Skip to main content
Springer Nature Link
Log in

Attacking and securing beacon-enabled 802.15.4 networks

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

The IEEE 802.15.4 standard has attracted time-critical applications in wireless sensor networks because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS management scheme’s security mechanisms still leave the 802.15.4 medium access control vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 networks either focus on nonbeacon-enabled 802.15.4 networks or cannot defend against insider attacks for beacon-enabled 802.15.4 networks. In this paper, we illustrate this by demonstrating attacks on the availability and integrity of the beacon-enabled 802.15.4 network. To confirm the validity of the attacks, we implement the attacks using Tmote Sky motes for wireless sensor nodes, where the malicious node is deployed as an inside attacker. We show that the malicious node can freely exploit information retrieved from the beacon frames to compromise the integrity and availability of the network. To defend against these attacks, we present BCN-Sec, a protocol that ensures the integrity of data and control frames in beacon-enabled 802.15.4 networks. We implement BCN-Sec, and show its efficacy during various attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19

Similar content being viewed by others

Notes

  1. Including the SCT inside of the MIC as opposed to transmitting an encrypted nonce in the frame can lead to synchronization problems if packets are lost. However, since beacon-enabled 802.15.4 uses link-layer acknowledgments and retransmissions, the chance of losing synchronization is minimal.

  2. We assume that the PC is more powerful and has storage requirements for the key chain (e.g., shimmer [36]) since the PC is required to store the entire key chains. The storage requirements for the LNs is minimal (e.g., only one key for unicast authentication and the last key(s) of one-way key chains).

  3. It is also important to note that the current implementation can be extended to defend against a birthday attack as in [15].

  4. The difference of the interval during BCN-Sec enabled compared to 265 ms of the No Attack phase is 12 ms because of the processing overhead added by BCN-Sec

References

  1. Alim, M. A.,& Sarikaya, B. (2008). EAP-Sens: A security architecture for wireless sensor networks. In Proceedings of the 4th annual international conference on wireless internet (WICON ’08). ICST, ICST, Brussels, Belgium.

  2. Amini, F., Misic, J., & Pourreza, H. (2008). Detection of sybil attack in beacon enabled IEEE 802.15.4 networks. In Proceedings of the international wireless communications and mobile computing conference.

  3. Anisi, M., Abdullah, A., & Razak, S. (2013). Energy-efficient and reliable data delivery in wireless sensor networks. Wireless Networks, 19(4), 495–505.

    Article  Google Scholar 

  4. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. (2004). Extensible authentication protocol EAP. http://tools.ietf.org/html/rfc3748

  5. Chen, F., Talanis, T., German, R., & Dressler, F. (2009). Real-time enabled IEEE 802.15.4 sensor networks in industrial automation. In IEEE international symposium on industrial embedded systems, 2009. SIES ’09 (pp. 136–139).

  6. Clancy, T., & Tschofenig, H. (2009). Extensible authentication protocol: Generalized pre-shared key EAP-GPSK method. http://tools.ietf.org/html/rfc5433

  7. Demirbas, M., & Song, Y. (2006). An RSSI-based scheme for sybil attack detection in wireless sensor networks. In Proceedings of the international symposium on world of wireless mobile and multimedia networks.

  8. Deutsch, L. P. (2011). http://sourceforge.net/projects/libmd5-rfc/files/latest/download?source=files

  9. Douceur, J. R. (2002). The sybil attack. In Proceedings of the 1st international workshop on peer-to-peer systems (IPTPS’02). New York, NY: IPTPS.

  10. Du, W., Deng, J., Han, Y., Chen, S., & Varshney, P. (2004). A key management scheme for wireless sensor networks using deployment knowledge. In Proceedings of the 23rd annual joint conference of the IEEE computer and communications societies (INFOCOM 2004).

  11. Du, W., Deng, J., Han, Y. S., & Varshney, P. K. (2003) A pairwise key pre-distribution scheme for wireless sensor networks. In Proceedings of the 10th ACM conference on computer and communications security. New York, NY: ACM.

  12. Eschenauer, L., & Gligor, V. D. (2002). A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM conference on computer and communications security, CCS ’02 (pp. 41–47). New York, NY: ACM.

  13. Hayajneh, T., Almashaqbeh, G., Ullah, S., & Vasilakos, A. (2014). A survey of wireless technologies coexistence in WBAN: Analysis and open research issues. Wireless Networks, 1–35.

  14. Herbert, H., & Frankel, S. (2003). The AES-XCBC-MAC-96 algorithm and its use with IPsec. http://www.faqs.org/rfcs/rfc3566.html

  15. Hu, Y. C., Jakobsson, M., & Perrig, A. (2005). Efficient constructions for one-way hash chains. InProceedings of the 3rd international conference on applied cryptography and network security, ACNS’05 (pp. 423–441). Berlin: Springer.

  16. IEEE P802.15 Working Group. (2006). Wireless medium access control and physical layer specications for low-rate wireless personal area networks. IEEE Standard, 802.15.4-2006. ISBN 0-7381-4997-7.

  17. Jung, S. S., Valero, M., Bourgeois, A., & Beyah, R. (2010). Attacking beacon-enabled 802.15.4 networks. In SecureComm ’10: Proceedings of the 6th international ICST conference on security and privacy in communication networks. Berlin: Springer.

  18. Jung, S. S., Valero, M., Bourgeois, A., & Beyah, R. (2012). Attacking and securing beacon-enabled 802.15.4 networks. Technical Report GT-ECE-CAP-12-02, Georgia Institute of Technology.

  19. Karlof, C., Sastry, N., & Wagner, D. (2004). TinySec: A link layer security architecture for wireless sensor networks. In Proceedings of the 2nd international conference on embedded networked sensor systems (SenSys ’04). New York, NY: ACM.

  20. Karlof, C., & Wagner, D. (2003). Secure routing in wireless sensor networks: Attacks and countermeasures. In Proceedings of the 1st IEEE. 2003 IEEE international workshop on sensor network protocols and applications.

  21. Koubaa, A., Alves, M., & Tovar, E. (2006). GTS allocation analysis in IEEE 802.15.4 for real-time wireless sensor networks. In Parallel and distributed processing symposium, 2006. IPDPS 2006. 20th international (p. 8).

  22. Koubaa, A., Alves, M., & Tovar, E. (2006). i-GAME: An implicit GTS allocation mechanism in IEEE 802.15.4 for time-sensitive wireless sensor networks. In 18th Euromicro conference on real-time systems, 2006 (p. 10), pp. 192.

  23. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24, 770–772.

    Article  Google Scholar 

  24. Liu, D., & Ning, P. (2003). Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM conference on computer and communications security. New York, NY: ACM.

  25. Lorincz, K., Malan, D. J., Fulford-Jones, T. R. F., Nawoj, A., Clavel, A., Shnayder, V., et al. (2004). Sensor networks for emergency response: Challenges and opportunities. IEEE Pervasive Computing, 3(4), 16–23.

    Article  Google Scholar 

  26. Luk, M., Mezzour, G., Perrig, A., & Gligor, V. (2007). MiniSec: A secure sensor network communication architecture. In Proceedings of the 6th international conference on information processing in sensor networks (IPSN ’07). New York, NY: ACM.

  27. Mehta, A., Bhatti, G., Sahinoglu, Z., Viswanathan, R., & Zhang, J. (2009). Performance analysis of beacon-enabled IEEE 802.15.4 MAC for emergency response applications. In 2009 IEEE 3rd international symposium on advanced networks and telecommunication systems (ANTS), (pp. 1–3).

  28. Mishra, A., Na, C., & Rosenburgh, D. (2007). On scheduling guaranteed time slots for time sensitive transactions in IEEE 802.15.4 networks. In Proceedings of military communications conference, 2007. MILCOM 2007. IEEE.

  29. Moteiv.com: Tmote-Sky-datasheet. (2006). http://www.moteiv.com

  30. Open-zb.net. (2011). http://www.open-zb.net/

  31. Park, P., Fischione, C., & Johansson, K. (2009). Performance analysis of GTS allocation in beacon enabled IEEE 802.15.4. In 6th Annual IEEE communications society conference on sensor, mesh and ad hoc communications and networks, 2009, SECON ’09 (pp. 1–9).

  32. Perrig, A., Szewczyk, R., Wen, V., Culler, D., & Tygar, J. D. (2001) SPINS: Security protocols for sensor networks. In Proceedings of the 7th annual international conference on Mobile computing and networking (MobiCom ’01). New York, NY: ACM.

  33. Roosta, T., Shieh, S., & Sastry, S. (2006). Taxonomy of security attacks in sensor networks and countermeasures. In Proceedings of the 1st IEEE international conference on system integration and reliability improvements.

  34. Sastry, N., & Wagner, D. (2004). Security considerations for IEEE 802.15.4 networks. In Proceedings of the 3rd ACM workshop on wireless security (WiSe ’04). New York, NY: ACM.

  35. Shen, W., Zhang, T., Gidlund, M., & Dobslaw, F. (2013). SAS-TDMA: A source aware scheduling algorithm for real-time communication in industrial wireless sensor networks. Wireless Networks, 19(6), 1155–1170.

    Article  Google Scholar 

  36. Shimmer Research.com. (2011). Shimmer research homepage. http://www.shimmer-research.com/

  37. Sokullu, R., Dagdeviren, O., & Korkmaz, I. (2008). On the IEEE 802.15.4 MAC layer attacks: GTS attack. In Proceedings of 2nd international conference on sensor technologies and applications (SENSORCOMM ’08).

  38. Texas Instruments Inc. (2011). 2.4 GHz IEEE 802.15.4 / ZigBee-ready RF Transceiver chipcon Products from Texas Instruments. http://focus.ti.com/docs/toolsw/folders/print/packet-sniffer.html

  39. Texas Instruments Inc. (2011). SmartRF Packet Sniffer User Manual Rev. 1.9. http://focus.ti.com/docs/toolsw/folders/print/packet-sniffer.html

  40. Texas Instruments Inc. User Manual Rev. 1.0 CC2420DK Development Kit. http://focus.ti.com/lit/ug/swru045/swru045

  41. TinyOS.net. (2011). http://www.tinyos.net/

  42. Yang, J., Chen, Y., & Trappe, W. (2008). Detecting sybil attacks in wireless and sensor networks using cluster analysis. In Proceedings of the 5th IEEE international conference on mobile ad hoc and sensor systems.

  43. Zhang, Q., Wang, P., Reeves, D., & Ning, P. (2005) . Defending against sybil attacks in sensor networks. In Proceedings of the 25th IEEE international conference on distributed computing systems workshops.

  44. Zhu, S., Setia, S., & Jajodia, S. (2003). LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In CCS ’03: Proceedings of the 10th ACM conference on computer and communications security, (pp. 62–72). New York, NY: ACM.

Download references

Acknowledgments

This work was partly supported by NSF Grant No. CAREER-CNS-844144.

Author information

Authors and Affiliations

  1. CAP Research Group, School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, 30332, USA

    Sang Shin Jung & Raheem Beyah

  2. Department of Computer Science, Georgia State University, Atlanta, GA, 30303, USA

    Marco Valero & Anu Bourgeois

Authors
  1. Sang Shin Jung
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Marco Valero
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Anu Bourgeois
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Raheem Beyah
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Sang Shin Jung.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jung, S.S., Valero, M., Bourgeois, A. et al. Attacking and securing beacon-enabled 802.15.4 networks. Wireless Netw 21, 1517–1535 (2015). https://doi.org/10.1007/s11276-014-0855-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-014-0855-2

Keywords