Attacking and securing beacon-enabled 802.15.4 networks

The IEEE 802.15.4 standard has attracted timecritical applications in wireless sensor networks because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS management scheme’s security mechanisms still leave the 802.15.4 medium access control vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 networks either focus on nonbeacon-enabled 802.15.4 networks or cannot defend against insider attacks for beacon-enabled 802.15.4 networks. In this paper, we illustrate this by demonstrating attacks on the availability and integrity of the beaconenabled 802.15.4 network. To confirm the validity of the attacks, we implement the attacks using Tmote Sky motes for wireless sensor nodes, where the malicious node is deployed as an inside attacker. We show that the malicious node can freely exploit information retrieved from the beacon frames to compromise the integrity and availability of the network. To defend against these attacks, we present BCN-Sec, a protocol that ensures the integrity of data and control frames in beacon-enabled 802.15.4 networks. We implement BCN-Sec, and show its efficacy during various attacks

Attacking and Securing Beacon-Enabled 802.15.4 Networks

The IEEE 802.15.4 has attracted time-critical applications in wireless sensor networks (WSNs) because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS scheme’s security still leave the 802.15.4 MAC vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 either focus on non beacon-enabled 802.15.4 or cannot defend against insider attacks for beacon-enabled 802.15.4. In this thesis, we illustrate this by demonstrating attacks on the availability and integrity of the beacon-enabled 802.15.4. To proof the attacks, we implement the attacks using Tmote Sky motes for a malicious node along with regular nodes. We show that the malicious node can freely exploit the beacon frames to compromise the integrity and availability of the network. For the defense, we present beacon-enabled MiniSec (BCN-MiniSec) and analyze its cost

INVESTIGATION AND PENETRATION OF DIGITAL ATTACKS ON ZIGBEE-BASED IOT SYSTEMS

The market for Internet of Things (IoT) products and services has grown rapidly. It has been predicted that the deployment of these IoT applications will grow exponentially in the near future. However, the rapid growth of IoT brings new security risks and potentially opens up new types of attacks for systems and networks. This article outlines various techniques to carry out attacks on ZigBee-based IoT systems. We conducted penetration experiments on various possible attacks on Zigbee-based IoT. The purpose of this experiment’s results is for reference in developing an Intrusion Detection System (IDS) specifically for ZigBee-based IoT

Securing a wireless sensor network for human tracking: a review of solutions

Currently, wireless sensor networks (WSNs) are formed by devices with limited resources and limited power energy availability. Thanks to their cost effectiveness, flexibility, and ease of deployment, wireless sensor networks have been applied to many scenarios such as industrial, civil, and military applications. For many applications, security is a primary issue, but this produces an extra energy cost. Thus, in real applications, a trade-off is required between the security level and energy consumption. This paper evaluates different security schemes applied to human tracking applications, based on a real-case scenario.Junta de Andalucía P07-TIC-02476Junta de Andalucía TIC-570

Taxonomy of Wireless Sensor Network Cyber Security Attacks in the Oil and Gas Industries

The monitoring of oil and gas plants using sensors allows for greater insight into safety and operational performance. However, as a result of strict installation regulations of powered sensors near oil and gas fittings, the introduction of new wired sensors to optimize end-of-lifecycle plants has been expensive, complex and time consuming. Recent advances in wireless technology have enabled low-cost Wireless Sensor Networks (WSNs) capable of robust and reliable communication. However, the critical WSN security issues have not been sparsely investigated. The goal of this paper is to define the security issues surrounding WSNs with specific focus on the oil and gas industry

Investigating the prevalent security techniques in wireless sensor network protocols

The radio architectures of and protocols used by wireless sensor networks (WSNs) are, typically, very similar and are based on IEEE 802.15.4. By concentrating on this standard and the associated employed security techniques, the possibility of designing a transferable safety and privacy enhancement across protocols and services, becomes a reality. WSN applications have expanded significantly over the past decade or so and adopt commercial off-the-shelf (COTS) devices and publicly available standards, which inherently creates intruder incentives and security challenges. Securing WSNs is a critical requirement due to the challenging burden of protecting the transmitted sensitive information across various applications, while operating under unique security vulnerabilities and a fluctuating radio frequency (RF) spectrum and physical environment. Couple this aspect with establishing a level of trust among network nodes, while providing resilience to interference, it becomes clear that maintaining security is challenging. This paper identifies unique vulnerabilities in WSNs, which have a direct impact on privacy and safety. The prevalent security techniques used in the common PHY and MAC layers of various WSN protocols are discussed in terms of providing the essential security requirements. An experimental visualization of the coexistence issues in the industrial, scientific and medical (ISM) RF band, which is integral for IoT operations, is provided as an introduction to a new perspective on attacking WSNs. Fundamental attack styles and spectrum sharing/coexistence based intrusions are presented. Typical methods, which use COTS devices and open source software to exploit WSN security holes, are also discussed

Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Implementación del ataque Wormhole en redes de sensores inalámbricos con dispositivos XBee S2C

One of the most dangerous threats to Wireless Sensor Networks (WSN) are wormhole attacks, due to their capacity to manipulate routing and application data in real time and cause important damages to the integrity, availability, and confidentiality of network data. An empirical method to launch a successful attack on IEEE 802.15.4/Zigbee devices with source routing enabled is adopted in this work to find signatures for detecting wormhole attacks in real environments. It uses the KillerBee framework with algorithms for packet manipulation through a malicious node to capture and inject malicious packets in victim nodes. Besides, a reverse variant of wormhole attack is presented and executed. To evidence the realization of this threat by the attacking software, the experimental framework includes XBee S2C nodes. The results include recommendations, detection signatures and future work to face wormhole attacks involving source routing protocols like DSR.Una de las amenazas más peligrosas para las redes de sensores inalámbricos (WSN) son los ataques Wormholedebido a su capacidad de manipular datos de enrutamiento y aplicaciones en tiempo real y causar daños importantes a la integridad, disponibilidad y confidencialidad de los datos de una red. En este trabajo, se adopta un método empírico para lanzar un ataque de este tipo (que tiene éxito) en dispositivos IEEE 802.15.4/Zigbee con enrutamiento de origen habilitado, con ello encontrar formas para detectar ataques de tipo Wormholeen entornos reales. Se utiliza el framework KillerBeecon algoritmos para la manipulación de paquetes en un nodo malicioso, para capturar e inyectar paquetes maliciosos en los nodos víctimas. Además, se presenta y ejecuta una variante inversa del ataque Wormhole.Para evidenciar la realización de esta amenaza por parte del software atacante, el marco experimental incluye nodos XBee S2C. Los resultados incluyen recomendaciones, firmas de detección y trabajo futuro para enfrentar los ataquesWormholeque involucran protocolos de enrutamiento de fuentes como DSR

Performance Evaluation of Security Solutions for Wireless Sensor Networks

In the recent years, wireless communication is involving not only computers, but a multitude of heterogeneous devices. Wireless Sensor Networks (WSNs) contribute to the new paradigm of pervasive computing, and this translates into new requirements for new applications. WSNs are employed not only on their own, but also in Cooperating Objects Systems (COSs), where mobile physical agents share the same environment to fulfill their tasks, either in group or in isolation. Sensor nodes are typically resource constrained devices deployed in unattended, possibly hostile environments. WSNs and COSs are a tempting target for an adversary, since a security infringement may easily translate into a safety one, with possible consequences in terms of damages to things and injures to people. Main security requirements for WSNs are secure communication, key management and secure bootstrapping. Security usually involves resource greedy operations, while sensors are resource constrained devices. This means that security requirements must be satisfied assuring a lightweight impact in terms of memory occupancy, network performance and energy consumption. In this thesis work, we start from a performance evaluation of the security sublayer of the IEEE 802.15.4 standard in terms of memory occupancy, network performance and energy consumption. Then, present and evaluate a solution to a vulnerability of the IEEE 802.15.4 standard that causes a selective Denial of Service attack. Finally, we present PLASA: a modular and reconfigurable security architecture for WSNs. PLASA extends the STaR architecture. STaR is a secure communication module we designed to provide confidentiality and/or authenticity of communications in a trans- parent and flexible manner. PLASA enhances STaR, introducing modules for key management and secure bootstrapping, so providing a complete system that is suitable not only for the WSN, but for the entire COS

Improved Wireless Security through Physical Layer Protocol Manipulation and Radio Frequency Fingerprinting

Wireless networks are particularly vulnerable to spoofing and route poisoning attacks due to the contested transmission medium. Traditional bit-layer defenses including encryption keys and MAC address control lists are vulnerable to extraction and identity spoofing, respectively. This dissertation explores three novel strategies to leverage the wireless physical layer to improve security in low-rate wireless personal area networks. The first, physical layer protocol manipulation, identifies true transceiver design within remote devices through analysis of replies in response to packets transmitted with modified physical layer headers. Results herein demonstrate a methodology that correctly differentiates among six IEEE 802.15.4 transceiver classes with greater than 99% accuracy, regardless of claimed bit-layer identity. The second strategy, radio frequency fingerprinting, accurately identifies the true source of every wireless transmission in a network, even among devices of the same design and manufacturer. Results suggest that even low-cost signal collection receivers can achieve greater than 90% authentication accuracy within a defense system based on radio frequency fingerprinting. The third strategy, based on received signal strength quantification, can be leveraged to rapidly locate suspicious transmission sources and to perform physical security audits of critical networks. Results herein reduce mean absolute percentage error of a widely-utilized distance estimation model 20% by examining signal strength measurements from real-world networks in a military hospital and a civilian hospital