zigator analyzing the security of zigbee enabled smart
play

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes - PowerPoint PPT Presentation

Oct 14, 2023 •224 likes •867 views

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis, Madhumitha Harishankar, Michael Weber, and Patrick Tague Carnegie Mellon University ACM WiSec 2020 Motivation Smart home network security affects

  1. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis, Madhumitha Harishankar, Michael Weber, and Patrick Tague Carnegie Mellon University ACM WiSec 2020

  2. Motivation • Smart home network security affects the physical security of residents Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 2

  3. Motivation • Smart home network security affects the physical security of residents • Zigbee supports two security models: • Distributed ⇒ recommended for ease of use • Centralized ⇒ recommended for higher security Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 2

  4. Motivation • Smart home network security affects the physical security of residents • Zigbee supports two security models: • Distributed ⇒ recommended for ease of use • Centralized ⇒ recommended for higher security • High-level view of a Zigbee packet without any security features: SYNC Header PHY Header MAC Header NWK Header APS Header APS Payload MAC Footer Defined by the Defined by the Defined by the Defined by the IEEE 802.15.4 Zigbee Alliance Zigbee Alliance IEEE 802.15.4 standard and Manufacturers standard Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 2

  5. Motivation • Smart home network security affects the physical security of residents • Zigbee supports two security models: • Distributed ⇒ recommended for ease of use • Centralized ⇒ recommended for higher security • High-level view of a Zigbee packet without any security features: SYNC Header PHY Header MAC Header NWK Header APS Header APS Payload MAC Footer Defined by the Defined by the Defined by the Defined by the IEEE 802.15.4 Zigbee Alliance Zigbee Alliance IEEE 802.15.4 standard and Manufacturers standard We study the security consequences of the design choice to disable MAC-layer security in centralized Zigbee networks Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 2

  6. Threat Model and Assumptions • Security objectives: • Authenticity, Integrity, Confidentiality, and Availability Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 3

  7. Threat Model and Assumptions • Security objectives: • Authenticity, Integrity, Confidentiality, and Availability • Assumptions: • The end user and their devices are trusted Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 3

  8. Threat Model and Assumptions • Security objectives: • Authenticity, Integrity, Confidentiality, and Availability • Assumptions: • The end user and their devices are trusted • The attacker is an outsider with potentially more powerful hardware • The attacker has no prior knowledge of any network key • The attacker is aware of the default Trust Center link key • The attacker may have access to a subset of install codes Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 3

  9. Threat Model and Assumptions • Security objectives: • Authenticity, Integrity, Confidentiality, and Availability • Assumptions: • The end user and their devices are trusted • The attacker is an outsider with potentially more powerful hardware • The attacker has no prior knowledge of any network key • The attacker is aware of the default Trust Center link key • The attacker may have access to a subset of install codes • We do not consider uncommon device configurations like low-power routers Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 3

  10. Threat Model and Assumptions • Security objectives: • Authenticity, Integrity, Confidentiality, and Availability • Assumptions: • The end user and their devices are trusted • The attacker is an outsider with potentially more powerful hardware • The attacker has no prior knowledge of any network key • The attacker is aware of the default Trust Center link key • The attacker may have access to a subset of install codes • We do not consider uncommon device configurations like low-power routers • Attacker’s goal: • Obtaining the network key from an already formed Zigbee network Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 3

  11. Security Analysis with Zigator Software-Defined Radio Ethernet PHY Monitoring 1 2 3 4 5 6 7 8 9 0 Zigator * # Packet Analysis USB Zigbee Network IEEE 802.15.4 USB Adapter Selective Jamming Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 4

  12. Our implementation of a selective jammer Frame on Air and Interrupts Waiting for RX_START Jammer’s State and Actions Time Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 5

  13. Our implementation of a selective jammer SHR Frame on Air and Interrupts Waiting for RX_START Jammer’s State and Actions Time Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 5

  14. Our implementation of a selective jammer SHR PHR Frame on Air and Interrupts Waiting for RX_START Jammer’s State and Actions Time Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 5

  15. Our implementation of a selective jammer SHR PHR MPDU Frame on Air and Interrupts RX_START Waiting for RX_START Checking Jamming Condition . . . Jammer’s State and Actions Read 1 byte and then wait 32 µs to read the next byte Time Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 5

  16. Our implementation of a selective jammer SHR PHR MPDU Frame on Air and Interrupts RX_START Waiting for RX_START Checking Jamming Condition Transmitting Jamming Packet . . . FORCE_PLL_ON SLP_TR Jammer’s State and Actions Read 1 byte and then wait 32 µs to read the next byte Time Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 5

  17. Our implementation of a selective jammer SHR PHR MPDU Frame on Air and Interrupts RX_START Waiting for RX_START Checking Jamming Condition Transmitting Jamming Packet Waiting for RX_START . . . FORCE_PLL_ON RX_ON SLP_TR Jammer’s State and Actions Read 1 byte and then wait 32 µs to read the next byte Time Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 5

  18. Combining Core Functionalities Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 6

  19. Combining Core Functionalities Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 6

  20. Combining Core Functionalities Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 6

  21. Combining Core Functionalities Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 6

  22. Combining Core Functionalities Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 6

  23. Experimental Setup • We captured packets that were generated from ten commercial Zigbee devices • We conducted eight experiments that differed in the smart hub that was used and the physical topology of the devices • Our experiments lasted about 34.644 hours in total and resulted in a dataset of 571,509 valid packets Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 7

  24. Inferring the Topology of a Zigbee Network • Log distinct pairs of source and destination addresses • Trivial identification of the Zigbee Coordinator ⇒ always 0x0000 0x0000 0x7de1 0x68d7 0x6231 0x2ffb 0x989f 0x957f 0x14c9 0x822c Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 8

  25. Identifying Logical Device Types ZR ZC A ZED Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 9

  26. Identifying Logical Device Types ZR 1. Beacon Request 1. Beacon Request ZC A 1. Beacon Request ZED Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 9

  27. Identifying Logical Device Types ZR 1. Beacon Request 2. Beacon 1. Beacon Request ZC A 2. Beacon 1. Beacon Request ZED Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 9

  28. Identifying Logical Device Types ZR ZR 1. Beacon Request 2. Beacon 1. Beacon Request ZC A ZC A 2. Beacon 1. Beacon Request ZED ZED Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 9

  29. Identifying Logical Device Types ZR ZR 1. Orphan Notification 1. Beacon Request 2. Beacon 1. Beacon Request 1. Orphan Notification ZC A ZC A 2. Beacon 1. Orphan Notification 1. Beacon Request ZED ZED Akestoridis et al. Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes ACM WiSec 2020 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Analysis of Zigbee Networks with Zigator and GNU Radio Dimitrios-Georgios Akestoridis,

Security Analysis of Zigbee Networks with Zigator and GNU Radio Dimitrios-Georgios Akestoridis,

Security Analysis of Zigbee Networks with Zigator and GNU Radio Dimitrios-Georgios Akestoridis, Madhumitha Harishankar, Michael Weber, and Patrick Tague Carnegie Mellon University GNU Radio Conference 2020 Introduction The Zigbee protocol

446 views • 27 slides
ZIGBEE SMART HOMES A HACKERS OPEN HOUSE ZIGBEE SMART HOMES TOBIAS ZILLNER ABOUT ME

ZIGBEE SMART HOMES A HACKERS OPEN HOUSE ZIGBEE SMART HOMES TOBIAS ZILLNER ABOUT ME

TOBIAS ZILLNER ZIGBEE SMART HOMES A HACKERS OPEN HOUSE ZIGBEE SMART HOMES TOBIAS ZILLNER ABOUT ME Senior IS Auditor @ Cognosec in Vienna Penetration Testing, Security Audits & Consulting IoT Security Research, Playing with

601 views • 56 slides
Networking with Zigbee and Emergent Behavior 5XID0, Week 2 ZigBee Communication standard for

Networking with Zigbee and Emergent Behavior 5XID0, Week 2 ZigBee Communication standard for

Networking with Zigbee and Emergent Behavior 5XID0, Week 2 ZigBee Communication standard for Sensor Networks Based on the IEEE 802.15.4 standard Developed by the ZigBee Alliance, www.zigbee.org IEEE 802.15.4 & ZigBee In Context

658 views • 27 slides
Low-power smart imagers for vision-enabled Low-power smart imagers for vision-enabled wireless

Low-power smart imagers for vision-enabled Low-power smart imagers for vision-enabled wireless

Low-power smart imagers for vision-enabled Low-power smart imagers for vision-enabled wireless sensor networks and a case study wireless sensor networks and a case study J. Fernndez-Berni, R. Carmona-Galn, . Rodrguez-Vzquez Institute

321 views • 30 slides
IoTSSC - ZigBee, Wi-Fi ZigBee Low power low rate personal area networking 10-20m range -

IoTSSC - ZigBee, Wi-Fi ZigBee Low power low rate personal area networking 10-20m range -

IoTSSC - ZigBee, Wi-Fi ZigBee Low power low rate personal area networking 10-20m range - why somewhat wider range? Zigbee operates in the 868MHz band in Europe (915MHz in the US and Australia) Multiple channels in 2.4GHz band also

756 views • 28 slides
Frequency Agility in a ZigBee Network for Smart Grid Application Peizhong Yi, Abiodun Iwayemi,

Frequency Agility in a ZigBee Network for Smart Grid Application Peizhong Yi, Abiodun Iwayemi,

ILLINOIS INSTITUTE OF TECHNOLOGY Frequency Agility in a ZigBee Network for Smart Grid Application Peizhong Yi, Abiodun Iwayemi, Chi Zhou Optical Wireless Integration Lab Electrical and Computer Engineering Department Illinois Institute of

405 views • 18 slides
Smart Medical Devices: Nano-enabled Sensors, Electronics, and On-demand Drug Delivery Pooria

Smart Medical Devices: Nano-enabled Sensors, Electronics, and On-demand Drug Delivery Pooria

Smart Medical Devices: Nano-enabled Sensors, Electronics, and On-demand Drug Delivery Pooria Mostafalu April 2019 Outline Introduction Closed loop smart medical devices Smart dressing for the wound care management: o Smart

137 views • 12 slides
OASIS Energy Interoperation with ZigBee Smart Energy 2: a proof sketch for interoperability

OASIS Energy Interoperation with ZigBee Smart Energy 2: a proof sketch for interoperability

OASIS Energy Interoperation with ZigBee Smart Energy 2: a proof sketch for interoperability William Cox, Cox Software Architects LLC wtcox@CoxSoftwareArchitects.com David Holmberg, NIST david.holmberg@nist.gov Don Sturek, Grid2Home

619 views • 12 slides
1 IEEE 802.15.4 PHY IEEE 802.15.4 PHY Features Receiver Energy Detection

1 IEEE 802.15.4 PHY IEEE 802.15.4 PHY Features Receiver Energy Detection

Structure of Presentation Introduction 8 0 2.15.4 and Zigbee IEEE 812.15.4 WPAN IEEE 802.15.4 PHY IEEE 802.15.4 MAC Zigbee Routing Layer Kevin Klues Department of Computer Science and Engineering 2 Introduction Zigbee and

863 views • 6 slides
Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya HAMADOUCHE , Jean-Louis LANET , Mohamed MEZGHICHE 1 LIMOSE Laboratory, University

898 views • 36 slides
Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin c.coltekin@rug.nl Information science/Informatiekunde Fall 2011/12 Security in Web applications Web, Databases & Security http://xkcd.com/327/ C . C

952 views • 47 slides
Improving performance for Improving performance for security enabled web security enabled web

Improving performance for Improving performance for security enabled web security enabled web

Improving performance for Improving performance for security enabled web security enabled web services services - Dr. Colm higeartaigh - Dr. Colm higeartaigh Agenda Introduction to Apache CXF WS-Security in CXF 3.0.0

490 views • 44 slides
Consumer-Oriented Integration of Smart Homes and Smart Grids A Case for Multicast-Enabled Home

Consumer-Oriented Integration of Smart Homes and Smart Grids A Case for Multicast-Enabled Home

Consumer-Oriented Integration of Smart Homes and Smart Grids A Case for Multicast-Enabled Home Gateways? Sebastian Meiling, Till Steinbach, Moritz Duge and Thomas C. Schmidt moritz.duge@haw-hamburg.de iNET RG, HAW Hamburg

424 views • 19 slides
A TVWS ZigBee Prototype Cognitive Plane Control Plane Application Protocol Plane Customer

A TVWS ZigBee Prototype Cognitive Plane Control Plane Application Protocol Plane Customer

A TVWS ZigBee Prototype Cognitive Plane Control Plane Application Protocol Plane Customer API James Jody Neel Security Propagation benefits ZigBee james.neel@crtwireless.com 32- / 64- / 128-bit encryption Alliance might enable

773 views • 24 slides
Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou Security Consultant Smart contract audits Nmap/Ncrack contributor Certs: OSCE, OSCP, OSWP Blockchain Basics Front Running

642 views • 30 slides
Lumos: Improving Smart Home IoT Visibility and Interoperability Through Analyzing Mobile Apps

Lumos: Improving Smart Home IoT Visibility and Interoperability Through Analyzing Mobile Apps

Lumos: Improving Smart Home IoT Visibility and Interoperability Through Analyzing Mobile Apps Jeongmin Kim * , Steven Y. Ko , Sooel Son * and Dongsu Han * KAIST * , University at Buffalo, The State University of New York, USA 1 Smart

802 views • 32 slides
The Community Contribution to BCs Provincial Strategy to Address HIV/AIDS Elayne Vlahaki, PAN

The Community Contribution to BCs Provincial Strategy to Address HIV/AIDS Elayne Vlahaki, PAN

The Community Contribution to BCs Provincial Strategy to Address HIV/AIDS Elayne Vlahaki, PAN Consultant PAN Fall Conference October 2013 The Community HIV/HCV Evaluation & Reporting Tool (CHERT) Figure 1. HIV cascade of prevention

166 views • 14 slides
pRedis: Penalty and Locality Aware Memory Allocation in Redis Cheng Pan , Zhenlin Wang Yingwei

pRedis: Penalty and Locality Aware Memory Allocation in Redis Cheng Pan , Zhenlin Wang Yingwei

pRedis: Penalty and Locality Aware Memory Allocation in Redis Cheng Pan , Zhenlin Wang Yingwei Luo, Xiaolin Wang Dept. of Computer Science, Dept. of CS, Peking University, Michigan Technological University Peng Cheng Laboratory, ICNLAB,

640 views • 35 slides
Approaches for Source Retrieval and Text Alignment of Plagiarism Detection Kong Leilei, Qi

Approaches for Source Retrieval and Text Alignment of Plagiarism Detection Kong Leilei, Qi

Approaches for Source Retrieval and Text Alignment of Plagiarism Detection Kong Leilei, Qi Haoliang, Du Cuixia, Wang Mingxing, Han Zhongyuan www.hljit.edu.cn PAN@CLEF2013 1 Who are we? 2 Who are we? 2 Who are we? 2 Who are we?

608 views • 49 slides
Bluetooth: Vision, Goals, and Architecture Haartsen, Allen, Inouye, Joeressen, Naghshineh Randy

Bluetooth: Vision, Goals, and Architecture Haartsen, Allen, Inouye, Joeressen, Naghshineh Randy

Bluetooth: Vision, Goals, and Architecture Haartsen, Allen, Inouye, Joeressen, Naghshineh Randy Chong CS 525mc S04 Wireless Applications Satellite Networks Wireless WAN 802.11 Wireless LAN Both have rigid applications and

245 views • 13 slides
Tobacco control and youth health as Pan-Canadian initiatives linking research, policy and

Tobacco control and youth health as Pan-Canadian initiatives linking research, policy and

Tobacco control and youth health as Pan-Canadian initiatives linking research, policy and practice UICC August 29, 2012 Barbara Riley, PhD, Executive Director briley@uwaterloo.ca (519) 888-4567 x37562 Founded by: The Propel Centre VISION

530 views • 14 slides
Why use GigaPans? Requires only a web browser No special software to install, compatible with

Why use GigaPans? Requires only a web browser No special software to install, compatible with

U SING G IGA P ANS TO P ROVIDE I NTERACTIVE A CCESS TO O UTCROPS AND L ANDSCAPES R EMOTELY Jennifer L. Piatek Department of Geological Sciences Central Connecticut State University Why use GigaPans? Requires only a web browser No special

392 views • 28 slides
More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis

More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis

More Efficient (Almost) Tightly Secure Structure-Preserving Signatures Romain Gay 1 Dennis Hofheinz 2 Lisa Kohl 2 Jiaxin Pan 2 1 ENS Paris, France 2 Karlsruhe Institute of Technology, Germany R. Gay, D. Hofheinz, L. Kohl, J. Pan More Efficient

827 views • 45 slides
Collaborative Recommendation with Multiclass Preference Context Weike Pan and Zhong Ming {

Collaborative Recommendation with Multiclass Preference Context Weike Pan and Zhong Ming {

Collaborative Recommendation with Multiclass Preference Context Weike Pan and Zhong Ming { panweike,mingz } @szu.edu.cn College of Computer Science and Software Engineering Shenzhen University Pan and Ming (CSSE, SZU) MF-MPC IEEE

933 views • 28 slides

More recommend