Enhanced Timestamp Scheme for Mitigating Replay Attacks in Secure ZigBee Networks

ZigBee stack has been introduced to satisfy the requirements for low-cost equipment and low-power consumption of the Internet of Things (IoT) infrastructure. To meet these requirements, many communication features are disabled or minimized, which affects the efficienty of the ZigBee network security. Previous work assumes that the deployment of frame counters is a good mechanism for blocking the replay attack in ZigBee networks. However, this paper proves that ZigBee networks, even with frame counters deployed, are still vulnerable to replay attacks. Moreover, we propose an enhanced timestamp scheme to block the replay attack permanently while maintaining low-power consumption. The proposed solution covers all ZigBee topologies and ZigBee End Devices (ZEDs) cases.

[1]  Liming Chen,et al.  Users' Privacy Concerns in IoT Based Applications , 2018, 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI).

[2]  Jan Durech,et al.  Security attacks to ZigBee technology and their practical realization , 2014, 2014 IEEE 12th International Symposium on Applied Machine Intelligence and Informatics (SAMI).

[3]  Hongsong Chen,et al.  Mitigating replay attacks with ZigBee solutions , 2018, Netw. Secur..

[4]  Tobias Zillner,et al.  ZigBee Exploited The good , the bad and the ugly , 2015 .

[5]  Keijo Haataja,et al.  Three practical attacks against ZigBee security: Attack scenario definitions, practical experiments, countermeasures, and lessons learned , 2014, 2014 14th International Conference on Hybrid Intelligent Systems.

[6]  Hong Liu,et al.  A review of the smart world , 2017, Future Gener. Comput. Syst..

[7]  C. Muthu Ramya,et al.  Study on ZigBee technology , 2011, 2011 3rd International Conference on Electronics Computer Technology.

[8]  Pekka Toivanen,et al.  Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned , 2013, 2013 46th Hawaii International Conference on System Sciences.

[9]  Jianhua Ma,et al.  Cyber-Enabled Human-Centric Smart Home Architecture , 2018, 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI).

[10]  Abdul-Rahman Al-Ali,et al.  InfoPods: Zigbee-based remote information monitoring devices for smart-homes , 2009, IEEE Transactions on Consumer Electronics.