Abstract
This paper has presented three insiders attacks on Zigbee protocol – a protocol used for wireless communication for the Internet of Thing (IoT) devices. The end- user’s communication in IoT networks are sensor oriented as the user objects in IoT networks are embedded with sensors and actuators. Most of the sensors communicate with wireless medium among which many of them use Zigbee protocol. Security is an important element of IoT objects to protect user’s privacy and counter malicious attacks but difficult to guarantee due to its limited capabilities, wireless communication and unpredicted users’ actions. In this paper, we have evaluated Zigbee protocol stack for security vulnerabilities which revealed security weakness of remote AT commands. By using remote AT commands in an IoT network, we have devised three successful insider attacks to make unauthorized change of the destination address of a packet, change of node ID, and the change of PAN ID. These attacks detail will be very useful for IoT researches and practitioners in the security domain to design appropriate countermeasures for Zigbee IoT networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fan, X., Susan, F., Long, W., Li, S.: Security Analysis of ZigBee. MIT Press, cambridge (2017)
Vaccari, I., Cambiaso, E., Aiello, M.: Remotely exploiting AT command attacks on ZigBee networks. Secur. Commun. Networks 2017, 1–9 (2017)
Baronti, P., Pillai, P., Chook, V.W., Chessa, S., Gotta, A., Hu, Y.F.: Wireless sensor networks: a survey on the state of the art and the 802.15. 4 and ZigBee standards. Comput. Commun. 30(7), 1655–1695 (2007)
Wright, J.: Killerbee: practical zigbee exploitation framework (2009)
Stelte, B., Rodosek, G.D.: Thwarting attacks on zigbee-removal of the killerbee stinger. In: Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013), pp. 219–226. IEEE (2013)
Biswas, A., Alkhalid, A., Kunz, T., Lung, C.-H.: A lightweight defence against the packet in packet attack in ZigBee networks. In: 2012 IFIP Wireless Days, pp. 1–3. IEEE (2012)
Cambiaso, E., Papaleo, G., Chiola, G., Aiello, M.: Slow DoS attacks: definition and categorisation. Int. J. Trust Manag. Comput. Commun. 1(3–4), 300–319 (2013)
Suo, H., Wan, J., Zou, C., Liu, J.: Security in the internet of things: a review. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 3, pp. 648–651. IEEE (2012)
Jhaveri, R.H., Patel, S.J., Jinwala, D.C.: DoS attacks in mobile ad hoc networks: a survey. In: 2012 Second International Conference on Advanced Computing & Communication Technologies, pp. 535–541. IEEE (2012)
Kandoi, R., Antikainen, M.: Denial-of-service attacks in OpenFlow SDN networks. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1322–1326. IEEE (2015)
Shila, D.M., Cao, X., Cheng, Y., Yang, Z., Zhou, Y., Chen, J.: Ghost-in-the-wireless: energy depletion attack on zigbee. arXiv preprint arXiv:1410.1613 (2014)
Vidgren, N., Haataja, K., Patino-Andres, J.L., Ramirez-Sanchis, J.J., Toivanen, P.: Security threats in ZigBee-enabled systems: vulnerability evaluation, practical experiments, countermeasures, and lessons learned. In: 2013 46th Hawaii International Conference on System Sciences, pp. 5132–5138. IEEE (2013)
Pacheco, L.A.B., Gondim, J.J.C., Barreto, P.A.S., Alchieri, E.: Evaluation of distributed denial of service threat in the internet of things. In: Proceedings of the 15th IEEE International Symposium on Network Computing and Applications, NCA 2016, pp. 89–92, November 2016
Li, H., Jia, Z., Xue, X.: Application and analysis of ZigBee security services specification. In: 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing, vol. 2, pp. 494–497. IEEE (2010)
Sastry, N., Wagner, D.: Security considerations for IEEE 802.15. 4 networks. In: Proceedings of the 3rd ACM Workshop on Wireless Security, pp. 32–42. ACM (2004)
Faludi, R.: BuildingWirelessSensorNetworks: with ZigBee, XBee, Arduino, and Processing, O’ReillyMedia Inc, Sebastopol (2010)
Digi International Inc. How XBee devices communicate (2019)
Ray, B., Huda, S., Chowdhury, M.U.: Smart RFID reader protocol for malware detection. In: 2011 12th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, Sydney, NSW, pp. 64–69 (2011)
McGinthy, J.M., Wong, L.J., Michaels, A.J.: Groundwork for neural network-based specific emitter identification authentication for IoT. IEEE Internet Things J. Early access Published on 03 April 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Piracha, W.A., Chowdhury, M., Ray, B., Rajasegarar, S., Doss, R. (2019). Insider Attacks on Zigbee Based IoT Networks by Exploiting AT Commands. In: Shankar Sriram, V., Subramaniyaswamy, V., Sasikaladevi, N., Zhang, L., Batten, L., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2019. Communications in Computer and Information Science, vol 1116. Springer, Singapore. https://doi.org/10.1007/978-981-15-0871-4_6
Download citation
DOI: https://doi.org/10.1007/978-981-15-0871-4_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0870-7
Online ISBN: 978-981-15-0871-4
eBook Packages: Computer ScienceComputer Science (R0)