File(s) under permanent embargo
Insider attacks on Zigbee based IoT networks by exploiting AT commands
conference contribution
posted on 2019-01-01, 00:00 authored by W A Piracha, Morshed ChowdhuryMorshed Chowdhury, B Ray, Sutharshan RajasegararSutharshan Rajasegarar, Robin Ram Mohan DossRobin Ram Mohan DossThis paper has presented three insiders attacks on Zigbee protocol – a protocol used for wireless communication for the Internet of Thing (IoT) devices. The end- user’s communication in IoT networks are sensor oriented as the user objects in IoT networks are embedded with sensors and actuators. Most of the sensors communicate with wireless medium among which many of them use Zigbee protocol. Security is an important element of IoT objects to protect user’s privacy and counter malicious attacks but difficult to guarantee due to its limited capabilities, wireless communication and unpredicted users’ actions. In this paper, we have evaluated Zigbee protocol stack for security vulnerabilities which revealed security weakness of remote AT commands. By using remote AT commands in an IoT network, we have devised three successful insider attacks to make unauthorized change of the destination address of a packet, change of node ID, and the change of PAN ID. These attacks detail will be very useful for IoT researches and practitioners in the security domain to design appropriate countermeasures for Zigbee IoT networks.
History
Event
Applications and Techniques in Information Security. International Conference (10th : 2019 : Tamil Nadul, India)Volume
1116Series
Applications and Techniques in Information Security International ConferencePagination
77 - 91Publisher
SpringerLocation
Tamil Nadul, IndiaPlace of publication
SingaporePublisher DOI
Start date
2019-11-22End date
2019-11-24ISSN
1865-0929eISSN
1865-0937ISBN-13
9789811508707Language
engPublication classification
E1 Full written paper - refereedEditor/Contributor(s)
V Shankar Sriram, V Subramaniyaswamy, N Sasikaladevi, Y Zhang, L Batten, G LiTitle of proceedings
ATIS 2019 : Proceedings of the 10th Applications and Techniques in Information Security Conference 2019Usage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC