Zigator

Abstract: As the popularity of Internet-connected devices for residential use increases, it is important to ensure that they meet appropriate security goals, given that they interact with the physical world through sensors and actuators. Zigbee is a wireless communication protocol that is commonly used in smart home environments, which builds on top of the IEEE 802.15.4 standard. In this work we present a security analysis tool, called Zigator, that enables in-depth study of Zigbee networks. In particular, we study the … Show more

“…The experiments were performed in two scenarios: an isolated RF shield and a living IoT lab at Northeastern University, USA [18] (a typical real-world deployment with multiple IoT and non-IoT networks operating simultaneously). Furthermore, we validated our findings on public third-party capture files available on Crawdad [19] and wireshark [20]. Our results indicate over 90.6% accuracy in inferring functionality specific APL commands and 85% accuracy in determining event and device information using these inferred APL commands.…”

“…Table 6 reports the identification score as well as the number of devices and events identified in each capture file. In Capture 1 [19], we observed 6 known and 2 unknown devices. For the two unknown devices, we could not distinguish between a bulb and an outlet primarily because the capture file covered events leading to selective jamming attack and was not long enough to include periodic updates.…”

“…Since same functional devices use same functionality specific APL commands, we observed that the inference rules constructed after a thorough analysis of the functionality and unencrypted metadata of a single device are similar to the results obtained from several devices of that functional domain. We stresschecked the devised inference rules against 200 MBs of Zigbee capture from our devices and third-party sources [19], [25] to ensure that the target APL commands do not overlap with any other Zigbee command.…”

“…We used Zigbee captures from two public repositories: i) Crawdad [19], and ii) Wireshark forum [20] and showed that our command inference ap-proach is independent of evaluation testbed, device set, and works for unknown devices. The first capture belongs to a prior work [11] and includes Zigbee traffic from 2 smart hubs and 8 unique devices.…”

“…As the identification score is dependent on the correct identification of functionality-specific APL command, therefore, we evaluated the efficacy of our command inference algorithm using capture file 1 [19] which included a variety of encrypted Zigbee commands. As shown in Table 7, the evaluation results indicate that ZLeaks can infer functionality specific and generic APL commands with 90.6% accuracy.…”

ZLeaks: Passive Inference Attacks on Zigbee based Smart Homes

“…The experiments were performed in two scenarios: an isolated RF shield and a living IoT lab at Northeastern University, USA [18] (a typical real-world deployment with multiple IoT and non-IoT networks operating simultaneously). Furthermore, we validated our findings on public third-party capture files available on Crawdad [19] and wireshark [20]. Our results indicate over 90.6% accuracy in inferring functionality specific APL commands and 85% accuracy in determining event and device information using these inferred APL commands.…”

“…Table 6 reports the identification score as well as the number of devices and events identified in each capture file. In Capture 1 [19], we observed 6 known and 2 unknown devices. For the two unknown devices, we could not distinguish between a bulb and an outlet primarily because the capture file covered events leading to selective jamming attack and was not long enough to include periodic updates.…”

“…Since same functional devices use same functionality specific APL commands, we observed that the inference rules constructed after a thorough analysis of the functionality and unencrypted metadata of a single device are similar to the results obtained from several devices of that functional domain. We stresschecked the devised inference rules against 200 MBs of Zigbee capture from our devices and third-party sources [19], [25] to ensure that the target APL commands do not overlap with any other Zigbee command.…”

“…We used Zigbee captures from two public repositories: i) Crawdad [19], and ii) Wireshark forum [20] and showed that our command inference ap-proach is independent of evaluation testbed, device set, and works for unknown devices. The first capture belongs to a prior work [11] and includes Zigbee traffic from 2 smart hubs and 8 unique devices.…”

“…As the identification score is dependent on the correct identification of functionality-specific APL command, therefore, we evaluated the efficacy of our command inference algorithm using capture file 1 [19] which included a variety of encrypted Zigbee commands. As shown in Table 7, the evaluation results indicate that ZLeaks can infer functionality specific and generic APL commands with 90.6% accuracy.…”

ZLeaks: Passive Inference Attacks on Zigbee based Smart Homes

ZLeaks: Passive Inference Attacks on Zigbee Based Smart Homes

Intelligent Zigbee Protocol Fuzzing via Constraint-Field Dependency Inference