFi transmitter to back off, in which case the header is often the only part of the Zig-Bee packet being corrupted. We call this the symmetric interference regions, in comparison to the asymmetric regions where the ZigBee signal is too weak to be detected by WiFi senders, but WiFi activity can uniformly corrupt any bit in a ZigBee packet. With these observations, we design BuzzBuzz to mitigate WiFi interference through header and payload redundancy. Multi-Headers provides header redundancy giving ZigBee nodes multiple opportunities to detect incoming packets. Then, TinyRS, a full-featured Reed Solomon library for resource-constrained devices, helps decoding polluted packet payload. On a medium-sized testbed, BuzzBuzz improves the ZigBee network delivery rate by 70%. Furthermore, BuzzBuzz reduces ZigBee retransmissions by a factor of three, which increases the WiFi throughput by 10%.