No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Security services and enhancements in the IEEE 802.15.4 wireless sensor networks
Abstract
The IEEE 802.15.4 specification defines medium access control (MAC) layer and physical layer for wireless sensor networks. Furthermore, security mechanisms are also defined in the specification. This paper first surveys security services provided in the IEEE 802.15.4 wireless sensor networks. Then, some security enhancements are proposed to prevent same-nonce attack, denial-of-service attack, reply-protection attack, ACK attack, etc.
... In 802.15.4 specification, devices operating in secured mode and providing access control service maintain an access control list (ACL) that identifies the nodes to receive data from [6]. ACL entry format consists of the destination address, secured mode options, related key, and the nonce contents [7]. ...
... If the recent counter is equal to or less than the previous one, then the frame would be rejected. In the IEEE 802.15.4 specification, the replay protection mechanism is provided, but it is subjected to replayprotection attack which can be accomplished by an adversary via sending many frames containing large counters to a legitimate receiver [6]. When another legitimate sender transmits a frame with a lower counter, it will be rejected according to replay protection procedure. ...
... When the eavesdropper wants to prevent the legitimate receiver from getting a frame, it corrupts the frame by interferencing at the receive time. Then, the eavesdropper sends a fake ACK frame with the related sequence number to the sender in order to fool the sender as if the ACK was coming from the receiver [6]. ...
Abstract— IEEE 802.15.4 has been established as a dominant,MAC layer protocol for wireless sensor networks,(WSNs). Recently the secu- rity concepts of sensor networks,have quickly gained more,significance because,of two,major,factors: widening,the range,and,variety of possible applications and increased implementation,rate. Because the nodes are very resource-constrained, the attacks on these networks and detection of the attacks must,carefully be considered. This paper dissects the known,attacks on,wireless sensor networks,and,also identifies two new attacks: PANId conflict attack, and Guaranteed Time Slot (GTS) attack taking as a basis the IEEE 802.15.4 MAC protocol for WSN. The attack evaluations are analyzed,from,the perspectives of the attacker and the network. A detection mechanism,for PANId conflict attack is presented, and the simulation results for this attack implementation,on ns2 are given. Keywords— IEEE 802.15.4 MAC, attack, wireless sensor networks,
... Back-off manipulation is applicable to both IEEE 802.11 wireless networks and IEEE 802.15.4 wireless sensor networks due to their similar CSMA-CA based protocols. Same-nonce attack is related to the access control lists (ACL) identifying the nodes that data can be received from [20]. In order to be used in an encrypted transmission, ACL entry includes the destination address, the key, the nonce and option fields. ...
... This mechanism is used to accept a frame by checking whether the counter of the recent message is larger than the previous one. If an adversary sends many frames with large counters to a legitimate node, the legitimate user using the replay protection mechanism will reject the legitimate frames with small counters from other nodes [20]. ACK attack [20] can be accomplished by eavesdropping the channel. ...
... If an adversary sends many frames with large counters to a legitimate node, the legitimate user using the replay protection mechanism will reject the legitimate frames with small counters from other nodes [20]. ACK attack [20] can be accomplished by eavesdropping the channel. An eavesdropper, firstly, may block the receiver node from taking the transmitted packet, then, can mislead the sender node by sending a fake ACK that it comes from the receiver. ...
In the last several years IEEE 802.15.4 has been accepted as the major MAC layer protocol for wireless sensor networks (WSNs). It has attracted the interest of the research community involved in security issues because the increased range of application scenarios brings out new possibilities for misuse and taking improper advantage of sensor nodes and their operation. As these nodes are very resource restrained such possible attacks and their early detection must be carefully con-sidered. This paper surveys the known attacks on wireless sensor networks, identifies and investigates a new attack, Guaranteed Time Slot (GTS) attack, taking as a basis the IEEE 802.15.4 MAC protocol for WSN. The GTS Attack is simulated with different scenarios using ns-2 and the results are evaluated both from the point of view of the attacked and the attacker.
... The specification also includes a number of optional security provisions that can be applied on a per frame basis. Study in Xiao et al. (2005) shows that security is not mandatory in the LR-WPAN standard, thus, it runs the risk of non-implementation since manufacturers or vendors determine what to include in products. ...
... However, in LR-WPAN, most security problems are addressed at the higher layer. The security offered on the PHY and MAC layer provides four (4) security dimensions or protection types (Xiao et al., 2005). ...
... Hence, we can conclude that IEEE 802.15.4 provides mitigation against disclosure and corruption but data is still vulnerable to interception. ACK attack (Xiao et al., 2005) is an example of such threat. For instance, there is no integrity protection provided on ACK frames. ...
One such wireless technology used to deploy sensitive network services requiring low rate communication, short distance application with low power consumption is the IEEE802.15.4 Low-Rate Wireless Personal Area Networks (LR-WPAN). These network services have stringent security requirements and, irrespective of the scale of deployment, the network should be secure enough to protect users, infrastructure, network services and applications. In this paper, we focus on the security mechanisms defined in the standard; evaluating it in the light of the ITU-T recommendation X.805 security architecture for end-to-end communication. We identify and assess the security dimensions, planes and layers in IEEE802.15.4 LR-WPAN as defined in the X.805 framework.
... Backoff manipulation is applicable to both IEEE 802.11 wireless networks and IEEE 802.15.4 wireless sensor networks due to their similar CSMA-CA based protocols. Same-nonce attack is related to the access control lists (ACL) identifying the nodes that data can be received from [9]. In order to be used in an encrypted transmission, ACL entry includes the destination address, the key, the nonce and option fields. ...
... This mechanism is used to accept a frame by checking whether the counter of the recent message is larger than the previous one. If an adversary sends many frames with large counters to a legitimate node, the legitimate user using the replay protection mechanism will reject the legitimate frames with small counters from other nodes [9]. ACK attack [9] can be accomplished by eavesdropping the channel. ...
... If an adversary sends many frames with large counters to a legitimate node, the legitimate user using the replay protection mechanism will reject the legitimate frames with small counters from other nodes [9]. ACK attack [9] can be accomplished by eavesdropping the channel. An eavesdropper, firstly, may block the receiver node from taking the transmitted packet, then, can mislead the sender node by sending a fake ACK that it comes from the receiver. ...
In the last several years IEEE 802.15.4 [1] has been accepted as a major MAC layer protocol for wireless sensor networks (WSNs) and has attracted the interest of there search community involved in security issues as the increased range of application scenarios bring out new possibilities for misuse and taking improper advantage of sensor nodes and their operation. As these nodes are very resource restrained such possible attacks and their early detection must be carefully considered. This paper surveys the known attacks on wireless sensor networks, identifies and investigates a new attack, Guaranteed Time Slot (GTS) attack, taking as a basis the IEEE 802.15.4 MAC protocol for WSN. The GTS Attack is simulated with different scenarios using ns-2 and the results are evaluated both from the point of view of the attacked and the attacker.
... (Replay Protection Attack) Kablosuz ağ standardına göre, tekrar gönderme saldırılardan korunmak için son gönderilen mesajın çerçeve numarası öncekilerden büyük olmalıdır. Fakat bu durumu bilen saldırgan, büyük çerçeve numarasına sahip büyük sayıda mesaj göndererek sisteme saldırıda bulunabilir [32,33]. Savunma olarak, çerçeve numarası yerine zaman damgası kullanılmalıdır, çünkü zaman damgası, çerçeve sayacından daha büyük bir sayı uzayı içerir ve tekrarlanması imkânsızdır. ...
... Saldırgan, ağdaki bir veya daha fazla düğümü kullanarak yerleşebilir. Tüm MAC katmanı saldırıları bu saldırıya karşı zayıftır [32]. Savunma olarak, protokol paketleri şifrelenerek bu saldırının üstesinden gelinebilir. ...
IoT (Internet of Things) ya da diğer adıyla Nesnelerin İnterneti kavramı, internete bağlanan ve diğer cihazlarla iletişimde olan her nesneyi kapsamaktadır. Artık hayatımızın bir parçası haline gelecek otonom araçlar, akıllı buzdolabılar, akıllı çamaşır makineleri, akıllı tost makineleri, akıllı saatler gibi birçok IoT cihazı birbiriyle farklı kablosuz ağ teknolojilerini kullanarak haberleşebilirler. IoT cihazların birçok kritik alanda kullanılmasıyla birlikte IoT güveniğine karşı yapılan saldırılar da artmıştır. Bu saldırılarda IoT katmanlarına yapılarak veri gizliliği, veri bütünlüğü, veri tazeliği, veri erişilebilirliği, kimlik doğrulama gibi kriterler ihlal edilebilmektedir. Bu saldırıları önlemek amacıyla birçok güvenlik çözümü önerilmiştir, fakat sınırlı enerji, kısıtlı batarya süresi, zayıf işlemci gücü ve sınırlı hafıza gibi sınırlamalardan dolayı düşük güçlü IoT cihazlar üzerinde geleneksel güvenlik yöntemlerinin uygulanması mümkün değildir. Bu çalışmada, IoT cihazların güvenliğini tehdit eden saldırılar incelenerek, ağ katmanlarına göre detaylı şekilde sınıflandırılmış ve savunma teknikleri önerilmiştir.
... Les services de sécurité de la couche MAC permettent le contrôle d'accès, le cryptage des données, l'intégrité des trames et leur anti-reproduction [106]. Le contrôle d'accès permet d'avoir une liste des noeuds valides (ACL) à partir desquels un noeud du réseau peut recevoir des trames. ...
... 15 -Résultats des valeurs historisées106 ...
Les besoins de nouveaux services dans les rames ferroviaires ( le comptage, l’efficience énergétique, le confort et la sécurité des passagers etc.), risquent de saturer à terme les systèmes de communication filaires mis en place il y a une vingtaine d’années. Les réseaux de capteurs sans fil, par leurs avantages (déploiement facile, capacité à s’adapter à plusieurs types d’environnements, faible consommation d’énergie), ouvrent de nombreuses perspectives pour les systèmes de gestion énergétique. Le but de ce travail de thèse est d’étudier et mettre en oeuvre un réseau de capteurs sans fil à l’intérieur des trains pour l’efficience énergétique. Ainsi, quelques protocoles de communication dédiés à la gestion énergétique ont été présentés puis une étude comparative des différents réseaux de communication sans fil réalisée. Cette étude comparative a permis de faire le choix du réseau ZigBee comme étant le plus adéquat pour la plateforme. L’architecture hybride proposée permet l’utilisation du réseau IP existant comme colonne vertébrale de l’ensemble des réseaux ZigBee. Afin de tenir compte de l’effet de l’environnement ferroviaire dans la planification et le déploiement du réseau, une étude du canal de propagation, basée sur des mesures réalisées dans un métro et un wagon de RER a été menée. L’impact de la coexistence entre le ZigBee et le WiFi et de la présence humaine sur la communication du réseau sans fil a été démontré. Le prototype d’une plateforme basée sur le réseau ZigBee allant de la collecte des données à l’affichage des informations a été réalisé et testé.
... The network topologies used here are cluster, peer-to-peer, and star [73]. The IEEE 802.15.4 MAC layer has a security model that meets the four security prerequisites, i.e., data encryption, access control, sequential freshness, and frame integrity [74]. Several security suits endure these security prerequisites, like the Advanced Encryption Standard (AES) [72]. ...
... AES has different modes of operations, namely counter mode (CTR), cypher block chaining (CBC-MAC), and authentication and encrypts block cypher mode (CCM). CTR, CBC-MAC, and CCM support the length of 32,64 and 128 bits [74]. Table 5 shows the comparison of security by a piece security suite. ...
Security is a mandatory issue in any network, where sensitive data is transferred safely in the required direction. Wireless Sensor Networks (WSNs) are the networks formed in hostile areas for different applications. Whatever the application is, the WSNs must gather a large amount of sensitive data and send it to an authorized body, generally a sink. WSN has integrated with Internet-of-Things (IoT) via internet access in sensor nodes along with internet-connected devices. The data gathered with IoT is enormous, which is eventually collected by WSN over the Internet. Due to several resource constraints, it is challenging to design a secure sensor network, and for a secure IoT, it is essential to have a secure WSN. Most of the traditional security techniques do not work well for WSN. The merger of IoT and WSN has opened new challenges in designing a secure network. In this research, we have discussed the challenges of creating a secure WSN. This research reviews the Layer-wise security protocols for WSN and IoT in the literature. There are several issues and challenges for having a secure WSN and IoT, which we have come to an accord in this research. This research pinpoints the new research opportunities in the security issues of both WSN and IoT. This survey climaxes in abstruse psychoanalysis of the network layer attacks. Finally, various attacks on the network using Cooja, a simulator of ContikiOS, is simulated.
... • Network security: Secure communications are essential to maintain the confidentiality and integrity of transmitted data. CerberOS achieves this by using IETF and NIST standard IoT network security, i.e., AES-128 running in CCM mode [29]. Each node has a unique session key, which must be transferred to the network manager to join the network. ...
... Specifically, the thirdparty app developer authenticates himself to the IoT gateway using HTTPS and provides the .java file which is deployed securely using the AES-CCM-128 security suite [29]. The upper part of Figure 3 shows the file transfer and loading part of the app lifecycle. ...
To continue to grow, the Internet of Things (IoT) requires
scalable and secure system software solutions for resourceconstrained
devices. To maximize return on investment of
these devices, IoT platforms should support multiple thirdparty
applications and adaptation of software over time.
However, realizing the vision of shared IoT platforms demands
not only strong guarantees on the confidentiality and
integrity of application data, but also guarantees on the use of
critical resources such as computation, sensors and energy.
We refer to this vision as resource security. Prior research
on Operating Systems (OS) for tiny IoT devices has focused
on miniaturizing core functionality such as scheduling and
communication and does not consider resource security. To
address this problem, we introduce CerberOS, a resourcesecure
OS for sharing IoT devices. CerberOS enables multiple
applications on constrained IoT devices while, for the
first time, guaranteeing data confidentiality, integrity and secure
resource management. Our approach is based upon the
twin pillars of virtualization, which isolates applications, and
contracts, which control application resource usage. Evaluation
shows that CerberOS supports the secure coexistence
of up to seven applications on a representative IoT device
with a memory usage of 40KB ROM and 5KB RAM while
preserving multi-year battery lifetimes.
... As a result, the collected data would become less meaningful, and therefore, we would not make effective use of our WSN. Knowing a node's location is also required for many network protocols and middleware services that rely on location information, such as geographic routing protocols [3][4] [5], context-based routing protocols [6] [7], location-aware services [8], and enhanced security protection mechanisms [9]. ...
... 9 shows an overview of all the results comparing iCCA-MAP and CCA-MAP in terms of localization error. As can be seen, the best results are obtained when iCCA-MAP is executed at higher frequencies, namely every three seconds for all network sizes. ...
... Furthermore, the correct sender. The danger in this construct is the potential for a same operation of the SPINS anti-replay mechanism requires that nonce attack [12]. Since broadcast traffic must be supported traffic be encrypted, so it is not compatible with the energy-for the clustering process, network-wide or cluster keys must saving authentication-only security model. ...
... The authors describe their mechanism open to cryptographic attack. For this reason, mixed sequencing protocol, so called because it combines an both [12] and [13] recommend that the anti-replay counter explicit counter that is sent with transmitted packets, and an be decoupled from the nonce in future updates to the IEEE implicit counter that is maintained at both sender and receiver 802.15.4 specification. To avoid this attack, nodes must not but is not transmitted. ...
Large-scale wireless sensor network (WSN) deployments show great promise for military, homeland security, and many other applications. This promise, however, is offset by important security concerns. The resource constraints that typify wireless sensor devices make traditional security solutions impractical. One threat to secure sensor networks is the replay attack, in which packets are captured and replayed into the network. This type of attack can be perpetrated to confuse observers or to mount a denial-of-service or denial-of-sleep attack. Traditional techniques for anti-replay protection are too resource intensive for large-scale WSN deployments. While techniques for reducing data transmission overhead of WSN-speciflc anti-replay mechanisms have been explored, the important problem of minimizing per-node reply table storage requirements has not been addressed. This paper introduces Clustered Anti-Replay Protection or CARP, which leverages sensor network clustering to place a limit on the amount of memory required to store anti-replay information. We show that clustering keeps the memory required for anti-replay tables manageable, reducing the size from 30% of a Mica2's memory to 4.4% for a 200-node network. While the advantages of this technique are clear, the difficulty lies in securely updating network-wide anti-replay tables when the network reclusters, an event that must happen routinely to distribute energy consumption across the nodes in the network. Our mechanism distributes necessary anti-replay information in a secure, low-overhead, and completely distributed manner. We further show the energy-consumption overhead of adding anti-replay counters to network traffic across several WSN medium access control (MAC) protocols and two representative WSN platforms. On the Mica2 platform, overheads range from a 0% to 1.32% decrease in network lifetime, depending on the MAC protocol. On the Tmote Sky, overheads range from 0% to 4.64%. Providing anti-replay suppor-
t in a secure, scalable, and distributed way is necessary to the overall security of future WSN deployments if they are to meet current expectations.
... Network Login is a measure of network security that authenticates users based on a web-based process, a MACbased process, or as depicted in IEEE 802.1X. MAC-based authentication is used to authenticate systems based on their MAC addresses providing an additional authentication layer for smart devices [11]. For instance, if clients are permitted network access via station A, a MAC-based method is the one used for authenticating station A. Clients need to authenticate by other methods based on the appropriate network rights. ...
With millions of smart devices being integrated each day through the Internet of Things (IoT), ensuring ubiquitous computing along with pertinent security has now become more significant than ever. Generally, it is difficult to guarantee zero downtime even if the backhaul network is deployed optimally. But, an automated system that could predict the downtime and take suitable steps to ensure High Availability (HA) of resources could protect businesses from losing data at a critical time. Such an automated model is put forward that would guarantee zero downtime deployment without comprising the security of end devices. The emphasis is on designing an effective solution by improvising the current strategies for this deployment challenge. The proposed architecture is evaluated through numerous tests and by visualization of results obtained, one can mitigate the planned and unplanned downtime to ensure continuous operational efficiency of services for businesses.
... 15.4. It is a standard radio technology designed for low data rate, low power applications [1,2]. It builds on the Physical (PHY) and Media Access Control (MAC) layers of the IEEE 802.15.4 protocol stack [3]. ...
The development of a spoof detection framework in a ZigBee network using forge-resistant network characteristics is presented. ZigBee has become ubiquitous in application areas such as Wireless Sensor Networks (WSNs), Home Area Networks (HANs), Smart Metering, Smart Grid, Internet of Things (IoT) and smart devices. Its pervasiveness and suitability for vast applications makes it a tempting target for attackers. Due to the open nature of the wireless medium, ZigBee networks are susceptible to spoofing attacks; where an illegitimate/Sybil node impersonates or disguises as one or multiple legitimate nodes with malicious intentions. A testbed consisting of two ZU10 ZigBee modules was setup to create a real ZigBee network environment. Received Signal Strength Indicator (RSSI) and the corresponding Link Quality Indicator (LQI) data were collected. The Dynamic Time Warping (DTW) algorithm was used for time series classification and similarity measurement of these dataset over variable physical distances. The framework was able to differentiate ZigBee signals that are at least 1 m apart.
... Although many of these approaches can be applied in IEEE 802.15.4 WSNs, we cannot provide IDS examples focused on these networks: many works survey attacks and propose methods to detect them, such as [40], but, at the best of our knowledge, there are no papers proposing IDS frameworks specifically focused on these kinds of networks. ...
... Vehicle networks threats. An autonomous wireless connection among vehicles imposes serious security threats such as eavesdropping [78], identity spoofing [29,77], sybil attack [64], wormhole attack [69], replay attack [96], message content tampering [28], impersonation [23], denial of service attack (DoS) [19] and Man-in-the-Middle attack [50]. In [62] an anti-spoofing scheme based on Mutual Egress Filtering (MEF) using a compressed Access Control List (ACL) over border routers is presented. ...
Vehicular networks are used to coordinate actions among vehicles in traffic
by the use of wireless transceivers (pairs of transmitters and receivers).
Unfortunately, the wireless communication among vehicles is vulnerable to
security threats that may lead to very serious safety hazards. In this work, we
propose a viable solution for coping with Man-in-the-Middle attacks.
Conventionally, Public Key Infrastructure (PKI) is utilized for a secure
communication with the pre-certified public key. However, a secure
vehicle-to-vehicle communication requires additional means of verification in
order to avoid impersonation attacks. To the best of our knowledge, this is the
first work that proposes to certify both the public key and out-of-band
sense-able static attributes to enable mutual authentication of the
communicating vehicles. Vehicle owners are bound to preprocess (periodically) a
certificate for both a public key and a list of fixed unchangeable attributes
of the vehicle. Furthermore, the proposed approach is shown to be adaptable
with regards to the existing authentication protocols. We illustrate the
security verification of the proposed protocol using a detailed proof in Spi
calculus.
... Vehicle networks threats: Autonomous wireless connection among vehicles imposes serious security threats such as eavesdropping [54], identity spoofing [19,53], sybil attack [42], wormhole attack [46], replay attack [62], message content tempering [18], impersonation [14], denial of service attack (DoS) [13] and man-in-the-middle attack [32]. Mitigating Man-in-the-Middle attacks: Global System for Mobile Communication (GSM) is one of the most popular standards. ...
Vehicular networks are used to coordinate actions among vehicles in traffic by the use of wireless transceivers. Unfortunately, the wireless communication among vehicles is vulnerable to security threats that may lead to very serious safety hazards. In this work we propose a viable solution for coping with Man-in-the-Middle attacks. To the best of our knowledge, this is the first work that propose to certify both the public key and out-of-band sense-able attributes to enable mutual authentication of the communicating vehicles. Vehicle owners are bound to preprocess (periodically) a certificate for both a public key and a list of fixed unchangeable attributes of the vehicle.
... This is achieved either by learning other sensors' identities or by fabricating new ones [41]. Furthermore, other types of attacks such as MAC spoofing [42] and ACK attacks [43] can cause confusion and packet loss in the network. ...
Wireless sensor networks (WSNs) have gained a lot of attention recently due to the potential they provide for developing a plethora of cost-efficient applications. Although research on WSNs has been performed for more than a decade, only recently has the explosion of their potential applicability been identified. However, due to the fact that the wireless spectrum becomes congested in the unlicensed bands, there is a need for a next generation of WSNs, utilizing the advantages of cognitive radio (CR) technology for identifying and accessing the free spectrum bands. Thus, the next generation of wireless sensor networks is the cognitive wireless sensor networks (CWSNs). For the successful adoption of CWSNs, they have to be trustworthy and secure. Although the concept of CWSNs is quite new, a lot of work in the area of security and privacy has been done until now, and this work attempts to present an overview of the most important works for securing the CWSNs. Moreover, a discussion regarding open research issues is also given in the end of this work.
... Although many of these approaches can be applied in IEEE 802.15.4 WSNs, we cannot provide IDS examples focused on these networks: many works survey attacks and propose methods to detect them, such as [40], but, at the best of our knowledge, there are no papers proposing IDS frameworks specifically focused on these kind of networks. In the following, the embedding of the security services into the reference middleware architecture is discussed. ...
Last years have seen the growth of interest for middleware exploitation in distributed resource-constrained systems as Wireless Sensor Networks (WSNs) are. A WSN is a versatile smart sensing system to support pervasive monitoring in a variety of applications. In this context available middleware platforms usually provide the Application Layer with different basic services, as shared memory or addressing repository, but do not usually provide security services such as secure links management protocol or intrusion detection. Nevertheless, since WSN applications normally require the collection and the aggregation of reliable measurements and data from the sensing units, secure communications should be guaranteed even in the presence of resource constraints. In this paper we then present a novel middleware approach that is directly tailored to an IEEE 802.15.4-based WSN. The security-related components of the proposed middleware include a light yet powerful cryptographic scheme (TAKS) and an Intrusion Detection System (WIDS): the former module exploits the topological properties of a WSN, while the latter one is based on a Weak Process Model approach.
... There exist numeral studies in this area [11], [12], [13], [14]. Attacker manipulate the MAC layer specifications in order to achieve Denial of Services (DoS). ...
A paradigm in which household substances around us with embedded computational competences and capable of producing and distributing information is referred to as Internet of Things (IoT). IEEE 802.15.4 presents power efficient MAC layer for Internet of Things (IoT). For the preservation of privacy and security, Internet of Things (IoT) needs stern security mechanism so as to stop mischievous communication inside the IoT structure. For this purpose security weaknesses of the MAC protocol of IEEE 802.15.4 and their most important attacks have to be examined. Also security charter of IEEE 802.15.4 is to be analyzed in order to ascertain their limitations with regard to Internet of Things (IoT). Various ranges of attacks taking place in the Contention Free Period (CFP) in addition to Contention Access Period (CAP) of the super-frame structure needs to be explored and discussed. In view of the shortlisted weaknesses we would be arriving at the conclusion that the IEEE 802.15.4 security charter may be harmonized in accordance with the requirements of the Internet of Things. The missing functionalities may be incorporated in the upper layers of Internet of Things (IoT) Architecture.
... 이 표준 에서는 보안이 구현되는 디바이스들은 AES 블록암 호를 사용하도록 하며 AES-CCM-64 security suite를 반드시 지원하도록 하고 있다. 기본으로 지원해야 할 CCM 모드는 CTR 모드의 암호화와 CBC 모드의 인 증을 수행하여 기밀성과 무결성 서비스를 제공한다 [8]. ...
This paper introduces domestic and international trends and researches related with U-Greenhouse systems. USN (Ubiquitous Sensor Networks), along with the development of networks as well as science and technology, is a new computing paradigm which is the convergence of user-oriented physical activity space and virtual space of electronics and computing and also provides services according to change in surrounding environment at anytime and anywhere. The U-Greenhouse system is to apply USN to agricultural production, logistics and distribution management which are relatively insufficient to utilize IT technology. Thus, applying u-IT technology to agriculture can reinforces international competitiveness of the agricultural sector through the effects such as cost cutting as a rise in output, logistics and distribution management.
... In IEEE 802.15.4, spoofing is the basis of several other types of attacks such as DoS against data transmission during contention free period (CFP), false data injection in guaranteed time slot (GTS) mode, DoS against GTS requests [11], stealing network bandwidth [9], back-off manipulation [12], replay protection, ACK attack and man in the middle [13]. ...
... The ZigBee standard, which is the dominant technology for HANs in North America, is in early stages of deployment, and its security has not been evaluated broadly. Serious vulnerabilities in the ZigBee protocol have been reported [13][14][15][16]. ...
A key feature of the smart grid is the introduction of two-way data communications into the power grid. This brings many security challenges, because of the large-scale, difficult-to-secure environment, complexity of smart grid systems, and resource limitations of the smart grid deployments. In this paper, we focus on security and privacy concerns in the context of the smart grid. Existing security mechanisms developed for traditional information technology systems can be used as a basis for designing security measures for the smart grid. However, new methods that meet the special requirements and characteristics of the smart grid are also required. In spite of the obstacles against developing detailed security solutions for the future smart grid, such as uncertainty of the architecture and lack of practical experiences with security attacks, some research has been performed in this area over the last few years. We survey the existing literature on different security aspects of the smart grid and provide directions for further research. Copyright © 2012 John Wiley & Sons, Ltd.
... If the sequence number of the former is equal or smaller than the sequence number of the latter this frame will be dropped. An attacker might send frames with large sequence numbers to a receiver, causing it to drop frames from legitimate senders, because of their smaller sequence numbers [16]. ...
Achievement of the goals of smart grid such as resilience, high power quality, and consumer participation strongly depends on the security of this system. Along with the security measures that should be built into the smart grid from the beginning, appropriate Intrusion Detection Systems (IDSs) should also be designed. Home area network (HA#) is one of the most vulnerable subsystems within the smart grid, mostly because of its physically insecure environment. In this paper, we present a layered specification-based IDS for HA#. Considering that ZigBee is the dominant technology in future HA#, our IDS is designed to target ZigBee technology; specifically we address the physical and medium access control (MAC) layers. In our IDS the normal behavior of the network is defined through selected specifications that we extract from the IEEE 802.15.4 standard. Deviations from the defined normal behavior can be a sign of some malicious activities. We further investigate the physical and MAC layer attacks in ZigBee networks and evaluate the performance of our proposed IDS against them. Our IDS provides a good detection capability against known attacks, and since this is an IDS based on anomalous event detection, we expect the same for unknown attacks.
... For instance, several network protocols including [2] [3] and [4] have been designed to run atop the specification, [5] attempts to retrofit the Ad-hoc On-demand Distance Vector routing (AODV) protocol for the specification and [6] [7] and [8] for topology control. Several digital receiver architectures [9], security mechanisms [10], ranging applications [11] and even protocols that will support voice transmissions [12] have been analyzed within the context of the specification. The above underscores a need for a proper understanding of the specification in terms of its limitation, and areas that will allow for efficient cross layer interactions. ...
The IEEE 802.15.4 specification has generated a lot of interest in recent times, especially within the Wireless Sensor Network (WSN) research community, primarily because energy efficiency is one of the specifications' design cornerstone. As this specification is relatively new, it is incumbent that its operational mechanisms are well understood, to allow for efficient cross layer interactions between the different processes that make up the specification and existing or new higher layer protocols. In this paper, we present a deterministic Petri-Net model of the IEEE 802.15.4 CSMA-CA process, that is timer driven and operates within the bounds of the contention access period (CAP). Using this model, we are able to analyze the performance characteristics of the CSMA-CA process, especially in terms of channel throughput and energy consumption. We also verify the extracted system indices by comparing them to those gotten from a full model of the specification, implemented using the OPNET network simulation platform.
Smart-home devices are being increasingly used in our daily lives. While these devices provide convenient functions to users, such convenience may come at a greater cost, such as the leakage of the user’s private information. This paper presents a system ChatterHub to address privacy risks in smart-home devices. Specifically, this work focuses on the devices that use Zigbee or Z-wave and are controlled by a centralized smart-home hub in a personal area network (PAN) for connecting to the Internet. ChatterHub passively eavesdrops on encrypted network traffic from the hub and leverages machine learning techniques to classify events and states of smart-home devices. We deployed ChatterHub on three real-world smart-home settings to evaluate its accuracy and efficiency. The evaluation results show that the attacker can successfully disclose smart-home devices’ behaviors with over 89% of recall and F1-score. We also demonstrate that an attacker can interfere with the smart-home hub’s communication and selectively drop packets to disable alerting users of a device’s status, such as security sensors and smart-locks. Furthermore, as a mitigation approach, we developed a packet-injection approach to effectively prevent threats from ChatterHub by generating only 9.2 MB of extra network traffic per day.
The rapid advancement in Internet of Things (IoT) associated with biosensors provides many benefits to the humans, such as smart healthcare systems (SHS). SHS offer plenty of opportunities to the healthcare professionals and hospitals to monitor the patients’ health in a remote basis. The combination of IoT devices with the increasing networked nature of the healthcare environment permit the healthcare professionals to deliver emergency and precautionary medical services to their patients more efficiently and effectively. SHS-collected health data are highly sensitive in nature. However, SHS are rendering the patients’ health data vulnerable to various attacks. Maintaining the security and privacy of the patients’ health data are the biggest challenges in smart healthcare systems. This chapter investigates in detail the privacy of health data and security threats of IoT healthcare, as well as rules and policies involved in developing an IoT-based smart healthcare system. This chapter also explains the various ubiquitous legislation and attacks exposed to corporate digital properties and patients’ health information along with the essential existing solutions such as a cryptographic function and a communication protocol for overcoming the existing challenges.
This book constitutes revised selected papers from the Third International Conference on Information and Communication Technology and Applications, ICTA 2020, held in Minna, Nigeria, in November 2020. Due to the COVID-19 pandemic the conference was held online.
The 67 full papers were carefully reviewed and selected from 234 submissions. The papers are organized in the topical sections on Artificial Intelligence, Big Data and Machine Learning; Information Security Privacy and Trust; Information Science and Technology.
Drug errors and abuses are the most frequently reported deficiencies in the healthcare sector worldwide. In the US alone over $3.5 billion has been expended on treatment related to drug errors that concern more than 1.5 million individuals. The drug is an important part of livelihood has faced the problem of authentication because medicines have to be tested to differentiate between the real and the fake. Drug code detection will reduce the risk of these mistakes by supplying the first responders with accurate information that can quickly decode this information using a code scanner on their smartphones and thus take the necessary steps against their use. The previous study implemented a desktop application system that checks for standardized drugs by scanning the Quick Response codes on the pack. Recently, lots of improvements have taken place in terms of smartphone development with various tools like cameras, which can be used to scan drug barcode. Therefore, the study developed a mobile application to scan the drugs' barcode and verify authenticity. The application designed using an integrated database for real-time drug authentications. The application was implemented using SQL running on a server and interacted with an Application Programming Interface (API) to serve as an intermediary between the application and the browser API built with an Object-relational mapping (ORM) called Sequelize. After code is scanned to gets its serial code, the API validates the serial code and releases a quick response code through a JavaScript Object Notation (JSON). The proposed system can be used by doctors, pharmacists and patients for the identification of fakes and harmful drugs, hence reduced the calculations of fakes or harmful drugs.
Serious games have arisen to boost users’ interaction and efficiency as they reach a particular objective, integrating with the game’s mechanics, thus producing a very enticing mission. The use of serious games in Software Engineering to increase the participation of developers has been studied with great interest to train potential professionals to encounter situations they may face in the development of software. This paper introduces ScrumGame, a serious game to train both students in Software Engineering and software practitioners in Scrum. The game was tested with users who use Scrum in their everyday work using pre-test-post-test style. The SIMS and MSLQ tests were used for this, which were both performed by the users before and after the game was played. We aimed at assessing how game use affects learning strategies and motivation. Backed up with evidence for statistical significance, findings indicate that ScrumGame has had a positive effect on the students.
The proposed smart grid infrastructure aims to make use of the existing public networks such as internet for data communication between consumer premises to the public power utility network. The smart-grid adopts smart-meters which basically collect vast amount of data to provide a holistic view of the connected load behavior and preferences pattern related to power and water consumption. The smart-grids provide benefits to the utilities and consumers alike. For utilities the benefits are real time data collection, ease of power management, and reduced personnel requirement. The benefits for the users on the other hand include availability of real time usage data, providing information on ways to minimize power consumption, monetary savings and so on.
Since, the smart-grid uses existing public networks the utilities do not have the burden of installing any new infrastructure (except for installing the smart-meters), thus an added advantage. But, the downside of using the public network is susceptibility to a variety of network attacks, if not guarded well against. This paper talks about the various network security vulnerabilities that exist and the measures to patch the same before employing in the smart grid networks.
Abstract:
The increasing pervasiveness of Wireless Sensor Networks (WSNs) in diverse application domains including critical infrastructure systems, sets an extremely high security bar in the design of WSN systems to exploit their full benefits, increasing trust while avoiding loss. Nevertheless, a combination of resource restrictions and the physical exposure of sensor devices inevitably cause such networks to be vulnerable to security threats, both external and internal. While several researchers have provided a set of open problems and challenges in WSN security and privacy, there is a gap in the systematic study of the security implications arising from the nature of existing communication protocols in WSNs. Therefore, we have carried out a deep-dive into the main security mechanisms and their effects on the most popular protocols and standards used in WSN deployments i.e. IEEE 802.15.4, B-MAC, 6LoWPAN, RPL, BCP, CTP, and CoAP, where potential security threats and existing countermeasures are discussed at each layer of WSN stack. This work culminates in a deeper analysis of network layer attacks deployed against the RPL routing protocol. We quantify the impact of individual attacks on the performance of a network using the Cooja network simulator. Finally, we discuss new research opportunities in network layer security and how to use Cooja as a benchmark for developing new defenses for WSN systems.
Wireless Sensor Network (WSN) is a promising technology that has attracted the interest of research in the last decade. Security is one of the fundamental issues in sensor networks since sensor nodes are very resource constrained. An attacker may modify, insert, and delete new hardware and software components to the system where a single node, a specific part of the sensing area, and the whole network may become inoperable. Thus, the design of early attack detection and defense mechanisms must be carefully considered. In this chapter, the authors survey attacks and their defense mechanisms in WSNs. Attacks are categorized according to the related protocol layer. They also investigate the open research issues and emerging technologies on security in WSNs.
Smart homes are gaining vast popularity as the most promising application of the emerging Internet of Things (IoT) technology. Exploiting the high level of connectivity present in current electronic devices (such as smartphones, tablets, and multimedia systems), smart homes provide innovative, automated and interactive services for residential customers through distributed and collaborative operations. As these types of networks become enormously popular, it is fundamental to provide the adequate level of protection against cyber-attacks for the residential customers. However, the resource-constrained nature of many of the devices present in a smart home environment, does not permit to implement the standard security solutions and therefore smart homes currently present security vulnerabilities. In this paper the security challenges and threats to the existing solutions suited for smart homes are examined in detail with the objective of fostering the development of practical solutions to secure the smart homes.
Due to its cheap costs and data processing ability it is expected that sensor networks will be widely used for monitoring environments. But it is also well known that Wireless Sensor Networks (WSNs) are vulnerable to many different kind of attacks. Especially insider attacks are very harmful and is not easy to defend a wireless sensor network against such attacks, because it is much easier to perform insider attacks in WSNs than in classical computer network. Securing WSNs with traditional cryptographic is not sufficient because available resources are limited and nodes have no hardware tampering protection. In this paper, we propose a concept of a cluster-based sensor network with cluster heads equipped with data diodes. These data diodes will defeat malicious code spreading and build a containment of the degree of attack damage. The presented cluster head nodes are build based on a low-voltage FPGA chip. The benefits of the partitioning of the network in clusters are shown next to the usage of the Byzantine Generals' Problem to detect node tampering. Through a smart positioning of nodes of different clusters, compromised and misbehaving nodes will be limited in their harmful impact on the network.
Wireless Sensor Networks (WSNs) have recently emerged as an important research topic. Due to the enormous number of sensor nodes and the constrained resources, specific research challenges can be identified with respect to security. Almost all available commercial and research sensor nodes are equipped with ZigBee transceiver chips, and thus making ZigBee the de-facto standard in WSN communication. Since Joshua Wright's KillerBee Framework was released with its focus on exploring and exploiting the security of ZigBee networks, non security-hardened WSNs increase the risk of being vulnerable against certain attacks such as simple association flooding and packet replay attacks. We propose an anomaly-based approach intrusion detection system (IDS) optimized for ZigBee-based WSN to protect ZigBee-based WSN nodes against KillerBee supported attacks. We describe the KillerBee attack procedure and propose an approach of guarding a ZigBee transceiver. Based on an extended sensor node/network simulation and analysis framework, we demonstrate furthermore how our anomaly-based detection engine can thwart attacks on a ZigBee transceiver.
Wireless sensor networks (WSN) have great potential in ubiquitous computing. However, the severe resource constraints of WSN rule out the use of many existing networking protocols and require careful design of systems that prioritizes energy conservation over performance optimization. A key infrastructural problem in WSN is localization—the problem of determining the geographical locations of nodes. WSN typically have some nodes called seeds that know their locations using global positioning systems or other means. Non-seed nodes compute their locations by exchanging messages with nodes within their radio range. Several algorithms have been proposed for localization in different scenarios. Algorithms have been designed for networks in which each node has ranging capabilities, i.e., can estimate distances to its neighbours. Other algorithms have been proposed for networks in which no node has such capabilities. Some algorithms only work when nodes are static. Some other algorithms are designed specifically for networks in which all nodes are mobile. We propose a very general, fully distributed localization algorithm called range-based Monte Carlo boxed (RMCB) for WSN. RMCB allows nodes to be static or mobile and that can work with nodes that can perform ranging as well as with nodes that lack ranging capabilities. RMCB uses a small fraction of seeds. It makes use of the received signal strength measurements that are available from the sensor hardware. We use RMCB to investigate the question: “When does range-based localization work better than range-free localization?” We demonstrate using empirical signal strength data from sensor hardware (Texas Instruments EZ430-RF2500) and simulations that RMCB outperforms a very good range-free algorithm called weighted Monte Carlo localization (WMCL) in terms of localization error in a number of scenarios and has a similar computational complexity to WMCL. We also implement WMCL and RMCB on sensor hardware and demonstrate that it outperforms WMCL. The performance of RMCB depends critically on the quality of range estimation. We describe the limitations of our range estimation approach and provide guidelines on when range-based localization is preferable.
Wireless process control has been a popular topic recently in the field of industrial control. In the industrial field, wireless technologies are considered despite the lack of an ideal industrial wireless standard. However, application development of industrial wireless networks is slow due to the lack of an ideal standard. Open standards are the foundation of industrial wireless application extensions. This paper first summarizes a standardized process for industrial wireless network technologies and then introduces network composition, network topology, protocol stack architecture, and some key protocol technologies of WIA-PA, which is an international specification of industrial wireless networks for process automation. Furthermore, a comparison between WIA-PA and other main industrial wireless network specifications like WirelessHART and ISA100.11a is provided. Architecture and key technologies of a WIA-PA are also introduced. Our first-hand experiences in developing WIA-PA testbed based on the modularization method are given. Finally, experiment results illustrate the performance and efficiency of WIA-PA. Copyright © 2010 John Wiley & Sons, Ltd.
Introduction A Short Overview PAN Functionality Frame Formats MAC Command Formats Conclusions Acknowledgment References
A wireless sensor network (WSN) has features that fit into several classes of wireless networks (e.g., mesh, ad hoc , and mobile ad hoc networks) and, at the same time, features that are unique to it. These exceptional characteristics place many demands on the WSN routing protocol. For instance, the routing protocol must assure uniform dissipation of energy across the network, quickly converge irrespective of the network node density, and be flexible in terms of the routing framework and the route computation metric. All of the aforementioned conditions must be accomplished in an energy-efficient manner. Although several routing protocols have been proposed for WSNs, most approaches are usually focused on energy-efficient operations. The validity of this case is undeniable; however, one crucial element is generally assumed or ignored i.e., how one can prevent routing loops in the network. In addition to achieving the aforementioned routing objectives, in this paper, we go one step further by expressly defining and thoroughly evaluating mechanisms for loop prevention and minimization. Our proposed routing scheme leverages the services that were offered by the IEEE 802.15.4 specification to satisfy the requirements of a WSN routing protocol.
Accurately locating a moving node in a wireless sensor network, in real time, is a difficult yet essential process. In this
paper, we compare the localization performance of different mobile node localization algorithms: iCCA-MAP, MCL, and Dual MCL.
The localization errors as well as the effect of increasing the percentage of anchor nodes and varying the speed of the mobile
node in the network are compared. iCCA-MAP applies an iterative and efficient nonlinear data mapping technique in order to
localize the position of a mobile node within a wireless sensor network. MCL and Dual MCL, which is the logical inverse of
MCL, use particle filtering combined with probabilistic models of robot perception and motion. Simulation results show that
iCCA-MAP outperforms MCL and Dual MCL by having a lower localization error with the minimum number of anchor nodes required.
Simulation results also show that varying the mobile node’s speed does not impact the performance of iCCA-MAP, while MCL and
Dual MCL’s performance is impacted.
ZigBee is the new standard that has been developed for low cost, low data rate and low power consumption wireless network. And mesh is a type of network architecture. This paper provides a brief overview of the available IEEE 802.15.4 topologies, and then delvesing the mesh topology, describing its advances, disadvantages and application, and presents a detailed study on open research issues in ZigBee mesh networks. Theoretical network Capacity and real capacity formulas influenced by coverage and response time are discussed, followed by analyzing the route discovery and route cost in detail. Finally, we introduce the security feature including trust center and security modes.
Sensor networks have many applications. However, with limited resources such as computation capability and memory, they are vulnerable to many kinds of attacks. The IEEE 802.15.4 specification defines medium access control (MAC) layer and physical layer for wireless sensor networks. In this paper, we propose a security overhead analysis for the MAC layer in the IEEE 802.15.4 wireless sensor networks. Furthermore, we survey security mechanisms defined in the specification including security objectives, security suites, security modes, encryption, authentication, and so forth. Then, security vulnerabilities and attacks are identified. Some security enhancements are proposed to improve security and to prevent these attacks such as same-nonce attack, denial-of-service attack, reply-protection attack, ACK attack, and so forth. Our results show that, for example, with 128-bit key length and 100 MIPS, encryption overhead is 10.28 μs per block, and with 100 MIPS and 1500-byte payload, the encryption overhead is as high as 5782.5 μs.
The IEEE 802.15.4 specification outlines a new class of wireless radios and protocols targeted at low power devices, personal area networks, and sensor nodes. The specification includes a number of security provisions and options. In this paper, we highlight places where application designers and radio designers should exercise care when implementing and using 802.15.4 devices. Specifically, some of the 802.15.4 optional features actually reduce security, so we urge implementors to ignore those extensions. We highlight difficulties in safely using the security API and provide recommendations on how to change the specification to make it less likely that people will deploy devices with poor security configurations.